mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-02-04 08:38:34 +00:00
9f96633b330276ef7a2868e3fb225404d099dd36
10919 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Cats Juice
|
a35332634a |
fix(core): correct doc icon padding in editor header (#13721)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Refined vertical spacing in the document icon picker header, reducing excess top padding and setting a consistent bottom padding for a cleaner, tighter layout. * Improves visual alignment and readability without altering functionality—interactions and behavior remain unchanged. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0 |
||
|
DarkSky
|
0063f039a7 |
feat(server): allow cleanup session for deleted docs (#13720)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Resolved occasional errors when removing document links from sessions, ensuring cleanup completes reliably. * Improved reliability during maintenance actions by preventing unnecessary validation failures in system-initiated updates, while preserving existing checks for user-initiated changes. * **Chores** * Internal adjustments to the session update flow to better support maintenance operations without affecting user-facing behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0-beta.5 |
||
|
Cats Juice
|
d80ca57e94 |
fix(core): change doc icon layout to avoid incorrect color caused by the transform (#13719)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Updated document title styling for improved readability (larger font, increased line height, heavier weight). * Refined spacing so titles align correctly when a document icon is present (no extra top padding). * Improved emoji rendering by using a consistent font and removing an unnecessary visual artifact. * Simplified title container behavior to ensure stable, predictable alignment without placeholder-based shifts. * **Chores** * Minor UI cleanup and consistency adjustments for the icon/title area. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
c63e3e7fe6 |
fix(ios): adopt smaller font size for small device (#13715)
This pull request makes minor adjustments to the iOS frontend app, focusing on UI fine-tuning and improving type safety for concurrency. The most notable changes are a small font size adjustment in the paywall badge, marking an enum as `Sendable` for safer concurrency, and removing a StoreKit configuration reference from the Xcode scheme. UI adjustments: * Reduced the font size for the badge text in `PackageOptionView` from 12 to 10 for a more refined appearance. Concurrency and type safety: * Added the `Sendable` protocol conformance to the `SKUnitCategory` enum to ensure it can be safely used across concurrency boundaries. Project configuration: * Removed the `StoreKitConfigurationFileReference` from the `App.xcscheme`, which may help streamline scheme configuration or prevent unnecessary StoreKit file usage during app launch. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Style - Tweaked paywall option badge text size for a cleaner, more polished look. - Refactor - Improved concurrency safety in underlying models to enhance stability. - Chores - Removed a development-only StoreKit configuration from the iOS debug launch setup. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0-beta.4 |
||
|
DarkSky
|
05d373081a |
fix(server): update email verified at oauth (#13714)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Automatic email verification when signing in or reconnecting with a linked OAuth provider: if the provider confirms the same email and your account was unverified, your email will be marked as verified automatically. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
William Guinaudie
|
26fbde6b62 |
fix(core): quick search modal on mobile device (#13694)
When searching on a mobile device, the search modal is wider than the screen, making it hard to use <img width="345" height="454" alt="Screenshot 2025-10-04 at 17 43 54" src="https://github.com/user-attachments/assets/10594459-86c5-470b-a22f-578363694383" /> Now with the fix applied, it is usable <img width="350" height="454" alt="Screenshot 2025-10-04 at 17 44 14" src="https://github.com/user-attachments/assets/eb783f5b-e3b6-4b7d-8f31-0d876911d95f" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **Style** - Improved mobile responsiveness of the Quick Search modal. On screens 520px wide or smaller, the modal content now adapts its width instead of enforcing a minimum, reducing overflow and improving readability on small devices. - No visual or behavioral changes on larger screens; existing layouts and interactions remain unchanged. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
072b5b22df |
fix(core): display affine icon in lit correctly (#13708)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added an alternative icon rendering option for document icons, delivering crisper visuals and consistent emoji/icon display. - Style - Improved icon alignment and sizing within grouped icon buttons for more consistent centering and appearance. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: Wu Yue <akumatus@gmail.com> |
||
|
3720
|
3c7461a5ce |
fix(editor): adjust callout emoji spacing based on first child block type (#13712)
- Remove fixed marginTop from emoji container style - Dynamically calculate emoji marginTop based on first child block type (h1-h6) - Use model signal to reactively update spacing when children change - Default to 10px for non-heading blocks <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Style - Improved emoji alignment in callout blocks. The emoji now adjusts its top spacing based on the first line’s heading level, ensuring better vertical alignment with headings (H1–H6) and more consistent visual balance across different callout contents. - Maintains existing margins and layout behavior otherwise, resulting in a cleaner, more polished appearance without affecting functionality. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
1b859a37c5 |
feat: improve attachment headers (#13709)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Safer, consistent file downloads with automatic attachment headers and filenames. - Smarter MIME detection for uploads (avatars, workspace blobs, Copilot files/transcripts). - Sensible default buffer limit when reading uploads. - **Bug Fixes** - Prevents risky content from rendering inline by forcing downloads and adding no‑sniff protection. - More accurate content types when original metadata is missing or incorrect. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
bf72833f05 |
