Commit graph

1682 commits

Author SHA1 Message Date
johannesjo
1b4d0c1710 18.4.2 2026-05-01 23:07:19 +02:00
Johannes Millan
ff0f6d2f82 18.4.1 2026-05-01 21:59:17 +02:00
Johannes Millan
4f15e66f9d 18.4.0 2026-05-01 20:58:26 +02:00
Johannes Millan
d7ca08552e build: downgrade eslint 2026-05-01 19:35:28 +02:00
Johannes Millan
d9f54efbb9 chore(deps): bump stylelint 16->17 + recommended-scss + formatter-github
Paired migration:
- stylelint 16.26 -> 17.9
- stylelint-config-recommended-scss 14.1 -> 17.0
- @csstools/stylelint-formatter-github 1.0 -> 2.0 (requires stylelint 17)

Fix the 26 violations from new deprecation rules:
- 'word-wrap' replaced with 'overflow-wrap' (autofix; word-wrap is a
  legacy alias in CSS3, only matters that stylelint now flags it)
- 'word-break: break-word' (deprecated keyword) replaced with
  'overflow-wrap: anywhere' (the spec-defined equivalent), with stale
  duplicate 'overflow-wrap' declarations consolidated
2026-05-01 19:35:27 +02:00
Johannes Millan
277cf1480e chore(deps): bump cross-env, eslint, jasmine-core, typia to next major
- cross-env 7→10 (CLI-compatible, Node 20+ engine — already met)
- eslint 9→10 + @eslint/js 9→10 (all active plugins support v10;
  fix local rule require-hydration-guard to use context.sourceCode
  instead of removed context.getSourceCode())
- jasmine-core 5→6 (forbidDuplicateNames default flipped; no duplicates
  in our suite — verified by running the full test:once)
- typia 11→12 (public API surface unchanged; validation specs pass)

Lint, build and the typia/auto-fix specs verified green. The 5 pre-existing
failures in immediate-upload.service.spec.ts are unrelated — also fail on
master with the same package.json that has been shipping.

Deferred from this round: stylelint 16→17 (paired migration with
@csstools/stylelint-formatter-github 1→2, separate work),
electron-dl 3→4 (forces full electron-main CJS→ESM migration),
marked 17→18 (ngx-markdown@21.2.0 peer-locks marked at ^17).
2026-05-01 19:35:27 +02:00
Johannes Millan
cbbec922b8 chore(deps): bump non-Angular deps to latest within current major
Patch/minor updates across tooling and runtime:
electron 41.2→41.4, electron-builder 26.7→26.8, prettier 3.7→3.8,
playwright 1.57→1.59, typescript-eslint 8.52→8.59, karma 6.4.2→6.4.4,
core-js 3.47→3.49, nanoid 5.1.6→5.1.11, dotenv 17.3→17.4, glob 13.0→13.0.6,
fs-extra 11.3→11.3.4, tslib 2.7→2.8, baseline-browser-mapping 2.9→2.10,
plus type defs and native binaries (@lmdb/*, @rollup/*).
Build, lint and a sample unit test all pass.
2026-05-01 19:35:27 +02:00
Johannes Millan
6a4253bd23 chore(deps): update Angular ecosystem to latest 21.x
Bumps Angular core/CLI/Material/CDK to 21.2.11/21.2.9, @ngrx/* to 21.1.0,
ngx-markdown to 21.2.0. All within current major; build and lint pass.
2026-05-01 19:35:27 +02:00
Johannes Millan
81560f97af 18.3.0 2026-04-25 22:42:18 +02:00
David Vornholt
0988c2d8c6
Add ext-idle-notify backend for Wayland idle detection (#7337)
* fix(electron): support Wayland idle detection via ext-idle-notify

* fix(electron): address wayland idle helper review

---------

Co-authored-by: Johannes Millan <johannesjo@users.noreply.github.com>
2026-04-24 16:50:24 +02:00
Johannes Millan
e72aa77336
Add Electron packaging smoke test to catch missing dependencies (#7336)
* ci(electron): verify packaged app.asar and smoke-test launch

Adds coverage for the gap that let #7320 ship: CI built electron TS
and ran electron-builder on release, but never exercised the packaged
binary. A stray relative import reaching out of electron/** was
compiled by tsc into src/app/util/*.js, fell outside the files glob
in electron-builder.yaml, and was missing from app.asar — the main
process crashed on launch for every 18.2.7 user.

