Commit Graph

4993 Commits

Author SHA1 Message Date
Yifeng Wang
819f0243d5
feat: bump blocksuite (#5218)
Co-authored-by: LongYinan <lynweklm@gmail.com>
2023-12-07 18:24:23 +08:00
LongYinan
febe5cc2ae
ci: fix ts-node scripts (#5225)
- Ref: https://github.com/TypeStrong/ts-node/issues/2094
2023-12-07 09:13:00 +00:00
LongYinan
467d313730
test(server): remove flaky assertion (#5224) 2023-12-07 07:28:24 +00:00
JimmFly
7ec8e49b3b
feat(core): add responsive styles to registration page (#5044)
The responsive style of the login and registration page has been adjusted, with special treatment given to the input.
work for #4843
2023-12-06 10:43:14 +00:00
LongYinan
3e92942bb5
ci: remove cache cleanup job because we are sharing cache cross branches (#5214) 2023-12-06 10:32:22 +00:00
LongYinan
1d9454118a
ci: reduce cache pressure on non-Linux platform (#5213) 2023-12-06 10:32:18 +00:00
Yifeng Wang
6cbf5b2a92
feat: bump blocksuite (#5194)
Co-authored-by: AyushAgrawal-A2 <ayushagl06@gmail.com>
2023-12-06 18:15:03 +08:00
LongYinan
2dcb5a3030
chore: bump up google-github-actions/auth action to v2 (#5197)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [google-github-actions/auth](https://togithub.com/google-github-actions/auth) | action | major | `v1` -> `v2` |

---

### Release Notes

<details>
<summary>google-github-actions/auth (google-github-actions/auth)</summary>

### [`v2`](https://togithub.com/google-github-actions/auth/releases/tag/v2)

[Compare Source](https://togithub.com/google-github-actions/auth/compare/v1...v2)

Floating v2 alias

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-06 09:57:17 +00:00
LongYinan
93a0349fbc
chore: bump up vite version to v4.5.1 [SECURITY] (#5211)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vitejs.dev) ([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) | [`4.5.0` -> `4.5.1`](https://renovatebot.com/diffs/npm/vite/4.5.0/4.5.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/vite/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/4.5.0/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/4.5.0/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

### GitHub Vulnerability Alerts

#### [CVE-2023-49293](https://togithub.com/vitejs/vite/security/advisories/GHSA-92r3-m2mg-pj97)

### Summary
When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transformed contains inline module scripts (`<script type="module">...</script>`), it is possible to inject arbitrary HTML into the transformed output by supplying a malicious URL query string to `server.transformIndexHtml`.

### Impact
Only apps using `appType: 'custom'` and using the default Vite HTML middleware are affected. The HTML entry must also contain an inline script. The attack requires a user to click on a malicious URL while running the dev server. Restricted files aren't exposed to the attacker.

### Patches
Fixed in vite@5.0.5, vite@4.5.1, vite@4.4.12

### Details
Suppose `index.html` contains an inline module script:

```html
<script type="module">
  // Inline script
</script>
```

This script is transformed into a proxy script like

```html
<script type="module" src="/index.html?html-proxy&index=0.js"></script>
```

due to Vite's HTML plugin:

7fd7c6cebf/packages/vite/src/node/plugins/html.ts (L429-L465)

When `appType: 'spa' | 'mpa'`, Vite serves HTML itself, and `htmlFallbackMiddleware` rewrites `req.url` to the canonical path of `index.html`,

73ef074b80/packages/vite/src/node/server/middlewares/htmlFallback.ts (L44-L47)

so the `url` passed to `server.transformIndexHtml` is `/index.html`.

However, if `appType: 'custom'`, HTML is served manually, and if `server.transformIndexHtml` is called with the unmodified request URL (as the SSR docs suggest), then the path of the transformed `html-proxy` script varies with the request URL. For example, a request with path `/` produces

```html
<script type="module" src="/@&#8203;id/__x00__/index.html?html-proxy&index=0.js"></script>
```

It is possible to abuse this behavior by crafting a request URL to contain a malicious payload like

```
"></script><script>alert('boom')</script>
```

so a request to http://localhost:5173/?%22%3E%3C/script%3E%3Cscript%3Ealert(%27boom%27)%3C/script%3E produces HTML output like

```html
<script type="module" src="/@&#8203;id/__x00__/?"></script><script>alert("boom")</script>?html-proxy&index=0.js"></script>
```

which demonstrates XSS.