chore: bump up nodemailer version to v7.0.7 [SECURITY] (#13704)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [nodemailer](https://nodemailer.com/) ([source](https://redirect.github.com/nodemailer/nodemailer)) | [`7.0.3` -> `7.0.7`](https://renovatebot.com/diffs/npm/nodemailer/7.0.3/7.0.7) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [GHSA-mm7p-fcc7-pg87](https://redirect.github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87) The email parsing library incorrectly handles quoted local-parts containing @​. This leads to misrouting of email recipients, where the parser extracts and routes to an unintended domain instead of the RFC-compliant target. Payload: `"xclow3n@gmail.com x"@​internal.domain` Using the following code to send mail ``` const nodemailer = require("nodemailer"); let transporter = nodemailer.createTransport({ service: "gmail", auth: { user: "", pass: "", }, }); let mailOptions = { from: '"Test Sender" <your_email@gmail.com>', to: "\"xclow3n@gmail.com x\"@​internal.domain", subject: "Hello from Nodemailer", text: "This is a test email sent using Gmail SMTP and Nodemailer!", }; transporter.sendMail(mailOptions, (error, info) => { if (error) { return console.log("Error: ", error); } console.log("Message sent: %s", info.messageId); }); (async () => { const parser = await import("@​sparser/email-address-parser"); const { EmailAddress, ParsingOptions } = parser.default; const parsed = EmailAddress.parse(mailOptions.to /*, new ParsingOptions(true) */); if (!parsed) { console.error("Invalid email address:", mailOptions.to); return; } console.log("Parsed email:", { address: `${parsed.localPart}@​${parsed.domain}`, local: parsed.localPart, domain: parsed.domain, }); })(); ``` Running the script and seeing how this mail is parsed according to RFC ``` Parsed email: { address: '"xclow3n@gmail.com x"@​internal.domain', local: '"xclow3n@gmail.com x"', domain: 'internal.domain' } ``` But the email is sent to `xclow3n@gmail.com` <img width="2128" height="439" alt="Image" src="https://github.com/user-attachments/assets/20eb459c-9803-45a2-b30e-5d1177d60a8d" /> ### Impact: - Misdelivery / Data leakage: Email is sent to psres.net instead of test.com. - Filter evasion: Logs and anti-spam systems may be bypassed by hiding recipients inside quoted local-parts. - Potential compliance issue: Violates RFC 5321/5322 parsing rules. - Domain based access control bypass in downstream applications using your library to send mails ### Recommendations - Fix parser to correctly treat quoted local-parts per RFC 5321/5322. - Add strict validation rejecting local-parts containing embedded @​ unless fully compliant with quoting. --- ### Release Notes <details> <summary>nodemailer/nodemailer (nodemailer)</summary> ### [`v7.0.7`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#707-2025-10-05) [Compare Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.6...v7.0.7) ##### Bug Fixes - **addressparser:** Fixed addressparser handling of quoted nested email addresses ([1150d99]( |
||
|
DarkSky
|
96b3de8ce7 | chore: update docs | ||
|
DarkSky
|
26a59db540 | chore: update docs | ||
|
Lakr
|
7d0b8aaa81 |
feat(ios): sync paywall with external purchased items (#13681)
This pull request introduces significant improvements to the integration between the paywall feature and the web context within the iOS app. The main focus is on enabling synchronization of subscription states between the app and the embedded web view, refactoring how purchased items are managed, and enhancing the paywall presentation logic. Additionally, some debug-only code has been removed for cleaner production builds. **Paywall and Web Context Integration** * Added support for binding a `WKWebView` context to the paywall, allowing the paywall to communicate with the web view for subscription state updates and retrievals (`Paywall.presentWall` now accepts a `bindWebContext` parameter, and `ViewModel` supports binding and using the web context). [[1]](diffhunk://#diff-bce0a21a4e7695b7bf2430cd6b8a85fbc84124cc3be83f3288119992b7abb6cdR10-R32) [[2]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0R54-R57) [[3]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0L26-R38) [[4]](diffhunk://#diff-1854d318d8fd8736d078f5960373ed440836263649a8193c8ee33e72a99424edL30-R36) * On paywall dismissal, the app now triggers a JavaScript call to update the subscription state in the web view, ensuring consistency between the app and the web context. **Purchased Items Refactor** * Refactored `ViewModel` to distinguish between store-purchased items and externally-purchased items (from the web context), and unified them in a computed `purchasedItems` property. This improves clarity and extensibility for handling entitlements from multiple sources. * Added logic to fetch external entitlements by executing JavaScript in the web view and decoding the subscription information, mapping external plans to internal product identifiers. [[1]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL99-R137) [[2]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbR169-R209) **Codebase Cleanup** * Removed debug-only code for shake gesture and debug menu from `AFFiNEViewController`, streamlining the production build. **API and Model Enhancements** * Made `SKUnitCategory` and its extensions public to allow broader usage across modules, and introduced a configuration struct for the paywall. [[1]](diffhunk://#diff-742ccf0c6bafd2db6cb9795382d556fbab90b8855ff38dc340aa39318541517dL10-R17) [[2]](diffhunk://#diff-bce0a21a4e7695b7bf2430cd6b8a85fbc84124cc3be83f3288119992b7abb6cdR10-R32) **Other Minor Improvements** * Improved constructor formatting for `PayWallPlugin` for readability. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Paywall now binds to the in-app web view so web-based subscriptions are recognized alongside App Store purchases. - Bug Fixes - Entitlements combine App Store and web subscription state for more accurate display. - Dismissing the paywall immediately updates subscription status to reduce stale states. - Improved reliability when presenting the paywall. - Chores - Removed debug shake menu and debug paywall options from iOS builds. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Kieran Cui
|
856b69e1f6 |
fix(core): optimize settings dialog's right-side content scroll position (#13236)
In the settings dialog, when switching between different setting items, the right-side content retains the previous scroll position. I think it would be better for the right side to return to the top every time a switch is made, so I submitted this PR. **before** https://github.com/user-attachments/assets/a2d10601-6173-41d3-8d68-6fbccc62aaa7 **after** https://github.com/user-attachments/assets/f240348b-e131-4703-8232-1a07e924162d <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Ensured the settings dialog always scrolls to the top when the settings state updates, improving user experience when navigating settings. <!-- end of auto-generated comment: release notes by coderabbit.ai --> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
5fdae9161a |
chore: bump up SwifterSwift/SwifterSwift version to from: "6.2.0" (#12874)
