mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-02-04 08:38:34 +00:00
76e1721d70fc81dae8a2e7f69a15a166d359701b
10947 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Lakr
|
8df7353722 |
chore(ios): iap paywall update (#13669)
This pull request introduces several improvements and refactors to the iOS frontend, with a focus on the paywall system, configuration, and developer experience. The most significant changes include dynamic pricing updates for subscription packages, the introduction of a centralized pricing configuration, and enhanced developer documentation and settings for Claude Code. There are also minor fixes and improvements to restore purchase flows, App Store syncing, and protocol usage guidance. **Paywall System Improvements** * Subscription package pricing and display is now dynamically updated based on App Store data, ensuring users see accurate, localized pricing and descriptions. This includes new logic for calculating monthly prices and updating package button text. (`ViewModel.swift`, `ViewModel+Action.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`) [[1]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0R83-R160) [[2]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0L102-R199) [[3]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73) [[4]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL74-R94) [[5]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35) [[6]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22) * Introduced a new `PricingConfiguration.swift` file to centralize product identifiers, default selections, and display strings for subscription products, improving maintainability and consistency. (`PricingConfiguration.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`) [[1]](diffhunk://#diff-de4566ecd5bd29f36737ae5e5904345bd1a5c8f0a73140c3ebba41856bae3e86R1-R54) [[2]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35) [[3]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22) **Developer Experience and Documentation** * Added `AGENTS.md` to provide comprehensive guidance for Claude Code and developers, including project overview, build commands, architecture, native bridge APIs, Swift code style, and dependencies. (`AGENTS.md`) * Added a local settings file (`settings.local.json`) to configure permissions for Claude Code, allowing specific Bash commands for iOS builds. (`settings.local.json`) * Updated Swift architecture guidelines to discourage protocol-oriented design unless necessary, favoring dependency injection and composition. (`AGENTS.md`) **User Experience Improvements** * The purchase footer now includes an underline for "Restore Purchase" and a clear message about subscription auto-renewal and cancellation flexibility. (`PurchaseFooterView.swift`) * Improved restore purchase and App Store sync logic to better handle user sign-in prompts and error handling. (`ViewModel+Action.swift`, `Store.swift`) [[1]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL45-R49) [[2]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73) [[3]](diffhunk://#diff-9f18fbbf15591c56380ce46358089c663ce4440f596db8577de76dc6cd306b54R26-R28) **Minor Fixes and Refactoring** * Made `docId` in `DeleteSessionInput` optional to match GraphQL schema expectations. (`DeleteSessionInput.graphql.swift`) [[1]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL14-R14) [[2]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL25-R25) * Minor formatting and dependency list updates in `Package.swift`. (`Package.swift`) * Fixed concurrency usage in event streaming for chat manager. (`ChatManager+Stream.swift`) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Paywall options now dynamically reflect product data with clearer labels and monthly price calculations. * Added an auto‑renewal note (“cancel anytime”) and underlined “Restore Purchase” for better clarity. * Refactor * Improved purchase/restore flow reliability and UI updates for a smoother experience. * Documentation * Added a comprehensive development guide and updated architecture/style guidance for iOS. * Chores * Introduced local build permissions configuration for iOS development. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0-beta.2 |
||
|
Cats Juice
|
12daefdf54 |
fix(core): prevent emoji being clipped and adjust icon-picker default color (#13664)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Style - Updated icon picker to use the primary icon color, improving visual consistency (including SVG icons). - Improved emoji rendering in the document icon picker by applying an emoji-specific font for elements marked as emoji, matching existing size and line-height. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Wu Yue
|
9f94d5c216 |
feat(core): support ai chat delete action (#13655)
<img width="411" height="205" alt="截屏2025-09-26 10 58 39" src="https://github.com/user-attachments/assets/c3bce144-7847-4794-b766-5a3777cbc00d" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Delete icon added to AI session history with tooltip and confirmation prompt; deleting current session opens a new session. - Session deletion wired end-to-end (toolbar → provider → backend) and shows notifications. - Improvements - Cleanup now supports deleting sessions with or without a document ID (document-specific or workspace-wide). - UI tweaks for cleaner session item layout and safer click handling (delete won’t trigger item click). <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
8d6f7047c2 |
fix(ios): build project (#13656)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Access Tokens screen now shows revealed access tokens, including the token value where available. - Chores - Updated iOS Paywall package to use Swift tools version 5.9. - Removed an unused internal iOS package to streamline the app. - Aligned access token data model to the latest backend schema for improved consistency. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
github-actions[bot]
|
a92894990d |
chore(i18n): sync translations (#13651)
New Crowdin translations by [Crowdin GH Action](https://github.com/crowdin/github-action) Co-authored-by: Crowdin Bot <support+bot@crowdin.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
L-Sun
|
6af1f6ab8d |
fix(core): infinitied loop (#13653)
Fix #13649 #### PR Dependency Tree * **PR #13653** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Streamlined internal async handling to depend only on specified inputs, reducing unnecessary updates and improving responsiveness. * Preserved existing error handling for async operations. * **Chores** * Adjusted lint configuration/comments to align with the updated dependency strategy, reducing false-positive warnings. No user-facing UI changes. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0-beta.1 |