### PoC

- Example 1. Serving HTML from `vite dev` middleware with `appType: 'custom'`
    - Go to https://stackblitz.com/edit/vitejs-vite-9xhma4?file=main.js&terminal=dev-html
    - "Open in New Tab"
    - Edit URL to set query string to `?%22%3E%3C/script%3E%3Cscript%3Ealert(%27boom%27)%3C/script%3E` and navigate
    - Witness XSS:
    - ![image](https://user-images.githubusercontent.com/2456381/287434281-13757894-7a63-4a73-b1e9-d2b024c19d14.png)
- Example 2. Serving HTML from SSR-style Express server (Vite dev server runs in middleware mode):
    - Go to https://stackblitz.com/edit/vitejs-vite-9xhma4?file=main.js&terminal=server
    - (Same steps as above)
- Example 3. Plain `vite dev` (this shows that vanilla `vite dev` is _not_ vulnerable, provided `htmlFallbackMiddleware` is used)
    - Go to https://stackblitz.com/edit/vitejs-vite-9xhma4?file=main.js&terminal=dev
    - (Same steps as above)
    - You should _not_ see the alert box in this case

### Detailed Impact

This will probably predominantly affect [development-mode SSR](https://vitejs.dev/guide/ssr#setting-up-the-dev-server), where `vite.transformHtml` is called using the original `req.url`, per the docs:

7fd7c6cebf/docs/guide/ssr.md (L114-L126)

However, since this vulnerability affects `server.transformIndexHtml`, the scope of impact may be higher to also include other ad-hoc calls to `server.transformIndexHtml` from outside of Vite's own codebase.

My best guess at bisecting which versions are vulnerable involves the following test script

```js
import fs from 'node:fs/promises';
import * as vite from 'vite';

const html = `
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
  </head>
  <body>
    <script type="module">
      // Inline script
    </script>
  </body>
</html>
`;
const server = await vite.createServer({ appType: 'custom' });
const transformed = await server.transformIndexHtml('/?%22%3E%3C/script%3E%3Cscript%3Ealert(%27boom%27)%3C/script%3E', html);
console.log(transformed);
await server.close();
```

and using it I was able to narrow down to #&#8203;13581. If this is correct, then vulnerable Vite versions are 4.4.0-beta.2 and higher (which includes 4.4.0).

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

### [`v4.5.1`](https://togithub.com/vitejs/vite/releases/tag/v4.5.1)

[Compare Source](https://togithub.com/vitejs/vite/compare/v4.5.0...v4.5.1)

Please refer to [CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v4.5.1/packages/vite/CHANGELOG.md) for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-06 08:55:32 +00:00
Peng Xiao
2b53430539
feat(core): allow core modules to import itself (#5207) 2023-12-06 08:45:54 +00:00
liuyi
e0cada49f5
refactor(server): do not force init binary when creating workspace (#5146) 2023-12-06 08:35:48 +00:00
liuyi
4cb26cd3e5
feat(server): events system (#5145) 2023-12-06 08:35:45 +00:00
JimmFly
b32a427ecd
chore: adjust banner content text (#5153)
![image](https://github.com/toeverything/AFFiNE/assets/102217452/86a77f1f-1be5-4d05-bdfa-9e1b321c0d9e)
2023-12-06 08:13:56 +00:00
LongYinan
e5f8a58330
ci: refactor workflow (#5139)
Merge tests job into single one, reuse job as much as possible
2023-12-06 08:03:05 +00:00
Joooye_34
48f4d6a06c
fix(core): error page 500 status dark mode (#5180)
close #5155
2023-12-05 10:40:48 +00:00
LongYinan
246fbd8d4f
ci: fix auto labeler config 2023-12-05 18:21:32 +08:00
LongYinan
bd414b7f44
ci: fix auto labeler job (#5206) 2023-12-05 18:00:42 +08:00
Peng Xiao
1e01ed0b0f
fix(component): modal blurness (#5177)
moved https://github.com/toeverything/design/pull/108

Do not use transform to center the modal. It has know issue to cause modal to have blurred texts.

