pengx17
|
d2b482bcb2
|
fix(electron): incorrect path to root dir (#8220)
|
2024-09-12 09:00:18 +00:00 |
|
renovate
|
23c7f8b01d
|
chore: bump up express version to v4.20.0 [SECURITY] (#8205)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [express](http://expressjs.com/) ([source](https://redirect.github.com/expressjs/express)) | [`4.19.2` -> `4.20.0`](https://renovatebot.com/diffs/npm/express/4.19.2/4.20.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) |
### GitHub Vulnerability Alerts
#### [CVE-2024-43796](https://redirect.github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx)
### Impact
In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code
### Patches
this issue is patched in express 4.20.0
### Workarounds
users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist
### Details
successful exploitation of this vector requires the following:
1. The attacker MUST control the input to response.redirect()
1. express MUST NOT redirect before the template appears
1. the browser MUST NOT complete redirection before:
1. the user MUST click on the link in the template
---
### Release Notes
<details>
<summary>expressjs/express (express)</summary>
### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10)
[Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0)
\==========
- deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
- deps: send@0.19.0
- Remove link renderization in html while redirecting
- deps: body-parser@0.6.0
- add `depth` option to customize the depth level in the parser
- IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
- Remove link renderization in html while using `res.redirect`
- deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
- deps: encodeurl@~2.0.0
- Removes encoding of `\`, `|`, and `^` to align better with URL spec
- Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
|
2024-09-12 08:43:05 +00:00 |
|
fundon
|
8a9d9b42a3
|
feat(core): support block links on cmdk (#8192)
Upstreams: https://github.com/toeverything/blocksuite/pull/8260
Closes: [BS-1323](https://linear.app/affine-design/issue/BS-1323/粘贴-link-to-block-到-link-弹窗,不符合预期)
|
2024-09-12 08:25:28 +00:00 |
|
JimmFly
|
2cba8a4ccd
|
fix(core): title could not be changed when creating a new doc (#8203)
Before change, the title could not be modified from outside the editor without refreshing:
https://github.com/user-attachments/assets/536acba1-4e31-418a-bc1a-8578e3128bba
after:
https://github.com/user-attachments/assets/30a4b270-b8b1-4787-acef-0ab2a72a8f74
|
2024-09-12 07:55:23 +00:00 |
|
EYHN
|
cc5a6e6d40
|
refactor: new project struct (#8199)
packages/frontend/web -> packages/frontend/apps/web
packages/frontend/mobile -> packages/frontend/apps/mobile
packages/frontend/electron -> packages/frontend/apps/electron
|
2024-09-12 07:42:57 +00:00 |
|
L-Sun
|
7c4eab6cd3
|
fix(core): add edit entry for mobile edition (#8173)
|
2024-09-12 06:48:22 +00:00 |
|
JimmFly
|
8e71815e46
|
fix(component): windows client does not have app controls on some pages (#8176)
close AF-1266
|
2024-09-12 06:35:55 +00:00 |
|
EYHN
|
3999b04cf1
|
feat(core): download template from snapshot url (#8211)
|
2024-09-12 06:21:52 +00:00 |
|
zzj3720
|
aad7b90859
|
feat(core): add database full-width feature flag (#8210)
|
2024-09-12 05:14:13 +00:00 |
|
akumatus
|
456aa047cb
|
fix: missing font in text preview of editor settings (#8213)
Close issue [BS-1394](https://linear.app/affine-design/issue/BS-1394).
Add `FontConfigExtension` to `edgeless:preview` spec.