||
|
Rokas
|
e7f76c1737 |
chore: update mermaid (#13510)
https://github.com/toeverything/AFFiNE/issues/13509 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded Mermaid dependency to v11.1.0 in the frontend core package. * **Impact** * Improved diagram rendering and compatibility with newer Mermaid syntax. * Potential performance and security improvements from upstream updates. * No UI changes expected; existing diagrams should continue to work. * Please verify critical diagram views for any rendering differences. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
Xun Sun
|
5b52349b96 |
feat: implement textAlign property (#11790)
for paragraph blocks, image blocks, list blocks, and table blocks Should fix #8617 and #11254. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added text alignment options (left, center, right) for paragraph, list, image, note, and table blocks. - Introduced alignment controls in toolbars and slash menus for easier formatting. - Enabled keyboard shortcuts for quick text alignment changes (supports Mac and Windows). - **Localization** - Added English, Simplified Chinese, and Traditional Chinese translations for new alignment commands and shortcuts. - **Style** - Blocks now visually reflect selected text alignment in their layout. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> |
||
|
renovate[bot]
|
bf87178c26 |
chore: bump up @googleapis/androidpublisher version to v31 (#13633)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@googleapis/androidpublisher](https://redirect.github.com/googleapis/google-api-nodejs-client) | [`^28.0.0` -> `^31.0.0`](https://renovatebot.com/diffs/npm/@googleapis%2fandroidpublisher/28.0.1/31.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>googleapis/google-api-nodejs-client (@​googleapis/androidpublisher)</summary> ### [`v31.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13100-2024-01-05) [Compare Source](https://redirect.github.com/googleapis/google-api-nodejs-client/compare/v30.0.0...v31.0.0) ##### ⚠ BREAKING CHANGES - **serviceconsumermanagement:** This release has breaking changes. - **playintegrity:** This release has breaking changes. ##### Features - **chromepolicy:** update the API ([8429e3c]( |
||
|
Cats Juice
|
d272c4342d |
feat(core): replace emoji-mart with affine icon picker (#13644)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Unified icon picker with consistent rendering across the app. - Picker can auto-close after selection. - “Remove” now clears the icon selection. - Refactor - Icon handling consolidated across editors, navigation, and document titles for consistent behavior. - Picker now opens on the Emoji panel by default. - Style - Adjusted line-height and selectors for icon picker visuals. - Chores - Removed unused emoji-mart dependencies. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
c540400496 |
feat(server): allow drop session (#13650)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Ensures deleted sessions and their messages are consistently cleaned up, preventing lingering pinned or partially removed items. * **Refactor** * Streamlined session cleanup into a single bulk operation for improved reliability and performance during deletions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
EYHN
|
54498df247 |
feat(ios): upgrade button in setting (#13645)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added a Subscription section in Mobile Settings (for signed-in users) with plan info and an Upgrade button that opens the native paywall. - Supports showing “Pro” and “AI” paywalls. - Integrated native paywall provider on iOS. - Style - Introduced new styling for the subscription card, content, and button. - Localization - Added English strings for subscription title, description, and button. - Chores - Minor iOS project cleanup and internal wiring to enable the paywall module. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
3f9d9fef63 |
fix(server): rcat event sync (#13648)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Subscriptions now include an explicit "trial" flag so trialing users are identified and treated correctly. - Bug Fixes - More robust handling when webhook fields are missing or null. - Improved family-sharing detection to avoid incorrect async processing. - Refactor - Status determination and store resolution simplified to rely on subscription data rather than event payloads. - Tests - Test fixtures updated to include trial and store details for accuracy. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
7a90e1551c |
fix(ios): complete iap user interface (#13639)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - In-app purchases fully integrated for Pro and AI plans with restore, live product loading, and StoreKit test configuration. - Improvements - Refreshed paywall: intro animation, delayed close button, smoother horizontal paging, page dots interaction, per-item reveal animations, and purchase-state UI (disabled/checked when owned). - Changes - "Believer" plan and related screens removed; Pro simplified to Monthly and Annual offerings. - Chores - iOS project and build settings updated for newer toolchain and StoreKit support. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> |
||
|
Peng Xiao
|
3c9d17c983 |
feat(core): insert artifact as code block (#13641)
#### PR Dependency Tree * **PR #13641** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Insert HTML content directly into the document as a code block with preview enabled. * Default view changed from Code to Preview for faster content inspection. * New “Insert” action replaces the previous “Download” action to add content into the document. * Added a dedicated “Download HTML” button with an icon to save the HTML file. * Toast notifications confirm successful insertions; errors are reported if insertion fails. * Updated button labeling to reflect the new workflow. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
EYHN
|
2f118206cc |
