Commit Graph

38237 Commits

Author SHA1 Message Date
renovate[bot]
dcbbfbba70 Update dependency express to v4.19.2 [SECURITY] 2024-03-27 11:18:44 +01:00
renovate[bot]
1c0e2fdcd1
Updated koenig packages (#19910)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[@tryghost/kg-unsplash-selector](https://togithub.com/TryGhost/Koenig/tree/master#readme)
([source](https://togithub.com/TryGhost/Koenig)) | [`0.1.11` ->
`0.1.12`](https://renovatebot.com/diffs/npm/@tryghost%2fkg-unsplash-selector/0.1.11/0.1.12)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@tryghost%2fkg-unsplash-selector/0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@tryghost%2fkg-unsplash-selector/0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@tryghost%2fkg-unsplash-selector/0.1.11/0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tryghost%2fkg-unsplash-selector/0.1.11/0.1.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
|
[@tryghost/koenig-lexical](https://togithub.com/TryGhost/Koenig/tree/master#readme)
([source](https://togithub.com/TryGhost/Koenig)) | [`1.0.21` ->
`1.1.0`](https://renovatebot.com/diffs/npm/@tryghost%2fkoenig-lexical/1.0.21/1.1.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@tryghost%2fkoenig-lexical/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@tryghost%2fkoenig-lexical/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@tryghost%2fkoenig-lexical/1.0.21/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@tryghost%2fkoenig-lexical/1.0.21/1.1.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>TryGhost/Koenig (@&#8203;tryghost/koenig-lexical)</summary>

###
[`v1.1.0`](https://togithub.com/TryGhost/Koenig/compare/@tryghost/koenig-lexical@1.0.21...@tryghost/koenig-lexical@1.1.0)

[Compare
Source](https://togithub.com/TryGhost/Koenig/compare/@tryghost/koenig-lexical@1.0.21...@tryghost/koenig-lexical@1.1.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekday" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/TryGhost/Ghost).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-27 18:14:57 +08:00
renovate[bot]
86575890f3 Update nest monorepo to v10.3.6 2024-03-27 11:04:20 +01:00
Simon Backx
3b8fb3cedf
Added support for ignoring migrated (duplicate) subscriptions (#19902)
refs KTLO-19

When we need to migrate subscriptions from a platform with platform
fees, we need to recreate the subscriptions. That can cause the same
subscription to be attached multiple times to the same member in Ghost.

This is a problem because all MRR, subscriptions and cancellations stats
are no longer correct. Ghost will add a MRR event for the duplicated
subscription from the start time, so there is a sudden peak in MRR and a
dip after the migration because all those duplicate subscriptions are
suddenly cancelled 'today'.

The migrator tool adds a ghost_migrated_to metadata field to the old
subscription. Ghost can use this to detect the old subscription and
delete the subscription and corresponding events.
2024-03-27 10:32:32 +01:00
Bojan Drango
08553f63f8
Added Macedonian language (mk) (#19920)
Added translation for Macedonian language (locales/mk)

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-03-26 22:46:49 -04:00
Daniël van der Winden
3664db491d
Updated social share modal layout (#19925)
- Changed the layout of the modal
- Added a fallback state for the cover image
- Added possibility to copy the publication link
- Correct hover states for social media buttons

---------

Co-authored-by: Ryan Feigenbaum <48868107+royalfig@users.noreply.github.com>
2024-03-26 19:38:07 +01:00
Sag
5c4a4e812c
Removed Powered by Ghost clicks in publisher analytics (#19926)
fixes https://linear.app/tryghost/issue/TRI-65/add-powered-by-ghost-badge-tracking

- clicks on the "Powered by Ghost" badge were unintentionally surfaced
in publisher analytics, under Newsletter Clicks
2024-03-26 17:51:23 +01:00
Princi Vershwal
64122b1dc3
ENG-794 Fixed validation for offer percentage amount (#19927) 2024-03-26 15:23:08 +00:00
renovate[bot]
ec25aed06f fix(deps): update dependency mysql2 to v3.9.3 2024-03-26 07:46:09 +00:00
Fabien 'egg' O'Carroll
3d3b3ff701
Fixed Editors being able to invite Editors (#19904)
ref ENG-774
ref https://linear.app/tryghost/issue/ENG-774

Staff Tokens will have both a `user` and an `apiKey` present on the
`loadedPermissions`.

The check here for `apiKey` was written when we could assume that an
`apiKey` was an Admin Integration - so it completely overwrote the
previous `allowed` list. When we added the concept of Staff Tokens -
this resulted in a privilege escalation.