https://github.com/radix-ui/website/issues/383

fix https://github.com/toeverything/AFFiNE/issues/5176
2023-12-05 09:18:49 +00:00
LongYinan
37b1a54ec6
chore: bump up idb version to v8 (#5198)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [idb](https://togithub.com/jakearchibald/idb) | [`^7.1.1` -> `^8.0.0`](https://renovatebot.com/diffs/npm/idb/7.1.1/8.0.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/idb/8.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/idb/8.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/idb/7.1.1/8.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/idb/7.1.1/8.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>jakearchibald/idb (idb)</summary>

### [`v8.0.0`](https://togithub.com/jakearchibald/idb/compare/v7.1.1...v8.0.0)

[Compare Source](https://togithub.com/jakearchibald/idb/compare/v7.1.1...v8.0.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-05 08:38:04 +00:00
JimmFly
1c88e1fb8b
fix(core): unable to create share page link (#5175)
For some reasons, our `spaceDoc.guid` and `page.id` may not necessarily be the same, so we switched to using the more accurate `page.id`.
2023-12-05 07:21:18 +00:00
Cats Juice
1cd8de9d60
fix(component): clear page list operation's link style (#5148)
- before
  ![CleanShot 2023-12-01 at 12 03 24@2x](https://github.com/toeverything/AFFiNE/assets/39363750/6951ee61-d3c3-43b3-8949-fe6ed9ceb99e)
- after
  ![CleanShot 2023-12-01 at 12 08 02@2x](https://github.com/toeverything/AFFiNE/assets/39363750/2a85e5f7-9156-4aef-81a2-76d66a673ebd)
2023-12-05 07:01:42 +00:00
LongYinan
51e42af317
chore: bump up actions/labeler action to v5 (#5192)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/labeler](https://togithub.com/actions/labeler) | action | major | `v4` -> `v5` |

---

### Release Notes

<details>
<summary>actions/labeler (actions/labeler)</summary>

### [`v5`](https://togithub.com/actions/labeler/compare/v4...v5)

[Compare Source](https://togithub.com/actions/labeler/compare/v4...v5)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-05 06:41:21 +00:00
LongYinan
e4c6db2d02
chore: bump up ava version to v6 (#5195)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [ava](https://avajs.dev) ([source](https://togithub.com/avajs/ava)) | [`^5.3.1` -> `^6.0.0`](https://renovatebot.com/diffs/npm/ava/5.3.1/6.0.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/ava/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/ava/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/ava/5.3.1/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ava/5.3.1/6.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>avajs/ava (ava)</summary>

### [`v6.0.0`](https://togithub.com/avajs/ava/releases/tag/v6.0.0)

[Compare Source](https://togithub.com/avajs/ava/compare/v5.3.1...v6.0.0)

#### Breaking Changes

-   AVA now requires Node.js versions 18.18, 20.8 or 21. Versions 14 and 16 are no longer supported. [#&#8203;3251](https://togithub.com/avajs/ava/issues/3251) [#&#8203;3216](https://togithub.com/avajs/ava/issues/3216)

-   When tests finish, worker threads or child processes are no longer exited through `proces.exit()`. If your test file does not exit on its own, the test run will time out. [#&#8203;3260](https://togithub.com/avajs/ava/issues/3260)

-   Changes to watch mode [#&#8203;3218](https://togithub.com/avajs/ava/issues/3218):
    -   Watch mode can no longer be started via the `ava.config.*` or `package.json` configuration.
    -   The `ignoredByWatcher` configuration has moved to the `watchMode` object, under the `ignoreChanges` key.
    -   Watch mode now uses the built-in [`fs.watch()`](https://nodejs.org/api/fs.html#fswatchfilename-options-listener) in recursive mode. This is supported on Linux in Node.js 20 or newer, and MacOS and Windows in Node.js 18 as well. There are [caveats](https://nodejs.org/api/fs.html#caveats) to keep in mind.

-   Failed assertions now throw, meaning that any subsequent code is not executed. This also impacts the type definitions. [#&#8203;3246](https://togithub.com/avajs/ava/issues/3246)

-   [Only native errors](https://nodejs.org/api/util.html#utiltypesisnativeerrorvalue) are now considered errors by the `t.throws()` and `t.throwsAsync()` assertions. [`Object.create(Error.prototype)` is **not** a native error](Object.create\(Error.prototype\)). [#&#8203;3229](https://togithub.com/avajs/ava/issues/3229)

-   Changes to modules loaded through the `require` configuration [#&#8203;3184](https://togithub.com/avajs/ava/issues/3184):
    -   If such modules export a default function, this function is now invoked.
    -   Local files are loaded through `@ava/typescript` if necessary.

