TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-11 09:53:32 +03:00
Code Issues Projects Releases Wiki Activity
37,530 Commits 250 Branches 1,684 Tags 360 MiB
6f3d16f75b
Commit Graph

873 Commits

Author SHA1 Message Date
renovate[bot]
6f3d16f75b Update dependency postcss to v8.4.32 2023-12-04 08:37:46 +01:00
Ghost CI
90656aa047 v5.75.0 2023-12-01 16:04:16 +00:00
renovate[bot]
de2482736e Update sentry-javascript monorepo to v7.84.0 2023-12-01 08:58:32 +01:00
renovate[bot]
8fc6fef168 Update dependency newrelic to v11.6.0 2023-11-29 15:59:56 +00:00
renovate[bot]
d5f3b26e87 Update sentry-javascript monorepo to v7.83.0 2023-11-29 12:29:34 +01:00
Ghost CI
be6916f066 Merged v5.74.5 into main 2023-11-28 12:58:26 +00:00
Ghost CI
df3eea908a v5.74.5 2023-11-28 12:58:24 +00:00
Fabien "egg" O'Carroll
07f9564eea 🔐 Restricted reading files from outside the theme directory 
closes https://github.com/TryGhost/Product/issues/4191

Without this patch, themes can read arbitrary files from your system and
expose them to the internet via the layout feature of express-hbs.

For example `{{!< ../../../../config.production.json}}` would spit out config,
which can contain secrets.

As theme upload is restricted to users with the Admin role, this mostly effects
hosting providers which use their own secret keys for e.g. mail or database config
 2023-11-28 12:46:06 +00:00
renovate[bot]
7d564d4173 Update dependency fs-extra to v11.2.0 2023-11-28 11:54:44 +01:00
Steve Larson
e2807475f8
Updated editor packages (#19151) 
closes TryGhost/Product#4204
- updated editor packages to get improvements to TK Plugin
 2023-11-27 18:02:26 -06:00
Ghost CI
d30a6633ab v5.74.4 2023-11-27 07:56:41 +00:00
Daniel Lockyer
28e59b5444
Merged tag 'v5.74.3' into main 
v5.74.3
 2023-11-27 08:48:04 +01:00
Ghost CI
c6b86abb12 v5.74.3 2023-11-24 14:55:14 +00:00
Jono Mingard
efc0f68b96 Merge tag 'v5.74.2' 
v5.74.2
 2023-11-22 14:53:42 +00:00
Ghost CI
5299d1176e v5.74.2 2023-11-22 14:37:51 +00:00
Steve Larson
0954e08cf9
🐛 Fixed creating posts with an empty root (#19098) (#19099) 
refs TryGhost/Product#4156
- bumped renderer package to handle empty root node
 2023-11-22 08:26:09 -06:00
Steve Larson
03fec65fd5
🐛 Fixed creating posts with an empty root (#19098) 
refs TryGhost/Product#4156
- bumped renderer package to handle empty root node
 2023-11-22 14:18:26 +00:00
renovate[bot]
e01c87800e Update dependency mysql2 to v3.6.5 2023-11-22 00:59:57 +00:00
Ghost CI
6941ef0148 Merged v5.74.1 into main 2023-11-21 16:49:06 +00:00
Ghost CI
34dc2f8c1e v5.74.1 2023-11-21 16:49:03 +00:00
renovate[bot]
56d18edf0e Update sentry-javascript monorepo to v7.81.1 2023-11-21 15:05:41 +01:00
renovate[bot]
98941cef3a Update dependency yjs to v13.6.10 2023-11-21 11:53:03 +00:00
renovate[bot]
fedda8b898 Update dependency mysql2 to v3.6.4 2023-11-21 08:14:56 +00:00
renovate[bot]
7a3ae4ab75 Update sentry-javascript monorepo to v7.81.0 2023-11-20 16:57:32 +01:00
renovate[bot]
0cf25d0afe Update dependency yjs to v13.6.9 2023-11-20 12:25:48 +00:00
Ghost CI
a1d7aa6dba v5.74.0 2023-11-17 16:05:58 +00:00
Daniel Lockyer
5acecf2cae ️ Improved GScan performance for themes with many partials 
refs https://github.com/TryGhost/DevOps/issues/3
refs b6d8e0192a