feat(core): mcp server setting (#13630)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * MCP Server integration available in cloud workspaces with a dedicated settings panel. * Manage personal access tokens: generate/revoke tokens and view revealed token. * One-click copy of a prefilled server configuration JSON. * New query to fetch revealed access tokens. * **Improvements** * Integration list adapts to workspace type (cloud vs. local). * More reliable token refresh with clearer loading, error and revalidation states. * **Localization** * Added “Copied to clipboard” message and MCP Server name/description translations. * **Chores** * Updated icon dependency across many packages. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
ca9811792d |
feat(component): emoji and icon picker (#13638)
 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Icon Picker added with Emoji and Icon panels, search/filtering, recent selections, color selection, skin tone options, and smooth group navigation. - **Documentation** - Storybook example added to preview and test the Icon Picker. - **Chores** - Bumped icon library dependency to a newer minor version. - Added emoji data dependency to support the Emoji Picker. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Jachin
|
812c2d86d4 |
feat(server): add Swagger API docs (#13455)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Interactive API documentation available at /api/docs when running in development. * **Chores** * Added a development dependency to enable generation of the API documentation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
DarkSky
|
762b702e46 |
feat: sync rcat data (#13628)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RevenueCat support: public webhook endpoint, webhook handler/service, nightly reconciliation and per-user sync; subscriptions now expose provider and iapStore; new user-facing error for App Store/Play-managed subscriptions. * **Chores** * Multi-provider subscription schema (Provider, IapStore); Stripe credentials moved into payment.stripe (top-level apiKey/webhookKey deprecated); new payment.revenuecat config and defaults added. * **Tests** * Comprehensive RevenueCat integration test suite and snapshots. * **Documentation** * Admin config descriptions updated with deprecation guidance. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
75a6c79b2c |
fix(ios): crash at swift runtime error (#13635)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Fetch copilot model options per prompt (default, optional, pro) with generated GraphQL query and schema types. * **Chores** * Upgraded iOS deps: Apollo iOS 1.23.0, EventSource 0.1.5, Swift Collections 1.2.1. * Switched Intelligents to static linking and updated project integration. * Parameterized and standardized GraphQL codegen tooling; setup automation now syncs versions and safely backs up/restores custom scalars. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Wu Yue
|
b25759c264 |
feat(core): support gemini model switch in ai (#13631)
<img width="757" height="447" alt="截屏2025-09-22 17 49 34" src="https://github.com/user-attachments/assets/bab96f45-112e-4d74-bc38-54429d8a54ab" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Subscription-aware AI model picker in chat: browse models with version and category, see active selection, switch models, and receive notifications when choosing pro models without a subscription. Selections persist across sessions. - Central AI model service wired into chat UI for consistent model selection and availability. - Changes - Streamlined AI model availability: reduced to a curated set for a more focused experience. - Context menu buttons can display supplemental info next to labels. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
da3e3eb3fa |
chore: bump up @faker-js/faker version to v10 (#13626)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.6.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.3.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>faker-js/faker (@​faker-js/faker)</summary> ### [`v10.0.0`](https://redirect.github.com/faker-js/faker/blob/HEAD/CHANGELOG.md#1000-2025-08-21) [Compare Source](https://redirect.github.com/faker-js/faker/compare/v9.9.0...v10.0.0) ##### New Locales - **locale:** extended list of colors in Polish ([#​3586](https://redirect.github.com/faker-js/faker/issues/3586)) ([9940d54]( |
||
|
DarkSky
|
e3f3c8c4a8 |
feat: add config for mail server name (#13632)
fix #13627 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added configurable display names for primary and fallback SMTP servers, improving email sender identification. * Defaults to “AFFiNE Server,” with support for MAILER_SERVERNAME environment variable for the primary SMTP. * Exposed in admin settings for easy setup alongside existing SMTP options. * Names are now passed through to mail transport options for consistent use across emails. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
3720
|
7fe95f50f4 |
fix(editor): callout delete merge and slash menu (#13597)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Press Enter inside a callout splits the paragraph at the cursor into a new focused paragraph. - Clicking an empty callout inserts and focuses a new paragraph; emoji menu behavior unchanged. - New command to convert a callout paragraph to callout/selection flow for Backspace handling. - New native API: ShareableContent.isUsingMicrophone(processId). - Bug Fixes - Backspace inside callout paragraphs now merges or deletes text predictably and selects the callout when appropriate. - Style - Callout layout refined: top-aligned content and adjusted emoji spacing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
195864fc88 |
feat(core): edit icon in navigation panel (#13595)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Rename dialog now edits per-item explorer icons (emoji or custom) and can skip name-change callbacks. Doc icon picker added to the editor with localized "Add icon" placeholder and readonly rendering. Icon editor supports fallbacks, trigger variants, and improved input/test-id wiring. - **Style** - Updated icon picker and trigger sizing and placeholder visuals; title/icon layout adjustments. - **Chores** - Explorer icon storage and module added to persist and serve icons across the app. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
dependabot[bot]
|
93554304e2 |