#### Improvements

##### Rewritten watcher

The watcher has been rewritten. It’s now built on [`fs.watch()`](https://nodejs.org/api/fs.html#fswatchfilename-options-listener) in recursive mode.

[`@vercel/nft`](https://togithub.com/vercel/nft)  is used to perform static dependency analysis, supporting ESM and CJS imports for JavaScript & TypeScript source files. This is a huge improvement over the previous runtime tracking of CJS imports, which did not support ESM.

Integration with [`@ava/typescript`](https://togithub.com/avajs/typescript) has been improved. The watcher can now detect a change to a TypeScript source file, then wait for the corresponding build output to change before re-running tests.

The ignoredByWatcher configuration has moved to the watchMode object, under the ignoreChanges key.

See [#&#8203;3218](https://togithub.com/avajs/ava/issues/3218) and [#&#8203;3257](https://togithub.com/avajs/ava/issues/3257).

##### Failed assertions now throw

Assertions now throw a `TestFailure` error when they fail. This error is not exported or documented and should not be used or thrown manually. You cannot catch this error in order to recover from a failure, use `t.try()` instead.

All assertions except for `t.throws()` and `t.throwsAsync()` now return `true` when they pass. This is useful for some of the assertions in TypeScript where they can be used as a type guard.

Committing a failed `t.try()` result now also throws.

See [#&#8203;3246](https://togithub.com/avajs/ava/issues/3246).

##### `t.throws()` and `t.throwsAsync()` can now expect any error

By default, the thrown error (or rejection reason) must be a native error. You can change the assertion to expect any kind of error by setting `any: true` in the expectation object:

```js
t.throws(() => { throw 'error' }, {any: true})
```

See [#&#8203;3245](https://togithub.com/avajs/ava/issues/3245) by [@&#8203;adiSuper94](https://togithub.com/adiSuper94).

##### The `require` configuration is now more powerful

It now loads ES modules.

Local files are loaded through `@ava/typescript` if necessary, so you can also write these in TypeScript.

If there is a default export function, it is invoked after loading. The function is awaited so it can do asynchronous setup before further modules are loaded. Arguments from the configuration can be passed to the function (as a \[[structured clone](https://developer.mozilla.org/en-US/docs/Web/API/structuredClone)]\(https://developer.mozilla.org/en-US/docs/Web/API/structuredClone)).

See [#&#8203;3184](https://togithub.com/avajs/ava/issues/3184) by [@&#8203;sculpt0r](https://togithub.com/sculpt0r).

##### Other changes worth noting

-   Internal events can now be observed (experimentally). See [#&#8203;3247](https://togithub.com/avajs/ava/issues/3247) by [@&#8203;codetheweb](https://togithub.com/codetheweb). It’s experimental and undocumented.
-   You can now use `t.timeout.clear()` to restore a previous `t.timeout()`. [#&#8203;3221](https://togithub.com/avajs/ava/issues/3221)
-   Code coverage is flushed to disk at opportune moments. [#&#8203;3220](https://togithub.com/avajs/ava/issues/3220)

#### New Contributors

-   [@&#8203;sculpt0r](https://togithub.com/sculpt0r) made their first contribution in [https://github.com/avajs/ava/pull/3184](https://togithub.com/avajs/ava/pull/3184)
-   [@&#8203;ZachHaber](https://togithub.com/ZachHaber) made their first contribution in [https://github.com/avajs/ava/pull/3233](https://togithub.com/avajs/ava/pull/3233)
-   [@&#8203;adiSuper94](https://togithub.com/adiSuper94) made their first contribution in [https://github.com/avajs/ava/pull/3245](https://togithub.com/avajs/ava/pull/3245)
-   [@&#8203;bricker](https://togithub.com/bricker) made their first contribution in [https://github.com/avajs/ava/pull/3250](https://togithub.com/avajs/ava/pull/3250)