This is a good lesson in not using proxies or indicators for data, as
changes elsewhere can invalidate them - if we had been specific and
checked the role of the current actor we wouldn't've had this bug!
2024-03-26 00:45:08 +07:00
renovate[bot]
471492d966 fix(deps): update dependency express to v4.19.2 2024-03-25 15:05:19 +00:00
Joe Grigg
d0c1814a1c Fixed incorrect branch for canary build
no-issue
2024-03-25 15:02:10 +00:00
Joe Grigg
7c5b8355e4 Switched canary build to use the new faster build pipeline
no-issue
2024-03-25 14:36:02 +00:00
Simon Backx
89a01c2d05
Added support for clearing all data with data generator (#19901)
no issue

When testing Stripe migrations, it is useful to be able to clear the
database quickly without deleting admins and tokens. This is possible
with the data generator.
2024-03-25 14:44:28 +01:00
Ronald Langeveld
db62d83387
Bumped Koenig-Lexical to new minor (#19909)
no issue

- Bumped Koenig-Lexical to a new minor.
- This change contains the new Unsplash selector which is a breaking
change as default headers are handled a touch different.
2024-03-25 20:32:46 +08:00
Peter Zimon
cda909fdb8
Fixed alignment of main title in Admin (#19911)
Ref DES-188

- the alignment of the main page title and the site title in the sidebar
was off
- also the top right dropdown's vertical positioning was off
2024-03-25 12:23:24 +01:00
Daniël van der Winden
3fa363f944
Fixed design issue DES-4 (#19662)
Fixed inconsistencies in typography for footer and featured images, on desktop and mobile.
2024-03-25 12:08:34 +01:00
renovate[bot]
97c63e1735 chore(deps): update sentry-javascript monorepo to v7.108.0 2024-03-25 08:34:53 +00:00
renovate[bot]
8db502c1b0 Update nest monorepo to v10.3.5 2024-03-25 08:22:23 +00:00
Ghost CI
5d714f8a05 v5.81.0 2024-03-22 16:05:44 +00:00
Sunghyun Cho
bdbbac6d15
i18n: Korean Improvements (#19906)
- [x] There's a clear use-case for this code change, explained below
- [x] Commit message has a short title & references relevant issues
- [x] The build will pass (run `yarn test:all` and `yarn lint`)

I have improved the Korean translations by ensuring consistent tones,
using more polite phrases and correcting grammar errors.
2024-03-22 10:18:31 -04:00
Djordje Vlaisavljevic
5e631114db Added a thousands separator to tier price on member detail screen
ref https://linear.app/tryghost/issue/DES-152/thousand-separator-missing-in-member-details-tier-price
2024-03-21 14:55:39 +00:00
Djordje Vlaisavljevic
ba7f448e12 Fixed "Read this article" link on the dashboard
ref https://linear.app/tryghost/issue/DES-138/🐛-read-this-article-link-on-dashboard-leads-to-resources-instead
2024-03-21 14:55:39 +00:00
Steve Larson
a1c4e64994
Added queueing middleware to handle high request volume (#19887)
ref https://linear.app/tryghost/issue/CFR-4/
- added request queueing middleware (express-queue) to handle high
request volume
- added new config option `optimization.requestQueue`
- added new config option `optimization.requestConcurrency`
- added logging of request queue depth - `req.queueDepth`

We've done a fair amount of investigation around improving Ghost's
resiliency to high request volume. While we believe this to be partly
due to database connection contention, it also seems Ghost gets
overwhelmed by the requests themselves. Implementing a simple queueing
system allows us a simple lever to change the volume of requests Ghost
is actually ingesting at any given time and gives us options besides
simply increasing database connection pool size.

---------

Co-authored-by: Michael Barrett <mike@ghost.org>
2024-03-21 09:25:07 -05:00
renovate[bot]
dfdd4e5cfa Update dependency express to v4.19.1 2024-03-21 11:50:48 +01:00
Ghost CI
b88ef5f816 Merged v5.80.5 into main 2024-03-21 09:51:52 +00:00
Ghost CI
40277465ba v5.80.5 2024-03-21 09:51:50 +00:00
Sag
c2320cd2ea Revert "Added referral tracking to the powered-by-ghost newsletter badge" (#19899)
refs https://ghost.slack.com/archives/CTH5NDJMS/p1710976281912809

- this reverts commit 9869d9adb6
- the referral query parameter is unintentionally surfacing in publisher
analytics
2024-03-21 10:37:42 +01:00
Princi Vershwal
2798a8cd09
ENG-767 Offers cannot be created if there are no active paid tiers (#19900) 2024-03-21 15:07:32 +05:30
Sag
5477d70a0c
Revert "Added referral tracking to the powered-by-ghost newsletter badge" (#19899)
refs https://ghost.slack.com/archives/CTH5NDJMS/p1710976281912809

