mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-07-15 17:16:16 +08:00
aca47445aa4353b8a922ea229fd2abcbbe517135
1418 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
aca47445aa |
feat(client): migration old package to rspack (#15068)
#### PR Dependency Tree * **PR #15068** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded Vitest across packages to 4.1.8 and bumped Tailwind PostCSS to 4.3.0 * CLI/tooling updated to support the media-capture-playground package and adjust build/dev server behavior * **Bug Fixes** * Improved workspace deletion reliability in the Electron app * **Refactor** * Simplified media capture playground build setup (build/config adjustments) * **Tests** * Made tests more robust by preserving/restoring environment state during runs <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
7123595831 |
chore: bump deps (#15059)
#### PR Dependency Tree * **PR #15059** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Configurable minimum account age before new accounts can invite members or create share links (default: 24 hours). * Sign-in now returns and caches user info for improved session handling. * **Bug Fixes** * Queue handling accepts and resolves job IDs with special characters. * Improved clipboard/rich-text caret handling and nested-list paste reliability. * Calendar tests use dynamic current-month dates. * AI search returns explicit "No matching documents" when none found. * Auth session responses are explicitly non-cacheable. * **Chores** * Dependency and toolchain bumps; admin UI config/schema exposes the new account-age setting. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
78cf402141 |
fix: handle empty results in MCP keyword_search tool (#15058)
## Description Fixes: #15038 — MCP keyword_search tool errors with "Unexpected response type" when no results are found. ### Problem When the MCP `keyword_search` tool returns no matching documents, the access control `.docs()` method may return `undefined`/`null` for an empty input array. Calling `.map()` on this value throws an error, and the MCP framework wraps it as "Unexpected response type". ### Solution Added a guard check after the permission filtering step. If the result is empty or null, the tool now returns a proper informational response instead of throwing. ### Changes - `packages/backend/server/src/plugins/copilot/mcp/provider.ts`: Added null/empty check before `docs.map()` in the keyword_search tool execute function. ### Testing - **Before**: `keyword_search` with a non-existent keyword throws "Unexpected response type" - **After**: `keyword_search` with a non-existent keyword returns `{ content: [{ type: 'text', text: 'No matching documents found.' }] }` <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Prevented errors when document data is missing, improving search stability. * Improved search feedback by displaying a clear "No matching documents found." message instead of empty results. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
ebd3e62ed9 |
fix(server): canary may missing changelog (#15061)
fix #15027 #### PR Dependency Tree * **PR #15061** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved handling of missing release notes during upgrade checks. The changelog field now defaults to an empty value when release information is unavailable. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
ce9841df9d |
feat(server): passkey pre-refactor (#15060)
#### PR Dependency Tree * **PR #15060** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * OpenApp native sign-in and native session exchange (JWT) for mobile & desktop. * Centralized short-lived auth challenge store for one-time tokens. * Encrypted per-endpoint token storage and native token handlers (Android, iOS, Electron). * **Improvements** * Richer auth-method reporting (password, magic link, OAuth, passkey) and improved sign-in flows. * Hardened magic-link, OAuth, and session issuance; JWT-backed sessions and websocket JWT support. * UX tweaks: form-based password submit, OTP autocomplete, adjusted captcha flow. * **Bug Fixes** * Expanded tests and auth-state resets to avoid cross-test leakage. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
b05c387f96 |
fix(server): mail test & retry (#15044)
#### PR Dependency Tree * **PR #15044** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Stop sending notifications to disabled users; skip member invites when workspace names contain URLs/domains * Improve mail retry handling (per-recipient exhaustion, expiry, and cache cleanup) * Make many email headers/lead lines more generic and consistent * Fail-safe workspace content parsing to avoid crashes * **New Features** * 24-hour signup protection for sharing, invites, and invite-link creation * Job-queue: remove jobs by payload predicate * **Tests** * Expanded tests for mail jobs, SMTP hostname handling, payment checkout, job-queue removal, and abuse-detection utilities * Updated test fixtures to set createdAt timestamps for new users * **Chores** * Added required name input for test-email mutation * Database flush retry with deadlock detection/backoff <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15044?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
2bd920fea6 |