> [!NOTE] > Mend has cancelled [the proposed renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842) of the Renovate GitHub app being renamed to `mend[bot]`. > > This notice will be removed on 2025-10-07. <hr> This PR contains the following updates: | Package | Update | Change | |---|---|---| | [SwifterSwift/SwifterSwift](https://redirect.github.com/SwifterSwift/SwifterSwift) | minor | `from: "6.0.0"` -> `from: "6.2.0"` | --- ### Release Notes <details> <summary>SwifterSwift/SwifterSwift (SwifterSwift/SwifterSwift)</summary> ### [`v6.2.0`](https://redirect.github.com/SwifterSwift/SwifterSwift/blob/HEAD/CHANGELOG.md#v620) [Compare Source](https://redirect.github.com/SwifterSwift/SwifterSwift/compare/6.1.1...6.2.0) ##### Added - **NSView** - Added `addArrangedSubviews(_ views: )` to add an array of views to the end of the arrangedSubviews array. [#​1181](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1181) by [Roman Podymov](https://redirect.github.com/RomanPodymov) - Added `removeArrangedSubviews` to remove all views in stack’s array of arranged subviews. [#​1181](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1181) by [Roman Podymov](https://redirect.github.com/RomanPodymov) - **Sequence** - `sorted(by:)`, `sorted(by:with:)`, `sorted(by:and:)`, `sorted(by:and:and:)`, `sum(for:)`, `first(where:equals:)` now have alternatives that receive functions as parameters. This change maintains compatibility with KeyPath while making the methods more flexible. [#​1170](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1170) by [MartonioJunior](https://redirect.github.com/MartonioJunior) ##### Changed - **Sequence** - `sorted(by:)`, `sorted(by:with:)`, `sorted(by:and:)`, `sorted(by:and:and:)`, `sum(for:)`, `first(where:equals:)` now have alternatives that receive functions as parameters. This change maintains compatibility with KeyPath while making the methods more flexible. [#​1170](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1170) by [MartonioJunior](https://redirect.github.com/MartonioJunior) - `contains(_:)` for `Element: Hashable` now can receive any type that conforms to `Sequence`, not just an `Array`. [#​1169](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1169) by [MartonioJunior](https://redirect.github.com/MartonioJunior) ##### Fixed - **PrivacyInfo.xcprivacy** - XCode Generate Privacy Report: `Missing an expected key: 'NSPrivacyCollectedDataTypes'`. [#​1182](https://redirect.github.com/SwifterSwift/SwifterSwift/issues/1182) by [Phil](https://redirect.github.com/cdoky) ### [`v6.1.1`](https://redirect.github.com/SwifterSwift/SwifterSwift/blob/HEAD/CHANGELOG.md#v611) [Compare Source](https://redirect.github.com/SwifterSwift/SwifterSwift/compare/6.1.0...6.1.1) ##### Added - **Cocoapods** - Added the privacy manifest to Cocoapods. [#​1178](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1178) by [guykogus](https://redirect.github.com/guykogus) ### [`v6.1.0`](https://redirect.github.com/SwifterSwift/SwifterSwift/blob/HEAD/CHANGELOG.md#v610) [Compare Source](https://redirect.github.com/SwifterSwift/SwifterSwift/compare/6.0.0...6.1.0) ##### Deprecated - **UIImageView** - `blurred(withStyle:)` should have copied the image view and blurred the new instance, but instead it performed the same functionality as `blur(withStyle:)`, making the outcome unexpected as well as being obsolete. [#​1161](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1161) by [guykogus](https://redirect.github.com/guykogus) ##### Added - **Swift Package Manager** - Added a privacy manifest to comply with Apple's requirements regarding [Describing use of required reason API](https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api). [#​1176](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1176) by [guykogus](https://redirect.github.com/guykogus) - **Measurement** - Added `+=`, `-=`, `*=`, `/=` to add, subtract, multiply and divide measurements. [#​1162](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1162) by [Roman Podymov](https://redirect.github.com/RomanPodymov) - **Sequence** - Added `product()` for calculating the product of all `Numeric` elements. [#​1168](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1168) by [MartonioJunior](https://redirect.github.com/MartonioJunior) - Added `product(for:)` for calculating the product of the `Numeric` property for all elements in `Sequence`. [#​1168](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1168) by [MartonioJunior](https://redirect.github.com/MartonioJunior) - **UIView** - Added `removeBlur()` method for removing the applied blur effect from the view. [#​1159](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1159) by [regi93](https://redirect.github.com/regi93) - Added `makeCircle(diameter:)` method to make the view circular. [#​1165](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1165) by [happyduck-git](https://redirect.github.com/happyduck-git) ##### Fixed - **UIImageView** - Moved `blur(withStyle:)` from `UIImageView` to `UIView`, as it can be performed on all views. [#​1161](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1161) by [guykogus](https://redirect.github.com/guykogus) - **UIView** - `GradientDirection` initializer and constants had access level `internal` instead of `public`. [#​1152](https://redirect.github.com/SwifterSwift/SwifterSwift/pull/1152) by [guykogus](https://redirect.github.com/guykogus) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC42MC4xIiwidXBkYXRlZEluVmVyIjoiNDEuMTMxLjkiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Wu Yue
|
03ef4625bc |
feat(core): handle AI subscription for pro models (#13682)
<img width="576" height="251" alt="截屏2025-09-30 14 55 20" src="https://github.com/user-attachments/assets/947a4ab3-8b34-434d-94a6-afb5dad3d32c" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added “Subscribe to AI” action across chat experiences (panel, content, composer, input, playground, peek view) that launches an in-app checkout flow. - Chat content now refreshes subscription status when opened; desktop chat pages wire the subscription action for seamless checkout. - **Style** - Polished hover state for the subscription icon in chat preferences. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
EYHN
|
4b3ebd899b |
feat(ios): update js subscription api (#13678)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added on-demand subscription refresh and state retrieval in the iOS app, enabling up-to-date subscription status and billing information. - Exposed lightweight runtime APIs to check and update subscription state for improved account visibility. - Chores - Integrated shared GraphQL package and project references to support subscription operations. - Updated workspace configuration to include the common GraphQL module for the iOS app. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0-beta.3 |
