closes https://github.com/TryGhost/Product/issues/4191
Without this patch, themes can read arbitrary files from your system and
expose them to the internet via the layout feature of express-hbs.
For example `{{!< ../../../../config.production.json}}` would spit out config,
which can contain secrets.
As theme upload is restricted to users with the Admin role, this mostly effects
hosting providers which use their own secret keys for e.g. mail or database config
no issue
- bumped `@tryghost/koenig-lexical` to version that no longer uses negative lookbehind in a regex which wasn't supported in Safari until version 16.4
refs https://github.com/TryGhost/Product/issues/4159
---
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖[[deprecated]](https://githubnext.com/copilot-for-prs-sunset)
Generated by Copilot at 9e68f4d</samp>
This pull request refactors several components in the `admin-x-settings`
app to use common hooks from the `@tryghost/admin-x-framework` package,
which reduces code duplication and improves consistency. It also updates
the `package.json` file and adds unit tests for the `admin-x-framework`
package, which improves the formatting, testing, and dependency
management. Additionally, it makes some minor changes to the `hooks.ts`,
`FrameworkProvider.tsx`, and `.eslintrc.cjs` files in the
`admin-x-framework` package, which enhance the public API and the
linting configuration.
refs https://github.com/TryGhost/DevOps/issues/3
refs b6d8e0192a
- see referenced commit for full context but this should improve the
theme check time for themes with a large number of files and partials
- locally, checking a particularly heavy theme goes from 5s to 1.7s with this
commit, and the improvement is larger on slower machines
fixes GRO-25
Updated @tryghost/nql to 0.12.0 and other packages that depend on it
1. SQLite: when a filter string contains /.
When we use a NQL contain/starts/endsWith filter that contains a slash,
underlyingly the whole filter will get converted to a MongoDB query, in
which we just use a regexp to represent the filter. In here we will
escape the slash: \/ as expected in a regexp. Later when we convert this
MongoDB query back to knex/SQL, we use a SQL LIKE query. Currently we
don't remove the escaping here for a normal slash. MySQL seems to ignore
this (kinda incorrect). SQLite doesn't like it, and this breaks queries
on SQLite that use slashes. The solution here is simple: remove the
backslash escaping when converting the regexp to LIKE, just like we do
with other special regexp characters.
2. We don't escape % and _, which have a special meaning in LIKE queries
Usage of % and _ is now as expected and doesn't have the special SQL
meaning anymore.
closes https://github.com/TryGhost/Product/issues/4133
- we were creating a new JSDOM instance every time we rendered a card which lowered performance because JSDOM instantiation is heavy
- updated Koenig packages to remove the need for passing in an external `createDocument` option method as they now re-use the renderer's internal single instance of JSDOM
no issue
- Currently our stack traces in Production include the admin build
version in the paths, e.g. `/admin/1633/assets` instead of
`admin/assets`
- This confuses the error grouping logic in Sentry, resulting in many
duplicate issues being created every time we release a new version of
admin
- Ultimately, this makes it really difficult to determine if a 'New'
issue in Sentry is actually new, or if it's just the first time we've
seen it in this release.
- This commit adds the `RewriteFrames` integration to the Admin Sentry
client, which will strip the build version from the paths in the stack
traces, and allow Sentry to group issues correctly.
- With this, hopefully we will have far fewer 'New' issues created, so
we can again start alerting on the 'New' condition in Sentry.
fixes https://github.com/TryGhost/DevOps/issues/99
- this inlines the `monobundle` script into the monorepo from an
external repo in order to avoid some caching issues we've seen
- it also makes it easier to maintain because you can change the script
alongside changes in the monorepo
no issue
- ember-cli-terser 4.0.2 apparently has a regression that breaks the
sourcemap generation for the admin ember app
- this reverts the package to 4.0.1, which fixes the sourcemaps and
should generate much more readable stack traces in Sentry
- Validating the sourcemaps locally succeeded, but will need to test
this on staging to confirm everything is working properly in CI and with
the CDN.
refs https://github.com/TryGhost/Product/issues/4105
---
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at 2edba98</samp>
This pull request introduces a new monorepo package called
`admin-x-design`, which contains components, design guidelines and
documentation for building apps in Ghost Admin. It also moves some
existing components and files from the deprecated `admin-x-settings`
package to the new `admin-x-design` package, and updates some styles and
rules to use TailwindCSS. The purpose of these changes is to improve the
consistency, maintainability and usability of the Ghost Admin UI.
closes https://github.com/TryGhost/Koenig/pull/1038
- updated `<KoenigLexicalEditorInput>` to load `<EmojiPickerPlugin>` and compose it into the editor unless used with `<KoenigLexicalEditorInput @emojiPicker={{false}} />`
- bumped Koenig packages so `EmojiPickerPlugin` is available to import from `koenig-lexical`
refs https://github.com/TryGhost/Product/issues/4073 &
https://github.com/TryGhost/Product/issues/4074
---
### <samp>🤖 Generated by Copilot at eb30d37</samp>
This pull request updates some dependencies and adds fallback values for
email customization settings in the `admin-x-settings` app. This
improves the color contrast and timezone detection of the email
newsletters and prevents rendering issues.
no issue
- This change enables the Debug integration in Sentry when the app is
running in development mode (and Sentry is configured with a valid DSN).