chore: bump up @inquirer/prompts version to v8 (#15025)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@inquirer/prompts](https://redirect.github.com/SBoudrias/Inquirer.js/blob/main/packages/prompts/README.md) ([source](https://redirect.github.com/SBoudrias/Inquirer.js)) | [`^7.10.1` → `^8.0.0`](https://renovatebot.com/diffs/npm/@inquirer%2fprompts/7.10.1/8.5.0) |  |  | --- ### Release Notes <details> <summary>SBoudrias/Inquirer.js (@​inquirer/prompts)</summary> ### [`v8.5.0`](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.3...5ca6d1101d5d3f8fb066cd5b389bccfdafbbe0c0) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.3...@inquirer/prompts@8.5.0) ### [`v8.4.3`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.3) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.2...@inquirer/prompts@8.4.3) - Fix: Windows rendering bug - Fix: Preserve exact literal types in `choices` array (Typescript only) - Fix: Allow input `default` value to be of type `undefined` (Typescript only) - Bump dependencies ### [`v8.4.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.2) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.1...@inquirer/prompts@8.4.2) - Fix: some Windows terminals would freeze and not react to keypresses. ### [`v8.4.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.1) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.0...@inquirer/prompts@8.4.1) - Improve `expand` prompt type inferrence. ### [`v8.4.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.0) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.2...@inquirer/prompts@8.4.0) - Feat: Added a loading message while validating editor prompt input. - Type improvement: Better type inference with checkbox, search and expand prompts. - Fix: `editor` prompt not always properly handling editor path on windows. ### [`v8.3.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.2) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.1...@inquirer/prompts@8.3.2) - Fix broken 8.3.1 release process. ### [`v8.3.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.1) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.0...@inquirer/prompts@8.3.1) - Bump dependencies ### [`v8.3.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.0) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.1...@inquirer/prompts@8.3.0) - Fix: Keypresses happening before a prompt is rendered are now ignored. - Fix (checkbox): Element who're both checked and disabled are now always included in the returned array. - Feat (select/checkbox): Cursor will now hover disabled options of the list; but they still cannot be interacted with. This prevents the cursor jumping ahead in ways that can be confusing. - Feat: various new theme options to make all prompts content localizable. Finally, see our new [`@inquirer/i18n` package](https://redirect.github.com/SBoudrias/Inquirer.js/tree/main/packages/i18n)! ### [`v8.2.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.2.1) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.0...@inquirer/prompts@8.2.1) - chore: Switch `wrap-ansi` with `fast-wrap-ansi` ### [`v8.2.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.2.0) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.1.0...@inquirer/prompts@8.2.0) - feat(`search`): Add support for `default`. - feat(`rawlist`): Add support for `description` of choices. That information is displayed under the list when the choice is highlighted. - Bump dependencies ### [`v8.1.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.1.0) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.2...@inquirer/prompts@8.1.0) - Feat: `rawlist` now supports `default` option. - Fix: `select` now infer return type properly when passing a `choices` array of string literals. ### [`v8.0.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.0.2) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.1...@inquirer/prompts@8.0.2) - Fix Typescript not discovering types when `moduleResolution` is set to `commonjs` (you probably want to fix that in your project if it's still in your tsconfig) ### [`v8.0.1`](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.0...@inquirer/prompts@8.0.1) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.0...@inquirer/prompts@8.0.1) ### [`v8.0.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.0.0) [Compare Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@7.10.1...@inquirer/prompts@8.0.0) ### Release Notes #### 🚨 Breaking Changes This is a major release that modernizes the codebase for Node.js ≥ 20. ##### ESM Only - No More CommonJS Support **Impact:** All packages are now ESM-only. CommonJS imports are no longer supported. If you're on modern Node versions (≥ 20), this should be transparent and have no impact. ##### Node.js Version Requirement **Minimum Node.js version is now 20.x** Node.js versions below 20 are no longer supported. Please upgrade to Node.js 20 or later. Node min versions: `>=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0` ##### Deprecated APIs Removed The following deprecated APIs have been removed after being deprecated in previous releases: ##### `list` prompt alias removed (affects `inquirer` package only) The `list` alias has been removed from the `inquirer` package. This only impacts users of the legacy `inquirer` package, not users of `@inquirer/prompts` or individual prompt packages. ```js // ❌ No longer available (inquirer package only) import inquirer from 'inquirer'; const answer = await inquirer.prompt([ { type: 'list', name: 'choice', message: 'Pick one:', choices: ['a', 'b'] } ]); // ✅ Use 'select' instead import inquirer from 'inquirer'; const answer = await inquirer.prompt([ { type: 'select', name: 'choice', message: 'Pick one:', choices: ['a', 'b'] } ]); ``` ##### `helpMode` theme property removed ```js // ❌ No longer available const answer = await select({ theme: { helpMode: 'never' } }); // ✅ Use theme.style.keysHelpTip instead const answer = await select({ theme: { style: { keysHelpTip: () => undefined // or your custom styling function } } }); ``` This affects the following prompts: - `@inquirer/checkbox` - `@inquirer/search` - `@inquirer/select` ##### `instructions` config