**Full Changelog**: https://github.com/avajs/ava/compare/v5.3.1...v6.0.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-05 06:19:00 +00:00
Anthony
56ace48226
feat: add new page to the sidebar #5095 (#5128)
Co-authored-by: 李华桥 <joooye1991@gmail.com>
2023-12-05 14:18:21 +08:00
LongYinan
2b7c6714eb
chore: bump up Helm release postgresql to v13 (#5190)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [postgresql](https://bitnami.com) ([source](https://togithub.com/bitnami/charts/tree/HEAD/bitnami/postgresql)) | major | `12.5.8` -> `13.2.23` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-05 04:26:32 +00:00
LongYinan
1dacb21178
chore: bump up @dnd-kit/modifiers version to v7 (#5189)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@dnd-kit/modifiers](https://togithub.com/clauderic/dnd-kit) ([source](https://togithub.com/clauderic/dnd-kit/tree/HEAD/packages/modifiers)) | [`^6.0.1` -> `^7.0.0`](https://renovatebot.com/diffs/npm/@dnd-kit%2fmodifiers/6.0.1/7.0.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@dnd-kit%2fmodifiers/7.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@dnd-kit%2fmodifiers/7.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@dnd-kit%2fmodifiers/6.0.1/7.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@dnd-kit%2fmodifiers/6.0.1/7.0.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>clauderic/dnd-kit (@&#8203;dnd-kit/modifiers)</summary>

### [`v7.0.0`](https://togithub.com/clauderic/dnd-kit/blob/HEAD/packages/modifiers/CHANGELOG.md#700)

[Compare Source](https://togithub.com/clauderic/dnd-kit/compare/@dnd-kit/modifiers@6.0.1...@dnd-kit/modifiers@7.0.0)

##### Patch Changes

-   Updated dependencies \[[`bc588c7`](bc588c7f7b), [`b417f0f`](b417f0f94b), [`f342d5e`](f342d5efd9)]:
    -   [@&#8203;dnd-kit/core](https://togithub.com/dnd-kit/core)[@&#8203;6](https://togithub.com/6).1.0
    -   [@&#8203;dnd-kit/utilities](https://togithub.com/dnd-kit/utilities)[@&#8203;3](https://togithub.com/3).2.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-05 04:05:29 +00:00
LongYinan
f3e717ee5f
chore: bump up @opentelemetry/instrumentation-ioredis version to ^0.36.0 (#5186)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@opentelemetry/instrumentation-ioredis](https://togithub.com/open-telemetry/opentelemetry-js-contrib/tree/main/plugins/node/opentelemetry-instrumentation-ioredis#readme) ([source](https://togithub.com/open-telemetry/opentelemetry-js-contrib)) | [`^0.35.3` -> `^0.36.0`](https://renovatebot.com/diffs/npm/@opentelemetry%2finstrumentation-ioredis/0.35.3/0.36.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@opentelemetry%2finstrumentation-ioredis/0.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@opentelemetry%2finstrumentation-ioredis/0.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@opentelemetry%2finstrumentation-ioredis/0.35.3/0.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@opentelemetry%2finstrumentation-ioredis/0.35.3/0.36.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>open-telemetry/opentelemetry-js-contrib (@&#8203;opentelemetry/instrumentation-ioredis)</summary>

### [`v0.36.0`](607d375595...a757b5e443)

[Compare Source](607d375595...a757b5e443)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/toeverything/AFFiNE).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSJ9-->
2023-12-05 03:46:25 +00:00
LongYinan
9e8668de6b
ci: add electron-forge deps group (#5185) 2023-12-05 03:27:36 +00:00
LongYinan
eb93ae04e0
ci: exclude @blocksuite/icons from blocksuite nightly update group (#5184) 2023-12-05 02:45:55 +00:00
LongYinan
a9b021bafe
ci: use renovate to replace dependabot since depedabot has never worked (#5182)
https://github.com/toeverything/AFFiNE/network/updates/757631626 dependabot update jobs keep timeout
2023-12-05 00:47:40 +00:00
LongYinan
56b37c481e
chore: bump @adobe/css-tools from 4.3.1 to 4.3.2 (#5181)
Bumps [@adobe/css-tools](https://github.com/adobe/css-tools) from 4.3.1 to 4.3.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/adobe/css-tools/blob/main/History.md"><code>@​adobe/css-tools</code>'s changelog</a>.</em></p>
<blockquote>
<h1>4.3.2 / 2023-11-28</h1>
<ul>
<li>Fix redos vulnerability with specific crafted css string - CVE-2023-48631</li>
<li>Fix Problem parsing with :is() and nested :nth-child() <a href="https://redirect.github.com/adobe/css-tools/issues/211">#211</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/adobe/css-tools/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@adobe/css-tools&package-manager=npm_and_yarn&previous-version=4.3.1&new-version=4.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/toeverything/AFFiNE/network/alerts).