- this reverts commit 9869d9adb6
- the referral query parameter is unintentionally surfacing in publisher
analytics
2024-03-21 10:02:17 +01:00
renovate[bot]
1c1ef70677 Update nest monorepo to v10.3.4 2024-03-21 09:30:07 +01:00
renovate[bot]
092f982fec Update dependency typescript to v5.4.3 2024-03-21 09:28:10 +01:00
Djordje Vlaisavljevic
7b70b60ad4 Added dynamic site title to the checklist
ref https://linear.app/tryghost/issue/IPC-76/add-static-checklist-to-the-dashboard
2024-03-20 20:39:01 +00:00
Djordje Vlaisavljevic
53310b52c1 Added function for copying publication link
ref https://linear.app/tryghost/issue/IPC-90/add-share-modal
2024-03-20 20:39:01 +00:00
Djordje Vlaisavljevic
aa7d294162 Switched "Copy link" icon to link
ref https://linear.app/tryghost/issue/IPC-90/add-share-modal
2024-03-20 20:39:01 +00:00
renovate[bot]
28c851be6a Update dependency sanitize-html to v2.13.0 2024-03-20 19:10:32 +00:00
Fabien O'Carroll
cb72835af1 Removed support for id specific permissions
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This is not used anywhere, and makes the code more complicated, it's a good
step toward simplifying permissions and pulling them out of the database.
2024-03-21 00:21:40 +07:00
Fabien O'Carroll
e29c653ef6 Removed permissible method from setting model
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This implementation is essentially a no-op so we can remove it completely
2024-03-21 00:21:24 +07:00
Daniël van der Winden
4c598a1e6d
Added social share modal to onboarding checklist (#19891)
Updated the share modal design and functionality

ref IPC-90

• Rebuilt the bookmark card to match other components
• Added linking to the different social networks
• Added a close button that closes the modal
• Removed repetitive subtitle
2024-03-20 16:48:45 +01:00
renovate[bot]
e7e2e47b3c Update dependency nodemailer to v6.9.13 2024-03-20 13:49:18 +00:00
Daniel Lockyer
27cc32ec25 Added comments count endpoint to robots.txt disallow list
fix https://linear.app/tryghost/issue/ENG-771/add-comments-count-endpoint-to-robotstxt-ignorelist

- we've seen web scrapers hitting this endpoint a lot, but the value to
  be taken from it is minimal for SEO purposes
- adding it to robots.txt should encourage web scrapers to ignore it,
  and we should see less traffic as a result
2024-03-20 14:48:54 +01:00
Fabien 'egg' O'Carroll
7cc65c18cc
Added missing permissions to Contributor & Editor (#19881)
ref ENG-728
ref https://linear.app/tryghost/issue/ENG-728

This is NOT a functionality change. The Post#permissible method unit
tests have been updated to pass `true` as `hasUserPermission` and we can
see that the permission functionality remains the same.

The permissible method of the post model is responsible for removing
permission based on the data that is being modified, but the permissions
module is setup to allow the permissible method to grant permission -
this means that we call permissible, even if the current actor doesn't
have permission, this results in code that is hard to understand and
manage.

We are going to be instead returning early if an actor does not have
permission, this will allow permissible method signatures to be greatly
simplified (removing the need for hasUserPermission, hasApiKeyPermission
& hasMemberPermission arguments).
2024-03-20 20:36:07 +07:00
renovate[bot]
38f8e05a3e Update dependency knex-migrator to v5.2.0 2024-03-20 10:54:21 +01:00
Djordje Vlaisavljevic
cdf45172a7
Added a fullscreen onboarding checklist to the dashboard (#19888)
ref https://linear.app/tryghost/issue/IPC-66/onboarding-checklist-v1

- Larger, 100vh onboarding checklist that’s currently on the dashboard,
but should be moved to it’s own component and route
- Every step links to the relevant screen, but the logic for completing
steps is missing
2024-03-19 16:07:49 +00:00
renovate[bot]
3ff2eecb76 Update dependency bookshelf-relations to v2.7.0 2024-03-19 11:20:22 +00:00
Sag
fd777ccc54
Released Portal v2.37.6 (#19883)
Changes:
- Fixed button spacing in Portal unsubscribe popup footer
(ae5df293c3)
- Fix free tier benefit not showing up
(e4b908479e)
2024-03-19 09:40:27 +00:00
Simon Backx
b1c60d20d1
Updated email error button text in case of partial email errors (#19877)
fixes DES-66

In case some batches succeeded sending, the button text will be
different if the email sending was partially successful.

For now this uses text matching with a warning in our E2E tests because
we don't have a straightforward way to check if an error is partial or
not yet.
2024-03-19 10:31:21 +01:00
Peter Zimon
e4b908479e
Fix free tier benefit not showing up (#19879)
ref ENG-760

The benefits for Free tier was not showing up for some old & new logic.

---------

Co-authored-by: Sag <guptazy@gmail.com>
2024-03-19 09:51:59 +01:00
Daniel Lockyer
134c33cef5
🐛 Fixed missing source + resized images producing rendered 404 (#19869)
fixes https://linear.app/tryghost/issue/ENG-746/http-500-responses-when-handle-image-sizes-middleware-hits-missing

- in the event a request comes in for a resized image, but the source
image does not exist, we return a rendered 404 page
- we do this because we pass the NotFoundError to `next`, which skips
over the static asset code where we return a plaintext 404
- also included a breaking test that ensure we go to the next middleware
without an error
2024-03-18 18:32:10 +01:00
Fabien 'egg' O'Carroll
3f27ca5c00
Cached api controller pipelines (#19880)
ref ENG-761
ref https://linear.app/tryghost/issue/ENG-761

Creating these pipelines is expensive, and we don't want to do it
repeatedly for the same controller. Adding caching should reduce the
amount of time spent setting up pipelines for each usage of the `get`
helper.
2024-03-19 00:29:41 +07:00