property removed ```js // ❌ No longer available const answer = await checkbox({ instructions: 'Custom instructions' }); // ✅ Use theme.style.keysHelpTip instead const answer = await checkbox({ theme: { style: { keysHelpTip: (text) => 'Custom instructions' } } }); ``` This affects the following prompts: - `@inquirer/checkbox` - `@inquirer/search` - `@inquirer/select` ##### `cancel()` method removed The `cancel()` method on prompt return custom `Promise` has been removed. ```js // ❌ No longer available const answerPromise = input({ message: 'Name?' }); answerPromise.cancel(); const answer = await answerPromise; // ✅ Use AbortSignal instead const controller = new AbortController(); const answer = await input( { message: 'Name?' }, { signal: controller.signal } ); controller.abort(); ``` ##### Color Library Change: yoctocolors → Node.js `styleText` **Internal change:** The project now uses Node.js built-in `util.styleText()` instead of the `yoctocolors` package for terminal colors. This makes Inquirer smaller and reduces risks of vulnerabilities coming from transitive dependencies. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
b3b9c54a89 |
chore: bump up @types/nodemailer version to v8 (#15026)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@types/nodemailer](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/nodemailer) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer)) | [`^7.0.0` → `^8.0.0`](https://renovatebot.com/diffs/npm/@types%2fnodemailer/7.0.9/8.0.0) |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
1d08e1d8c0 |
fix(server): dirty data handle (#15034)
#### PR Dependency Tree * **PR #15034** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Consolidated subscription visibility and “active” selection logic so all subscription queries use a shared, consistent filter across the platform. * **Tests** * Added a test to ensure expired subscriptions are excluded from active subscription results. * Updated test fixtures to differentiate expired, unexpired, and onetime subscriptions for more accurate coverage. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15034?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
6d1172ba44 | chore: bump deps | ||
|
|
2aa56cbccd | chore: bump toolchain & fix lint | ||
|
|
3098b3b14b |
feat(server): bump models (#15013)
#### PR Dependency Tree * **PR #15013** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Expanded AI capabilities with the addition of Gemini 3.5 Flash model, providing enhanced options for AI-powered features. * **Updates** * Updated Claude Sonnet to the latest version for improved performance. * Refreshed pro models configuration with optimized selections. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15013?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
dd1cd77ca0 |
chore(server): improve migration compatibility (#15014)
#### PR Dependency Tree * **PR #15014** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Remove orphaned legacy subscription and entitlement records during backfill. * Repair workspaces missing active owners by promoting eligible members and cleaning up empty workspaces. * Skip cloud subscription backfill when target user/workspace no longer exists to avoid dangling data. * **Tests** * Added tests verifying legacy data cleanup during backfill. * Added tests verifying workspace ownership repair and migration behavior. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15014?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
1f2119e273 | fix: migration timeout | ||
|
|
9f33d37add | feat(core): integrate realtime features (#15003) | ||
|
|
c53457691d |
feat(server): entitlement based model (#14996)
#### PR Dependency Tree * **PR #14996** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Admin mutations to grant/revoke commercial entitlements. * New Doc comment-update permission. * Realtime user/workspace quota-state endpoints and live-update rooms. * **Bug Fixes** * More accurate readable-doc filtering and permission evaluation. * **Refactor** * Workspace feature management moved to entitlement-based model; permission and quota pipelines redesigned. * Admin workspace UI now edits flags only (feature toggles removed). * **Tests** * Extensive new and updated tests for permissions, entitlements, quota, projection, and backfills. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14996?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
3416de1e4d |
fix(server): missing root cert (#14970)
#### PR Dependency Tree * **PR #14970** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated TLS library dependencies with pinned version constraints across multiple packages * Removed `tls-rustls` feature from sqlx configurations in backend and frontend packages * Removed unused `sqlx` dependency from mobile native package * Refined HTTPS client configuration with embedded certificate roots and added validation test <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14970) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
c8cdc488db |
feat(server): entitlement primitive (#14964)
#### PR Dependency Tree * **PR #14964** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added entitlement resolution to validate licenses and derive plan, quotas, expiry and flags. * Introduced persistent quota/entitlement state for users and workspaces with legacy sync behavior. * Real-time quota-state operations and change events for monitoring usage. * **Chores** * Updated workspace dependencies to add cryptography/hash crates. * **Tests** * Added native entitlement tests covering validation, quantity handling, and signature/expiry cases. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14964) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
f626dbd590 |
