Commit graph

6 commits

Author SHA1 Message Date
dependabot[bot]
4b9bd23e56
chore(deps): bump the npm_and_yarn group across 1 directory with 9 updates (#7259)
Bumps the npm_and_yarn group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [fastify](https://github.com/fastify/fastify) | `5.8.4` | `5.8.5` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.2` |
| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.14` |
| [axios](https://github.com/axios/axios) | `1.13.6` | `1.15.0` |
| [dompurify](https://github.com/cure53/DOMPurify) | `3.3.3` | `3.4.0` |
| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |
| [hono](https://github.com/honojs/hono) | `4.12.9` | `4.12.14` |
| [lodash-es](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |



Updates `fastify` from 5.8.4 to 5.8.5
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5)

Updates `nodemailer` from 8.0.4 to 8.0.5
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5)

Updates `vite` from 6.4.1 to 6.4.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite)

Updates `@hono/node-server` from 1.19.11 to 1.19.14
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.19.11...v1.19.14)

Updates `axios` from 1.13.6 to 1.15.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.6...v1.15.0)

Updates `dompurify` from 3.3.3 to 3.4.0
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.3...3.4.0)

Updates `follow-redirects` from 1.15.11 to 1.16.0
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0)

Updates `hono` from 4.12.9 to 4.12.14
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.9...v4.12.14)

Updates `lodash-es` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: fastify
  dependency-version: 5.8.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 8.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.4.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.14
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: dompurify
  dependency-version: 3.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: follow-redirects
  dependency-version: 1.16.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.14
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash-es
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-18 20:35:50 +02:00
Johannes Millan
0e9218bd68 fix(sync): handle data validation errors and improve client ID management
- Separate JsonParseError and SyncDataCorruptedError handlers in sync wrapper
- Handle corrupted remote data gracefully instead of throwing
- Add getOrGenerateClientId() as unified entry point, eliminating dual injection
  of ClientIdService + CLIENT_ID_PROVIDER in snapshot-upload, file-based-encryption,
  and sync-hydration services
- Use crypto.getRandomValues() instead of Math.random() for client ID generation
- Warn user when stored client ID is invalid and must be regenerated
- Fix flaky e2e supersync tests (premature waitForURL match on daily-summary URL)
2026-04-16 17:41:39 +02:00
Johannes Millan
c47ab48eb7
chore(deps): bump lodash from 4.17.23 to 4.18.1 (#7225)
* chore(deps): bump lodash from 4.17.23 to 4.18.1

Cherry-pick from Dependabot PR #7218. Fixes prototype pollution via
constructor/prototype path traversal in _.unset/_.omit (GHSA-f23m-r3pf-42rh)
and code injection via _.template imports keys (GHSA-r5fr-rjxr-66jc).

https://claude.ai/code/session_01NbP8MQuSHm7p4Z4uUCRqeg

* chore(deps): fix security vulnerabilities via npm audit fix

Updates transitive dependencies to resolve security advisories:
- follow-redirects 1.15.11 -> 1.16.0 (GHSA-r4q5-vmmm-2653)
- path-to-regexp 8.3.0 -> 8.4.2 and 0.1.12 -> 0.1.13 (ReDoS fixes)
- picomatch: updated nested copies to 4.0.4 (GHSA-3v7f-55p6-f55p, GHSA-c2c7-rcm5-vvqj)
- minimatch: updated app-builder-lib override from vulnerable 10.1.1 to 10.2.5

Remaining items blocked on upstream releases:
- picomatch 4.0.3 (top-level, needs @angular-devkit update)
- undici 7.22.0 (needs @angular/build update)
- vite 7.3.1 (needs @angular/build update)
- minimatch 10.1.1 in glob (needs glob update)

All vulnerabilities are in dev/build tooling only — none affect production.

https://claude.ai/code/session_01NbP8MQuSHm7p4Z4uUCRqeg

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-14 15:32:05 +02:00
dependabot[bot]
ad38eeb2ea
chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates (#7178)
Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [electron](https://github.com/electron/electron) | `37.10.3` | `41.2.0` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.2` |
| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.13` |
| [axios](https://github.com/axios/axios) | `1.13.6` | `1.15.0` |
| [hono](https://github.com/honojs/hono) | `4.12.9` | `4.12.12` |
| [lodash-es](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |



Updates `electron` from 37.10.3 to 41.2.0
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](https://github.com/electron/electron/compare/v37.10.3...v41.2.0)

Updates `nodemailer` from 8.0.4 to 8.0.5
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5)

Updates `vite` from 6.4.1 to 6.4.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite)

Updates `@hono/node-server` from 1.19.11 to 1.19.13
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.19.11...v1.19.13)

Updates `axios` from 1.13.6 to 1.15.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.6...v1.15.0)

Updates `hono` from 4.12.9 to 4.12.12
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.9...v4.12.12)

Updates `lodash-es` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: electron
  dependency-version: 41.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 8.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.4.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash-es
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-13 16:40:36 +02:00
Johannes Millan
363b8d3729 feat(plugins): add plugin packaging script and improve build command handling 2025-11-26 17:23:17 +01:00
Johannes Millan
6e25ed7053 feat(plugins): improve on infrastructre for bundled plugins 2025-11-26 16:22:01 +01:00