|
2024-09-12 04:40:17 +00:00 |
|
doouding
|
393dcfec78
|
feat: bump bs (#8212)
https://github.com/toeverything/blocksuite/pull/8311
|
2024-09-12 04:28:14 +00:00 |
|
pengx17
|
24bf1beac8
|
fix(electron): devtools open in detach mode (#8200)
fix AF-1380
|
2024-09-12 03:20:19 +00:00 |
|
CatsJuice
|
8bf0458ef4
|
fix(mobile): remove all focus style for link and button (#8208)
|
2024-09-12 03:07:31 +00:00 |
|
Saul-Mirone
|
ba81b1a9ca
|
chore: bump bs (#8204)
|
2024-09-11 12:04:26 +00:00 |
|
fundon
|
b74dd1c92e
|
feat(core): support block links on Bi-Directional Links (#8169)
Clsoes [AF-1348](https://linear.app/affine-design/issue/AF-1348/修复-bi-directional-links-里面的链接地址)
* Links to the current document should be ignored on `Backlinks`
* Links to the current document should be ignored on `Outgoing links`
https://github.com/user-attachments/assets/dbc43cea-5aca-4c6f-886a-356e3a91c1f1
|
2024-09-11 11:08:12 +00:00 |
|
CatsJuice
|
b7d05d2078
|
feat(core): new empty states for doc/collection/tag (#8197)
AF-1329, AF-1330
|
2024-09-11 10:48:52 +00:00 |
|
akumatus
|
f12655655e
|
feat: add mindmap and connector settings (#8198)
### What changed?
- Add `connector` label settings.
- Add `mindmap` style settings.
- Add skeleton loading placeholder.
<div class='graphite__hidden'>
<div>🎥 Video uploaded on Graphite:</div>
<a href="https://app.graphite.dev/media/video/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">
<img src="https://app.graphite.dev/api/v1/graphite/video/thumbnail/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">
</a>
</div>
<video src="https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">录屏2024-09-11 16.30.17.mov</video>
|
2024-09-11 09:17:11 +00:00 |
|
EYHN
|
85aa73bcf6
|
fix(core): disconnect ws when user logout (#8188)
|
2024-09-11 07:55:42 +00:00 |
|
EYHN
|
d93c3b3719
|
feat(core): user data db (#7930)
|
2024-09-11 07:55:37 +00:00 |
|
EYHN
|
498a69af53
|
feat(core): move enable ai to feature flag (#8195)
|
2024-09-11 07:42:07 +00:00 |
|
EYHN
|
8c191e6baa
|
feat(core): preview template & snapshot import (#8193)
|
2024-09-11 07:11:33 +00:00 |
|
doouding
|
52d9569f47
|
feat: add mind map import feature flag (#8196)
|
2024-09-11 06:27:47 +00:00 |
|
EYHN
|
f009371e06
|
fix(core): fix menu shaking (#8187)
|
2024-09-11 03:42:13 +00:00 |
|
forehalo
|
7a546ff8a1
|
feat(core): add auth metrics (#8194)
close AF-849
|
2024-09-11 03:28:32 +00:00 |
|
CatsJuice
|
81ab8ac8b3
|
feat(mobile): pwa and browser theme-color optimization (#8168)
[AF-1325](https://linear.app/affine-design/issue/AF-1325/优化-pwa-体验), [AF-1317](https://linear.app/affine-design/issue/AF-1317/优化:-pwa-的顶部-status-bar-颜色应与背景保持一致), [AF-1318](https://linear.app/affine-design/issue/AF-1318/优化:pwa-的底部应当有符合设备安全高度的padding), [AF-1321](https://linear.app/affine-design/issue/AF-1321/更新一下-fail-的-pwa-icon)
- New `<SafeArea />` ui component
- New `useThemeColorV1` / `useThemeColorV2` hook:
- to modify `<meta name="theme-color" />` with given theme key
|
2024-09-11 02:20:59 +00:00 |
|
L-Sun
|
9038592715
|
fix(core): disable append paragraph in shared page editor (#8191)
Disable append paragraph function for readonly or shared page editor.