chore: bump dompurify from 3.1.6 to 3.2.7 (#13622)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to 3.2.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.7</h2> <ul> <li>Added new attributes and elements to default allow-list, thanks <a href="https://github.com/elrion018"><code>@elrion018</code></a></li> <li>Added <code>tagName</code> parameter to custom element <code>attributeNameCheck</code>, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Added better check for animated <code>href</code> attributes, thanks <a href="https://github.com/llamakko"><code>@llamakko</code></a></li> <li>Updated and improved the bundled types, thanks <a href="https://github.com/ssi02014"><code>@ssi02014</code></a></li> <li>Updated several tests to better align with new browser encoding behaviors</li> <li>Improved the handling of potentially risky content inside CDATA elements, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> <li>Improved the regular expression for raw-text elements to cover textareas, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> </ul> <h2>DOMPurify 3.2.6</h2> <ul> <li>Fixed several typos and removed clutter from our documentation, thanks <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> <li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a href="https://github.com/kleinesfilmroellchen"><code>@kleinesfilmroellchen</code></a></li> <li>Added better config hardening against prototype pollution, thanks <a href="https://github.com/EffectRenan"><code>@EffectRenan</code></a></li> <li>Added better handling of attribute removal, thanks <a href="https://github.com/michalnieruchalski-tiugo"><code>@michalnieruchalski-tiugo</code></a></li> <li>Added better configuration for aggressive mXSS scrubbing behavior, thanks <a href="https://github.com/BryanValverdeU"><code>@BryanValverdeU</code></a></li> <li>Removed the script that caused the fake entry <a href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060">CVE-2025-48050</a></li> </ul> <h2>DOMPurify 3.2.5</h2> <ul> <li>Added a check to the mXSS detection regex to be more strict, thanks <a href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li> <li>Added ESM type imports in source, removes patch function, thanks <a href="https://github.com/donmccurdy"><code>@donmccurdy</code></a></li> <li>Added script to verify various TypeScript configurations, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Added more modern browsers to the Karma launchers list</li> <li>Added Node 23.x to tested runtimes, removed Node 17.x</li> <li>Fixed the generation of source maps, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code> using the 'g' flag, thanks <a href="https://github.com/hhk-png"><code>@hhk-png</code></a></li> <li>Fixed a few typos in the README file</li> </ul> <h2>DOMPurify 3.2.4</h2> <ul> <li>Fixed a conditional and config dependent mXSS-style <a href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a> reported by <a href="https://github.com/nsysean"><code>@nsysean</code></a></li> <li>Added a new feature to allow specific hook removal, thanks <a href="https://github.com/davecardwell"><code>@davecardwell</code></a></li> <li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports, thanks <a href="https://github.com/Aetherinox"><code>@Aetherinox</code></a></li> <li>Added better logic in case no window object is president, thanks <a href="https://github.com/yehuya"><code>@yehuya</code></a></li> <li>Updated some dependencies called out by dependabot</li> <li>Updated license files etc to show the correct year</li> </ul> <h2>DOMPurify 3.2.3</h2> <ul> <li>Fixed two conditional sanitizer bypasses discovered by <a href="https://github.com/parrot409"><code>@parrot409</code></a> and <a href="https://x.com/slonser_"><code>@Slonser</code></a></li> <li>Updated the attribute clobbering checks to prevent future bypasses, thanks <a href="https://github.com/parrot409"><code>@parrot409</code></a></li> </ul> <h2>DOMPurify 3.2.2</h2> <ul> <li>Fixed a possible bypass in case a rather specific config for custom elements is set, thanks <a href="https://github.com/yaniv-git"><code>@yaniv-git</code></a></li> <li>Fixed several minor issues with the type definitions, thanks again <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor issue with the types reference for trusted types, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor problem with the template detection regex on some systems, thanks <a href="https://github.com/svdb99"><code>@svdb99</code></a></li> </ul> <h2>DOMPurify 3.2.1</h2> <ul> <li>Fixed several minor issues with the type definitions, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a> <a href="https://github.com/ghiscoding"><code>@ghiscoding</code></a> <a href="https://github.com/asamuzaK"><code>@asamuzaK</code></a> <a href="https://github.com/MiniDigger"><code>@MiniDigger</code></a></li> <li>Fixed an issue with non-minified dist files and order of imports, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate[bot]
|
2f38953cf9 |
chore: bump up electron version to v35.7.5 [SECURITY] (#13561)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [electron](https://redirect.github.com/electron/electron) | [`35.5.1` -> `35.7.5`](https://renovatebot.com/diffs/npm/electron/35.5.1/35.7.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-55305](https://redirect.github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg) ### Impact This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. ### Workarounds There are no app side workarounds, you must update to a patched version of Electron. ### Fixed Versions * `38.0.0-beta.6` * `37.3.1` * `36.8.1` * `35.7.5` ### For more information If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org) --- ### Release Notes <details> <summary>electron/electron (electron)</summary> ### [`v35.7.5`](https://redirect.github.com/electron/electron/releases/tag/v35.7.5): electron v35.7.5 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.4...v35.7.5) ##### Release Notes for v35.7.5 > \[!WARNING] > Electron 35.x.y has reached end-of-support as per the project's [support policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy). Developers and applications are encouraged to upgrade to a newer version of Electron. ##### Fixes - Fixed an issue where `shell.openPath` was not non-blocking as expected. [#​48079](https://redirect.github.com/electron/electron/pull/48079) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/48088), [37](https://redirect.github.com/electron/electron/pull/48088), [38](https://redirect.github.com/electron/electron/pull/48088))</span> ### [`v35.7.4`](https://redirect.github.com/electron/electron/releases/tag/v35.7.4): electron v35.7.4 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.2...v35.7.4) ##### Release Notes for v35.7.4 - Fix ffmpeg generation on Windows non-x64 ### [`v35.7.2`](https://redirect.github.com/electron/electron/releases/tag/v35.7.2): electron v35.7.2 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.0...v35.7.2) ##### Release Notes for v35.7.2 ##### Fixes - Fixed an issue where printing PDFs with `webContents.print({ silent: true })` would fail. [#​47645](https://redirect.github.com/electron/electron/pull/47645) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47624), [37](https://redirect.github.com/electron/electron/pull/47397))</span> ### [`v35.7.0`](https://redirect.github.com/electron/electron/releases/tag/v35.7.0): electron v35.7.