||
|
DarkSky
|
b59c1f9e57 |
feat(server): update claude models (#13677)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Copilot now defaults to the updated Claude Sonnet 4.5 model across experiences for improved responses. * **Chores** * Consolidated available Anthropic models, removing older Sonnet 3.x variants and standardizing Sonnet 4/4.5 options. * Updated configuration defaults and schema mappings to reference the new Sonnet 4.5 model. * **Tests** * Updated unit and end-to-end tests to reference the new model to ensure consistent behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
b44fdbce0c |
feat(component): virtual scroll emoji groups in emoji picker (#13671)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Revamped Emoji Picker: grouped browsing with sticky group headers, footer navigation, and a new EmojiButton for quicker selection. - Recent emojis with persisted history and single-tap add. - Programmatic group navigation and callbacks for sticky-group changes. - Style - Updated scroll area paddings for emoji and icon pickers. - Enhanced group header background for better contrast. - Refactor - Simplified emoji picker internals for leaner, more responsive rendering. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
123d50a484 |
feat(core): open artifacts tools automatically (#13668)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * The AI Artifact Tool now auto-opens its preview panel as soon as it loads, giving immediate visibility without extra clicks. * The preview initializes proactively and remains in sync as data updates, streamlining the workflow and reducing setup friction. * Improves first-use experience by ensuring the preview is ready and visible on connection, enhancing responsiveness and clarity. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
2d1caff45c |
feat(server): refresh subscription (#13670)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added an on-demand mutation to refresh the current user's subscriptions, syncing with RevenueCat when applicable and handling Stripe-only cases. * Subscription variant normalization for clearer plan information and consistent results. * **Tests** * Added tests for refresh behavior: empty state, RevenueCat-backed multi-step sync, and Stripe-only scenarios. * **Client** * New client operation to invoke the refresh mutation and retrieve updated subscription fields. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
3720
|
8006812bc0 |
refactor(editor): new icon picker (#13658)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * In-tree icon picker for Callout blocks (emoji, app icons, images) with popup UI and editor-wide extension/service. * Callout toolbar adds background color presets, an icon-picker action, and a destructive Delete action. * **Refactor** * Replaced legacy emoji workflow with icon-based rendering, updated state, styling, and lifecycle for callouts. * **Tests** * Updated callout E2E to reflect new default icon and picker behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> |
||
|
Lakr
|
8df7353722 |
chore(ios): iap paywall update (#13669)
This pull request introduces several improvements and refactors to the iOS frontend, with a focus on the paywall system, configuration, and developer experience. The most significant changes include dynamic pricing updates for subscription packages, the introduction of a centralized pricing configuration, and enhanced developer documentation and settings for Claude Code. There are also minor fixes and improvements to restore purchase flows, App Store syncing, and protocol usage guidance. **Paywall System Improvements** * Subscription package pricing and display is now dynamically updated based on App Store data, ensuring users see accurate, localized pricing and descriptions. This includes new logic for calculating monthly prices and updating package button text. (`ViewModel.swift`, `ViewModel+Action.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`) [[1]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0R83-R160) [[2]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0L102-R199) [[3]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73) [[4]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL74-R94) [[5]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35) [[6]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22) * Introduced a new `PricingConfiguration.swift` file to centralize product identifiers, default selections, and display strings for subscription products, improving maintainability and consistency. (`PricingConfiguration.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`) [[1]](diffhunk://#diff-de4566ecd5bd29f36737ae5e5904345bd1a5c8f0a73140c3ebba41856bae3e86R1-R54) [[2]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35) [[3]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22) **Developer Experience and Documentation** * Added `AGENTS.md` to provide comprehensive guidance for Claude Code and developers, including project overview, build commands, architecture, native bridge APIs, Swift code style, and dependencies. (`AGENTS.md`) * Added a local settings file (`settings.local.json`) to configure permissions for Claude Code, allowing specific Bash commands for iOS builds. (`settings.local.json`) * Updated Swift architecture guidelines to discourage protocol-oriented design unless necessary, favoring dependency injection and composition. (`AGENTS.md`) **User Experience Improvements** * The purchase footer now includes an underline for "Restore Purchase" and a clear message about subscription auto-renewal and cancellation flexibility. (`PurchaseFooterView.swift`) * Improved restore purchase and App Store sync logic to better handle user sign-in prompts and error handling. (`ViewModel+Action.swift`, `Store.swift`) [[1]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL45-R49) [[2]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73) [[3]](diffhunk://#diff-9f18fbbf15591c56380ce46358089c663ce4440f596db8577de76dc6cd306b54R26-R28) **Minor Fixes and Refactoring** * Made `docId` in `DeleteSessionInput` optional to match GraphQL schema expectations. (`DeleteSessionInput.graphql.swift`) [[1]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL14-R14) [[2]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL25-R25) * Minor formatting and dependency list updates in `Package.swift`. (`Package.swift`) * Fixed concurrency usage in event streaming for chat manager. (`ChatManager+Stream.swift`) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * New Features * Paywall options now dynamically reflect product data with clearer labels and monthly price calculations. * Added an auto‑renewal note (“cancel anytime”) and underlined “Restore Purchase” for better clarity. * Refactor * Improved purchase/restore flow reliability and UI updates for a smoother experience. * Documentation * Added a comprehensive development guide and updated architecture/style guidance for iOS. * Chores * Introduced local build permissions configuration for iOS development. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0-beta.2 |