fix(server): realtime loading (#14959)
#### PR Dependency Tree * **PR #14959** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Rewired realtime and copilot services to require their runtime dependencies, improving reliability and removing nullable/optional runtime paths. * **Tests** * Centralized service creation in tests with helper factories and added checks ensuring realtime dependency injection is configured as expected. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14959) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
4b4def3a11 |
feat(server): gemini embedding 2 support (#14956)
#### PR Dependency Tree * **PR #14956** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Bug Fixes** * Improved Gemini Vertex provider configuration validation logic for enhanced reliability. * Refined Google Vertex publisher base URL construction handling. * **Tests** * Added test coverage for Gemini Embedding 2 model resolution. * Added test coverage for Gemini Vertex provider Google Cloud integration. <!-- review_stack_entry_start --> [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14956) <!-- review_stack_entry_end --> <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
659072183c | chore: bump deps | ||
|
|
322f2ba986 | fix(server): migrate old tables (#14954) | ||
|
|
f19a922793 |
chore: bump up @opentelemetry/sdk-node version to ^0.217.0 [SECURITY] (#14945)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.215.0` → `^0.217.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.215.0/0.217.0) |  |  | --- ### Prometheus exporter process crash via malformed HTTP request [CVE-2026-44902](https://nvd.nist.gov/vuln/detail/CVE-2026-44902) / [GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3) <details> <summary>More information</summary> #### Details ##### Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default `0.0.0.0:9464`) has no error handling around URL parsing, so a request with an invalid URI causes an uncaught `TypeError` that terminates the process. **You are affected by this vulnerability if either of the following apply to your application:** * you directly use `@opentelemetry/exporter-prometheus` in your code through its built-in server. * your `OTEL_METRICS_EXPORTER` environment variable includes `prometheus` **AND** * you use `@opentelemetry/sdk-node` * you use `@opentelemetry/auto-instrumentations-node` via `--require @​opentelemetry/auto-instrumentations-node/register`/`--import @​opentelemetry/auto-instrumentations-node/register` ##### Impact **Denial of service.** Any application using the OpenTelemetry Prometheus exporter’s built-in server can be crashed by a single unauthenticated network packet sent to the metrics port. No authentication, special privileges, or prior access is required. ##### Remediation ##### Update to the fixed version Update `@opentelemetry/exporter-prometheus` and `@opentelemetry/sdk-node` to version **0.217.0** or later. Update `@opentelemetry/auto-instrumentations-node` to version **0.75.0** or later. This release adds proper error handling around the URL constructor, returning an HTTP `400` response on parse failure rather than allowing the exception to propagate and crash the process. ``` npm install @​opentelemetry/exporter-prometheus@latest ``` ##### Do Not Expose the Endpoint to Untrusted Users > [!IMPORTANT] > The following mitigations reduce exposure but do not fully remediate the vulnerability. Any client that *can* reach the metrics endpoint - including your own Prometheus scraper host if compromised - could still trigger the crash. Updating to **0.217.0** is the recommended resolution. If updating is not immediately feasible, restrict access to the metrics endpoint so that it is not reachable by untrusted or unauthenticated network clients. For example: * **Bind to localhost only** by setting the `host` option to `127.0.0.1` when configuring the `PrometheusExporter`, so the port is not exposed on public or shared network interfaces * **Use a firewall or network policy** to restrict access to port `9464` (or whichever port you have configured) to only trusted Prometheus scrape hosts * **Place the endpoint behind a reverse proxy** that filters or validates incoming requests before they reach the exporter ##### Details In `PrometheusExporter.ts`, the `_requestHandler` calls `new URL(request.url, this._baseUrl)` without any error handling. Node's HTTP parser accepts absolute-form URIs (e.g. `http://`) for proxy compatibility, including malformed ones. When `request.url` is `"http://"`, the `URL` constructor throws `TypeError: Invalid URL`. Since there is no try-catch in the handler, the exception propagates as an uncaught exception and crashes the process. The Prometheus metrics endpoint is unauthenticated by design (Prometheus scrapes it) and binds to `0.0.0.0` by default, meaning it is reachable by any network client that can connect to the metrics port. ##### Proof of Concept Start any Node.js application with the Prometheus exporter running on the default port `9464`, then send a single raw TCP packet: ``` echo -ne 'GET http:// HTTP/1.1\r\nHost: localhost\r\n\r\n' | nc localhost 9464 ``` The process crashes immediately with: ``` TypeError: Invalid URL at new URL (...) at PrometheusExporter._requestHandler (...) ``` #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` #### References - [https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3) - [https://github.com/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-js (@​opentelemetry/sdk-node)</summary> ### [`v0.217.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c) ### [`v0.216.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
