6966 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
renovate	23c7f8b01d	chore: bump up express version to v4.20.0 [SECURITY] (#8205) ... This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [express](http://expressjs.com/) ([source](https://redirect.github.com/expressjs/express)) | [`4.19.2` -> `4.20.0`](https://renovatebot.com/diffs/npm/express/4.19.2/4.20.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-43796](https://redirect.github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx) ### Impact In express <4.20.0, passing untrusted user input - even after sanitizing it - to `response.redirect()` may execute untrusted code ### Patches this issue is patched in express 4.20.0 ### Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist ### Details successful exploitation of this vector requires the following: 1. The attacker MUST control the input to response.redirect() 1. express MUST NOT redirect before the template appears 1. the browser MUST NOT complete redirection before: 1. the user MUST click on the link in the template --- ### Release Notes <details> <summary>expressjs/express (express)</summary> ### [`v4.20.0`](https://redirect.github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10) [Compare Source](https://redirect.github.com/expressjs/express/compare/4.19.2...4.20.0) \========== - deps: serve-static@0.16.0 - Remove link renderization in html while redirecting - deps: send@0.19.0 - Remove link renderization in html while redirecting - deps: body-parser@0.6.0 - add `depth` option to customize the depth level in the parser - IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`) - Remove link renderization in html while using `res.redirect` - deps: path-to-regexp@0.1.10 - Adds support for named matching groups in the routes using a regex - Adds backtracking protection to parameters without regexes defined - deps: encodeurl@~2.0.0 - Removes encoding of `\`, `|`, and `^` to align better with URL spec - Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie` - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC41OS4yIiwidXBkYXRlZEluVmVyIjoiMzguNTkuMiIsInRhcmdldEJyYW5jaCI6ImNhbmFyeSIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->	2024-09-12 08:43:05 +00:00
fundon	8a9d9b42a3	feat(core): support block links on cmdk (#8192) ... Upstreams: https://github.com/toeverything/blocksuite/pull/8260 Closes: [BS-1323](https://linear.app/affine-design/issue/BS-1323/粘贴-link-to-block-到-link-弹窗，不符合预期)	2024-09-12 08:25:28 +00:00
JimmFly	2cba8a4ccd	fix(core): title could not be changed when creating a new doc (#8203) ... Before change, the title could not be modified from outside the editor without refreshing: https://github.com/user-attachments/assets/536acba1-4e31-418a-bc1a-8578e3128bba after: https://github.com/user-attachments/assets/30a4b270-b8b1-4787-acef-0ab2a72a8f74	2024-09-12 07:55:23 +00:00
EYHN	cc5a6e6d40	refactor: new project struct (#8199) ... packages/frontend/web -> packages/frontend/apps/web packages/frontend/mobile -> packages/frontend/apps/mobile packages/frontend/electron -> packages/frontend/apps/electron	2024-09-12 07:42:57 +00:00
L-Sun	7c4eab6cd3	fix(core): add edit entry for mobile edition (#8173)	2024-09-12 06:48:22 +00:00
JimmFly	8e71815e46	fix(component): windows client does not have app controls on some pages (#8176) ... close AF-1266	2024-09-12 06:35:55 +00:00
EYHN	3999b04cf1	feat(core): download template from snapshot url (#8211)	2024-09-12 06:21:52 +00:00