Two new checks, both running on ubuntu-latest:

1. tools/verify-electron-requires.js extracts app.asar and re-resolves
   every relative require() under electron/** against the packaged
   tree. Runs on every PR that touches electron/**, electron-builder
   config, package.json, or the workflow itself. ~10s after the build.

2. A launch-under-xvfb smoke test starts the packaged binary, waits
   30s for a crash, and greps stderr for 'Cannot find module' /
   'Uncaught Exception'. Runs on push to master, release tags, and
   manual dispatch (not every PR — needs xvfb setup + idle wait).

Exposed as npm run electron:verify-asar for local use after dist.

* ci(electron): harden smoke workflow and verify script from review

Review feedback on the previous commit surfaced a handful of real
defects. Addressed here:

verify-electron-requires.js
- Guard resolved paths against escaping the extracted asar tree.
  Without this, a relative require with enough `..` climbs above the
  temp dir and Node's resolver hits the host filesystem, masking a
  genuinely missing module behind a stray file on the CI runner.
- Walk .cjs and .mjs files too. electron/simple-store.test.cjs ships
  via the `electron/**/*` glob and was being skipped.
- Move cleanup out of the path where `process.exit(1)` runs inside a
  `try/finally` (synchronous exit does not guarantee `finally`), so
  the temp dir is reliably removed.
- Code comment noting that esbuild-bundled preload.js is opaque to
  this walker — that coverage comes from the launch smoke test.

electron-smoke.yml
- Broaden pull_request paths filter. The previous filter only matched
  electron/**, which is exactly the wrong answer: #7320's root cause
  was a file under src/app/util/ that electron/ imported. Now uses a
  negative list — docs, translations, android/, ios/, other workflows.
- Explicit Xvfb screen geometry (`-screen 0 1280x720x24`) and
  `--disable-dev-shm-usage` on the Electron side. Both known CI
  flake preventers.
- Expanded crash-marker regex: SIGSEGV, Segmentation fault,
  TypeError:, ReferenceError:, FATAL ERROR, Check failed. Also scan
  the log during the liveness loop, not just at the end — catches
  main-process exceptions that get logged without killing the
  process.
- Move the launch log under .tmp/smoke/ so upload-artifact@v7 reliably
  finds it on failure; /tmp paths are fragile across runner images.
- Sweep stray electron worker processes on teardown via pkill.

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-23 21:53:28 +02:00
Johannes Millan
3d40f56aae 18.2.8 2026-04-22 16:19:14 +02:00
Johannes Millan
6e6fef101c 18.2.7 2026-04-21 22:37:49 +02:00
Johannes Millan
54a0931f10 18.2.6 2026-04-21 22:27:37 +02:00
Johannes Millan
80976c32c1 ci(electron): wire node --test for electron/*.test.cjs
Follow-up to #7297: the simple-store regression test only ran via
local invocation. Add a test:electron npm script and run it in the
CI Tests job so simple-store fixes stay regression-guarded.
2026-04-21 21:50:52 +02:00
Johannes Millan
ff0314e52d 18.2.5 2026-04-20 18:39:43 +02:00
Johannes Millan
e113cd8d21 18.2.4 2026-04-19 19:21:50 +02:00
Johannes Millan
404c68127a 18.2.3 2026-04-18 23:24:19 +02:00
Johannes Millan
a1e3d9cc55 fix(build): pin app-builder-lib minimatch back to 10.1.1 2026-04-18 23:24:19 +02:00
Johannes Millan
47c52dfa87 18.2.2 2026-04-17 22:51:53 +02:00
Johannes Millan
b9d6dc6d86
test(e2e): update Show/hide task panel button label (#7260)
* test(e2e): update Show/hide task panel button label

The TOGGLE_DETAIL_PANEL translation was renamed from "Show/Hide
additional info" to "Show/hide task panel" in dd789d2, but e2e
selectors still referenced the old string, causing every test that
opens the task detail panel to time out.

https://claude.ai/code/session_011mX4Pr24S42svmA5j7fRux

* 18.2.1

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-17 22:19:22 +02:00
Johannes Millan
9b7d34100e 18.2.0 2026-04-17 19:48:55 +02:00
Leandro Marques
179700ccda
chore: update electron to v41.x (#7097)
* chore: update electron to v41.1.1

* feat(start-app): clear GPU cache on Electron version change for Linux

* fix(window-decorators): disable custom window title bar for GNOME

This fixes some issues when moving and resizing the window

* refactor: Migrate url.format() (DEP0116) to file:// path approach

* refactor(start-app): remove deprecated protocol.registerFileProtocol in start-app.ts

* feat(electron-builder): update gnome content snap to gnome-42-2204 for improved compatibility and update flatpak permissions