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.6.0...v35.7.0) ##### Release Notes for v35.7.0 ##### Other Changes - Updated Node.js to v22.16.0. [#​47213](https://redirect.github.com/electron/electron/pull/47213) ### [`v35.6.0`](https://redirect.github.com/electron/electron/releases/tag/v35.6.0): electron v35.6.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.5.1...v35.6.0) ##### Release Notes for v35.6.0 ##### Features - Added support for `--no-experimental-global-navigator` flag. [#​47416](https://redirect.github.com/electron/electron/pull/47416) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47417), [37](https://redirect.github.com/electron/electron/pull/47418))</span> - Added support for customizing system accent color and highlighting of active window border. [#​47539](https://redirect.github.com/electron/electron/pull/47539) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47538), [37](https://redirect.github.com/electron/electron/pull/47537))</span> ##### Fixes - Fixed a potential crash using `session.clearData` in some circumstances. [#​47410](https://redirect.github.com/electron/electron/pull/47410) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47411), [37](https://redirect.github.com/electron/electron/pull/47412))</span> - Fixed an error when importing `electron` for the first time from an ESM module loaded by a CJS module in a packaged app. [#​47344](https://redirect.github.com/electron/electron/pull/47344) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47343), [37](https://redirect.github.com/electron/electron/pull/47342))</span> - Fixed an issue where calling `Fetch.continueResponse` via debugger with `WebContentsView` could cause a crash. [#​47443](https://redirect.github.com/electron/electron/pull/47443) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47442), [37](https://redirect.github.com/electron/electron/pull/47444))</span> - Fixed an issue where utility processes could leak file handles. [#​47542](https://redirect.github.com/electron/electron/pull/47542) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47541), [37](https://redirect.github.com/electron/electron/pull/47543))</span> - Partially fixes an issue with printing a PDF via `webContents.print()` where the callback would not be called. [#​47399](https://redirect.github.com/electron/electron/pull/47399) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47400), [37](https://redirect.github.com/electron/electron/pull/47398))</span> ##### Other Changes - Backported fix for [`4206375`](https://redirect.github.com/electron/electron/commit/420637585). [#​47369](https://redirect.github.com/electron/electron/pull/47369) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
ebf75e4d31 |
chore: bump up apollographql/apollo-ios version to v1.23.0 (#13623)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Update | Change | |---|---|---| | [apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios) | minor | `from: "1.22.0"` -> `from: "1.23.0"` | | [apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios) | minor | `1.22.0` -> `1.23.0` | --- ### Release Notes <details> <summary>apollographql/apollo-ios (apollographql/apollo-ios)</summary> ### [`v1.23.0`](https://redirect.github.com/apollographql/apollo-ios/blob/HEAD/CHANGELOG.md#v1230) [Compare Source](https://redirect.github.com/apollographql/apollo-ios/compare/1.22.0...1.23.0) ##### New - **Added `requireNonOptionalMockFields` flag to `ApolloCodegenConfiguration.OutputOptions`. ([#​669](https://redirect.github.com/apollographql/apollo-ios-dev/pull/669)):** Added new flag to codegen output options to allow having non-optional fields in the test mocks if desired. *Thank you to [@​dwroth](https://redirect.github.com/dwroth) for the contribution.* ##### Improvement - **Added public initializer to `DatabaseRow`. ([#​664](https://redirect.github.com/apollographql/apollo-ios-dev/pull/664)):** Not having a public initializer on `DatabasRow` was hindering the ability to create custom `SQLiteDatabase` implementations. This solves that by adding a public initializer to `DatabaseRow`.*Thank you to [@​ChrisLaganiere](https://redirect.github.com/ChrisLaganiere) for the contribution.* ##### Fixed - **Unncessary deprecation warning in codegen options initializer. ([#​3563](https://redirect.github.com/apollographql/apollo-ios/issues/3563)):** Added `@_disfavoredOverload` to the deprecated initialized in `ApolloCodegenConfiguration` to prevent possible warnings caused by the compiler selecting a deprecated initializer versus the new/current initializer. See PR [#​682](https://redirect.github.com/apollographql/apollo-ios-dev/pull/682). *Thank you to [@​CraigSiemens](https://redirect.github.com/CraigSiemens) for raising the issue.* </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
2d0721a78f |
chore: bump axios from 1.9.0 to 1.12.2 (#13621)
Bumps [axios](https://github.com/axios/axios) from 1.9.0 to 1.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.12.2</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fetch:</strong> use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (<a href="https://redirect.github.com/axios/axios/issues/7030">#7030</a>) (<a href=" |
||
|
Jachin
|
e08fc5ef06 |
feat(server): change the playground option to GraphiQL. (#13451)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * The GraphQL interactive UI is now available only in development environments and will not be accessible in production. This change affects only the availability of the interactive interface; public exports and API context types remain unchanged. Users in development can continue to use the tool as before, while production deployments will no longer expose the interactive UI. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
Finn Weigand
|
363f64ebfa |
feat: add dedicated sign-up config for oauth (#13610)