- see referenced commit for full context but this should improve the
  theme check time for themes with a large number of files and partials
- locally, checking a particularly heavy theme goes from 5s to 1.7s with this
  commit, and the improvement is larger on slower machines
 2023-11-16 13:55:57 +01:00
Simon Backx
e5f644c27f
🐛 Fixed contain/starts/endsWith filters with /, _ or % in them (#19015) 
fixes GRO-25

Updated @tryghost/nql to 0.12.0 and other packages that depend on it

1. SQLite: when a filter string contains /.

When we use a NQL contain/starts/endsWith filter that contains a slash,
underlyingly the whole filter will get converted to a MongoDB query, in
which we just use a regexp to represent the filter. In here we will
escape the slash: \/ as expected in a regexp. Later when we convert this
MongoDB query back to knex/SQL, we use a SQL LIKE query. Currently we
don't remove the escaping here for a normal slash. MySQL seems to ignore
this (kinda incorrect). SQLite doesn't like it, and this breaks queries
on SQLite that use slashes. The solution here is simple: remove the
backslash escaping when converting the regexp to LIKE, just like we do
with other special regexp characters.

2. We don't escape % and _, which have a special meaning in LIKE queries

Usage of % and _ is now as expected and doesn't have the special SQL
meaning anymore.
 2023-11-16 09:35:20 +00:00
Steve Larson
d0fa385848
Added jpeg compression (#19006) 
refs TryGhost/Product#4140
- bumped image-transform to add jpeg compression
 2023-11-15 23:30:48 +00:00
Steve Larson
40a8e969b8
Revert "Bumped image transform package (#19003)" (#19004) 
This reverts commit 557c01f48c.
 2023-11-15 20:25:29 +00:00
Steve Larson
557c01f48c
Bumped image transform package (#19003) 
refs TryGhost/Product#4140
- adds compression for jpeg > jpeg or any > jpeg asset generation
 2023-11-15 19:14:23 +00:00
Kevin Ansfield
3358ba305b
🐛 Fixed highlight formatting not showing in rendered posts (#18997) 
closes https://github.com/TryGhost/Product/issues/4144

- bumped `@tryghost/kg-lexical-html-renderer` which adds highlight (`<mark>`) support
 2023-11-15 14:08:14 +00:00
Kevin Ansfield
26554bc206
Improved lexical render performance (#18967) 
closes https://github.com/TryGhost/Product/issues/4133

- we were creating a new JSDOM instance every time we rendered a card which lowered performance because JSDOM instantiation is heavy
- updated Koenig packages to remove the need for passing in an external `createDocument` option method as they now re-use the renderer's internal single instance of JSDOM
 2023-11-15 12:33:22 +00:00
renovate[bot]
4651ef3d9b Update sentry-javascript monorepo to v7.80.1 2023-11-15 12:31:56 +01:00
Ghost CI
d8aba91f51 Merged v5.73.2 into main 2023-11-14 22:14:15 +00:00
Ghost CI
499b894f8d v5.73.2 2023-11-14 22:14:14 +00:00
Kevin Ansfield
4394580c1a
🐛 Fixed and improved various editor issues 
closes https://github.com/TryGhost/Product/issues/4146
closes https://github.com/TryGhost/Ghost/issues/17753
closes https://github.com/TryGhost/Product/issues/4127
closes https://github.com/TryGhost/Ghost/issues/18903

- 🐛 Fixed blank render output in some cases when using line breaks
- 🐛 Fixed backspace at end of link sometimes deleting whole link in Firefox
- 🐛 Fixed plain black generated video thumbnails in Safari
- 🎨 Added `srcset` and `loading="lazy"` to header card images
- 🎨 Improved accessibility of buttons in render output by adding `aria-role` attributes
- 🎨 Removed Ctrl/Cmd+H shortcut as it clashed with expected OS shortcut
 2023-11-14 21:59:45 +00:00
renovate[bot]
7799e0f47b Update dependency json-stable-stringify to v1.1.0 2023-11-13 23:16:24 +00:00
Daniel Lockyer
337b550b7e Moved monobundle into monorepo 
fixes https://github.com/TryGhost/DevOps/issues/99