</details>
2023-12-04 14:59:50 +00:00
Flrande
a2784c352f
chore: bump blocksuite (#5138) 2023-12-04 12:02:35 +00:00
EYHN
7878ce5c2c
feat(workspace): priority load opened page (#5156) 2023-12-04 11:32:10 +00:00
liuyi
b4b4a3b625
fix(server): avoid snapshot write conflict (#5174) 2023-12-04 11:12:16 +00:00
Cats Juice
d911d21d1c
feat(component): add storybook (#5079) 2023-12-04 08:32:19 +00:00
Cats Juice
9c50dbc362
feat(core): remove all imports from design/component (#5078)
feat(core): remove all imports from design/component

feat(plugin): remove imports from design-components

feat(storybook): remove design-components imoprts

feat(core): remove

fix(component): remove design/component import in local-demo-tip
2023-12-04 08:32:16 +00:00
Cats Juice
0abadbe7bb
refactor(component): migrate design components (#5000)
```[tasklist]
### Tasks
- [x] Migrate components from [design](https://github.com/toeverything/design)
- [x] Replace all imports from `@toeverything/components`
- [x] Clean up `@toeverything/components` dependencies
- [x] Storybook
```

### Influence

Here are all the components that are influenced by `@toeverything/components`

- `@affine/component`
    - App update `Button` `Tooltip`
    - App sidebar header `IconButton`, `Tooltip`
    - Back `Button`
    - Auth
      - Change email page save `Button`
      - Change password page all `Button`s (Save, Later, Open)
      - Confirm change email `Button`
      - Set password page `Button`
      - Sign in success page `Button`
      - Sign up page `Button`
      - Auth `Modal`
    - Workspace card `Avatar`, `Divider`, `Tooltip`, `IconButton`
    - Share
      - Disable shared public link `Modal`
    - Import page `IconButton`, `Tooltip`
    - Accept invite page `Avatar`, `Button`
    - Invite member `Modal`
    - 404 Page `Avatar`, `Button`, `IconButton`, `Tooltip`
    - Notification center `IconButton`
    - Page list
      - operation cell `IconButton`, `Menu`, `ConfirmModal`, `Tooltip`
      - tags more `Menu`
      - favorite `IconButton`, `Tooltip`
      - new page dropdown `Menu`
      - filter `Menu`, `Button`, `IconButton`
    - Page operation `Menu`
      - export `MenuItem`
      - move to trash `MenuItem`, `ConfirmModal`
    - Workspace header filter `Menu`, `Button`
    - Collection bar `Button`, `Tooltip` (*⚠️ seems not used*)
    - Collection operation `Menu`, `MenuItem`
      - Create collection `Modal`, `Button`
      - Edit collection `Modal`, `Button`
      - Page mode filter `Menu`
      - Page mode `Button`, `Menu`
    - Setting modal
      - storage usage progress `Button`, `Tooltip`
    - On boarding tour `Modal`
- `@affine/core`
  - Bookmark `Menu`
  - Affine error boundary `Button`
  - After sign in send email `Button`
  - After sign up send email `Button`
  - Send email `Button`
  - Sign in `Button`
  - Subscription redirect `Loading`, `Button`
  - Setting `Modal`
    - User plan button `Tooltip`
    - Members `Avatar`, `Button`, `IconButton`, `Loading`, `Tooltip`, `Menu`
    - Profile `Button`, `Avatar`
    - Workspace
      - publish panel `Button`, `Tooltip`
      - export panel `Button`
      - storage panel `Button`, `Tooltip`
      - delete `ConfirmModal`
    - Language `Menu`
    - Account setting `Avatar`, `Button`
    - Date format setting `Menu`
    - Billing `Button`, `IconButton`, `Loading`
    - Payment plans `Button`, `ConfirmModal`, `Modal`, `Tooltip`
  - Create workspace `Modal`, `ConfirmModal`, `Button`
  - Payment disabled `ConfirmModal`
  - Share/Export `Menu`, `Button`, `Divider`
  - Sign out `ConfirmModal`
  - Temp disable affine cloud `Modal`
  - Page detail operation `Menu`
  - Blocksuite mode switch `Tooltip`
  - Login card `Avatar`
  - Help island `Tooltip`
- `plugin`
  - copilot
  - hello world
  - image preview
  - outline
2023-12-04 08:32:12 +00:00
LongYinan
33c53217c3
chore: move cargo fmt to lint-staged from pre-commit (#5150) 2023-12-04 06:42:54 +00:00
EYHN
91f3149148
fix(workspace): fix svg display on browser (#5158) 2023-12-02 17:27:07 +00:00
Rakhee Singh
661b4a91ba
style(core): add page list header emptypage (#5162)
Co-authored-by: rakhee28 <rakhee@strings.ai>
2023-12-02 23:39:51 +08:00
Peng Xiao
512504e177
fix(electron): do not restore window on get window (#5163)
fix https://github.com/toeverything/AFFiNE/issues/5161