Currently, it is only possible to disable all registrations. However, it would be helpful if you could disable normal registration but enable OAuth registration. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added a setting to enable/disable new user signups via OAuth (default: enabled). * Admin Settings (Authentication) now includes a toggle for OAuth signups. * OAuth signup flow now respects this setting, preventing new registrations via OAuth when disabled. * Self-hosted configuration schema updated to include the new option. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Signed-off-by: Hudint Finn Weigand <dev@hudint.de> Co-authored-by: DarkSky <darksky2048@gmail.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
21bb8142b0 |
chore: bump up Recouse/EventSource version to from: "0.1.5" (#13620)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Update | Change | |---|---|---| | [Recouse/EventSource](https://redirect.github.com/Recouse/EventSource) | patch | `from: "0.1.4"` -> `from: "0.1.5"` | --- ### Release Notes <details> <summary>Recouse/EventSource (Recouse/EventSource)</summary> ### [`v0.1.5`](https://redirect.github.com/Recouse/EventSource/releases/tag/0.1.5) [Compare Source](https://redirect.github.com/Recouse/EventSource/compare/0.1.4...0.1.5) #### What's Changed - Fix potential data corruption by [@​Recouse](https://redirect.github.com/Recouse) in [#​30](https://redirect.github.com/Recouse/EventSource/pull/30) - Concurrency improvements by [@​Recouse](https://redirect.github.com/Recouse) in [#​31](https://redirect.github.com/Recouse/EventSource/pull/31) - Update EventParser.swift to Support CR LF by [@​Lakr233](https://redirect.github.com/Lakr233) in [#​28](https://redirect.github.com/Recouse/EventSource/pull/28) #### New Contributors - [@​Lakr233](https://redirect.github.com/Lakr233) made their first contribution in [#​28](https://redirect.github.com/Recouse/EventSource/pull/28) **Full Changelog**: <https://github.com/Recouse/EventSource/compare/0.1.4...0.1.5> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Bl4ckspell
|
750b008dc8 |
feat(android): add monochrome icon support (#13527)
Add missing themed icon support for android app icon. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Android app icon now supports a monochrome variant for adaptive icons, enabling themed icons on compatible launchers. * Improved icon consistency and visibility across system themes (including dark mode). * Applied to both standard and round launcher icons. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
d231b47f1f |
chore: bump up nestjs (#13614)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@nestjs/bullmq](https://redirect.github.com/nestjs/bull) | [`11.0.2` -> `11.0.3`](https://renovatebot.com/diffs/npm/@nestjs%2fbullmq/11.0.2/11.0.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/common](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/core](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/platform-express](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/platform-socket.io](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/schedule](https://redirect.github.com/nestjs/schedule) | [`6.0.0` -> `6.0.1`](https://renovatebot.com/diffs/npm/@nestjs%2fschedule/6.0.0/6.0.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/websockets](https://redirect.github.com/nestjs/nest) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nestjs/bull (@​nestjs/bullmq)</summary> ### [`v11.0.3`](https://redirect.github.com/nestjs/bull/releases/tag/%40nestjs/bullmq%4011.0.3) [Compare Source](https://redirect.github.com/nestjs/bull/compare/@nestjs/bullmq@11.0.2...@nestjs/bullmq@11.0.3) #### What's Changed - feat(bullmq): add telemetry support for workers by [@​noeljackson](https://redirect.github.com/noeljackson) in [#​2585](https://redirect.github.com/nestjs/bull/pull/2585) #### New Contributors - [@​noeljackson](https://redirect.github.com/noeljackson) made their first contribution in [#​2585](https://redirect.github.com/nestjs/bull/pull/2585) **Full Changelog**: <https://github.com/nestjs/bull/compare/@nestjs/bull-shared@11.0.0...@​nestjs/bullmq@11.0.3> </details> <details> <summary>nestjs/nest (@​nestjs/common)</summary> ### [`v11.1.6`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.6) [Compare Source](https://redirect.github.com/nestjs/nest/compare/v11.1.5...v11.1.6) ##### v11.1.6 (2025-08-07) ##### Bug fixes - `core` - [#​15504](https://redirect.github.com/nestjs/nest/pull/15504) fix(core): fix race condition in class dependency resolution from imported modules ([@​hajekjiri](https://redirect.github.com/hajekjiri)) - [#​15469](https://redirect.github.com/nestjs/nest/pull/15469) fix(core): attach root inquirer for nested transient providers ([@​kamilmysliwiec](https://redirect.github.com/kamilmysliwiec)) - `microservices` - [#​15508](https://redirect.github.com/nestjs/nest/pull/15508) fix(microservices): report correct buffer length in exception ([@​kim-sung-jee](https://redirect.github.com/kim-sung-jee)) - [#​15492](https://redirect.github.com/nestjs/nest/pull/15492) fix(microservices): fix kafka serilization of class instances ([@​LeonBiersch](https://redirect.github.com/LeonBiersch)) ##### Dependencies - `platform-fastify` - [#​15493](https://redirect.github.com/nestjs/nest/pull/15493) chore(deps): bump [@​fastify/cors](https://redirect.github.com/fastify/cors) from 11.0.1 to 11.1.0 ([@​dependabot\[bot\]](https://redirect.github.com/apps/dependabot)) ##### Committers: 6 - Jiri Hajek ([@​hajekjiri](https://redirect.github.com/hajekjiri)) - Kamil Mysliwiec ([@​kamilmysliwiec](https://redirect.github.com/kamilmysliwiec)) - Leon Biersch ([@​LeonBiersch](https://redirect.github.com/LeonBiersch)) - Seongjee Kim ([@​kim-sung-jee](https://redirect.github.com/kim-sung-jee)) - [@​premierbell](https://redirect.github.com/premierbell) - pTr ([@​ptrgits](https://redirect.github.com/ptrgits)) </details> <details> <summary>nestjs/schedule (@​nestjs/schedule)</summary> ### [`v6.0.1`](https://redirect.github.com/nestjs/schedule/releases/tag/6.0.1) [Compare Source](https://redirect.github.com/nestjs/schedule/compare/6.0.0...6.0.1) #### What's Changed - Add threshold to CronOptions by [@​arjunatlightspeed](https://redirect.github.com/arjunatlightspeed) in [#​2085](https://redirect.github.com/nestjs/schedule/pull/2085) - refactor : clear jobs before application shutdown by [@​spotlight21c](https://redirect.github.com/spotlight21c) in [#​2053](https://redirect.github.com/nestjs/schedule/pull/2053) - fix(deps): update dependency cron to v4.3.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​2001](https://redirect.github.com/nestjs/schedule/pull/2001) #### New Contributors - [@​arjunatlightspeed](https://redirect.github.com/arjunatlightspeed) made their first contribution in [#​2085](https://redirect.github.com/nestjs/schedule/pull/2085) - [@​spotlight21c](https://redirect.github.com/spotlight21c) made their first contribution in [#​2053](https://redirect.github.com/nestjs/schedule/pull/2053) **Full Changelog**: <https://github.com/nestjs/schedule/compare/6.0.0...6.0.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Richard Lora
