bc5ffb79b2
chore(deps): bump react-day-picker from 8.10.1 to 8.10.2 ( #12632 )
...
Bumps [react-day-picker](https://github.com/gpbl/react-day-picker/tree/HEAD/packages/react-day-picker ) from 8.10.1 to 8.10.2.
- [Release notes](https://github.com/gpbl/react-day-picker/releases )
- [Changelog](https://github.com/gpbl/react-day-picker/blob/main/packages/react-day-picker/CHANGELOG.md )
- [Commits](https://github.com/gpbl/react-day-picker/commits/v8.10.2/packages/react-day-picker )
---
updated-dependencies:
- dependency-name: react-day-picker
dependency-version: 8.10.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-08 17:43:55 -04:00
d703f8acf3
chore(deps-dev): bump @vitest/ui from 4.1.6 to 4.1.8 ( #12631 )
...
Bumps [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui ) from 4.1.6 to 4.1.8.
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.8/packages/ui )
---
updated-dependencies:
- dependency-name: "@vitest/ui"
dependency-version: 4.1.8
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-08 17:43:40 -04:00
1c23cbec1b
chore(deps): bump @simplewebauthn/server from 13.3.0 to 13.3.1 ( #12633 )
...
Bumps [@simplewebauthn/server](https://github.com/MasterKale/SimpleWebAuthn/tree/HEAD/packages/server ) from 13.3.0 to 13.3.1.
- [Release notes](https://github.com/MasterKale/SimpleWebAuthn/releases )
- [Changelog](https://github.com/MasterKale/SimpleWebAuthn/blob/master/CHANGELOG.md )
- [Commits](https://github.com/MasterKale/SimpleWebAuthn/commits/v13.3.1/packages/server )
---
updated-dependencies:
- dependency-name: "@simplewebauthn/server"
dependency-version: 13.3.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-08 17:43:16 -04:00
1caeafaeed
chore(deps-dev): bump discord-api-types from 0.38.46 to 0.38.48 ( #12634 )
...
Bumps [discord-api-types](https://github.com/discordjs/discord-api-types ) from 0.38.46 to 0.38.48.
- [Release notes](https://github.com/discordjs/discord-api-types/releases )
- [Changelog](https://github.com/discordjs/discord-api-types/blob/main/CHANGELOG.md )
- [Commits](https://github.com/discordjs/discord-api-types/compare/0.38.46...0.38.48 )
---
updated-dependencies:
- dependency-name: discord-api-types
dependency-version: 0.38.48
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-08 17:42:59 -04:00
969a7bb97d
chore(deps-dev): bump prettier from 3.7.4 to 3.8.3 ( #12635 )
...
Bumps [prettier](https://github.com/prettier/prettier ) from 3.7.4 to 3.8.3.
- [Release notes](https://github.com/prettier/prettier/releases )
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prettier/prettier/compare/3.7.4...3.8.3 )
---
updated-dependencies:
- dependency-name: prettier
dependency-version: 3.8.3
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-08 17:42:38 -04:00
ea665b80ee
feat: Inline editor menu ( #12611 )
...
* wip
* Mobile support
* Address review feedback on inline menu
- Mark selection-restore transaction as not added to history
- Only open desktop inline menu when an anchor is available
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
---------
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-07 07:57:34 -04:00
ce3d710888
chore(deps): bump hono from 4.12.18 to 4.12.23 ( #12584 )
...
Bumps [hono](https://github.com/honojs/hono ) from 4.12.18 to 4.12.23.
- [Release notes](https://github.com/honojs/hono/releases )
- [Commits](https://github.com/honojs/hono/compare/v4.12.18...v4.12.23 )
---
updated-dependencies:
- dependency-name: hono
dependency-version: 4.12.23
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-04 17:33:06 -04:00
a20c8e5371
chore(deps): bump zod from 4.3.6 to 4.4.3 ( #12563 )
...
* chore(deps): bump zod from 4.3.6 to 4.4.3
Bumps [zod](https://github.com/colinhacks/zod ) from 4.3.6 to 4.4.3.
- [Release notes](https://github.com/colinhacks/zod/releases )
- [Commits](https://github.com/colinhacks/zod/compare/v4.3.6...v4.4.3 )
---
updated-dependencies:
- dependency-name: zod
dependency-version: 4.4.3
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix: Make files.create file param optional in schema for zod 4.4
zod 4.4 changed z.custom() to reject undefined. Since validate runs
before multipart injects the file, validation failed with 400 on all
files.create requests. Mark the field optional and guard in the handler.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com >
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-02 22:34:41 -04:00
e32b3772b2
chore(deps-dev): bump vite-plugin-babel from 1.6.0 to 1.7.3 ( #12561 )
...
* chore(deps-dev): bump vite-plugin-babel from 1.6.0 to 1.7.3
Bumps [vite-plugin-babel](https://github.com/owlsdepartment/vite-plugin-babel ) from 1.6.0 to 1.7.3.
- [Commits](https://github.com/owlsdepartment/vite-plugin-babel/commits )
---
updated-dependencies:
- dependency-name: vite-plugin-babel
dependency-version: 1.7.3
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix: Use include option for vite-plugin-babel TS transform
vite-plugin-babel 1.7.0 added an `include` option defaulting to
`/\.jsx?$/` (JS only) that is applied before `filter`, so .ts/.tsx
files were no longer transformed by Babel and reached the parser
with types intact. Switch to the `include` option to match TS files.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com >
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-02 22:11:03 -04:00
b2c66c5190
chore(deps-dev): bump the babel group with 7 updates ( #12560 )
...
Bumps the babel group with 7 updates:
| Package | From | To |
| --- | --- | --- |
| [@babel/cli](https://github.com/babel/babel/tree/HEAD/packages/babel-cli ) | `7.28.6` | `7.29.7` |
| [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) | `7.29.0` | `7.29.7` |
| [@babel/plugin-proposal-decorators](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-proposal-decorators ) | `7.29.0` | `7.29.7` |
| [@babel/plugin-transform-class-properties](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-class-properties ) | `7.28.6` | `7.29.7` |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env ) | `7.29.5` | `7.29.7` |
| [@babel/preset-react](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-react ) | `7.28.5` | `7.29.7` |
| [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript ) | `7.28.5` | `7.29.7` |
Updates `@babel/cli` from 7.28.6 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-cli )
Updates `@babel/core` from 7.29.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core )
Updates `@babel/plugin-proposal-decorators` from 7.29.0 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-proposal-decorators )
Updates `@babel/plugin-transform-class-properties` from 7.28.6 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-class-properties )
Updates `@babel/preset-env` from 7.29.5 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-env )
Updates `@babel/preset-react` from 7.28.5 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-react )
Updates `@babel/preset-typescript` from 7.28.5 to 7.29.7
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-preset-typescript )
---
updated-dependencies:
- dependency-name: "@babel/cli"
dependency-version: 7.29.7
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: babel
- dependency-name: "@babel/core"
dependency-version: 7.29.7
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: babel
- dependency-name: "@babel/plugin-proposal-decorators"
dependency-version: 7.29.7
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: babel
- dependency-name: "@babel/plugin-transform-class-properties"
dependency-version: 7.29.7
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: babel
- dependency-name: "@babel/preset-env"
dependency-version: 7.29.7
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: babel
- dependency-name: "@babel/preset-react"
dependency-version: 7.29.7
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: babel
- dependency-name: "@babel/preset-typescript"
dependency-version: 7.29.7
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: babel
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-02 22:01:45 -04:00
875ba8d03c
chore(deps): bump yjs from 13.6.30 to 13.6.31 ( #12562 )
...
Bumps [yjs](https://github.com/yjs/yjs ) from 13.6.30 to 13.6.31.
- [Release notes](https://github.com/yjs/yjs/releases )
- [Commits](https://github.com/yjs/yjs/compare/v13.6.30...v13.6.31 )
---
updated-dependencies:
- dependency-name: yjs
dependency-version: 13.6.31
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-02 22:01:30 -04:00
bcf1155818
chore(deps): bump semver from 7.7.4 to 7.8.1 ( #12564 )
...
Bumps [semver](https://github.com/npm/node-semver ) from 7.7.4 to 7.8.1.
- [Release notes](https://github.com/npm/node-semver/releases )
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md )
- [Commits](https://github.com/npm/node-semver/compare/v7.7.4...v7.8.1 )
---
updated-dependencies:
- dependency-name: semver
dependency-version: 7.8.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-02 22:01:03 -04:00
ad89288eac
fix: Resolve uuid to ^11.1.1 to patch CVE-2026-41907 ( #12541 )
...
Forces transitive uuid copies (8.3.2 via sequelize/bull, 9.0.1 via
@hocuspocus/*) onto the patched 11.1.1, addressing GHSA-w5hq-g745-h8pq.
11.1.1 is the highest version that is both patched and ships a CommonJS
build, which the require()-based consumers depend on.
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com >
2026-05-30 18:26:09 -04:00
5aff60e28b
chore(deps): bump axios from 1.15.2 to 1.16.1 ( #12523 )
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.2 to 1.16.1.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.1 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-29 12:15:24 -04:00
ae5cd6a159
fix: Allow service worker to load on custom domains ( #12502 )
...
* fix: Allow service worker to load on custom domains
Add explicit worker-src 'self' so the service worker can register on
team custom domains. Without it, browsers fall back to script-src which
only lists env.URL and env.CDN_URL, blocking /static/sw.js on hosts
like docs.getoutline.com.
* fix: Switch worker-src approach to script-src 'self' for type safety
The @types/koa-helmet definitions don't include workerSrc. Add 'self'
to script-src instead — worker-src falls back to script-src per spec,
and 'self' matches the document origin on custom domains.
* fix: Properly add worker-src directive without script-src widening
Extract the CSP directives to a local variable so workerSrc can be
included despite koa-helmet's outdated type definitions missing it
(the underlying helmet supports it). Also drop @types/koa-helmet
since the package now ships its own (equivalent) types.
2026-05-28 09:07:05 -04:00
a4a67f2cdd
fix: Upgrade yauzl, improve stream close handling
2026-05-27 20:33:33 -04:00
48aa4f33ce
chore: Upgrade ipaddr.js ( #12491 )
2026-05-27 20:27:28 -04:00
b424d92724
chore: Bump tmp dep ( #12494 )
2026-05-27 18:39:49 -04:00
6bab00b92e
chore(deps): upgrade octokit to v5 and @octokit/auth-app to v8 ( #12472 )
...
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-26 19:47:58 -04:00
a9a54d5ada
chore(deps): bump the aws group with 5 updates ( #12455 )
...
Bumps the aws group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-s3](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-s3 ) | `3.1045.0` | `3.1053.0` |
| [@aws-sdk/lib-storage](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/lib/lib-storage ) | `3.1045.0` | `3.1053.0` |
| [@aws-sdk/s3-presigned-post](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/s3-presigned-post ) | `3.1045.0` | `3.1053.0` |
| [@aws-sdk/s3-request-presigner](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/s3-request-presigner ) | `3.1045.0` | `3.1053.0` |
| [@aws-sdk/signature-v4-crt](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/packages/signature-v4-crt ) | `3.1045.0` | `3.1053.0` |
Updates `@aws-sdk/client-s3` from 3.1045.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases )
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-s3/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/clients/client-s3 )
Updates `@aws-sdk/lib-storage` from 3.1045.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases )
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/lib/lib-storage/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/lib/lib-storage )
Updates `@aws-sdk/s3-presigned-post` from 3.1045.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases )
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/s3-presigned-post/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/packages/s3-presigned-post )
Updates `@aws-sdk/s3-request-presigner` from 3.1045.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases )
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/s3-request-presigner/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/packages/s3-request-presigner )
Updates `@aws-sdk/signature-v4-crt` from 3.1045.0 to 3.1053.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases )
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/packages/signature-v4-crt/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1053.0/packages/signature-v4-crt )
---
updated-dependencies:
- dependency-name: "@aws-sdk/client-s3"
dependency-version: 3.1053.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws
- dependency-name: "@aws-sdk/lib-storage"
dependency-version: 3.1053.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws
- dependency-name: "@aws-sdk/s3-presigned-post"
dependency-version: 3.1053.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws
- dependency-name: "@aws-sdk/s3-request-presigner"
dependency-version: 3.1053.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws
- dependency-name: "@aws-sdk/signature-v4-crt"
dependency-version: 3.1053.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: aws
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-25 18:57:01 -04:00
5126d8540e
chore(deps): bump uuid from 11.1.0 to 11.1.1 ( #12456 )
...
Bumps [uuid](https://github.com/uuidjs/uuid ) from 11.1.0 to 11.1.1.
- [Release notes](https://github.com/uuidjs/uuid/releases )
- [Changelog](https://github.com/uuidjs/uuid/blob/v11.1.1/CHANGELOG.md )
- [Commits](https://github.com/uuidjs/uuid/compare/v11.1.0...v11.1.1 )
---
updated-dependencies:
- dependency-name: uuid
dependency-version: 11.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-25 18:56:47 -04:00
0c3ddef228
chore(deps-dev): bump terser from 5.44.1 to 5.48.0 ( #12457 )
...
Bumps [terser](https://github.com/terser/terser ) from 5.44.1 to 5.48.0.
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/terser/terser/compare/v5.44.1...v5.48.0 )
---
updated-dependencies:
- dependency-name: terser
dependency-version: 5.48.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-25 18:56:24 -04:00
3f207aea49
chore(deps-dev): bump oxlint from 1.50.0 to 1.66.0 ( #12458 )
...
Bumps [oxlint](https://github.com/oxc-project/oxc/tree/HEAD/npm/oxlint ) from 1.50.0 to 1.66.0.
- [Release notes](https://github.com/oxc-project/oxc/releases )
- [Changelog](https://github.com/oxc-project/oxc/blob/main/npm/oxlint/CHANGELOG.md )
- [Commits](https://github.com/oxc-project/oxc/commits/oxlint_v1.66.0/npm/oxlint )
---
updated-dependencies:
- dependency-name: oxlint
dependency-version: 1.66.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-25 18:56:01 -04:00
08c0390295
chore: Remove unnecessary package resolutions ( #12442 )
...
Remove `debug: 4.3.4` resolution which was forcing a downgrade – packages
requesting ^4.4.x now resolve to their correct versions. Remove
`ajv@npm:~8.13.0` resolution as no package in the dependency tree requests
that range anymore.
https://claude.ai/code/session_01JmpWGCUCVdKqN3MgsYc3fi
Co-authored-by: Claude <noreply@anthropic.com >
2026-05-24 07:27:50 -04:00
92be631350
chore(deps): bump qs from 6.15.1 to 6.15.2 ( #12437 )
2026-05-23 11:27:57 -04:00
8d44a0fd92
chore: Migrate from JSZip to Yazl ( #12408 )
...
* chore: Migrate from JSZip to Yazl
* Add koa stream helper, PR feedback
2026-05-21 23:27:23 -04:00
b639841555
chore(deps): bump @tootallnate/once from 2.0.0 to 2.0.1 ( #12415 )
...
Bumps [@tootallnate/once](https://github.com/TooTallNate/once ) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/TooTallNate/once/releases )
- [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md )
- [Commits](https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1 )
---
updated-dependencies:
- dependency-name: "@tootallnate/once"
dependency-version: 2.0.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-21 18:34:40 -04:00
3a6df26c8c
chore(deps): bump js-cookie from 3.0.5 to 3.0.7 ( #12414 )
2026-05-21 17:41:07 -04:00
c875a92b86
chore(deps): bump vite-plugin-pwa from 1.2.0 to 1.3.0 ( #12321 )
...
Bumps [vite-plugin-pwa](https://github.com/vite-pwa/vite-plugin-pwa ) from 1.2.0 to 1.3.0.
- [Release notes](https://github.com/vite-pwa/vite-plugin-pwa/releases )
- [Commits](https://github.com/vite-pwa/vite-plugin-pwa/compare/v1.2.0...v1.3.0 )
---
updated-dependencies:
- dependency-name: vite-plugin-pwa
dependency-version: 1.3.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 20:52:52 -04:00
a11a8442dc
chore(deps): bump @fast-csv/parse from 5.0.5 to 5.0.7 ( #12389 )
...
Bumps [@fast-csv/parse](https://github.com/C2FO/fast-csv/tree/HEAD/packages/parse ) from 5.0.5 to 5.0.7.
- [Release notes](https://github.com/C2FO/fast-csv/releases )
- [Changelog](https://github.com/C2FO/fast-csv/blob/main/packages/parse/CHANGELOG.md )
- [Commits](https://github.com/C2FO/fast-csv/commits/v5.0.7/packages/parse )
---
updated-dependencies:
- dependency-name: "@fast-csv/parse"
dependency-version: 5.0.7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-19 20:52:29 -04:00
1e2159edf7
chore: Update ws dep resolution ( #12398 )
2026-05-19 20:52:14 -04:00
620c654b26
chore(deps): bump react-colorful from 5.6.1 to 5.7.0 ( #12386 )
...
* chore(deps): bump react-colorful from 5.6.1 to 5.7.0
Bumps [react-colorful](https://github.com/omgovich/react-colorful ) from 5.6.1 to 5.7.0.
- [Release notes](https://github.com/omgovich/react-colorful/releases )
- [Changelog](https://github.com/omgovich/react-colorful/blob/master/CHANGELOG.md )
- [Commits](https://github.com/omgovich/react-colorful/commits/5.7.0 )
---
updated-dependencies:
- dependency-name: react-colorful
dependency-version: 5.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* Use new prop
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com >
2026-05-18 22:57:52 -04:00
6e2b53315b
chore(deps-dev): bump @vitest/ui from 4.1.5 to 4.1.6 ( #12387 )
...
Bumps [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui ) from 4.1.5 to 4.1.6.
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/ui )
---
updated-dependencies:
- dependency-name: "@vitest/ui"
dependency-version: 4.1.6
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 22:54:09 -04:00
57b9cfdcf2
chore(deps): bump @dotenvx/dotenvx from 1.64.0 to 1.66.0 ( #12388 )
...
Bumps [@dotenvx/dotenvx](https://github.com/dotenvx/dotenvx ) from 1.64.0 to 1.66.0.
- [Release notes](https://github.com/dotenvx/dotenvx/releases )
- [Changelog](https://github.com/dotenvx/dotenvx/blob/main/CHANGELOG.md )
- [Commits](https://github.com/dotenvx/dotenvx/compare/v1.64.0...v1.66.0 )
---
updated-dependencies:
- dependency-name: "@dotenvx/dotenvx"
dependency-version: 1.66.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 22:28:55 -04:00
8f8cbb6b71
chore(deps): bump umzug from 3.8.2 to 3.8.3 ( #12385 )
...
Bumps [umzug](https://github.com/sequelize/umzug ) from 3.8.2 to 3.8.3.
- [Release notes](https://github.com/sequelize/umzug/releases )
- [Changelog](https://github.com/sequelize/umzug/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sequelize/umzug/compare/v3.8.2...v3.8.3 )
---
updated-dependencies:
- dependency-name: umzug
dependency-version: 3.8.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 22:09:53 -04:00
c8c2bd8cc9
chore(deps-dev): bump @types/koa from 2.15.0 to 2.15.1 ( #12384 )
...