||
|
Cats Juice
|
12daefdf54 |
fix(core): prevent emoji being clipped and adjust icon-picker default color (#13664)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Style - Updated icon picker to use the primary icon color, improving visual consistency (including SVG icons). - Improved emoji rendering in the document icon picker by applying an emoji-specific font for elements marked as emoji, matching existing size and line-height. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Wu Yue
|
9f94d5c216 |
feat(core): support ai chat delete action (#13655)
<img width="411" height="205" alt="截屏2025-09-26 10 58 39" src="https://github.com/user-attachments/assets/c3bce144-7847-4794-b766-5a3777cbc00d" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Delete icon added to AI session history with tooltip and confirmation prompt; deleting current session opens a new session. - Session deletion wired end-to-end (toolbar → provider → backend) and shows notifications. - Improvements - Cleanup now supports deleting sessions with or without a document ID (document-specific or workspace-wide). - UI tweaks for cleaner session item layout and safer click handling (delete won’t trigger item click). <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
8d6f7047c2 |
fix(ios): build project (#13656)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Access Tokens screen now shows revealed access tokens, including the token value where available. - Chores - Updated iOS Paywall package to use Swift tools version 5.9. - Removed an unused internal iOS package to streamline the app. - Aligned access token data model to the latest backend schema for improved consistency. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
github-actions[bot]
|
a92894990d |
chore(i18n): sync translations (#13651)
New Crowdin translations by [Crowdin GH Action](https://github.com/crowdin/github-action) Co-authored-by: Crowdin Bot <support+bot@crowdin.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
L-Sun
|
6af1f6ab8d |
fix(core): infinitied loop (#13653)
Fix #13649 #### PR Dependency Tree * **PR #13653** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Streamlined internal async handling to depend only on specified inputs, reducing unnecessary updates and improving responsiveness. * Preserved existing error handling for async operations. * **Chores** * Adjusted lint configuration/comments to align with the updated dependency strategy, reducing false-positive warnings. No user-facing UI changes. <!-- end of auto-generated comment: release notes by coderabbit.ai -->v0.25.0-beta.1 |
||
|
Rokas
|
e7f76c1737 |
chore: update mermaid (#13510)
https://github.com/toeverything/AFFiNE/issues/13509 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded Mermaid dependency to v11.1.0 in the frontend core package. * **Impact** * Improved diagram rendering and compatibility with newer Mermaid syntax. * Potential performance and security improvements from upstream updates. * No UI changes expected; existing diagrams should continue to work. * Please verify critical diagram views for any rendering differences. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
Xun Sun
|
5b52349b96 |
feat: implement textAlign property (#11790)
for paragraph blocks, image blocks, list blocks, and table blocks Should fix #8617 and #11254. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Added text alignment options (left, center, right) for paragraph, list, image, note, and table blocks. - Introduced alignment controls in toolbars and slash menus for easier formatting. - Enabled keyboard shortcuts for quick text alignment changes (supports Mac and Windows). - **Localization** - Added English, Simplified Chinese, and Traditional Chinese translations for new alignment commands and shortcuts. - **Style** - Blocks now visually reflect selected text alignment in their layout. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> |
||
|
renovate[bot]
|
bf87178c26 |
chore: bump up @googleapis/androidpublisher version to v31 (#13633)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@googleapis/androidpublisher](https://redirect.github.com/googleapis/google-api-nodejs-client) | [`^28.0.0` -> `^31.0.0`](https://renovatebot.com/diffs/npm/@googleapis%2fandroidpublisher/28.0.1/31.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>googleapis/google-api-nodejs-client (@​googleapis/androidpublisher)</summary> ### [`v31.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13100-2024-01-05) [Compare Source](https://redirect.github.com/googleapis/google-api-nodejs-client/compare/v30.0.0...v31.0.0) ##### ⚠ BREAKING CHANGES - **serviceconsumermanagement:** This release has breaking changes. - **playintegrity:** This release has breaking changes. ##### Features - **chromepolicy:** update the API ([8429e3c]( |
||
|
Cats Juice
|
d272c4342d |
feat(core): replace emoji-mart with affine icon picker (#13644)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Unified icon picker with consistent rendering across the app. - Picker can auto-close after selection. - “Remove” now clears the icon selection. - Refactor - Icon handling consolidated across editors, navigation, and document titles for consistent behavior. - Picker now opens on the Emoji panel by default. - Style - Adjusted line-height and selectors for icon picker visuals. - Chores - Removed unused emoji-mart dependencies. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
c540400496 |
feat(server): allow drop session (#13650)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Ensures deleted sessions and their messages are consistently cleaned up, preventing lingering pinned or partially removed items. * **Refactor** * Streamlined session cleanup into a single bulk operation for improved reliability and performance during deletions. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
EYHN
|
54498df247 |
feat(ios): upgrade button in setting (#13645)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added a Subscription section in Mobile Settings (for signed-in users) with plan info and an Upgrade button that opens the native paywall. - Supports showing “Pro” and “AI” paywalls. - Integrated native paywall provider on iOS. - Style - Introduced new styling for the subscription card, content, and button. - Localization - Added English strings for subscription title, description, and button. - Chores - Minor iOS project cleanup and internal wiring to enable the paywall module. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
DarkSky
|
3f9d9fef63 |