- this inlines the `monobundle` script into the monorepo from an
  external repo in order to avoid some caching issues we've seen
- it also makes it easier to maintain because you can change the script
  alongside changes in the monorepo
 2023-11-13 13:30:38 +01:00
renovate[bot]
93fc6106dd Update dependency luxon to v3.4.4 2023-11-13 09:50:36 +01:00
Ghost CI
590505ca17 v5.73.1 2023-11-13 08:19:25 +00:00
Ghost CI
f46ba34c54 v5.73.0 2023-11-10 16:04:09 +00:00
Ghost CI
44791446a2 Merged v5.72.2 into main 2023-11-10 01:45:16 +00:00
Ghost CI
a333820324 v5.72.2 2023-11-10 01:45:14 +00:00
Kevin Ansfield
30a66da4e3
🐛 Fixed various editor issues (#18934) 
refs https://github.com/tryghost/ghost/issues/18752, https://github.com/TryGhost/Product/issues/3897, https://github.com/TryGhost/Product/issues/4112,https://github.com/TryGhost/Product/issues/3802, https://github.com/TryGhost/Product/issues/4104, https://github.com/TryGhost/Ghost/issues/18866, https://github.com/TryGhost/Ghost/issues/18753, https://github.com/TryGhost/Product/issues/4116, https://github.com/TryGhost/Ghost/issues/18888, https://github.com/TryGhost/Ghost/issues/18844

- 🐛 Fixed browser focus on editor when clicking card ([Koenig/#1051](https://github.com/TryGhost/Koenig/pull/1051))
- 🐛 Fixed signup card styles with image background ([Koenig/#1052](https://github.com/TryGhost/Koenig/pull/1052))
- 🐛 Fixed slash menu having fixed position when scrolling ([Koenig/#1054](https://github.com/TryGhost/Koenig/pull/1054))
- 🐛 Fixed signup card text color with transparent background ([Koenig/#1053](https://github.com/TryGhost/Koenig/pull/1053))
- 🐛 Fixed text formats being lost when copy/pasting from Google Docs ([Koenig/#1055](https://github.com/TryGhost/Koenig/pull/1055))
- 🐛 Fixed pasting link behaviour in single line nested editors ([Koenig/#1056](https://github.com/TryGhost/Koenig/pull/1056))
- 🐛 Fixed backspace behaviour at start of aside/quote ([Koenig/#1057](https://github.com/TryGhost/Koenig/pull/1057))
- 🐛 Fixed text having unexpected formats when rendering ([Koenig/#1058](https://github.com/TryGhost/Koenig/pull/1058))
- 🐛 Fixed placeholder descenders being cut off in nested editor ([Koenig/#1059](https://github.com/TryGhost/Koenig/pull/1059))
- 🐛 Fixed HTML->Lexical conversion not handling paragraphs inside blockquotes ([Koenig/#1061](https://github.com/TryGhost/Koenig/pull/1061))
 2023-11-09 16:26:22 +00:00
renovate[bot]
85979df33d Update sentry-javascript monorepo to v7.78.0 2023-11-08 14:06:32 +01:00
renovate[bot]
2ca1083de7 Update Types packages 2023-11-08 12:13:12 +01:00
Daniel Lockyer
5739fbe3d2 Fixed bundling apps/ packages into tarball 
refs 811679e94b
refs https://ghost.slack.com/archives/C0568LN2CGJ/p1699352735496789

- this bumps monobundle so it doesn't include `apps/` packages in the
  tarball
- soon we'll inline the script into this repo anyway
 2023-11-07 12:10:47 +01:00
Ghost CI
63e603f2f6 v5.72.1 2023-11-07 02:07:16 +00:00
Ghost CI
ad7efbe92e v5.72.0 2023-11-03 16:04:27 +00:00