a1d150a748 |
fix(server): realtime module not loaded (#14952)
#### PR Dependency Tree * **PR #14952** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Optimized workspace invite link fetching by separating it from general workspace configuration queries for improved performance. * Reorganized transcription-related backend modules to better separate concerns and enable real-time functionality. * **Chores** * Updated generated GraphQL types and iOS query definitions to reflect API changes. [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14952) <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
ac6d0d35af |
chore: bump up @opentelemetry/exporter-prometheus version to ^0.217.0 [SECURITY] (#14944)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.215.0` → `^0.217.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.215.0/0.217.0) |  |  | --- ### Prometheus exporter process crash via malformed HTTP request [CVE-2026-44902](https://nvd.nist.gov/vuln/detail/CVE-2026-44902) / [GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3) <details> <summary>More information</summary> #### Details ##### Summary A single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default `0.0.0.0:9464`) has no error handling around URL parsing, so a request with an invalid URI causes an uncaught `TypeError` that terminates the process. **You are affected by this vulnerability if either of the following apply to your application:** * you directly use `@opentelemetry/exporter-prometheus` in your code through its built-in server. * your `OTEL_METRICS_EXPORTER` environment variable includes `prometheus` **AND** * you use `@opentelemetry/sdk-node` * you use `@opentelemetry/auto-instrumentations-node` via `--require @​opentelemetry/auto-instrumentations-node/register`/`--import @​opentelemetry/auto-instrumentations-node/register` ##### Impact **Denial of service.** Any application using the OpenTelemetry Prometheus exporter’s built-in server can be crashed by a single unauthenticated network packet sent to the metrics port. No authentication, special privileges, or prior access is required. ##### Remediation ##### Update to the fixed version Update `@opentelemetry/exporter-prometheus` and `@opentelemetry/sdk-node` to version **0.217.0** or later. Update `@opentelemetry/auto-instrumentations-node` to version **0.75.0** or later. This release adds proper error handling around the URL constructor, returning an HTTP `400` response on parse failure rather than allowing the exception to propagate and crash the process. ``` npm install @​opentelemetry/exporter-prometheus@latest ``` ##### Do Not Expose the Endpoint to Untrusted Users > [!IMPORTANT] > The following mitigations reduce exposure but do not fully remediate the vulnerability. Any client that *can* reach the metrics endpoint - including your own Prometheus scraper host if compromised - could still trigger the crash. Updating to **0.217.0** is the recommended resolution. If updating is not immediately feasible, restrict access to the metrics endpoint so that it is not reachable by untrusted or unauthenticated network clients. For example: * **Bind to localhost only** by setting the `host` option to `127.0.0.1` when configuring the `PrometheusExporter`, so the port is not exposed on public or shared network interfaces * **Use a firewall or network policy** to restrict access to port `9464` (or whichever port you have configured) to only trusted Prometheus scrape hosts * **Place the endpoint behind a reverse proxy** that filters or validates incoming requests before they reach the exporter ##### Details In `PrometheusExporter.ts`, the `_requestHandler` calls `new URL(request.url, this._baseUrl)` without any error handling. Node's HTTP parser accepts absolute-form URIs (e.g. `http://`) for proxy compatibility, including malformed ones. When `request.url` is `"http://"`, the `URL` constructor throws `TypeError: Invalid URL`. Since there is no try-catch in the handler, the exception propagates as an uncaught exception and crashes the process. The Prometheus metrics endpoint is unauthenticated by design (Prometheus scrapes it) and binds to `0.0.0.0` by default, meaning it is reachable by any network client that can connect to the metrics port. ##### Proof of Concept Start any Node.js application with the Prometheus exporter running on the default port `9464`, then send a single raw TCP packet: ``` echo -ne 'GET http:// HTTP/1.1\r\nHost: localhost\r\n\r\n' | nc localhost 9464 ``` The process crashes immediately with: ``` TypeError: Invalid URL at new URL (...) at PrometheusExporter._requestHandler (...) ``` #### Severity - CVSS Score: 7.5 / 10 (High) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` #### References - [https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3) - [https://github.com/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-js (@​opentelemetry/exporter-prometheus)</summary> ### [`v0.217.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c) ### [`v0.216.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
db0ff0a9df |
feat(core): migrate more pull to realtime (#14936)
#### PR Dependency Tree * **PR #14936** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Consolidated realtime subscription patterns for consistent, more reliable live updates across comments, notifications, transcription tasks, and embedding progress. * Standardized realtime room naming and subscription keys for deterministic delivery. * **New Features** * Introduced a reusable live-query mechanism powering realtime snapshot + event workflows used by comments, notifications, transcript tasks, and embedding progress. * **Tests** * Added tests covering live-query behavior and deterministic subscription key generation. [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14936) <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
8cf00738c2 |