|
4efbb630fc |
fix(core): correct emoji extraction logic using regex (#12749)
https://github.com/user-attachments/assets/ef612f34-0388-49a2-bcad-0cac07a5f785 This PR solves the issue where a majority of emoji's are unable to become the document or folders icon. The regex used is below with the test string of a variety of emoji's: https://regex101.com/r/0anB6Z/1 Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
19bd29e90c |
chore: bump up apple/swift-collections version to from: "1.2.1" (#13535)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Update | Change | |---|---|---| | [apple/swift-collections](https://redirect.github.com/apple/swift-collections) | patch | `from: "1.2.0"` -> `from: "1.2.1"` | --- ### Release Notes <details> <summary>apple/swift-collections (apple/swift-collections)</summary> ### [`v1.2.1`](https://redirect.github.com/apple/swift-collections/releases/tag/1.2.1): Swift Collections 1.2.1 [Compare Source](https://redirect.github.com/apple/swift-collections/compare/1.2.0...1.2.1) This is a patch release with the following minor improvements: - `BigString` sometimes miscounted distances in its character view, resulting in an invalid collection conformance. This is now fixed. ([#​485](https://redirect.github.com/apple/swift-collections/issues/485)) - `BigString`'s Unicode Scalar and character views now make better use of known lengths of the text chunks stored in the tree, resulting in significantly improved performance for their distance measurements. ([#​486](https://redirect.github.com/apple/swift-collections/issues/486)) - The Foundation-specific toolchain configuration was updated to include the Deque type. ([#​496](https://redirect.github.com/apple/swift-collections/issues/496)) #### What's Changed - \[BigString] Fix character indexing operations by [@​lorentey](https://redirect.github.com/lorentey) in [#​485](https://redirect.github.com/apple/swift-collections/pull/485) - \[BigString] Harvest some low-hanging performance fruit by [@​lorentey](https://redirect.github.com/lorentey) in [#​486](https://redirect.github.com/apple/swift-collections/pull/486) - Include DequeModule in the Foundation toolchain build by [@​cthielen](https://redirect.github.com/cthielen) in [#​496](https://redirect.github.com/apple/swift-collections/pull/496) **Full Changelog**: <https://github.com/apple/swift-collections/compare/1.2.0...1.2.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44Mi43IiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
ShellWen | 颉文, Chen Chang
|
2a2793eada |
fix: Correct spacing in AI partner description (#13593)
Fixed spacing issue in AI partner description. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Documentation** * Improved readability by fixing a minor punctuation/spacing issue in the project’s introductory text (added a space after a comma). * Polished wording to better reflect professional tone without altering meaning. * No changes to functionality, configuration, or user workflows. * No impact on APIs, interfaces, or compatibility. * No additional steps required for users; purely a documentation refinement. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
b6a3241451 |
chore(core): hide embedding status in chat (#13605)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Simplified the AI chat composer tip: removed the dynamic embedding-status tooltip so only a single static caution remains — “AI outputs can be misleading or wrong.” * **Tests** * One end-to-end test related to embedding status was commented out and is no longer executed. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
360c9545f4 |
feat(ios): [IAP] Paywall Initial Commit (#13609)
Requires https://github.com/toeverything/AFFiNE/pull/13606 to be merged. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced an in-app Paywall with Pro, AI, and Believer plans, feature previews, paging dots, and selectable pricing options. - Added purchase and restore actions, plus a unified, polished UI using new color/icon resources. - Documentation - Added Swift Code Style Guidelines. - Chores - Updated dependencies (including MarkdownView 3.4.2), added new resource packages, and removed an unused dependency. - Raised iOS deployment target to 16.5 and refreshed project settings. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
Lakr
|
1f228382c2 |
chore: fix building the app (#13606)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Built-in Then-style DSL for fluent configuration. - Centralized theming via a new resources library exposing standardized colors and icons for SwiftUI and UIKit. - Refactor - Migrated color and icon accessors to the new resources provider. - Removed redundant imports and streamlined UI configuration. - Dependencies - Updated MarkdownView to 3.4.2. - Removed the Then third-party dependency; updated package sources; added resources package and assets. - Documentation - Added iOS Swift code style and architecture guidelines. - Chores - Updated Xcode project format and repository ignore rules. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
ee77c548ca |
feat: get prompt model names (#13607)
fix AI-419 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - New API to fetch available models for a prompt, returning default, optional, and pro models with human‑readable names. - Added temperature and topP settings to prompt configuration for finer control. - Refactor - When no model is chosen, the default model is used instead of auto-picking a pro model. - Model metadata across providers now includes readable names, improving listings and selection UX. - Tests - Updated test snapshots and descriptions to reflect the new default-model behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
a0b73cdcec |
feat: improve model resolve (#13601)
fix AI-419 |
||
|
EYHN
|
89646869e4 |
feat(ios): create paywall api (#13602)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Introduced a new iOS Paywall plugin with a simple API to display a paywall and receive a success response. - Added JavaScript wrapper and type definitions for easy integration. - Refactor - Reorganized the iOS project structure for plugins. - Chores - Removed unused legacy iOS plugins to streamline the app and reduce build complexity. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
L-Sun
|
34a3c83d84 |
fix(editor): prevent SwiftKey IME double input (#13590)
Close [BS-3610](https://linear.app/affine-design/issue/BS-3610/bug-每次按空格会出现重复单词-,特定输入法,比如swiftkey) #### PR Dependency Tree * **PR #13591** * **PR #13590** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Android: More reliable Backspace/delete handling, preventing missed inputs and double-deletions. - Android: Cursor/selection is correctly restored after merging a paragraph with the previous block. - Android: Smoother IME composition input; captures correct composition range. - Deletion across lines and around embeds/empty lines is more consistent. - Chores - Internal event handling updated to improve Android compatibility and stability (no user-facing changes). <!-- end of auto-generated comment: release notes by coderabbit.ai --> #### PR Dependency Tree * **PR #13591** * **PR #13590** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal)v0.24.2 v0.25.0-beta.0 |
||
|
L-Sun
|
fd717af3db |
fix(core): update and fix oxlint error (#13591)
#### PR Dependency Tree * **PR #13591** 👈 * **PR #13590** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Improved drag-and-drop stability: draggables, drop targets, and monitors now respond when option sources or external data change. - Improved async actions and permission checks to always use the latest callbacks and error handlers. - Chores - Lint/Prettier configs updated to ignore the Git directory. - Upgraded oxlint dev dependency. - Tests - Updated several end-to-end tests for more reliable text selection, focus handling, and timing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
039976ee6d |
chore: bump up vite version to v6.3.6 [SECURITY] (#13573)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`6.3.5` -> `6.3.6`](https://renovatebot.com/diffs/npm/vite/6.3.5/6.3.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-58751](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c) ### Summary Files starting with the same name with the public directory were served bypassing the `server.fs` settings. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default) - a symlink exists in the public directory ### Details The [servePublicMiddleware]( |
||
|
dependabot[bot]
|
e158e11608 |
chore: bump sha.js from 2.4.11 to 2.4.12 (#13560)
Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11 to 2.4.12. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/browserify/sha.js/blob/master/CHANGELOG.md">sha.js's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/browserify/sha.js/compare/v2.4.11...v2.4.12">v2.4.12</a> - 2025-07-01</h2> <h3>Commits</h3> <ul> <li>[eslint] switch to eslint <a href=" |
||
|
renovate[bot]
|
18faaa38a0 |
chore: bump up mermaid version to v10.9.4 [SECURITY] (#13518)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [mermaid](https://redirect.github.com/mermaid-js/mermaid) | [`10.9.3` -> `10.9.4`](https://renovatebot.com/diffs/npm/mermaid/10.9.3/10.9.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-54881](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh) ### Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to `innerHTML` during calculation of element size, causing XSS. ### Details Sequence diagram node labels with KaTeX delimiters are passed through `calculateMathMLDimensions`. This method passes the full label to `innerHTML` which allows allows malicious users to inject arbitrary HTML and cause XSS when mermaid-js is used in it's default configuration (with KaTeX support enabled). The vulnerability lies here: ```ts export const calculateMathMLDimensions = async (text: string, config: MermaidConfig) => { text = await renderKatex(text, config); const divElem = document.createElement('div'); divElem.innerHTML = text; // XSS sink, text has not been sanitized. divElem.id = 'katex-temp'; divElem.style.visibility = 'hidden'; divElem.style.position = 'absolute'; divElem.style.top = '0'; const body = document.querySelector('body'); body?.insertAdjacentElement('beforeend', divElem); const dim = { width: divElem.clientWidth, height: divElem.clientHeight }; divElem.remove(); return dim; }; ``` The `calculateMathMLDimensions` method was introduced in 5c69e5fdb004a6d0a2abe97e23d26e223a059832 two years ago, which was released in [Mermaid 10.9.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.0). ### PoC Render the following diagram and observe the modified DOM. ``` sequenceDiagram participant A as Alice<img src="x" onerror="document.write(`xss on ${document.domain}`)">$$\\text{Alice}$$ A->>John: Hello John, how are you? Alice-)John: See you later! ``` Here is a PoC on mermaid.live: https://mermaid.live/edit#pako:eNpVUMtOwzAQ_BWzyoFKaRTyaFILiio4IK7ckA-1km1iKbaLY6spUf4dJ0AF68uOZ2dm7REqXSNQ6PHDoarwWfDGcMkUudaJGysqceLKkj3hPdl3osJ7IRvSm-qBwcCAaIXGaONRrSsnUdnobITF28PQ954lwXglai25UNNhxWAXBMyXxcGOi-3kL_5k79e73atuFSUv2HWazH1IWn0m3CC5aPf4b3p2WK--BW-4DJCOWzQ3TM0HQmiMqIFa4zAEicZv4iGMsw0D26JEBtS3NR656ywDpiYv869_11r-Ko12TQv0yLveI3eqfcjP111HUNVonrRTFuhdsVgAHWEAmuRxlG7SuEzKMi-yJAnhAjTLIk_EcbFJtuk2y9MphM8lM47KIp--AOZghtU ### Impact XSS on all sites that use mermaid and render user supplied diagrams without further sanitization. ### Remediation The value of the `text` argument for the `calculateMathMLDimensions` method needs to be sanitized before getting passed on to `innerHTML`. --- ### Release Notes <details> <summary>mermaid-js/mermaid (mermaid)</summary> ### [`v10.9.4`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.4) [Compare Source](https://redirect.github.com/mermaid-js/mermaid/compare/v10.9.3...v10.9.4) This release backports the fix for GHSA-7rqq-prvp-x9jh from [v11.10.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.10.0), preventing a potential XSS attack in labels in sequence diagrams. See: [`9d68517`]( |
||
|
DarkSky
|
e2156ea135 | feat(server): integrate blob to context (#13491) v0.24.1 | ||
|
L-Sun
|
795bfb2f95 |
fix(ios): enable horizontal scroll for database (#13494)
Close [BS-3625](https://linear.app/affine-design/issue/BS-3625/移动端database-table-view无法横向滚动) #### PR Dependency Tree * **PR #13494** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved iOS mobile table view scrolling: horizontal overflow is no longer forcibly hidden, preventing clipped content and enabling smoother horizontal navigation. * Users can now access columns that previously appeared truncated on narrow screens. * Vertical scrolling behavior remains unchanged. * No impact on non‑iOS devices. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |