* master:
refactor(dialog): remove unused OnDestroy implementation from DialogAddNoteComponent
fix(calendar): poll all calendar tasks and prevent auto-move of existing tasks
docs: add info about how to translate stuff #5893
refactor(calendar): replace deprecated toPromise with firstValueFrom
build: update links to match our new organization
add QuestArc to community plugins list
feat(calendar): implement polling for calendar task updates and enhance data retrieval logic
fix(heatmap): use app theme class instead of prefers-color-scheme
fix(focus-mode): start break from banner when manual break start enabled
feat(i18n): connect Finnish and Swedish translation files
refactor(focus-mode): split sessionComplete$ and breakComplete$ into single-responsibility effects
Fixing Plugin API doc on persistence
# Conflicts:
# src/app/features/issue/store/poll-issue-updates.effects.ts
# src/app/t.const.ts
SuperSync tests create 2-3 browser contexts per test. Running with
12 workers resulted in 24-36 simultaneous connections overwhelming
the Angular dev server, causing ERR_CONNECTION_REFUSED errors.
Changes:
- Add --workers=3 to e2e:supersync and e2e:supersync:file scripts
- Add documentation to supersync.fixture.ts explaining the issue
Add Docker setup for running E2E tests with the Angular dev server
containerized while Playwright runs on the host. Supports multiple
instances via configurable ports.
New files:
- Dockerfile.e2e.dev: Dev server image
- docker-compose.e2e.yaml: E2E orchestration config
- scripts/wait-for-app.sh: Health check script
New npm scripts:
- e2e:docker: Run E2E with containerized app
- e2e:docker:webdav: Same but includes WebDAV for sync tests
Usage: APP_PORT=4343 npm run e2e:docker
Resolve conflict in webdav-sync-expansion.spec.ts:
- Use simplified sync verification without reload (sync updates NgRx directly)
- Test: B marks task done -> sync -> verify A sees task as done
- CVE-2025-66035: XSRF token leakage via protocol-relative URLs
- CVE-2025-66412: Stored XSS via SVG animation and MathML attributes
- CVE-2025-66414: DNS rebinding in @modelcontextprotocol/sdk
Updated @angular/* packages to 20.3.15 and @angular/cli to 20.3.13.
* master: (41 commits)
16.7.2
16.7.1
16.7.0
fix(focus-mode): show start button when break time is up in banner mode
fix(focus-mode): hide dismiss button in banner-only mode (#5737)
fix(focus-mode): add start button in banner after session completes (#5737)
refactor(focus-mode): remove isAlwaysUseFocusMode setting (#5737)
feat(focus-mode): add task existence check before resuming tracking (#5737)
feat(focus-mode): add icon buttons for banner and sync session with tracking (#5753)
fix(repeat): schedule tasks for correct day and remove from Today when needed (#5594)
feat(focus-mode): sync duration when Pomodoro settings change (#5753)
feat(focus-mode): add new settings and fix pomodoro dialog (#5753)
fix(focus-mode): fix pomodoro long break timing and add ticking sound option (#5753)
feat(android): add better notifications and permanent notification for focus mode
feat(android): add background time tracking via foreground service
build(ci): add i18n JSON validation step to lint-and-test workflow
docs: add archived tasks viewer to community plugins
fix(android): make schedule dialog scrollable on small screens (#5741)
fix(focus-mode): preserve existing notes when opening notes panel (#5752)
fix(sync): show user-friendly error for Flatpak/Snap permission issues
...
# Conflicts:
# src/app/features/android/store/android.effects.ts
# src/app/features/focus-mode/store/focus-mode.effects.ts
# src/app/features/issue/dialog-edit-issue-provider/dialog-edit-issue-provider.component.ts
# src/app/features/reminder/reminder.module.ts
# src/app/features/task-repeat-cfg/store/task-repeat-cfg.effects.ts
Add local-rules/require-hydration-guard ESLint rule that warns when
selector-based NgRx effects lack hydration guards (skipDuringSync() or
isApplyingRemoteOps()).
The rule correctly identifies:
- Effects that START with this.store.select() as primary source
- Does NOT flag selectors in withLatestFrom (secondary sources)
- Does NOT flag selectors inside operator callbacks (already guarded)
This prevents duplicate operations during sync replay where selector-based
effects would fire on intermediate states.
Install eslint-plugin-local-rules to enable the rule.
Previously, flushYoungToOld was dispatched as an action and handled by
an NgRx effect. This caused a race condition during finish day:
1. Action dispatched, effect queued
2. Method returned, sync started, DB locked
3. Effect ran, tried to write, blocked by DB lock
Fix follows the same pattern as moveToArchive:
- Perform the flush synchronously in ArchiveService before dispatching
- Dispatch action for op-log capture only (syncs to other clients)
- Handler skips local operations (only runs for remote)
Also adds comprehensive unit tests and e2e test for this scenario.
The server migration check was incorrectly creating a SYNC_IMPORT when
a fresh client (with local data but no sync history) synced to an empty
server. This caused operations from other clients to be filtered out as
"invalidated by SYNC_IMPORT" because they were CONCURRENT with it.
Now _checkAndHandleServerMigration() checks for previously synced ops
before triggering migration, correctly distinguishing between:
- Fresh client (only local ops) → uploads ops normally
- Server migration (has sync history) → creates SYNC_IMPORT
Also adds npm scripts for debugging supersync E2E tests.
* master:
fix(electron): use includes() instead of in operator for hostname check
fix(docker): use Debian-based nginx for ARM64 QEMU compatibility
16.6.1
build: add resolved URL and integrity for ical.js version 2.1.0
fix(ui): align time tracking button overlay (#5720)
fix(calendar): handle Office 365 updateTimezones crash (#5722)
fix(repeat): use fallback for undefined startDate (#5724)
build(welcome): update wording for issue claiming instructions
fix(docker): drop arm/v7 platform to fix QEMU build failure
Replace custom UUID v7 implementations with the standard uuidv7 library.
The custom implementation had a bug with JavaScript bitwise operators
not handling 48-bit timestamps correctly.
- Override @conventional-changelog/git-client to ^2.5.1 to fix CVE-2025-59433
- Update glob (via nested deps) to ^11.1.0 to fix CVE-2025-64756
- Update node-forge to ^1.3.3 to fix CVE-2025-12816 & CVE-2025-66030
Upgrade Electron from 37.7.0 to 39.2.5. Since Electron 38+ defaults to
Wayland via --ozone-platform=auto, force X11 on Linux to ensure reliable
idle detection (#1443) and global shortcuts. Users can opt-in to Wayland
with --ozone-platform=wayland or --force-wayland flags.