* fix(window-decorators): improve handling of custom window title bar for GNOME

* feat(start-app): implement fallback to X11 in Snap if gnome-42-2204 runtime is unavailable

* chore: update electron to v41.1.1

* chore(package-lock): remove unused dependencies from package-lock.json

* fix(electron): move snap ozone-platform switch before app ready event

app.commandLine.appendSwitch() must be called before Chromium
initializes — after the ready event fires the GPU backend is already
running and the switch is a no-op. Move the Snap X11 fallback (defense-
in-depth for missing gnome-42-2204 runtime) to run synchronously at
startup, alongside the existing gtk-version and speech-dispatcher
switches.

* fix(electron): align IS_GNOME_DESKTOP detection with preload.ts logic

The original implementation only matched Ubuntu's GNOME session
(XDG_CURRENT_DESKTOP contains both 'gnome' AND 'ubuntu'), missing plain
GNOME on Fedora, Arch, etc. The preload.ts isGnomeDesktop() already
used the correct approach: check four environment variables with OR
logic. Align common.const.ts to match, preventing a split-brain where
the main process and renderer disagree on whether the user is on GNOME
— which would produce no title bar at all on non-Ubuntu GNOME desktops.

* fix(electron): restore v41 bump lost in merge and gate title-bar toggle

- Re-apply electron 41.2.0 + minimatch 10.2.5 override (master's 0e9218bd
  reverted the dependabot bump back to 37.10.3 while this branch's
  merge-base still contained 41.2.0, so the pre-merge diff was empty).
- Regenerate root package-lock.json accordingly.
- Drop unrelated esbuild additions from plugin-dev sub-lockfiles.
- misc-settings-form: gate isUseCustomWindowTitleBar on IS_ELECTRON &&
  !IS_GNOME_DESKTOP so the toggle does not appear in the web/PWA build.

---------

Co-authored-by: Johannes Millan <johannes.millan@gmail.com>
2026-04-17 18:12:43 +02:00
Johannes Millan
0e9218bd68 fix(sync): handle data validation errors and improve client ID management
- Separate JsonParseError and SyncDataCorruptedError handlers in sync wrapper
- Handle corrupted remote data gracefully instead of throwing
- Add getOrGenerateClientId() as unified entry point, eliminating dual injection
  of ClientIdService + CLIENT_ID_PROVIDER in snapshot-upload, file-based-encryption,
  and sync-hydration services
- Use crypto.getRandomValues() instead of Math.random() for client ID generation
- Warn user when stored client ID is invalid and must be regenerated
- Fix flaky e2e supersync tests (premature waitForURL match on daily-summary URL)
2026-04-16 17:41:39 +02:00
Johannes Millan
c47ab48eb7
chore(deps): bump lodash from 4.17.23 to 4.18.1 (#7225)
* chore(deps): bump lodash from 4.17.23 to 4.18.1

Cherry-pick from Dependabot PR #7218. Fixes prototype pollution via
constructor/prototype path traversal in _.unset/_.omit (GHSA-f23m-r3pf-42rh)
and code injection via _.template imports keys (GHSA-r5fr-rjxr-66jc).

https://claude.ai/code/session_01NbP8MQuSHm7p4Z4uUCRqeg

* chore(deps): fix security vulnerabilities via npm audit fix

Updates transitive dependencies to resolve security advisories:
- follow-redirects 1.15.11 -> 1.16.0 (GHSA-r4q5-vmmm-2653)
- path-to-regexp 8.3.0 -> 8.4.2 and 0.1.12 -> 0.1.13 (ReDoS fixes)
- picomatch: updated nested copies to 4.0.4 (GHSA-3v7f-55p6-f55p, GHSA-c2c7-rcm5-vvqj)
- minimatch: updated app-builder-lib override from vulnerable 10.1.1 to 10.2.5

Remaining items blocked on upstream releases:
- picomatch 4.0.3 (top-level, needs @angular-devkit update)
- undici 7.22.0 (needs @angular/build update)
- vite 7.3.1 (needs @angular/build update)
- minimatch 10.1.1 in glob (needs glob update)

All vulnerabilities are in dev/build tooling only — none affect production.