feat(server): realtime notification & task status (#14934)
#### PR Dependency Tree * **PR #14934** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Full realtime platform added: live notifications, comments, embedding progress, and transcription task updates via realtime subscriptions. * **Chores** * Frontend switched from polling/GraphQL queries to realtime channels; legacy query fields marked deprecated and client libs updated to use realtime APIs. [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14934) <!-- end of auto-generated comment: release notes by coderabbit.ai --> #### PR Dependency Tree * **PR #14934** 👈 * **PR #14936** This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) |
||
|
|
417d31cabe |
fix(core): ui state (#14933)
#### PR Dependency Tree * **PR #14933** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added draft tab option to AI chat interface * Introduced "Current document" session history view in chat history popover * Added control to show/hide "New Chat" button * **Improvements** * Enhanced chat history preservation when switching between sessions * Prevented duplicate session creation requests * Improved message handling during session transitions and generation [](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14933) <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
fcc45a3f44 |
fix(server): caldav compatibility (#14930)
fix #14411 fix #14909 Some CalDAV servers do not implement standard responses; add compatibility for these servers. #### PR Dependency Tree * **PR #14930** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved CalDAV discovery error handling to gracefully fall back when the server returns certain error statuses. * **New Features** * CalDAV account linking now returns the number of discovered calendars associated with the account. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
bcbde16c04 | feat(server): native safe fetch (#14931) | ||
|
|
32a94d68dc | chore: add utils | ||
|
|
eb9cc22502 | feat(server): refactor for byok (#14911) | ||
|
|
1ad088398f | fix(server): test & schema | ||
|
|
fa66139230 |
feat(server): add flag for calendar enable (#14896)
#### PR Dependency Tree * **PR #14896** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Added configuration option to manage Google Calendar account linking access. Administrators can now disable new account connections to control calendar service integrations. When disabled, the Google provider is hidden from available options and new linking attempts are blocked, while existing accounts remain fully functional. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
027d163921 |
fix(server): add embedding table repair (#14895)
fix #14894 #### PR Dependency Tree * **PR #14895** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Improved database initialization for self-hosted deployments with automatic creation and repair of embedding tables and indexes, applied only when related base tables and extensions are present. * Updated pre-deploy process to run Prisma migrations, perform embedding-table maintenance, and execute additional data migrations as part of setup. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
e90e3e537c | fix(server): lint | ||
|
|
d64f368623 |
feat(server): refactor copilot (#14892)
#### PR Dependency Tree * **PR #14892** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) |
||
|
|
fa8f1a096c |
fix(server): allow custom R2 jurisdictional endpoint (#14848)
## Summary This PR fixes `cloudflare-r2` storage configuration so jurisdictional R2 endpoints (for example EU buckets) work correctly. Closes #14847 ## Problem `cloudflare-r2` currently ignores `config.endpoint` and always uses: `https://<accountId>.r2.cloudflarestorage.com` That breaks uploads for jurisdictional buckets that require endpoints like: `https://<accountId>.eu.r2.cloudflarestorage.com` ## Changes - Updated `R2StorageProvider` endpoint resolution: - use `config.endpoint` when provided - otherwise fall back to `https://${accountId}.r2.cloudflarestorage.com` - Kept `forcePathStyle: true` behavior unchanged - Updated validation to require `accountId` **or** `endpoint` - Improved storage schema descriptions to mention jurisdiction endpoints - Added focused unit tests for: - default account endpoint behavior - custom jurisdiction endpoint behavior ## Backward Compatibility - Existing R2 configs that only provide `accountId` continue to work exactly as before. - New behavior only applies when a custom `config.endpoint` is explicitly set. ## Tests - Added: `packages/backend/server/src/base/storage/__tests__/r2.spec.ts` - Verifies both default and custom endpoint selection paths. _Disclaimer: parts of this PR were implemented with AI assistance._ <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Cloudflare R2 config adds an optional "jurisdiction" (EU) option and consistent endpoint derivation for S3-compatible providers. * **Documentation** * Storage configuration schemas clarified: S3 endpoint is optional/derived from region; R2 endpoint removed from schema and jurisdiction documented. * **Tests** * Added tests validating R2 endpoint selection for default, EU-jurisdiction, undefined-jurisdiction, and missing-account scenarios. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com> |
||
|
|
0ccfacbc29 | feat(docs): migrate bs docs | ||
|
|
cc79fa3c6d |