Looks like I used window.restore incorrectly.
2023-12-02 15:13:48 +00:00
LongYinan
1f7654e80f
chore: bump @adobe/css-tools from 4.3.1 to 4.3.2 (#5154)
Bumps [@adobe/css-tools](https://github.com/adobe/css-tools) from 4.3.1 to 4.3.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/adobe/css-tools/blob/main/History.md"><code>@​adobe/css-tools</code>'s changelog</a>.</em></p>
<blockquote>
<h1>4.3.2 / 2023-11-28</h1>
<ul>
<li>Fix redos vulnerability with specific crafted css string - CVE-2023-48631</li>
<li>Fix Problem parsing with :is() and nested :nth-child() <a href="https://redirect.github.com/adobe/css-tools/issues/211">#211</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a href="https://github.com/adobe/css-tools/commits">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@adobe/css-tools&package-manager=npm_and_yarn&previous-version=4.3.1&new-version=4.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/toeverything/AFFiNE/network/alerts).

</details>
2023-12-01 08:52:40 +00:00
Joooye_34
eb7d293aaa
fix(core): implement editor timeout and report error from boundary (#5105) (#5151)
fix(core): implement editor timeout and report error from boundary (#5105)

ci: add sentry env when frontend assets build (#5131)

fix(core): expose catched editor load error (#5133)

fix(infra): use blocksuite api to check compatibility (#5137)

fix(infra): compatibility logic follow blocksuite (#5143)

fix(core): rerender error boundary when route change and improve sentry report (#5147)
2023-12-01 07:25:08 +00:00
LongYinan
99f98fb9d3
ci: remove publish job (#5135) 2023-11-30 04:24:43 +00:00
JimmFly
3e662f358d
fix(core): adjust ui styles (#5094) 2023-11-30 12:23:57 +08:00
Peng Xiao
6661e8bd9a
fix(core): language display names (#5123) 2023-11-30 12:23:03 +08:00
JimmFly
23518cae16
feat(core): add manual check for updates (#4957)
work for #4523

add `appBuildType` to `runtimeConfig`
add `useAppUpdater` to manage client updates

<!--
copilot:summary
-->
### <samp>🤖[[deprecated]](https://githubnext.com/copilot-for-prs-sunset) Generated by Copilot at cdd012c</samp>

This pull request refactors and enhances the update functionality for the frontend. It introduces a new custom hook `useAppUpdater` that simplifies the update logic and state management, and uses it in various components and commands. It also adds more options and feedback for the user to control and monitor the update process, such as manual download, auto-check, and auto-download toggles, and update status and progress indicators. It also updates the `AboutAffine` component to show the app icon, version, and build type. It also adds new translations, dependencies, types, and schemas related to the update functionality.

<img width="1073" alt="image" src="https://github.com/toeverything/AFFiNE/assets/102217452/16ae7a6a-0035-4e57-902b-6b8f63169501">
2023-11-29 13:31:25 +00:00
LongYinan
906d224fa9
chore(native): fix useless import (#5130) 2023-11-29 10:11:40 +00:00
LongYinan
6fca1b43f0
chore: add rust-toolchain file (#5129) 2023-11-29 10:11:38 +00:00
LongYinan
3fc515491b
chore: remove useless circular command (#5127) 2023-11-29 10:11:36 +00:00