Bumps [@types/koa](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/koa ) from 2.15.0 to 2.15.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/koa )
---
updated-dependencies:
- dependency-name: "@types/koa"
dependency-version: 2.15.1
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 22:09:19 -04:00
aab7de9781
chore(deps): bump i18next-http-backend from 3.0.5 to 3.0.6 ( #12383 )
...
Bumps [i18next-http-backend](https://github.com/i18next/i18next-http-backend ) from 3.0.5 to 3.0.6.
- [Changelog](https://github.com/i18next/i18next-http-backend/blob/master/CHANGELOG.md )
- [Commits](https://github.com/i18next/i18next-http-backend/compare/v3.0.5...v3.0.6 )
---
updated-dependencies:
- dependency-name: i18next-http-backend
dependency-version: 3.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 22:09:06 -04:00
158cac0a8a
chore(deps): bump react-hook-form from 7.74.0 to 7.76.0 ( #12382 )
...
Bumps [react-hook-form](https://github.com/react-hook-form/react-hook-form ) from 7.74.0 to 7.76.0.
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases )
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md )
- [Commits](https://github.com/react-hook-form/react-hook-form/compare/v7.74.0...v7.76.0 )
---
updated-dependencies:
- dependency-name: react-hook-form
dependency-version: 7.76.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 22:08:39 -04:00
5d32db86cf
chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 ( #12376 )
...
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion ) from 5.0.5 to 5.0.6.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases )
- [Commits](https://github.com/juliangruber/brace-expansion/compare/v5.0.5...v5.0.6 )
---
updated-dependencies:
- dependency-name: brace-expansion
dependency-version: 5.0.6
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-18 14:18:16 -04:00
6e99dff3c2
chore: Upgrade Mermaid ( #12331 )
2026-05-12 21:22:20 -04:00
fc01deeefd
chore(deps-dev): bump oxlint-tsgolint from 0.14.2 to 0.22.1 ( #12320 )
...
* chore(deps-dev): bump oxlint-tsgolint from 0.14.2 to 0.22.1
Bumps [oxlint-tsgolint](https://github.com/oxc-project/tsgolint ) from 0.14.2 to 0.22.1.
- [Release notes](https://github.com/oxc-project/tsgolint/releases )
- [Commits](https://github.com/oxc-project/tsgolint/compare/v0.14.2...v0.22.1 )
---
updated-dependencies:
- dependency-name: oxlint-tsgolint
dependency-version: 0.22.1
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: Switch tsconfig to bundler resolution for tsgolint 0.22.1
oxlint-tsgolint 0.22.1 removed support for moduleResolution=node10
(the alias for "node"). Switch to "bundler" with resolvePackageJsonExports
disabled so packages whose exports field omits a types condition still
resolve. Update markdown-it type imports to sub-paths since the package's
.d.mts entry only re-exports a subset of named types.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
* fix: Resolve type-aware lint errors caught by tsgolint 0.22.1
oxlint-tsgolint 0.22.1 catches several await-thenable, no-floating-promises,
and no-meaningless-void-operator cases the prior 0.14.2 missed:
- Drop redundant inner `await` from Promise.all([await x, await y]) call sites
so the array entries are real Promises rather than already-resolved values.
- Replace Promise.all wrappers around synchronous presenters (presentEvent,
presentTemplate, presentPublicTeam) with plain map / direct calls.
- Wrap non-promise branches of ternaries inside Promise.all with
Promise.resolve so the array remains thenable across both arms.
- Add `void` to the unawaited provider.connect() in the auth-failed retry
chain, and remove `void` from the disconnect() call which returns void.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com >
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Moor <tom@getoutline.com >
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com >
2026-05-12 07:59:13 -04:00
dab06d4dfa
chore(deps): bump i18next-fs-backend from 2.6.4 to 2.6.5 ( #12319 )
2026-05-11 20:19:11 -04:00
dcddab47e1
chore(deps): bump koa-compress from 5.1.1 to 5.2.1 ( #12318 )
2026-05-11 20:17:56 -04:00
0eee576b81
chore(deps): bump the aws group with 5 updates ( #12317 )
2026-05-11 20:17:07 -04:00
ab42e4fda8
chore(deps): Remove js-yaml resolution that no longer prevents downgrades ( #12309 )
...
The "js-yaml": "^4.1.1" resolution is now a no-op — every package that
requests js-yaml in the dep graph already asks for ^4.1.0 or ^4.1.1, both
of which naturally resolve to 4.1.1. Removing the resolution does not
change any installed version.
Audited the remaining resolutions; all still prevent a lower version from
being installed (or are intentional dedupe pins for @types/* and
prosemirror-transform per #12304 , plus the i18next-parser compatibility
pin from #12307 ).
Co-authored-by: Claude <noreply@anthropic.com >
2026-05-10 09:32:30 -04:00
2cb47aa421
chore(deps): Bump i18next-parser to 9.4.0 to fix pre-commit hook ( #12307 )
...
i18next-parser 8.13.0 used a default import for cheerio, which broke
when cheerio dropped its default export. 9.x switched to a namespace
import. Pin the parser's transitive i18next to ^23.16.8 so plural keys
continue to be emitted in compatibilityJSON v3 format expected by the
runtime (i18next 22.5.1).
2026-05-09 13:53:45 -04:00
fba1bcef87
chore(deps): bump hono from 4.12.16 to 4.12.18 ( #12305 )
...
Bumps [hono](https://github.com/honojs/hono ) from 4.12.16 to 4.12.18.
- [Release notes](https://github.com/honojs/hono/releases )
- [Commits](https://github.com/honojs/hono/compare/v4.12.16...v4.12.18 )
---
updated-dependencies:
- dependency-name: hono
dependency-version: 4.12.18
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-09 09:09:36 -04:00
4548fc00bf
chore(deps): Remove resolutions that no longer prevent downgrades ( #12304 )
...
* chore(deps): Remove resolutions that no longer prevent downgrades
Audited each resolution by removing it and running yarn install to check
whether any package would resolve to a lower version. Removed 31 entries
that were no-ops because the natural resolution already satisfies (or
exceeds) the resolution target — caret ranges that npm now publishes a
matching or higher version for, and one fast-xml-parser pin where the
underlying dependency moved.
Kept 13 entries: those that still prevent a regression, plus the @types/*
and prosemirror-transform pins that exist to dedupe transitive copies
against the project's own pinned versions.
* chore(deps): Bump @babel/preset-env to 7.29.5 to address GHSA-fv7c-fp4j-7gwp
@babel/plugin-transform-modules-systemjs <=7.29.3 generates arbitrary
code when compiling malicious input. Upgrading @babel/preset-env to
^7.29.5 brings in the patched ^7.29.4 transitively.
---------
Co-authored-by: Claude <noreply@anthropic.com >
2026-05-09 09:02:50 -04:00
8248fafe70
chore(deps): bump fast-uri from 3.1.0 to 3.1.2 ( #12300 )
...
Bumps [fast-uri](https://github.com/fastify/fast-uri ) from 3.1.0 to 3.1.2.
- [Release notes](https://github.com/fastify/fast-uri/releases )
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2 )
---
updated-dependencies:
- dependency-name: fast-uri
dependency-version: 3.1.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 14:41:20 -04:00
a346e6dee6
chore(deps): bump fast-xml-builder from 1.1.5 to 1.1.8 ( #12299 )
...
Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder ) from 1.1.5 to 1.1.8.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md )
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.5...v1.1.8 )
---
updated-dependencies:
- dependency-name: fast-xml-builder
dependency-version: 1.1.8
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-08 14:32:14 -04:00
dependabot[bot]