chore: bump up opentelemetry (#14844)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@opentelemetry/api](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/api) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`1.9.0` → `1.9.1`](https://renovatebot.com/diffs/npm/@opentelemetry%2fapi/1.9.0/1.9.1) |  |  | | [@opentelemetry/core](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-core) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`2.6.0` → `2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fcore/2.6.0/2.7.0) |  |  | | [@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.213.0` → `^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.213.0/0.215.0) |  |  | | [@opentelemetry/exporter-zipkin](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-exporter-zipkin) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`2.6.0` → `2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-zipkin/2.6.0/2.7.0) |  |  | | [@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.213.0` → `^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.213.0/0.215.0) |  |  | | [@opentelemetry/instrumentation-graphql](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-graphql#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-graphql)) | [`^0.61.0` → `^0.63.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-graphql/0.61.0/0.63.0) |  |  | | [@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.213.0` → `^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.213.0/0.215.0) |  |  | | [@opentelemetry/instrumentation-ioredis](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-ioredis#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-ioredis)) | [`^0.61.0` → `^0.63.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-ioredis/0.61.0/0.63.0) |  |  | | [@opentelemetry/instrumentation-nestjs-core](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-nestjs-core#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-nestjs-core)) | [`^0.59.0` → `^0.61.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-nestjs-core/0.59.0/0.61.0) |  |  | | [@opentelemetry/instrumentation-socket.io](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-socket.io#readme) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-socket.io)) | [`^0.60.0` → `^0.62.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-socket.io/0.60.0/0.62.0) |  |  | | [@opentelemetry/resources](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-resources) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`2.6.0` → `2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fresources/2.6.0/2.7.0) |  |  | | [@opentelemetry/sdk-metrics](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/sdk-metrics) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`2.6.0` → `2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-metrics/2.6.0/2.7.0) |  |  | | [@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`^0.213.0` → `^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.213.0/0.215.0) |  |  | | [@opentelemetry/sdk-trace-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-sdk-trace-node) ([source](https://redirect.github.com/open-telemetry/opentelemetry-js)) | [`2.6.0` → `2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-trace-node/2.6.0/2.7.0) |  |  | --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-js (@​opentelemetry/api)</summary> ### [`v1.9.1`](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/HEAD/CHANGELOG.md#191) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/v1.9.0...v1.9.1) ##### 🐛 (Bug Fix) - fix: avoid grpc types dependency [#​3551](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3551) [@​flarna](https://redirect.github.com/flarna) - fix(otlp-proto-exporter-base): Match Accept header with Content-Type in the proto exporter [#​3562](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3562) [@​scheler](https://redirect.github.com/scheler) - fix: include tracestate in export [#​3569](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3569) [@​flarna](https://redirect.github.com/flarna) ##### 🏠 (Internal) - chore: fix cross project links and missing implicitly exported types [#​3533](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3533) [@​legendecas](https://redirect.github.com/legendecas) - feat(sdk-metrics): add exponential histogram mapping functions [#​3504](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3504) [@​mwear](https://redirect.github.com/mwear) </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-graphql)</summary> ### [`v0.63.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0630-2026-04-17) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479)) ([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8)) ### [`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0620-2026-03-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450)) ([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b)) </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-ioredis)</summary> ### [`v0.63.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0630-2026-04-17) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479)) ([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8)) ##### Bug Fixes - **redis-common:** expand redaction to include ACL, CONFIG, PSETEX, GETSET ([#​3472](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3472)) ([39193ca](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/39193cac4124eedc9e8fa5ae16ba960b5ab7a36b)) ##### Dependencies - The following workspace dependencies were updated - dependencies - [@​opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common) bumped from ^0.38.2 to ^0.38.3 - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.61.0 to ^0.62.0 ### [`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0620-2026-03-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450)) ([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.60.0 to ^0.61.0 </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-nestjs-core)</summary> ### [`v0.61.