fix(server): rcat event sync (#13648)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Subscriptions now include an explicit "trial" flag so trialing users are identified and treated correctly. - Bug Fixes - More robust handling when webhook fields are missing or null. - Improved family-sharing detection to avoid incorrect async processing. - Refactor - Status determination and store resolution simplified to rely on subscription data rather than event payloads. - Tests - Test fixtures updated to include trial and store details for accuracy. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
7a90e1551c |
fix(ios): complete iap user interface (#13639)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - In-app purchases fully integrated for Pro and AI plans with restore, live product loading, and StoreKit test configuration. - Improvements - Refreshed paywall: intro animation, delayed close button, smoother horizontal paging, page dots interaction, per-item reveal animations, and purchase-state UI (disabled/checked when owned). - Changes - "Believer" plan and related screens removed; Pro simplified to Monthly and Annual offerings. - Chores - iOS project and build settings updated for newer toolchain and StoreKit support. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> |
||
|
Peng Xiao
|
3c9d17c983 |
feat(core): insert artifact as code block (#13641)
#### PR Dependency Tree * **PR #13641** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Insert HTML content directly into the document as a code block with preview enabled. * Default view changed from Code to Preview for faster content inspection. * New “Insert” action replaces the previous “Download” action to add content into the document. * Added a dedicated “Download HTML” button with an icon to save the HTML file. * Toast notifications confirm successful insertions; errors are reported if insertion fails. * Updated button labeling to reflect the new workflow. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
EYHN
|
2f118206cc |
feat(core): mcp server setting (#13630)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * MCP Server integration available in cloud workspaces with a dedicated settings panel. * Manage personal access tokens: generate/revoke tokens and view revealed token. * One-click copy of a prefilled server configuration JSON. * New query to fetch revealed access tokens. * **Improvements** * Integration list adapts to workspace type (cloud vs. local). * More reliable token refresh with clearer loading, error and revalidation states. * **Localization** * Added “Copied to clipboard” message and MCP Server name/description translations. * **Chores** * Updated icon dependency across many packages. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
ca9811792d |
feat(component): emoji and icon picker (#13638)
 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Icon Picker added with Emoji and Icon panels, search/filtering, recent selections, color selection, skin tone options, and smooth group navigation. - **Documentation** - Storybook example added to preview and test the Icon Picker. - **Chores** - Bumped icon library dependency to a newer minor version. - Added emoji data dependency to support the Emoji Picker. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Jachin
|
812c2d86d4 |
feat(server): add Swagger API docs (#13455)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Interactive API documentation available at /api/docs when running in development. * **Chores** * Added a development dependency to enable generation of the API documentation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
DarkSky
|
762b702e46 |
feat: sync rcat data (#13628)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * RevenueCat support: public webhook endpoint, webhook handler/service, nightly reconciliation and per-user sync; subscriptions now expose provider and iapStore; new user-facing error for App Store/Play-managed subscriptions. * **Chores** * Multi-provider subscription schema (Provider, IapStore); Stripe credentials moved into payment.stripe (top-level apiKey/webhookKey deprecated); new payment.revenuecat config and defaults added. * **Tests** * Comprehensive RevenueCat integration test suite and snapshots. * **Documentation** * Admin config descriptions updated with deprecation guidance. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Lakr
|
75a6c79b2c |
fix(ios): crash at swift runtime error (#13635)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Fetch copilot model options per prompt (default, optional, pro) with generated GraphQL query and schema types. * **Chores** * Upgraded iOS deps: Apollo iOS 1.23.0, EventSource 0.1.5, Swift Collections 1.2.1. * Switched Intelligents to static linking and updated project integration. * Parameterized and standardized GraphQL codegen tooling; setup automation now syncs versions and safely backs up/restores custom scalars. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Wu Yue
|
b25759c264 |
feat(core): support gemini model switch in ai (#13631)
<img width="757" height="447" alt="截屏2025-09-22 17 49 34" src="https://github.com/user-attachments/assets/bab96f45-112e-4d74-bc38-54429d8a54ab" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Subscription-aware AI model picker in chat: browse models with version and category, see active selection, switch models, and receive notifications when choosing pro models without a subscription. Selections persist across sessions. - Central AI model service wired into chat UI for consistent model selection and availability. - Changes - Streamlined AI model availability: reduced to a curated set for a more focused experience. - Context menu buttons can display supplemental info next to labels. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
renovate[bot]
|
da3e3eb3fa |
chore: bump up @faker-js/faker version to v10 (#13626)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.6.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.3.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>faker-js/faker (@​faker-js/faker)</summary> ### [`v10.0.0`](https://redirect.github.com/faker-js/faker/blob/HEAD/CHANGELOG.md#1000-2025-08-21) [Compare Source](https://redirect.github.com/faker-js/faker/compare/v9.9.0...v10.0.0) ##### New Locales - **locale:** extended list of colors in Polish ([#​3586](https://redirect.github.com/faker-js/faker/issues/3586)) ([9940d54]( |
||
|
DarkSky
|
e3f3c8c4a8 |
feat: add config for mail server name (#13632)
fix #13627 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added configurable display names for primary and fallback SMTP servers, improving email sender identification. * Defaults to “AFFiNE Server,” with support for MAILER_SERVERNAME environment variable for the primary SMTP. * Exposed in admin settings for easy setup alongside existing SMTP options. * Names are now passed through to mail transport options for consistent use across emails. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