- Whenever an event is sent to Sentry, the event & hint are passed to
the beforeSend() function will be logged to the browser console so you
can quickly see a) when events are sent to Sentry and b) exactly what
data & tags are sent with integration
no issue
- Unfortunately the RewriteFrames plugin was not successful in fixing
the duplicated `/assets/assets` in the Sentry stacktraces for admin
- This commit removes the RewriteFrames plugin and reverts the changes
so there will at least be some kind of source code reaching Sentry
fixes https://github.com/TryGhost/DevOps/issues/94
- we've seen in production that some filepaths contain a duplicate
assets folder, but we're not sure why
- instead of spending too much time trying to figure that out, we can
just fix that in preprocessing by using the RewriteFrames integration
in Sentry
- this should remove the duplicate folder from the stacktrace frame, if it exists
no issue
- updates `@tryghost/koenig-lexical` with indent improvements
- prevents indents on paragraphs/headings etc which are not supported when rendering for front-end display
- improves indent behaviour for lists so <kbd>Tab</kbd> can be pressed anywhere in a list item to indent rather than only at the beginning of the list
closes https://github.com/TryGhost/Product/issues/4037
- bumps `@tryghost/kg-html-to-lexical` that includes better node normalization to handle `<br>` in top-level text nodes and after a nested block-level element
- also includes fix for button hrefs having `about:blank` prefixed to hash URLs
closes https://github.com/TryGhost/Ghost/issues/18448
- improved slash menu positioning when opening at the bottom of a post
- fixed backspace sometimes deleting a preceding card (e.g. backspace at end of link inside a paragraph preceded by a card)
- fixed `?source=html` issues
- images not rendering in front-end output after import
- images wrapped in links losing their link after import
- fixed inline styles in HTML card content not displaying in the editor
- fixed broken help link in the email card
closes https://github.com/TryGhost/Product/issues/4027
- bumps `@tryghost/koenig-lexical` to version that includes removal of `<style>` elements and `style` attributes when rendering HTML cards inside the editor
no issue
- removed labs flag
- removed main editor component and all associated components
- switched usage of `<KoenigBasicHtmlInput>` and `<KoenigBasicHtmlTextarea>` over to use plain `textarea`, the only uses were in settings modals that have been replaced in AdminX
- cleaned up unused editor CSS
closes https://github.com/TryGhost/Product/issues/4008
- bumps all Koenig packages
- `kg-default-nodes` contains a rendering fix that avoids creating invalid class attributes from bad `backgroundColor` values
- `kg-converters` contains an update to avoid copying over bad `backgroundColor` values when converting from mobiledoc to lexical
closes https://github.com/TryGhost/Product/issues/4007
- bumps Koenig packages containing extended TextNode and HeadingNode with extra DOM parsing support for the non-semantic HTML generated by Word when copy/pasting
refs https://github.com/TryGhost/DevOps/issues/83
- this will now continue use the dev server assets if we tell it to,
or copy the dependency package files to the built folder otherwise
- removes `editor` from config API because it's no longer needed
- removes dependency on `editor.url` in tests, as this no longer exists
- edits dev script to pass dev server URL as env var
- adds `@tryghost/koenig-lexical` dependency to Admin
refs https://github.com/TryGhost/Product/issues/3969
- this now allows themes to have up to 20 custom theme settings
- also bumps `@tryghost/zip` to try and ensure it uses the version
without fs-extra
refs: https://github.com/TryGhost/Product/issues/3782
Latest version of request avoids using the OS-level name resolution system. This prevents long shutdowns from occuring where the OS is blocking the process from exiting cleanly.
The new version uses `got` 13, which has many breaking changes. Some of these are resolved within @tryghost/request (like response errors), but input parameters need to be changed.
no issue
- Adds Sentry to Admin X settings to be able to monitor uncaught errors, etc.
---
<!-- Leave the line below if you'd like GitHub Copilot to generate a
summary from your commit -->
<!--
copilot:summary
-->
### <samp>🤖 Generated by Copilot at 76de125</samp>
Added Sentry integration to the admin-x-settings app to improve error
monitoring and reporting. Updated the `ErrorBoundary` and `HtmlEditor`
components, the `useFetchApi` hook, and the app component to use the
`@sentry/react` module. Passed the `sentryDSN` prop from the parent
component to the app component and the services context.
refs https://ghost.slack.com/archives/C0568LN2CGJ/p1695149803260239
refs 290bc71d6a
- previous versions of `@tryghost/limit-service` did a full import of
lodash, which would bloat the bundle size, especially when we only use
a few of its functions
- I've since fixed that and this commit bumps Ghost to the smaller
version