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0610-2026-04-17) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479)) ([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8)) ### [`v0.60.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0600-2026-03-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450)) ([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b)) </details> <details> <summary>open-telemetry/opentelemetry-js-contrib (@​opentelemetry/instrumentation-socket.io)</summary> ### [`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0620-2026-04-17) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479)) ([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.61.0 to ^0.62.0 ### [`v0.61.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0610-2026-03-25) [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4) ##### Features - **deps:** update deps matching '@​opentelemetry/\*' ([#​3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450)) ([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b)) ##### Dependencies - The following workspace dependencies were updated - devDependencies - [@​opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils) bumped from ^0.60.0 to ^0.61.0 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
|
a109f069b0 | chore: bump deps | ||
|
|
c6a99eb9cb |
chore: bump deps (#14810)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated developer tooling dependencies used for local testing to newer patch versions for improved stability. * Bumped backend framework and related packages to newer patch releases to address fixes and maintain compatibility. * No functional or public API changes; updates are non-breaking dependency version bumps. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
5806ad8a3a |
fix(server): online and storage statistics (#14792)
#### PR Dependency Tree * **PR #14792** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Admin dashboard returns more accurate sync and storage timelines with carry‑forwarded minute buckets and corrected current totals. * **Bug Fixes** * Active-user flushes are debounced/scheduled to prevent overlapping writes and reduce stale counts. * Snapshot writes now retry and will skip gracefully when lock contention prevents completion, avoiding partial snapshots. * **Tests** * New e2e tests cover carry‑forward behavior, no backfill outside requested windows, and storage history accuracy. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
193ec14ad3 | feat(server): synthetic root doc (#14794) | ||
|
|
fc5329a1be |
fix(server): skip watch for external cal (#14788)
#### PR Dependency Tree * **PR #14788** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Calendar subscriptions now gracefully fall back to polling when push notifications aren’t supported, keeping syncs working. * Affected subscriptions have webhook details cleared and are marked with a long-lived expiration to avoid repeated webhook attempts. * Prevents repeated retries for unsupported push channels, reducing unnecessary errors and retries. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
ffc27af3ba |
fix(server): update version check (#14784)
fix #14780 #### PR Dependency Tree * **PR #14784** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Bug Fixes** * Improved upgrade availability detection to properly compare semantic versions, including support for prerelease and canary versions. The system now accurately identifies when new versions are available, ensuring users receive timely update notifications. * **Tests** * Added comprehensive unit tests for version comparison and upgrade detection functionality. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
d975bf46fb |
feat(server): improve calendar sync queue (#14783)
#### PR Dependency Tree * **PR #14783** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Configurable request timeout for calendar integrations. * Calendar polling now enqueues per-subscription sync jobs (larger batch) for improved throughput. * **Bug Fixes / Improvements** * Persisted next-sync timestamps and retry counts for more reliable scheduling and retry behavior. * Exponential backoff and webhook renewal now update scheduling consistently. * **Refactor** * Calendar sync flow moved to a job-queue-driven design for better concurrency and observability. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
5a6c65085a |
feat(mobile): adapt new endpoint (#14778)
#### PR Dependency Tree * **PR #14778** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) |
||
|
|
4be0cba9b5 |
chore(server): db health check (#14779)
#### PR Dependency Tree * **PR #14779** 👈 This tree was auto-generated by [Charcoal](https://github.com/danerwilliams/charcoal) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Added conditional init checks to service deployments and jobs to wait for the database proxy before starting * Exposed a new health port (9801) for the database proxy to enable readiness probing * **Tests** * Minor test reordering and formatting changes (no behavioral changes) <!-- end of auto-generated comment: release notes by coderabbit.ai --> |
||
|
|
d3ec008b0c |
chore: bump deps (#14777)
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Migration and config commands now feature interactive prompts for required inputs. * **Bug Fixes** * Enhanced error handling in CLI operations. * **Chores** * Updated GraphQL Code Generator toolchain to v6. <!-- end of auto-generated comment: release notes by coderabbit.ai --> |