zzj3720	aad7b90859	feat(core): add database full-width feature flag (#8210)	2024-09-12 05:14:13 +00:00
akumatus	456aa047cb	fix: missing font in text preview of editor settings (#8213) ... Close issue [BS-1394](https://linear.app/affine-design/issue/BS-1394). Add `FontConfigExtension` to `edgeless:preview` spec.	2024-09-12 04:40:17 +00:00
doouding	393dcfec78	feat: bump bs (#8212) ... https://github.com/toeverything/blocksuite/pull/8311	2024-09-12 04:28:14 +00:00
pengx17	24bf1beac8	fix(electron): devtools open in detach mode (#8200) ... fix AF-1380	2024-09-12 03:20:19 +00:00
CatsJuice	8bf0458ef4	fix(mobile): remove all focus style for link and button (#8208)	2024-09-12 03:07:31 +00:00
Saul-Mirone	ba81b1a9ca	chore: bump bs (#8204)	2024-09-11 12:04:26 +00:00
fundon	b74dd1c92e	feat(core): support block links on Bi-Directional Links (#8169) ... Clsoes [AF-1348](https://linear.app/affine-design/issue/AF-1348/修复-bi-directional-links-里面的链接地址) * Links to the current document should be ignored on `Backlinks` * Links to the current document should be ignored on `Outgoing links` https://github.com/user-attachments/assets/dbc43cea-5aca-4c6f-886a-356e3a91c1f1	2024-09-11 11:08:12 +00:00
CatsJuice	b7d05d2078	feat(core): new empty states for doc/collection/tag (#8197) ... AF-1329, AF-1330	2024-09-11 10:48:52 +00:00
akumatus	f12655655e	feat: add mindmap and connector settings (#8198) ... ### What changed? - Add `connector` label settings. - Add `mindmap` style settings. - Add skeleton loading placeholder. <div class='graphite__hidden'> <div>🎥 Video uploaded on Graphite:</div> <a href="https://app.graphite.dev/media/video/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov"> <img src="https://app.graphite.dev/api/v1/graphite/video/thumbnail/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov"> </a> </div> <video src="https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/sJGviKxfE3Ap685cl5bj/31159d74-ef62-4c7f-b1d9-cde73047cf29.mov">录屏2024-09-11 16.30.17.mov</video>	2024-09-11 09:17:11 +00:00
EYHN	85aa73bcf6	fix(core): disconnect ws when user logout (#8188)	2024-09-11 07:55:42 +00:00
EYHN	d93c3b3719	feat(core): user data db (#7930)	2024-09-11 07:55:37 +00:00
EYHN	498a69af53	feat(core): move enable ai to feature flag (#8195)	2024-09-11 07:42:07 +00:00
EYHN	8c191e6baa	feat(core): preview template & snapshot import (#8193)	2024-09-11 07:11:33 +00:00
doouding	52d9569f47	feat: add mind map import feature flag (#8196)	2024-09-11 06:27:47 +00:00
EYHN	f009371e06	fix(core): fix menu shaking (#8187)	2024-09-11 03:42:13 +00:00
forehalo	7a546ff8a1	feat(core): add auth metrics (#8194) ... close AF-849	2024-09-11 03:28:32 +00:00
CatsJuice	81ab8ac8b3	feat(mobile): pwa and browser theme-color optimization (#8168) ... [AF-1325](https://linear.app/affine-design/issue/AF-1325/优化-pwa-体验), [AF-1317](https://linear.app/affine-design/issue/AF-1317/优化：-pwa-的顶部-status-bar-颜色应与背景保持一致), [AF-1318](https://linear.app/affine-design/issue/AF-1318/优化：pwa-的底部应当有符合设备安全高度的padding), [AF-1321](https://linear.app/affine-design/issue/AF-1321/更新一下-fail-的-pwa-icon) - New `<SafeArea />` ui component - New `useThemeColorV1` / `useThemeColorV2` hook: - to modify `<meta name="theme-color" />` with given theme key	2024-09-11 02:20:59 +00:00
L-Sun	9038592715	fix(core): disable append paragraph in shared page editor (#8191) ... Disable append paragraph function for readonly or shared page editor. ### Before 	2024-09-10 15:33:52 +00:00
L-Sun	6ce6cb33ef	feat(core): add outline viewer for share page (#8190)	2024-09-10 14:00:17 +00:00
Saul-Mirone	daa9d9ff5c	chore: bump bs (#8189)	2024-09-10 13:48:08 +00:00
darkskygit	95738e796f	fix: client captcha (#8186)	2024-09-10 09:34:21 +00:00
JimmFly	9ccf517e06	chore: adjust the border color of Point component (#8185) ... close AF-1367	2024-09-10 09:22:34 +00:00
JimmFly	31561d8203	chore: bump theme version (#8184)	2024-09-10 09:05:30 +00:00
donteatfriedrice	9dfd366382	fix: ai error message tip would be cut off (#8183) ... Use `<affine-tooltip>` component that updates the float position when it might be clipped。 Fix: [BS-1386](https://linear.app/affine-design/issue/BS-1386/[bug]-tooltip-位置错误)	2024-09-10 08:12:05 +00:00
JimmFly	4c0d0ab8de	fix(core): page jumps unexpectedly when clicking the collection operation (#8182) ... close AF-1371 https://github.com/user-attachments/assets/9cc25790-8755-458c-94ac-a8d1b584c428	2024-09-10 06:38:33 +00:00
EYHN	0cdc486f1f	fix(core): reduce state refresh (#8181)	2024-09-10 06:21:15 +00:00
pengx17	fb76fdfca3	fix(core): menu not scrollable when opening in modal (#8179) ... fix AF-1360 When menu (with modal = false) is rendered in Modal, the [RemoveScroll utility wrapped by Modal](660060a765/packages/react/dialog/src/Dialog.tsx (L203)) will prevent menu from scrolling. The reason why menu is scrollable within a dialog is because it is also wrapped a RemoveScroll [when modal is on. ](660060a765/packages/react/menu/src/Menu.tsx (L305)) In this fix, added a `useWithinModal` utility hook so that menu will automatically assign noportal mode for menu when it is rendered inside of a modal.	2024-09-10 06:09:00 +00:00
JimmFly	9d343bdaa6	feat(core): add enable url preview to workspace settings (#8089)	2024-09-10 04:04:06 +00:00
Brooooooklyn	fe1eefdbb2	feat: init renderer server (#8088)	2024-09-10 04:03:59 +00:00
forehalo	0add8917f9	feat(server): enable share og information for docs (#7794)	2024-09-10 04:03:52 +00:00
darkskygit	34eac4c24e	feat: improve ai query performance (#8170)	2024-09-09 09:39:28 +00:00
JimmFly	b48cc825e0	fix(core): unexpected jump when clicking save tag (#8171) ... close AF-1285 https://github.com/user-attachments/assets/1ec4adf5-4340-4e94-9e56-6a05e7a65f18	2024-09-09 07:54:56 +00:00
forehalo	32f673fa3d	perf(server): index lower user email (#8167)	2024-09-09 04:43:59 +00:00
JimmFly	a7ecfea3b5	fix(core): disable border thickness setting when no border is selected (#8152) ... close AF-1351	2024-09-09 03:25:04 +00:00
fundon	6b266e3a1b	fix(core): link copying and pasting (#8157) ... Related to: https://github.com/toeverything/blocksuite/pull/8233	2024-09-09 03:11:20 +00:00
forehalo	d31565eb98	ci(mobile): typecheck (#8166)	2024-09-09 02:59:50 +00:00
darkskygit	2a135d8a93	feat: add index for snapshots (#8163)	2024-09-08 13:49:41 +00:00
forehalo	57083905ff	fix(core): strict client oauth parameters check (#8159)	2024-09-08 12:44:47 +00:00
forehalo	63e1fce3ca	perf(server): accelerate user workspace permission queries (#8161)	2024-09-08 12:04:00 +00:00
forehalo	87e9ff01b5	perf(server): avoid filter doc snapshot by non-indexed updatedAt (#8160)	2024-09-08 12:03:55 +00:00
Saul-Mirone	32d3769201	chore: bump bs (#8153)	2024-09-07 04:08:22 +00:00
CatsJuice	87ed358f2e	fix(mobile): adjust mobile ui (#8112) ... close AF-1274, AF-1320, AF-1333	2024-09-06 13:40:10 +00:00
forehalo	4de9d94c80	chore(core): publish editor settings in beta (#8149)	2024-09-06 11:54:26 +00:00