https://claude.ai/code/session_01NbP8MQuSHm7p4Z4uUCRqeg

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-14 15:32:05 +02:00
dependabot[bot]
ad38eeb2ea
chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates (#7178)
Bumps the npm_and_yarn group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [electron](https://github.com/electron/electron) | `37.10.3` | `41.2.0` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `8.0.4` | `8.0.5` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `6.4.1` | `6.4.2` |
| [@hono/node-server](https://github.com/honojs/node-server) | `1.19.11` | `1.19.13` |
| [axios](https://github.com/axios/axios) | `1.13.6` | `1.15.0` |
| [hono](https://github.com/honojs/hono) | `4.12.9` | `4.12.12` |
| [lodash-es](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |



Updates `electron` from 37.10.3 to 41.2.0
- [Release notes](https://github.com/electron/electron/releases)
- [Commits](https://github.com/electron/electron/compare/v37.10.3...v41.2.0)

Updates `nodemailer` from 8.0.4 to 8.0.5
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v8.0.4...v8.0.5)

Updates `vite` from 6.4.1 to 6.4.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite)

Updates `@hono/node-server` from 1.19.11 to 1.19.13
- [Release notes](https://github.com/honojs/node-server/releases)
- [Commits](https://github.com/honojs/node-server/compare/v1.19.11...v1.19.13)

Updates `axios` from 1.13.6 to 1.15.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.6...v1.15.0)

Updates `hono` from 4.12.9 to 4.12.12
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](https://github.com/honojs/hono/compare/v4.12.9...v4.12.12)

Updates `lodash-es` from 4.17.23 to 4.18.1
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1)

---
updated-dependencies:
- dependency-name: electron
  dependency-version: 41.2.0
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: nodemailer
  dependency-version: 8.0.5
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 6.4.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@hono/node-server"
  dependency-version: 1.19.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.12
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash-es
  dependency-version: 4.18.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-13 16:40:36 +02:00
Johannes Millan
1f22fe685d 18.1.3 2026-04-01 21:27:44 +02:00
Johannes Millan
3a216b88e1 18.1.2 2026-04-01 21:25:48 +02:00
Johannes Millan
3e0f26aa5d 18.1.1 2026-04-01 21:17:20 +02:00
Johannes Millan
d32f7037a3 fix(sync): preserve own vector clock counter across full-state op resets
When a full-state op (SYNC_IMPORT/BACKUP_IMPORT) arrived from another
client, mergeRemoteOpClocks reset the local clock to a "minimal" form
but only preserved the current client's counter from the incoming op's
clock. If the current client had issued ops (e.g. GLOBAL_CONFIG) not
reflected in the incoming full-state op's clock, its counter was dropped,
causing subsequent ops to reuse the same counter value. Downstream clients
then saw these ops as EQUAL (duplicate) and skipped them silently.

Fix: take max(mergedClock[clientId], currentClock[clientId]) when
rebuilding the clock after a full-state op reset.

Also add __SP_E2E_BLOCK_WS_DOWNLOAD flag to WsTriggeredDownloadService
to allow E2E tests to block automatic WS-triggered downloads during
concurrent conflict scenarios.

Fix archive conflict test by blocking WS downloads on Client A during
the concurrent edit phase so it doesn't auto-receive B's rename via
WebSocket before archiving (restoring the intended conflict scenario).

Fix LWW singleton test to assert convergence rather than specific winner.
Fix renameTask helper to avoid Playwright/Angular re-render races.
Fix shepherd.js import paths that broke the Angular dev server build.
2026-04-01 15:41:13 +02:00
dependabot[bot]
567b335974
chore(deps): bump eslint-plugin-jsdoc from 61.4.1 to 62.8.1 (#7086)
Bumps [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) from 61.4.1 to 62.8.1.
- [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases)
- [Commits](https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.4.1...v62.8.1)

---
updated-dependencies:
- dependency-name: eslint-plugin-jsdoc
  dependency-version: 62.8.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 13:01:17 +02:00
dependabot[bot]
8c29c0224c
chore(deps): bump @typescript-eslint/types from 8.57.2 to 8.58.0 (#7085)
Bumps [@typescript-eslint/types](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/types) from 8.57.2 to 8.58.0.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/types/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.58.0/packages/types)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/types"
  dependency-version: 8.58.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 13:00:57 +02:00
dependabot[bot]
b30bf4add8
chore(deps): bump chai from 5.3.3 to 6.2.2 (#7084)
Bumps [chai](https://github.com/chaijs/chai) from 5.3.3 to 6.2.2.
- [Release notes](https://github.com/chaijs/chai/releases)
- [Changelog](https://github.com/chaijs/chai/blob/main/History.md)
- [Commits](https://github.com/chaijs/chai/compare/v5.3.3...v6.2.2)

---
updated-dependencies:
- dependency-name: chai
  dependency-version: 6.2.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 13:00:44 +02:00
dependabot[bot]
0ff1f0dec2
chore(deps): bump karma-jasmine-html-reporter from 1.7.0 to 2.2.0 (#7083)
Bumps [karma-jasmine-html-reporter](https://github.com/dfederm/karma-jasmine-html-reporter) from 1.7.0 to 2.2.0.
- [Release notes](https://github.com/dfederm/karma-jasmine-html-reporter/releases)
- [Commits](https://github.com/dfederm/karma-jasmine-html-reporter/compare/v1.7.0...v2.2.0)

---
updated-dependencies:
- dependency-name: karma-jasmine-html-reporter
  dependency-version: 2.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-01 13:00:28 +02:00
Johannes Millan
db3eaa6f81 18.1.2 2026-03-31 22:31:59 +02:00
Johannes Millan
49f63e8174 18.1.1 2026-03-31 22:31:40 +02:00
Johannes Millan
34089fb04a chore(deps): override picomatch to 4.0.4 to fix high severity vulnerability 2026-03-31 20:05:03 +02:00
Johannes Millan
92e342af68 chore(deps): upgrade electron-dl from v3 to v4 (pure ESM)
electron-dl v4 is a pure ESM package. Since the Electron main process
is compiled with TypeScript "module": "commonjs", static import() gets
transformed to require() which cannot load ESM. Use Function() to
preserve a real dynamic import() at runtime.
2026-03-31 19:40:38 +02:00
Johannes Millan
8e71b5a6e9 chore(deps): pin shepherd.js to ~13.0.3 (last MIT-licensed version)
shepherd.js switched from MIT to AGPL-3.0 in v14. Pin to the last
MIT-compatible version and update imports to use named exports from
the main module instead of deep internal paths.
2026-03-31 19:40:38 +02:00
dependabot[bot]
e943b3c780
chore(deps): bump @angular/material from 21.2.3 to 21.2.4 (#7039)
Bumps [@angular/material](https://github.com/angular/components) from 21.2.3 to 21.2.4.
- [Release notes](https://github.com/angular/components/releases)
- [Changelog](https://github.com/angular/components/blob/main/CHANGELOG.md)
- [Commits](https://github.com/angular/components/compare/v21.2.3...v21.2.4)

---
updated-dependencies:
- dependency-name: "@angular/material"
  dependency-version: 21.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-31 13:41:49 +02:00
Johannes Millan
85a8426213 18.1.0 2026-03-29 20:31:02 +02:00
Johannes Millan
681a6cd2ee fix(build): remove sharp from deps to fix F-Droid build
sharp is a native C++ module that fails to compile in F-Droid's
build environment. It is only used by manual icon generation scripts,
so auto-install it on demand instead.

Closes #6637
2026-03-29 19:57:10 +02:00
johannesjo
4826bc265c 18.0.2 2026-03-26 21:24:24 +01:00
johannesjo
25e31656d1 18.0.1 2026-03-26 21:09:48 +01:00
Johannes Millan
4eca106653 18.0.0 2026-03-26 19:58:29 +01:00
Johannes Millan
d328e80ab8 fix(build): add dotenv as explicit devDependency for Docker builds
tools/load-env.js requires dotenv directly but it was only available as
a transitive dependency of @dotenv-run/cli. This caused the Docker image
publish to fail when npm ci couldn't resolve it. Also regenerates
package-lock.json to fix stale lock file entries.
2026-03-26 17:43:04 +01:00
Johannes Millan
1a103989f4
fix(oauth): use system browser for Google OAuth on mobile (#6952)
Google blocks OAuth authorization in embedded WebViews (Error 400:
invalid_request). Use @capacitor/browser to open the system browser
on mobile instead of window.open() in the WebView.

https://claude.ai/code/session_01QWSy4NhhNQNMD2GJwqoYTc

Co-authored-by: Claude <noreply@anthropic.com>
2026-03-24 23:50:36 +01:00
Johannes Millan
fe0edaacd0 18.0.0-rc.0 2026-03-24 21:04:33 +01:00
Johannes Millan
dc27787ba8 chore(deps): upgrade Angular-related dependencies to latest versions 2026-03-24 17:50:47 +01:00
Johannes Millan
a118f65d54 refactor(electron): bundle preload script with esbuild to support sandbox mode
Bundle preload.ts into a single file so all local imports (e.g.
ipc-events.const) are inlined at build time. This allows removing
sandbox: false since the bundled preload only requires the built-in
electron module, which is allowed in sandboxed preloads.
2026-03-22 19:38:21 +01:00