3720
|
7fe95f50f4 |
fix(editor): callout delete merge and slash menu (#13597)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Press Enter inside a callout splits the paragraph at the cursor into a new focused paragraph. - Clicking an empty callout inserts and focuses a new paragraph; emoji menu behavior unchanged. - New command to convert a callout paragraph to callout/selection flow for Backspace handling. - New native API: ShareableContent.isUsingMicrophone(processId). - Bug Fixes - Backspace inside callout paragraphs now merges or deletes text predictably and selects the callout when appropriate. - Style - Callout layout refined: top-aligned content and adjusted emoji spacing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
Cats Juice
|
195864fc88 |
feat(core): edit icon in navigation panel (#13595)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Rename dialog now edits per-item explorer icons (emoji or custom) and can skip name-change callbacks. Doc icon picker added to the editor with localized "Add icon" placeholder and readonly rendering. Icon editor supports fallbacks, trigger variants, and improved input/test-id wiring. - **Style** - Updated icon picker and trigger sizing and placeholder visuals; title/icon layout adjustments. - **Chores** - Explorer icon storage and module added to persist and serve icons across the app. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
dependabot[bot]
|
93554304e2 |
chore: bump dompurify from 3.1.6 to 3.2.7 (#13622)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to 3.2.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.7</h2> <ul> <li>Added new attributes and elements to default allow-list, thanks <a href="https://github.com/elrion018"><code>@elrion018</code></a></li> <li>Added <code>tagName</code> parameter to custom element <code>attributeNameCheck</code>, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Added better check for animated <code>href</code> attributes, thanks <a href="https://github.com/llamakko"><code>@llamakko</code></a></li> <li>Updated and improved the bundled types, thanks <a href="https://github.com/ssi02014"><code>@ssi02014</code></a></li> <li>Updated several tests to better align with new browser encoding behaviors</li> <li>Improved the handling of potentially risky content inside CDATA elements, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> <li>Improved the regular expression for raw-text elements to cover textareas, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> </ul> <h2>DOMPurify 3.2.6</h2> <ul> <li>Fixed several typos and removed clutter from our documentation, thanks <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> <li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a href="https://github.com/kleinesfilmroellchen"><code>@kleinesfilmroellchen</code></a></li> <li>Added better config hardening against prototype pollution, thanks <a href="https://github.com/EffectRenan"><code>@EffectRenan</code></a></li> <li>Added better handling of attribute removal, thanks <a href="https://github.com/michalnieruchalski-tiugo"><code>@michalnieruchalski-tiugo</code></a></li> <li>Added better configuration for aggressive mXSS scrubbing behavior, thanks <a href="https://github.com/BryanValverdeU"><code>@BryanValverdeU</code></a></li> <li>Removed the script that caused the fake entry <a href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060">CVE-2025-48050</a></li> </ul> <h2>DOMPurify 3.2.5</h2> <ul> <li>Added a check to the mXSS detection regex to be more strict, thanks <a href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li> <li>Added ESM type imports in source, removes patch function, thanks <a href="https://github.com/donmccurdy"><code>@donmccurdy</code></a></li> <li>Added script to verify various TypeScript configurations, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Added more modern browsers to the Karma launchers list</li> <li>Added Node 23.x to tested runtimes, removed Node 17.x</li> <li>Fixed the generation of source maps, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code> using the 'g' flag, thanks <a href="https://github.com/hhk-png"><code>@hhk-png</code></a></li> <li>Fixed a few typos in the README file</li> </ul> <h2>DOMPurify 3.2.4</h2> <ul> <li>Fixed a conditional and config dependent mXSS-style <a href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a> reported by <a href="https://github.com/nsysean"><code>@nsysean</code></a></li> <li>Added a new feature to allow specific hook removal, thanks <a href="https://github.com/davecardwell"><code>@davecardwell</code></a></li> <li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports, thanks <a href="https://github.com/Aetherinox"><code>@Aetherinox</code></a></li> <li>Added better logic in case no window object is president, thanks <a href="https://github.com/yehuya"><code>@yehuya</code></a></li> <li>Updated some dependencies called out by dependabot</li> <li>Updated license files etc to show the correct year</li> </ul> <h2>DOMPurify 3.2.3</h2> <ul> <li>Fixed two conditional sanitizer bypasses discovered by <a href="https://github.com/parrot409"><code>@parrot409</code></a> and <a href="https://x.com/slonser_"><code>@Slonser</code></a></li> <li>Updated the attribute clobbering checks to prevent future bypasses, thanks <a href="https://github.com/parrot409"><code>@parrot409</code></a></li> </ul> <h2>DOMPurify 3.2.2</h2> <ul> <li>Fixed a possible bypass in case a rather specific config for custom elements is set, thanks <a href="https://github.com/yaniv-git"><code>@yaniv-git</code></a></li> <li>Fixed several minor issues with the type definitions, thanks again <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor issue with the types reference for trusted types, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor problem with the template detection regex on some systems, thanks <a href="https://github.com/svdb99"><code>@svdb99</code></a></li> </ul> <h2>DOMPurify 3.2.1</h2> <ul> <li>Fixed several minor issues with the type definitions, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a> <a href="https://github.com/ghiscoding"><code>@ghiscoding</code></a> <a href="https://github.com/asamuzaK"><code>@asamuzaK</code></a> <a href="https://github.com/MiniDigger"><code>@MiniDigger</code></a></li> <li>Fixed an issue with non-minified dist files and order of imports, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate[bot]
|
2f38953cf9 |