### Before

|
2024-09-10 15:33:52 +00:00 |
|
L-Sun
|
6ce6cb33ef
|
feat(core): add outline viewer for share page (#8190)
|
2024-09-10 14:00:17 +00:00 |
|
Saul-Mirone
|
daa9d9ff5c
|
chore: bump bs (#8189)
|
2024-09-10 13:48:08 +00:00 |
|
darkskygit
|
95738e796f
|
fix: client captcha (#8186)
|
2024-09-10 09:34:21 +00:00 |
|
JimmFly
|
9ccf517e06
|
chore: adjust the border color of Point component (#8185)
close AF-1367
|
2024-09-10 09:22:34 +00:00 |
|
JimmFly
|
31561d8203
|
chore: bump theme version (#8184)
|
2024-09-10 09:05:30 +00:00 |
|
donteatfriedrice
|
9dfd366382
|
fix: ai error message tip would be cut off (#8183)
Use `<affine-tooltip>` component that updates the float position when it might be clipped。
Fix: [BS-1386](https://linear.app/affine-design/issue/BS-1386/[bug]-tooltip-位置错误)
|
2024-09-10 08:12:05 +00:00 |
|
JimmFly
|
4c0d0ab8de
|
fix(core): page jumps unexpectedly when clicking the collection operation (#8182)
close AF-1371
https://github.com/user-attachments/assets/9cc25790-8755-458c-94ac-a8d1b584c428
|
2024-09-10 06:38:33 +00:00 |
|
EYHN
|
0cdc486f1f
|
fix(core): reduce state refresh (#8181)
|
2024-09-10 06:21:15 +00:00 |
|
pengx17
|
fb76fdfca3
|
fix(core): menu not scrollable when opening in modal (#8179)
fix AF-1360
When menu (with modal = false) is rendered in Modal, the [RemoveScroll utility wrapped by Modal](https://github.com/radix-ui/primitives/blob/660060a765634e9cc7bf4513f41e8dabc9824d74/packages/react/dialog/src/Dialog.tsx#L203) will prevent menu from scrolling.
The reason why menu is scrollable within a dialog is because it is also wrapped a RemoveScroll [when modal is on. ](https://github.com/radix-ui/primitives/blob/660060a765634e9cc7bf4513f41e8dabc9824d74/packages/react/menu/src/Menu.tsx#L305)
In this fix, added a `useWithinModal` utility hook so that menu will automatically assign noportal mode for menu when it is rendered inside of a modal.
|
2024-09-10 06:09:00 +00:00 |
|
JimmFly
|
9d343bdaa6
|
feat(core): add enable url preview to workspace settings (#8089)
|
2024-09-10 04:04:06 +00:00 |
|
Brooooooklyn
|
fe1eefdbb2
|
feat: init renderer server (#8088)
|
2024-09-10 04:03:59 +00:00 |
|
forehalo
|
0add8917f9
|
feat(server): enable share og information for docs (#7794)
|
2024-09-10 04:03:52 +00:00 |
|
darkskygit
|
34eac4c24e
|
feat: improve ai query performance (#8170)
|
2024-09-09 09:39:28 +00:00 |
|
JimmFly
|
b48cc825e0
|
fix(core): unexpected jump when clicking save tag (#8171)
close AF-1285
https://github.com/user-attachments/assets/1ec4adf5-4340-4e94-9e56-6a05e7a65f18
|
2024-09-09 07:54:56 +00:00 |
|
forehalo
|
32f673fa3d
|
perf(server): index lower user email (#8167)
|
2024-09-09 04:43:59 +00:00 |
|
JimmFly
|
a7ecfea3b5
|
fix(core): disable border thickness setting when no border is selected (#8152)
close AF-1351
|
2024-09-09 03:25:04 +00:00 |
|
fundon
|
6b266e3a1b
|
fix(core): link copying and pasting (#8157)
Related to: https://github.com/toeverything/blocksuite/pull/8233
|
2024-09-09 03:11:20 +00:00 |
|
forehalo
|
d31565eb98
|
ci(mobile): typecheck (#8166)
|
2024-09-09 02:59:50 +00:00 |
|
darkskygit
|
2a135d8a93
|
feat: add index for snapshots (#8163)
v0.17.0-beta.4
|
2024-09-08 13:49:41 +00:00 |
|
forehalo
|
57083905ff
|
fix(core): strict client oauth parameters check (#8159)
|
2024-09-08 12:44:47 +00:00 |
|
forehalo
|
63e1fce3ca
|
perf(server): accelerate user workspace permission queries (#8161)
|
2024-09-08 12:04:00 +00:00 |
|
forehalo
|
87e9ff01b5
|
perf(server): avoid filter doc snapshot by non-indexed updatedAt (#8160)
|
2024-09-08 12:03:55 +00:00 |
|
Saul-Mirone
|
32d3769201
|
chore: bump bs (#8153)
|
2024-09-07 04:08:22 +00:00 |
|
CatsJuice
|
87ed358f2e
|
fix(mobile): adjust mobile ui (#8112)
close AF-1274, AF-1320, AF-1333
v0.17.0-canary.9
|
2024-09-06 13:40:10 +00:00 |
|