chore: bump up electron version to v35.7.5 [SECURITY] (#13561)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [electron](https://redirect.github.com/electron/electron) | [`35.5.1` -> `35.7.5`](https://renovatebot.com/diffs/npm/electron/35.5.1/35.7.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-55305](https://redirect.github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg) ### Impact This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. ### Workarounds There are no app side workarounds, you must update to a patched version of Electron. ### Fixed Versions * `38.0.0-beta.6` * `37.3.1` * `36.8.1` * `35.7.5` ### For more information If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org) --- ### Release Notes <details> <summary>electron/electron (electron)</summary> ### [`v35.7.5`](https://redirect.github.com/electron/electron/releases/tag/v35.7.5): electron v35.7.5 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.4...v35.7.5) ##### Release Notes for v35.7.5 > \[!WARNING] > Electron 35.x.y has reached end-of-support as per the project's [support policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy). Developers and applications are encouraged to upgrade to a newer version of Electron. ##### Fixes - Fixed an issue where `shell.openPath` was not non-blocking as expected. [#​48079](https://redirect.github.com/electron/electron/pull/48079) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/48088), [37](https://redirect.github.com/electron/electron/pull/48088), [38](https://redirect.github.com/electron/electron/pull/48088))</span> ### [`v35.7.4`](https://redirect.github.com/electron/electron/releases/tag/v35.7.4): electron v35.7.4 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.2...v35.7.4) ##### Release Notes for v35.7.4 - Fix ffmpeg generation on Windows non-x64 ### [`v35.7.2`](https://redirect.github.com/electron/electron/releases/tag/v35.7.2): electron v35.7.2 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.0...v35.7.2) ##### Release Notes for v35.7.2 ##### Fixes - Fixed an issue where printing PDFs with `webContents.print({ silent: true })` would fail. [#​47645](https://redirect.github.com/electron/electron/pull/47645) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47624), [37](https://redirect.github.com/electron/electron/pull/47397))</span> ### [`v35.7.0`](https://redirect.github.com/electron/electron/releases/tag/v35.7.0): electron v35.7.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.6.0...v35.7.0) ##### Release Notes for v35.7.0 ##### Other Changes - Updated Node.js to v22.16.0. [#​47213](https://redirect.github.com/electron/electron/pull/47213) ### [`v35.6.0`](https://redirect.github.com/electron/electron/releases/tag/v35.6.0): electron v35.6.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.5.1...v35.6.0) ##### Release Notes for v35.6.0 ##### Features - Added support for `--no-experimental-global-navigator` flag. [#​47416](https://redirect.github.com/electron/electron/pull/47416) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47417), [37](https://redirect.github.com/electron/electron/pull/47418))</span> - Added support for customizing system accent color and highlighting of active window border. [#​47539](https://redirect.github.com/electron/electron/pull/47539) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47538), [37](https://redirect.github.com/electron/electron/pull/47537))</span> ##### Fixes - Fixed a potential crash using `session.clearData` in some circumstances. [#​47410](https://redirect.github.com/electron/electron/pull/47410) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47411), [37](https://redirect.github.com/electron/electron/pull/47412))</span> - Fixed an error when importing `electron` for the first time from an ESM module loaded by a CJS module in a packaged app. [#​47344](https://redirect.github.com/electron/electron/pull/47344) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47343), [37](https://redirect.github.com/electron/electron/pull/47342))</span> - Fixed an issue where calling `Fetch.continueResponse` via debugger with `WebContentsView` could cause a crash. [#​47443](https://redirect.github.com/electron/electron/pull/47443) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47442), [37](https://redirect.github.com/electron/electron/pull/47444))</span> - Fixed an issue where utility processes could leak file handles. [#​47542](https://redirect.github.com/electron/electron/pull/47542) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47541), [37](https://redirect.github.com/electron/electron/pull/47543))</span> - Partially fixes an issue with printing a PDF via `webContents.print()` where the callback would not be called. [#​47399](https://redirect.github.com/electron/electron/pull/47399) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47400), [37](https://redirect.github.com/electron/electron/pull/47398))</span> ##### Other Changes - Backported fix for [`4206375`](https://redirect.github.com/electron/electron/commit/420637585). [#​47369](https://redirect.github.com/electron/electron/pull/47369) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
renovate[bot]
|
ebf75e4d31 |
chore: bump up apollographql/apollo-ios version to v1.23.0 (#13623)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Update | Change | |---|---|---| | [apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios) | minor | `from: "1.22.0"` -> `from: "1.23.0"` | | [apollographql/apollo-ios](https://redirect.github.com/apollographql/apollo-ios) | minor | `1.22.0` -> `1.23.0` | --- ### Release Notes <details> <summary>apollographql/apollo-ios (apollographql/apollo-ios)</summary> ### [`v1.23.0`](https://redirect.github.com/apollographql/apollo-ios/blob/HEAD/CHANGELOG.md#v1230) [Compare Source](https://redirect.github.com/apollographql/apollo-ios/compare/1.22.0...1.23.0) ##### New - **Added `requireNonOptionalMockFields` flag to `ApolloCodegenConfiguration.OutputOptions`. ([#​669](https://redirect.github.com/apollographql/apollo-ios-dev/pull/669)):** Added new flag to codegen output options to allow having non-optional fields in the test mocks if desired. *Thank you to [@​dwroth](https://redirect.github.com/dwroth) for the contribution.* ##### Improvement - **Added public initializer to `DatabaseRow`. ([#​664](https://redirect.github.com/apollographql/apollo-ios-dev/pull/664)):** Not having a public initializer on `DatabasRow` was hindering the ability to create custom `SQLiteDatabase` implementations. This solves that by adding a public initializer to `DatabaseRow`.*Thank you to [@​ChrisLaganiere](https://redirect.github.com/ChrisLaganiere) for the contribution.* ##### Fixed - **Unncessary deprecation warning in codegen options initializer. ([#​3563](https://redirect.github.com/apollographql/apollo-ios/issues/3563)):** Added `@_disfavoredOverload` to the deprecated initialized in `ApolloCodegenConfiguration` to prevent possible warnings caused by the compiler selecting a deprecated initializer versus the new/current initializer. See PR [#​682](https://redirect.github.com/apollographql/apollo-ios-dev/pull/682). *Thank you to [@​CraigSiemens](https://redirect.github.com/CraigSiemens) for raising the issue.* </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |