Handle logged out OAuth apex

app/components/Sidebar/Sidebar.tsx

@@ -321,7 +321,6 @@ const Container = styled(Flex)<ContainerProps>`
   z-index: ${depths.mobileSidebar};
   max-width: 80%;
   min-width: 280px;
-  padding-left: var(--sal);
   ${fadeOnDesktopBackgrounded()}
 
   @media print {

app/components/Sidebar/components/StarredLink.tsx

@@ -38,10 +38,10 @@ function StarredLink({ star }: Props) {
   const { ui, collections, documents } = useStores();
   const [menuOpen, handleMenuOpen, handleMenuClose] = useBoolean();
   const { documentId, collectionId } = star;
-  const collection = collectionId ? collections.get(collectionId) : undefined;
+  const collection = collections.get(collectionId);
   const locationSidebarContext = useLocationSidebarContext();
   const sidebarContext = starredSidebarContext(
-    star.documentId ?? star.collectionId ?? ""
+    star.documentId ?? star.collectionId
   );
   const [expanded, setExpanded] = useState(
     (star.documentId

app/editor/components/FloatingToolbar.tsx

@@ -7,7 +7,6 @@ import { isCode } from "@shared/editor/lib/isCode";
 import { findParentNode } from "@shared/editor/queries/findParentNode";
 import { EditorStyleHelper } from "@shared/editor/styles/EditorStyleHelper";
 import { depths, s } from "@shared/styles";
-import { getSafeAreaInsets } from "@shared/utils/browser";
 import { HEADER_HEIGHT } from "~/components/Header";
 import { Portal } from "~/components/Portal";
 import useEventListener from "~/hooks/useEventListener";
@@ -242,16 +241,12 @@ const FloatingToolbar = React.forwardRef(function FloatingToolbar_(
 
     if (props.active) {
       const rect = document.body.getBoundingClientRect();
-      const safeAreaInsets = getSafeAreaInsets();
-
       return (
         <ReactPortal>
           <MobileWrapper
             ref={menuRef}
             style={{
-              bottom: `calc(100% - ${
-                height - rect.y - safeAreaInsets.bottom
-              }px)`,
+              bottom: `calc(100% - ${height - rect.y}px)`,
             }}
           >
             {props.children}

app/editor/components/PasteMenu.tsx

@@ -6,7 +6,6 @@ import { v4 } from "uuid";
 import { EmbedDescriptor } from "@shared/editor/embeds";
 import { MenuItem } from "@shared/editor/types";
 import { MentionType } from "@shared/types";
-import { isUrl } from "@shared/utils/urls";
 import Integration from "~/models/Integration";
 import useCurrentUser from "~/hooks/useCurrentUser";
 import useStores from "~/hooks/useStores";
@@ -30,9 +29,9 @@ export const PasteMenu = observer(({ pastedText, embeds, ...props }: Props) => {
   const user = useCurrentUser({ rejectOnEmpty: false });
 
   let mentionType: MentionType | undefined;
+  const url = pastedText ? new URL(pastedText) : undefined;
 
-  if (pastedText && isUrl(pastedText)) {
-    const url = new URL(pastedText);
+  if (url) {
     const integration = integrations.find((intg: Integration) =>
       isURLMentionable({ url, integration: intg })
     );

app/editor/extensions/SmartText.ts

@@ -2,8 +2,7 @@ import Extension from "@shared/editor/lib/Extension";
 import { InputRule } from "@shared/editor/lib/InputRule";
 
 const rightArrow = new InputRule(/->$/, "→");
-// Note that the suppression of pipe here prevents conflict with table creation rule.
-const emdash = new InputRule(/(?:^|[^\|])(--)$/, "—");
+const emdash = new InputRule(/--$/, "—");
 const oneHalf = new InputRule(/(?:^|\s)(1\/2)$/, "½");
 const threeQuarters = new InputRule(/(?:^|\s)(3\/4)$/, "¾");
 const copyright = new InputRule(/\(c\)$/, "©️");

app/editor/menus/formatting.tsx

@@ -67,7 +67,7 @@ export default function formattingMenuItems(
       shortcut: `${metaDisplay}+B`,
       icon: <BoldIcon />,
       active: isMarkActive(schema.marks.strong),
-      visible: !isCodeBlock && (!isMobile || !isEmpty),
+      visible: !isCode && (!isMobile || !isEmpty),
     },
     {
       name: "em",
@@ -75,7 +75,7 @@ export default function formattingMenuItems(
       shortcut: `${metaDisplay}+I`,
       icon: <ItalicIcon />,
       active: isMarkActive(schema.marks.em),
-      visible: !isCodeBlock && (!isMobile || !isEmpty),
+      visible: !isCode && (!isMobile || !isEmpty),
     },
     {
       name: "strikethrough",
@@ -83,7 +83,7 @@ export default function formattingMenuItems(
       shortcut: `${metaDisplay}+D`,
       icon: <StrikethroughIcon />,
       active: isMarkActive(schema.marks.strikethrough),
-      visible: !isCodeBlock && (!isMobile || !isEmpty),
+      visible: !isCode && (!isMobile || !isEmpty),
     },
     {
       tooltip: dictionary.mark,

app/models/Document.ts

@@ -331,16 +331,6 @@ export default class Document extends ArchivableModel implements Searchable {
     );
   }
 
-  /**
-   * Returns the documents that link to this document.
-   *
-   * @returns documents that link to this document
-   */
-  @computed
-  get backlinks(): Document[] {
-    return this.store.getBacklinkedDocuments(this.id);
-  }
-
   /**
    * Returns users that have been individually given access to the document.
    *

app/models/Star.ts

@@ -22,7 +22,7 @@ class Star extends Model {
   document?: Document;
 
   /** The collection ID that is starred. */
-  collectionId?: string;
+  collectionId: string;
 
   /** The collection that is starred. */
   @Relation(() => Collection, { onDelete: "cascade" })

app/scenes/Collection/index.tsx

@@ -66,6 +66,7 @@ const CollectionScene = observer(function _CollectionScene() {
   const location = useLocation();
   const { t } = useTranslation();
   const { documents, collections, ui } = useStores();
+  const [isFetching, setFetching] = React.useState(false);
   const [error, setError] = React.useState<Error | undefined>();
   const currentPath = location.pathname;
   const [, setLastVisitedPath] = useLastVisitedPath();
@@ -119,16 +120,21 @@ const CollectionScene = observer(function _CollectionScene() {
 
   React.useEffect(() => {
     async function fetchData() {
-      try {
-        setError(undefined);
-        await collections.fetch(id);
-      } catch (err) {
-        setError(err);
+      if ((!can || !collection) && !error && !isFetching) {
+        try {
+          setError(undefined);
+          setFetching(true);
+          await collections.fetch(id);
+        } catch (err) {
+          setError(err);
+        } finally {
+          setFetching(false);
+        }
       }
     }
 
     void fetchData();
-  }, []);
+  }, [collections, isFetching, collection, error, id, can]);
 
   useCommandBarActions([editCollection], [ui.activeCollectionId ?? "none"]);
 

app/scenes/Document/components/References.tsx

@@ -18,7 +18,7 @@ type Props = {
 };
 
 function References({ document }: Props) {
-  const { documents } = useStores();
+  const { collections, documents } = useStores();
   const user = useCurrentUser();
   const location = useLocation();
   const locationSidebarContext = useLocationSidebarContext();
@@ -27,8 +27,10 @@ function References({ document }: Props) {
     void documents.fetchBacklinks(document.id);
   }, [documents, document.id]);
 
-  const backlinks = document.backlinks;
-  const collection = document.collection;
+  const backlinks = documents.getBacklinkedDocuments(document.id);
+  const collection = document.collectionId
+    ? collections.get(document.collectionId)
+    : undefined;
   const children = collection
     ? collection.getChildrenForDocument(document.id)
     : [];

app/scenes/Login/OAuthAuthorize.tsx

@@ -4,7 +4,6 @@ import styled from "styled-components";
 import Flex from "@shared/components/Flex";
 import { s } from "@shared/styles";
 import { parseDomain } from "@shared/utils/domains";
-import type OAuthClient from "~/models/oauth/OAuthClient";
 import ButtonLarge from "~/components/ButtonLarge";
 import ChangeLanguage from "~/components/ChangeLanguage";
 import Heading from "~/components/Heading";
@@ -17,7 +16,6 @@ import { useLoggedInSessions } from "~/hooks/useLoggedInSessions";
 import useQuery from "~/hooks/useQuery";
 import useRequest from "~/hooks/useRequest";
 import { client } from "~/utils/ApiClient";
-import { BadRequestError, NotFoundError } from "~/utils/errors";
 import isCloudHosted from "~/utils/isCloudHosted";
 import { detectLanguage } from "~/utils/language";
 import Login from "./Login";
@@ -68,17 +66,12 @@ function Authorize() {
     scope,
   } = Object.fromEntries(params);
   const [scopes] = React.useState(() => scope?.split(" ") ?? []);
-  const { error: clientError, data: response } = useRequest<{
-    data: OAuthClient;
-  }>(() => client.post("/oauthClients.info", { clientId, redirectUri }), true);
+  const { error: clientError, data: response } = useRequest(
+    () => client.post("/oauthClients.info", { clientId }),
+    true
+  );
 
   const handleCancel = () => {
-    if (redirectUri && !clientError) {
-      const url = new URL(redirectUri);
-      url.searchParams.set("error", "access_denied");
-      window.location.href = url.toString();
-      return;
-    }
     if (window.history.length) {
       window.history.back();
     } else {
@@ -103,7 +96,6 @@ function Authorize() {
     !redirectUri && "redirect_uri",
     !responseType && "response_type",
     !scope && "scope",
-    !state && "state",
   ].filter(Boolean);
 
   if (missingParams.length || clientError) {
@@ -111,20 +103,13 @@ function Authorize() {
       <Background>
         <Centered>
           <StyledHeading>{t("An error occurred")}</StyledHeading>
-          {clientError instanceof NotFoundError ? (
+          {clientError ? (
             <Text as="p" type="secondary">
               {t(
                 "The OAuth client could not be found, please check the provided client ID"
               )}
               <Pre>{clientId}</Pre>
             </Text>
-          ) : clientError instanceof BadRequestError ? (
-            <Text as="p" type="secondary">
-              {t(
-                "The OAuth client could not be loaded, please check the redirect URI is valid"
-              )}
-              <Pre>{redirectUri}</Pre>
-            </Text>
           ) : (
             <Text as="p" type="secondary">
               {t("Required OAuth parameters are missing")}

app/scenes/Settings/Application.tsx

@@ -80,16 +80,11 @@ const Application = observer(function Application({ oauthClient }: Props) {
     async (data: FormData) => {
       try {
         await oauthClient.save(data);
-        toast.success(
-          oauthClient.published
-            ? t("Application published")
-            : t("Application updated")
-        );
       } catch (error) {
         toast.error(error.message);
       }
     },
-    [oauthClient, t]
+    [oauthClient]
   );
 
   const handleRotateSecret = React.useCallback(async () => {
@@ -178,6 +173,7 @@ const Application = observer(function Application({ oauthClient }: Props) {
           <Input
             type="text"
             {...register("description", {
+              required: true,
               maxLength: OAuthClientValidation.maxDescriptionLength,
             })}
             flex

app/stores/CollectionsStore.ts

@@ -186,13 +186,6 @@ export default class CollectionsStore extends Store<Collection> {
       statusFilter: [CollectionStatusFilter.Archived],
     });
 
-  get(id: string): Collection | undefined {
-    return (
-      this.data.get(id) ??
-      this.orderedData.find((collection) => id.endsWith(collection.urlId))
-    );
-  }
-
   @computed
   get archived(): Collection[] {
     return orderBy(this.orderedData, "archivedAt", "desc").filter(

app/stores/DocumentsStore.ts

@@ -300,8 +300,8 @@ export default class DocumentsStore extends Store<Document> {
     const documentIds = this.backlinks.get(documentId) || [];
     return orderBy(
       compact(documentIds.map((id) => this.data.get(id))),
-      "title",
-      "asc"
+      "updatedAt",
+      "desc"
     );
   }
 

package.json

@@ -48,11 +48,11 @@
     "> 0.25%, not dead"
   ],
   "dependencies": {
-    "@aws-sdk/client-s3": "3.797.0",
-    "@aws-sdk/lib-storage": "3.797.0",
-    "@aws-sdk/s3-presigned-post": "3.797.0",
-    "@aws-sdk/s3-request-presigner": "3.797.0",
-    "@aws-sdk/signature-v4-crt": "^3.796.0",
+    "@aws-sdk/client-s3": "3.787.0",
+    "@aws-sdk/lib-storage": "3.787.0",
+    "@aws-sdk/s3-presigned-post": "3.787.0",
+    "@aws-sdk/s3-request-presigner": "3.787.0",
+    "@aws-sdk/signature-v4-crt": "^3.787.0",
     "@babel/core": "^7.26.10",
     "@babel/plugin-proposal-decorators": "^7.25.9",
     "@babel/plugin-transform-class-properties": "^7.25.9",
@@ -175,7 +175,7 @@
     "passport-oauth2": "^1.8.0",
     "passport-slack-oauth2": "^1.2.0",
     "patch-package": "^7.0.2",
-    "pg": "^8.15.6",
+    "pg": "^8.14.1",
     "pg-tsquery": "^8.4.2",
     "pluralize": "^8.0.0",
     "png-chunks-extract": "^1.0.0",
@@ -210,7 +210,7 @@
     "react-i18next": "^12.3.1",
     "react-medium-image-zoom": "5.2.13",
     "react-merge-refs": "^2.1.1",
-    "react-portal": "^4.3.0",
+    "react-portal": "^4.2.2",
     "react-router-dom": "^5.3.4",
     "react-virtualized-auto-sizer": "^1.0.26",
     "react-waypoint": "^10.3.0",
@@ -250,7 +250,7 @@
     "uuid": "^8.3.2",
     "validator": "13.12.0",
     "vaul": "^1.1.2",
-    "vite": "^6.3.4",
+    "vite": "^6.3.3",
     "vite-plugin-pwa": "^0.21.2",
     "winston": "^3.17.0",
     "ws": "^7.5.10",
@@ -357,7 +357,7 @@
     "jest-environment-jsdom": "^29.7.0",
     "jest-fetch-mock": "^3.0.3",
     "lint-staged": "^13.3.0",
-    "nodemon": "^3.1.10",
+    "nodemon": "^3.1.9",
     "postinstall-postinstall": "^2.1.0",
     "prettier": "^2.8.8",
     "react-refresh": "^0.14.2",

plugins/linear/server/api/linear.ts

@@ -77,14 +77,14 @@ router.get(
       { transaction }
     );
 
-    transaction.afterCommit(async () => {
-      if (workspace.logoUrl) {
-        await new UploadLinearWorkspaceLogoTask().schedule({
+    if (workspace.logoUrl) {
+      transaction.afterCommit(async () => {
+        await UploadLinearWorkspaceLogoTask.schedule({
           integrationId: integration.id,
           logoUrl: workspace.logoUrl,
         });
-      }
-    });
+      });
+    }
 
     ctx.redirect(LinearUtils.successUrl());
   }

plugins/notion/server/processors/NotionImportsProcessor.ts

@@ -66,6 +66,6 @@ export class NotionImportsProcessor extends ImportsProcessor<IntegrationService.
   protected async scheduleTask(
     importTask: ImportTask<IntegrationService.Notion>
   ): Promise<void> {
-    await new NotionAPIImportTask().schedule({ importTaskId: importTask.id });
+    await NotionAPIImportTask.schedule({ importTaskId: importTask.id });
   }
 }

plugins/notion/server/tasks/NotionAPIImportTask.ts

@@ -77,7 +77,7 @@ export default class NotionAPIImportTask extends APIImportTask<IntegrationServic
   protected async scheduleNextTask(
     importTask: ImportTask<IntegrationService.Notion>
   ) {
-    await new NotionAPIImportTask().schedule({ importTaskId: importTask.id });
+    await NotionAPIImportTask.schedule({ importTaskId: importTask.id });
     return;
   }
 

plugins/webhooks/server/processors/WebhookProcessor.test.ts

@@ -29,12 +29,8 @@ describe("WebhookProcessor", () => {
 
     await processor.perform(event);
 
-    expect(
-      jest.mocked(DeliverWebhookTask.prototype.schedule)
-    ).toHaveBeenCalled();
-    expect(
-      jest.mocked(DeliverWebhookTask.prototype.schedule)
-    ).toHaveBeenCalledWith({
+    expect(DeliverWebhookTask.schedule).toHaveBeenCalled();
+    expect(DeliverWebhookTask.schedule).toHaveBeenCalledWith({
       event,
       subscriptionId: subscription.id,
     });
@@ -57,9 +53,7 @@ describe("WebhookProcessor", () => {
 
     await processor.perform(event);
 
-    expect(
-      jest.mocked(DeliverWebhookTask.prototype.schedule)
-    ).toHaveBeenCalledTimes(0);
+    expect(DeliverWebhookTask.schedule).toHaveBeenCalledTimes(0);
   });
 
   it("it schedules a delivery for the event for each subscription", async () => {
@@ -85,21 +79,13 @@ describe("WebhookProcessor", () => {
 
     await processor.perform(event);
 
-    expect(
-      jest.mocked(DeliverWebhookTask.prototype.schedule)
-    ).toHaveBeenCalled();
-    expect(
-      jest.mocked(DeliverWebhookTask.prototype.schedule)
-    ).toHaveBeenCalledTimes(2);
-    expect(
-      jest.mocked(DeliverWebhookTask.prototype.schedule)
-    ).toHaveBeenCalledWith({
+    expect(DeliverWebhookTask.schedule).toHaveBeenCalled();
+    expect(DeliverWebhookTask.schedule).toHaveBeenCalledTimes(2);
+    expect(DeliverWebhookTask.schedule).toHaveBeenCalledWith({
       event,
       subscriptionId: subscription.id,
     });
-    expect(
-      jest.mocked(DeliverWebhookTask.prototype.schedule)
-    ).toHaveBeenCalledWith({
+    expect(DeliverWebhookTask.schedule).toHaveBeenCalledWith({
       event,
       subscriptionId: subscriptionTwo.id,
     });

plugins/webhooks/server/processors/WebhookProcessor.ts

@@ -24,10 +24,7 @@ export default class WebhookProcessor extends BaseProcessor {
 
     await Promise.all(
       applicableSubscriptions.map((subscription) =>
-        new DeliverWebhookTask().schedule({
-          event,
-          subscriptionId: subscription.id,
-        })
+        DeliverWebhookTask.schedule({ event, subscriptionId: subscription.id })
       )
     );
   }

server/commands/documentMover.ts

@@ -24,7 +24,7 @@ type Props = {
   /** Position of moved document within document structure */
   index?: number;
   /** The IP address of the user moving the document */
-  ip: string | null;
+  ip: string;
   /** The database transaction to run within */
   transaction?: Transaction;
 };

server/commands/documentPermanentDeleter.test.ts

@@ -4,11 +4,9 @@ import DeleteAttachmentTask from "@server/queues/tasks/DeleteAttachmentTask";
 import { buildAttachment, buildDocument } from "@server/test/factories";
 import documentPermanentDeleter from "./documentPermanentDeleter";
 
-jest.mock("@server/queues/tasks/DeleteAttachmentTask");
-
-beforeEach(() => {
-  jest.resetAllMocks();
-});
+jest.mock("@server/queues/tasks/DeleteAttachmentTask", () => ({
+  schedule: jest.fn(),
+}));
 
 describe("documentPermanentDeleter", () => {
   it("should destroy documents", async () => {
@@ -62,9 +60,7 @@ describe("documentPermanentDeleter", () => {
     await document.save();
     const countDeletedDoc = await documentPermanentDeleter([document]);
     expect(countDeletedDoc).toEqual(1);
-    expect(
-      jest.mocked(DeleteAttachmentTask.prototype.schedule)
-    ).toHaveBeenCalledTimes(2);
+    expect(DeleteAttachmentTask.schedule).toHaveBeenCalledTimes(2);
     expect(
       await Document.unscoped().count({
         where: {

server/commands/documentPermanentDeleter.ts

@@ -67,7 +67,7 @@ export default async function documentPermanentDeleter(documents: Document[]) {
             "commands",
             `Attachment ${attachmentId} scheduled for deletion`
           );
-          await new DeleteAttachmentTask().schedule({
+          await DeleteAttachmentTask.schedule({
             attachmentId,
             teamId: document.teamId,
           });

server/commands/userSuspender.ts

@@ -56,5 +56,5 @@ export default async function userSuspender({
     }
   );
 
-  await new CleanupDemotedUserTask().schedule({ userId: user.id });
+  await CleanupDemotedUserTask.schedule({ userId: user.id });
 }

server/models/Document.ts

@@ -13,6 +13,7 @@ import {
   Transaction,
   Op,
   FindOptions,
+  ScopeOptions,
   WhereOptions,
   EmptyResultError,
 } from "sequelize";
@@ -105,6 +106,20 @@ type AdditionalFindOptions = {
   },
 }))
 @Scopes(() => ({
+  withCollectionPermissions: (userId: string, paranoid = true) => ({
+    include: [
+      {
+        attributes: ["id", "permission", "sharing", "teamId", "deletedAt"],
+        model: userId
+          ? Collection.scope({
+              method: ["withMembership", userId],
+            })
+          : Collection,
+        as: "collection",
+        paranoid,
+      },
+    ],
+  }),
   withoutState: {
     attributes: {
       exclude: ["state"],
@@ -154,23 +169,13 @@ type AdditionalFindOptions = {
       ],
     };
   },
-  withMembership: (userId: string, paranoid = true) => {
+  withMembership: (userId: string) => {
     if (!userId) {
       return {};
     }
 
     return {
       include: [
-        {
-          attributes: ["id", "permission", "sharing", "teamId", "deletedAt"],
-          model: userId
-            ? Collection.scope({
-                method: ["withMembership", userId],
-              })
-            : Collection,
-          as: "collection",
-          paranoid,
-        },
         {
           association: "memberships",
           where: {
@@ -632,15 +637,21 @@ class Document extends ArchivableModel<
     return uniq(membershipUserIds);
   }
 
-  static withMembershipScope(userId: string, options?: FindOptions<Document>) {
+  static defaultScopeWithUser(userId: string) {
+    const collectionScope: Readonly<ScopeOptions> = {
+      method: ["withCollectionPermissions", userId],
+    };
+    const viewScope: Readonly<ScopeOptions> = {
+      method: ["withViews", userId],
+    };
+    const membershipScope: Readonly<ScopeOptions> = {
+      method: ["withMembership", userId],
+    };
     return this.scope([
       "defaultScope",
-      {
-        method: ["withViews", userId],
-      },
-      {
-        method: ["withMembership", userId, options?.paranoid],
-      },
+      collectionScope,
+      viewScope,
+      membershipScope,
     ]);
   }
 
@@ -674,12 +685,14 @@ class Document extends ArchivableModel<
     // almost every endpoint needs the collection membership to determine policy permissions.
     const scope = this.scope([
       "withDrafts",
-      options.includeState ? "withState" : "withoutState",
+      {
+        method: ["withCollectionPermissions", userId, rest.paranoid],
+      },
       {
         method: ["withViews", userId],
       },
       {
-        method: ["withMembership", userId, rest.paranoid],
+        method: ["withMembership", userId],
       },
     ]);
 
@@ -737,6 +750,9 @@ class Document extends ArchivableModel<
     const user = userId ? await User.findByPk(userId) : null;
     const documents = await this.scope([
       "withDrafts",
+      {
+        method: ["withCollectionPermissions", userId, rest.paranoid],
+      },
       {
         method: ["withViews", userId],
       },

server/models/Team.ts

@@ -408,7 +408,7 @@ class Team extends ParanoidModel<
       });
 
       if (attachment) {
-        await new DeleteAttachmentTask().schedule({
+        await DeleteAttachmentTask.schedule({
           attachmentId: attachment.id,
           teamId: model.id,
         });

server/models/User.ts

@@ -717,7 +717,7 @@ class User extends ParanoidModel<
       });
 
       if (attachment) {
-        await new DeleteAttachmentTask().schedule({
+        await DeleteAttachmentTask.schedule({
           attachmentId: attachment.id,
           teamId: model.teamId,
         });

server/models/helpers/NotificationHelper.test.ts

@@ -1,9 +1,7 @@
-import { DocumentPermission, NotificationEventType } from "@shared/types";
-import { UserMembership } from "@server/models";
+import { NotificationEventType } from "@shared/types";
 import {
   buildComment,
   buildDocument,
-  buildDraftDocument,
   buildSubscription,
   buildUser,
 } from "@server/test/factories";
@@ -56,78 +54,6 @@ describe("NotificationHelper", () => {
       expect(recipients[0].id).toEqual(notificationEnabledUser.id);
     });
 
-    it("should only return users who have notification enabled for comment creation and are subscribed to the document in case of new thread in draft", async () => {
-      const documentAuthor = await buildUser();
-
-      // create a draft
-      const document = await buildDraftDocument({
-        userId: documentAuthor.id,
-        teamId: documentAuthor.teamId,
-        collectionId: null,
-      });
-
-      // add a bunch of users as direct members
-      const user = await buildUser({
-        teamId: document.teamId,
-        notificationSettings: { [NotificationEventType.CreateComment]: true },
-      });
-      const user2 = await buildUser({
-        teamId: document.teamId,
-        notificationSettings: { [NotificationEventType.CreateComment]: true },
-      });
-      const user3 = await buildUser({
-        teamId: document.teamId,
-        notificationSettings: { [NotificationEventType.CreateComment]: true },
-      });
-      await UserMembership.create({
-        documentId: document.id,
-        userId: user.id,
-        permission: DocumentPermission.Read,
-        createdById: user.id,
-      });
-      await UserMembership.create({
-        documentId: document.id,
-        userId: user2.id,
-        permission: DocumentPermission.Read,
-        createdById: user.id,
-      });
-      await UserMembership.create({
-        documentId: document.id,
-        userId: user3.id,
-        permission: DocumentPermission.Read,
-        createdById: user.id,
-      });
-
-      // Add a subscription for only one of those users
-      await Promise.all([
-        buildSubscription({
-          userId: user.id,
-        }),
-        buildSubscription({
-          userId: user2.id,
-        }),
-        buildSubscription({
-          userId: user3.id,
-          documentId: document.id,
-        }),
-      ]);
-
-      const comment = await buildComment({
-        documentId: document.id,
-        userId: documentAuthor.id,
-      });
-
-      const recipients =
-        await NotificationHelper.getCommentNotificationRecipients(
-          document,
-          comment,
-          comment.createdById
-        );
-
-      expect(recipients.length).toEqual(1);
-      expect(recipients[0].id).toEqual(user3.id);
-    });
-
     it("should only return users who have notification enabled for comment creation and are in the thread in case of child comment", async () => {
       const documentAuthor = await buildUser();
       const document = await buildDocument({

server/models/helpers/NotificationHelper.ts

@@ -193,16 +193,10 @@ export default class NotificationHelper {
             [Op.ne]: actorId,
           },
           event: SubscriptionType.Document,
-          ...(document.collectionId
-            ? {
-                [Op.or]: [
-                  { collectionId: document.collectionId },
-                  { documentId: document.id },
-                ],
-              }
-            : {
-                documentId: document.id,
-              }),
+          [Op.or]: [
+            { collectionId: document.collectionId },
+            { documentId: document.id },
+          ],
         },
         include: [
           {

server/models/helpers/SearchHelper.ts

@@ -182,16 +182,25 @@ export default class SearchHelper {
       },
     ];
 
-    return Document.withMembershipScope(user.id)
-      .scope("withDrafts")
-      .findAll({
-        where,
-        subQuery: false,
-        order: [["updatedAt", "DESC"]],
-        include,
-        offset,
-        limit,
-      });
+    return Document.scope([
+      "withDrafts",
+      {
+        method: ["withViews", user.id],
+      },
+      {
+        method: ["withCollectionPermissions", user.id],
+      },
+      {
+        method: ["withMembership", user.id],
+      },
+    ]).findAll({
+      where,
+      subQuery: false,
+      order: [["updatedAt", "DESC"]],
+      include,
+      offset,
+      limit,
+    });
   }
 
   public static async searchCollectionsForUser(
@@ -264,14 +273,23 @@ export default class SearchHelper {
 
       // Final query to get associated document data
       const [documents, count] = await Promise.all([
-        Document.withMembershipScope(user.id)
-          .scope("withDrafts")
-          .findAll({
-            where: {
-              teamId: user.teamId,
-              id: map(results, "id"),
-            },
-          }),
+        Document.scope([
+          "withDrafts",
+          {
+            method: ["withViews", user.id],
+          },
+          {
+            method: ["withCollectionPermissions", user.id],
+          },
+          {
+            method: ["withMembership", user.id],
+          },
+        ]).findAll({
+          where: {
+            teamId: user.teamId,
+            id: map(results, "id"),
+          },
+        }),
         results.length < limit && offset === 0
           ? Promise.resolve(results.length)
           : countQuery,

server/queues/processors/AvatarProcessor.ts

@@ -17,7 +17,7 @@ export default class AvatarProcessor extends BaseProcessor {
       });
 
       if (user.avatarUrl) {
-        await new UploadUserAvatarTask().schedule({
+        await UploadUserAvatarTask.schedule({
           userId: event.userId,
           avatarUrl: user.avatarUrl,
         });
@@ -30,7 +30,7 @@ export default class AvatarProcessor extends BaseProcessor {
       });
 
       if (team.avatarUrl) {
-        await new UploadTeamAvatarTask().schedule({
+        await UploadTeamAvatarTask.schedule({
           teamId: event.teamId,
           avatarUrl: team.avatarUrl,
         });

server/queues/processors/CollectionsProcessor.ts

@@ -12,7 +12,7 @@ export default class CollectionsProcessor extends BaseProcessor {
   ];
 
   async perform(event: CollectionEvent) {
-    await new DetachDraftsFromCollectionTask().schedule({
+    await DetachDraftsFromCollectionTask.schedule({
       collectionId: event.collectionId,
       actorId: event.actorId,
       ip: event.ip,

server/queues/processors/DocumentSubscriptionProcessor.ts

@@ -27,7 +27,7 @@ export default class DocumentSubscriptionProcessor extends BaseProcessor {
   async perform(event: ReceivedEvent) {
     switch (event.name) {
       case "collections.remove_user": {
-        await new CollectionSubscriptionRemoveUserTask().schedule(event);
+        await CollectionSubscriptionRemoveUserTask.schedule(event);
         return;
       }
 
@@ -35,7 +35,7 @@ export default class DocumentSubscriptionProcessor extends BaseProcessor {
         return this.handleRemoveGroupFromCollection(event);
 
       case "documents.remove_user": {
-        await new DocumentSubscriptionRemoveUserTask().schedule(event);
+        await DocumentSubscriptionRemoveUserTask.schedule(event);
         return;
       }
 
@@ -57,11 +57,11 @@ export default class DocumentSubscriptionProcessor extends BaseProcessor {
       async (groupUsers) => {
         await Promise.all(
           groupUsers.map((groupUser) =>
-            new CollectionSubscriptionRemoveUserTask().schedule({
+            CollectionSubscriptionRemoveUserTask.schedule({
               ...event,
               name: "collections.remove_user",
               userId: groupUser.userId,
-            } as CollectionUserEvent)
+            })
           )
         );
       }
@@ -79,11 +79,11 @@ export default class DocumentSubscriptionProcessor extends BaseProcessor {
       async (groupUsers) => {
         await Promise.all(
           groupUsers.map((groupUser) =>
-            new DocumentSubscriptionRemoveUserTask().schedule({
+            DocumentSubscriptionRemoveUserTask.schedule({
               ...event,
               name: "documents.remove_user",
               userId: groupUser.userId,
-            } as DocumentUserEvent)
+            })
           )
         );
       }

server/queues/processors/FileOperationCreatedProcessor.ts

@@ -20,12 +20,12 @@ export default class FileOperationCreatedProcessor extends BaseProcessor {
     if (fileOperation.type === FileOperationType.Import) {
       switch (fileOperation.format) {
         case FileOperationFormat.MarkdownZip:
-          await new ImportMarkdownZipTask().schedule({
+          await ImportMarkdownZipTask.schedule({
             fileOperationId: event.modelId,
           });
           break;
         case FileOperationFormat.JSON:
-          await new ImportJSONTask().schedule({
+          await ImportJSONTask.schedule({
             fileOperationId: event.modelId,
           });
           break;
@@ -36,17 +36,17 @@ export default class FileOperationCreatedProcessor extends BaseProcessor {
     if (fileOperation.type === FileOperationType.Export) {
       switch (fileOperation.format) {
         case FileOperationFormat.HTMLZip:
-          await new ExportHTMLZipTask().schedule({
+          await ExportHTMLZipTask.schedule({
             fileOperationId: event.modelId,
           });
           break;
         case FileOperationFormat.MarkdownZip:
-          await new ExportMarkdownZipTask().schedule({
+          await ExportMarkdownZipTask.schedule({
             fileOperationId: event.modelId,
           });
           break;
         case FileOperationFormat.JSON:
-          await new ExportJSONTask().schedule({
+          await ExportJSONTask.schedule({
             fileOperationId: event.modelId,
           });
           break;

server/queues/processors/IntegrationCreatedProcessor.ts

@@ -20,7 +20,7 @@ export default class IntegrationCreatedProcessor extends BaseProcessor {
     }
 
     // Store the available issue sources in the integration record.
-    await new CacheIssueSourcesTask().schedule({
+    await CacheIssueSourcesTask.schedule({
       integrationId: integration.id,
     });
 

server/queues/processors/NotificationsProcessor.ts

@@ -62,25 +62,25 @@ export default class NotificationsProcessor extends BaseProcessor {
       return;
     }
 
-    await new DocumentPublishedNotificationsTask().schedule(event);
+    await DocumentPublishedNotificationsTask.schedule(event);
   }
 
   async documentAddUser(event: DocumentUserEvent) {
     if (!event.data.isNew || event.userId === event.actorId) {
       return;
     }
-    await new DocumentAddUserNotificationsTask().schedule(event);
+    await DocumentAddUserNotificationsTask.schedule(event);
   }
 
   async documentAddGroup(event: DocumentGroupEvent) {
     if (!event.data.isNew) {
       return;
     }
-    await new DocumentAddGroupNotificationsTask().schedule(event);
+    await DocumentAddGroupNotificationsTask.schedule(event);
   }
 
   async revisionCreated(event: RevisionEvent) {
-    await new RevisionCreatedNotificationsTask().schedule(event);
+    await RevisionCreatedNotificationsTask.schedule(event);
   }
 
   async collectionCreated(event: CollectionEvent) {
@@ -93,7 +93,7 @@ export default class NotificationsProcessor extends BaseProcessor {
       return;
     }
 
-    await new CollectionCreatedNotificationsTask().schedule(event);
+    await CollectionCreatedNotificationsTask.schedule(event);
   }
 
   async collectionAddUser(event: CollectionUserEvent) {
@@ -101,14 +101,14 @@ export default class NotificationsProcessor extends BaseProcessor {
       return;
     }
 
-    await new CollectionAddUserNotificationsTask().schedule(event);
+    await CollectionAddUserNotificationsTask.schedule(event);
   }
 
   async commentCreated(event: CommentEvent) {
-    await new CommentCreatedNotificationsTask().schedule(event);
+    await CommentCreatedNotificationsTask.schedule(event);
   }
 
   async commentUpdated(event: CommentEvent) {
-    await new CommentUpdatedNotificationsTask().schedule(event);
+    await CommentUpdatedNotificationsTask.schedule(event);
   }
 }

server/queues/processors/RevisionsProcessor.ts

@@ -37,7 +37,7 @@ export default class RevisionsProcessor extends BaseProcessor {
           return;
         }
 
-        await new DocumentUpdateTextTask().schedule(event);
+        await DocumentUpdateTextTask.schedule(event);
 
         const user = await User.findByPk(event.actorId, {
           paranoid: false,

server/queues/processors/UserDemotedProcessor.ts

@@ -6,6 +6,6 @@ export default class UserDemotedProcessor extends BaseProcessor {
   static applicableEvents: TEvent["name"][] = ["users.demote"];
 
   async perform(event: UserEvent) {
-    await new CleanupDemotedUserTask().schedule({ userId: event.userId });
+    await CleanupDemotedUserTask.schedule({ userId: event.userId });
   }
 }

server/queues/tasks/APIImportTask.ts

@@ -325,9 +325,7 @@ export default abstract class APIImportTask<
         ([url, attachment]) => ({ attachmentId: attachment.id, url })
       );
       // publish task after attachments are persisted in DB.
-      const job = await new UploadAttachmentsForImportTask().schedule(
-        uploadItems
-      );
+      const job = await UploadAttachmentsForImportTask.schedule(uploadItems);
       await job.finished();
     } catch (err) {
       // upload attachments failure is not critical enough to fail the whole import.

server/queues/tasks/BaseTask.ts

@@ -21,7 +21,7 @@ export default abstract class BaseTask<T extends Record<string, any>> {
   static cron: TaskSchedule | undefined;
 
   /**
-   * Schedule this task type to be processed asynchronously by a worker.
+   * Schedule this task type to be processed asyncronously by a worker.
    *
    * @param props Properties to be used by the task
    * @returns A promise that resolves once the job is placed on the task queue
@@ -39,23 +39,6 @@ export default abstract class BaseTask<T extends Record<string, any>> {
     );
   }
 
-  /**
-   * Schedule this task type to be processed asynchronously by a worker.
-   *
-   * @param props Properties to be used by the task
-   * @param options Job options such as priority and retry strategy, as defined by Bull.
-   * @returns A promise that resolves once the job is placed on the task queue
-   */
-  public schedule(props: T, options?: JobOptions): Promise<Job> {
-    return taskQueue.add(
-      {
-        name: this.constructor.name,
-        props,
-      },
-      { ...options, ...this.options }
-    );
-  }
-
   /**
    * Execute the task.
    *

server/queues/tasks/CleanupDeletedTeamsTask.ts

@@ -29,7 +29,7 @@ export default class CleanupDeletedTeamsTask extends BaseTask<Props> {
     });
 
     for (const team of teams) {
-      await new CleanupDeletedTeamTask().schedule({
+      await CleanupDeletedTeamTask.schedule({
         teamId: team.id,
       });
     }

server/queues/tasks/DetachDraftsFromCollectionTask.ts

@@ -7,7 +7,7 @@ import BaseTask from "./BaseTask";
 type Props = {
   collectionId: string;
   actorId: string;
-  ip: string | null;
+  ip: string;
 };
 
 export default class DetachDraftsFromCollectionTask extends BaseTask<Props> {

server/queues/tasks/DocumentAddGroupNotificationsTask.ts

@@ -1,6 +1,6 @@
 import { Op } from "sequelize";
 import { GroupUser } from "@server/models";
-import { DocumentGroupEvent, DocumentUserEvent } from "@server/types";
+import { DocumentGroupEvent } from "@server/types";
 import BaseTask, { TaskPriority } from "./BaseTask";
 import DocumentAddUserNotificationsTask from "./DocumentAddUserNotificationsTask";
 
@@ -19,12 +19,11 @@ export default class DocumentAddGroupNotificationsTask extends BaseTask<Document
       async (groupUsers) => {
         await Promise.all(
           groupUsers.map(async (groupUser) => {
-            await new DocumentAddUserNotificationsTask().schedule({
+            await DocumentAddUserNotificationsTask.schedule({
               ...event,
-              name: "documents.add_user",
               modelId: event.data.membershipId,
               userId: groupUser.userId,
-            } as DocumentUserEvent);
+            });
           })
         );
       }

server/queues/tasks/DocumentImportTask.ts

@@ -12,7 +12,7 @@ type Props = {
   sourceMetadata: Pick<Required<SourceMetadata>, "fileName" | "mimeType">;
   publish?: boolean;
   collectionId?: string;
-  parentDocumentId?: string | null;
+  parentDocumentId?: string;
   ip: string;
   key: string;
 };

server/queues/tasks/UpdateTeamsAttachmentsSizeTask.ts

@@ -38,7 +38,7 @@ export default class UpdateTeamsAttachmentsSizeTask extends BaseTask<Props> {
         const teamIds = rows.map((row) => row.teamId);
 
         for (const teamId of teamIds) {
-          await new UpdateTeamAttachmentsSizeTask().schedule({ teamId });
+          await UpdateTeamAttachmentsSizeTask.schedule({ teamId });
         }
       }
     );

server/routes/api/attachments/attachments.ts

@@ -166,7 +166,7 @@ router.post(
       )
     );
 
-    const job = await new UploadAttachmentFromUrlTask().schedule({
+    const job = await UploadAttachmentFromUrlTask.schedule({
       attachmentId: attachment.id,
       url,
     });

server/routes/api/auth/auth.ts

@@ -135,7 +135,7 @@ router.post("auth.info", auth(), async (ctx: APIContext<T.AuthInfoReq>) => {
   // If the user did not _just_ sign in then we need to check if they continue
   // to have access to the workspace they are signed into.
   if (user.lastSignedInAt && user.lastSignedInAt < subHours(new Date(), 1)) {
-    await new ValidateSSOAccessTask().schedule({ userId: user.id });
+    await ValidateSSOAccessTask.schedule({ userId: user.id });
   }
 
   ctx.body = {

server/routes/api/cron/cron.ts

@@ -29,8 +29,7 @@ const cronHandler = async (ctx: APIContext<T.CronSchemaReq>) => {
   for (const name in tasks) {
     const TaskClass = tasks[name];
     if (TaskClass.cron === period) {
-      // @ts-expect-error We won't instantiate an abstract class
-      await new TaskClass().schedule({ limit });
+      await TaskClass.schedule({ limit });
 
       // Backwards compatibility for installations that have not set up
       // cron jobs periods other than daily.
@@ -39,15 +38,13 @@ const cronHandler = async (ctx: APIContext<T.CronSchemaReq>) => {
       !receivedPeriods.has(TaskSchedule.Minute) &&
       (period === TaskSchedule.Hour || period === TaskSchedule.Day)
     ) {
-      // @ts-expect-error We won't instantiate an abstract class
-      await new TaskClass().schedule({ limit });
+      await TaskClass.schedule({ limit });
     } else if (
       TaskClass.cron === TaskSchedule.Hour &&
       !receivedPeriods.has(TaskSchedule.Hour) &&
       period === TaskSchedule.Day
     ) {
-      // @ts-expect-error We won't instantiate an abstract class
-      await new TaskClass().schedule({ limit });
+      await TaskClass.schedule({ limit });
     }
   }
 

server/routes/api/documents/documents.ts

@@ -268,7 +268,7 @@ router.post(
     }
 
     const [documents, total] = await Promise.all([
-      Document.withMembershipScope(user.id).findAll({
+      Document.defaultScopeWithUser(user.id).findAll({
         where,
         order: [
           [
@@ -348,7 +348,7 @@ router.post(
       };
     }
 
-    const documents = await Document.withMembershipScope(user.id).findAll({
+    const documents = await Document.defaultScopeWithUser(user.id).findAll({
       where,
       order: [
         [
@@ -397,11 +397,15 @@ router.post(
     const membershipScope: Readonly<ScopeOptions> = {
       method: ["withMembership", user.id],
     };
+    const collectionScope: Readonly<ScopeOptions> = {
+      method: ["withCollectionPermissions", user.id],
+    };
     const viewScope: Readonly<ScopeOptions> = {
       method: ["withViews", user.id],
     };
     const documents = await Document.scope([
       membershipScope,
+      collectionScope,
       viewScope,
       "withDrafts",
     ]).findAll({
@@ -535,14 +539,12 @@ router.post(
       delete where.updatedAt;
     }
 
-    const documents = await Document.withMembershipScope(user.id)
-      .scope("withDrafts")
-      .findAll({
-        where,
-        order: [[sort, direction]],
-        offset: ctx.state.pagination.offset,
-        limit: ctx.state.pagination.limit,
-      });
+    const documents = await Document.defaultScopeWithUser(user.id).findAll({
+      where,
+      order: [[sort, direction]],
+      offset: ctx.state.pagination.offset,
+      limit: ctx.state.pagination.limit,
+    });
     const data = await Promise.all(
       documents.map((document) => presentDocument(ctx, document))
     );
@@ -1537,7 +1539,7 @@ router.post(
       acl,
     });
 
-    const job = await new DocumentImportTask().schedule({
+    const job = await DocumentImportTask.schedule({
       key,
       sourceMetadata: {
         fileName,
@@ -1547,7 +1549,6 @@ router.post(
       collectionId,
       parentDocumentId,
       publish,
-      ip: ctx.request.ip,
     });
     const response: DocumentImportTaskResponse = await job.finished();
     if ("error" in response) {
@@ -2031,7 +2032,13 @@ router.post(
     const collectionIds = await user.collectionIds({
       paranoid: false,
     });
-    const documents = await Document.scope("withDrafts").findAll({
+    const collectionScope: Readonly<ScopeOptions> = {
+      method: ["withCollectionPermissions", user.id],
+    };
+    const documents = await Document.scope([
+      collectionScope,
+      "withDrafts",
+    ]).findAll({
       attributes: ["id"],
       where: {
         deletedAt: {
@@ -2055,7 +2062,7 @@ router.post(
     });
 
     if (documents.length) {
-      await new EmptyTrashTask().schedule({
+      await EmptyTrashTask.schedule({
         documentIds: documents.map((doc) => doc.id),
       });
     }

server/routes/api/groupMemberships/groupMemberships.ts

@@ -24,7 +24,6 @@ router.post(
   async (ctx: APIContext<T.GroupMembershipsListReq>) => {
     const { groupId } = ctx.input.body;
     const { user } = ctx.state.auth;
-    const userId = user.id;
 
     const memberships = await GroupMembership.findAll({
       where: {
@@ -45,7 +44,7 @@ router.post(
               association: "groupUsers",
               required: true,
               where: {
-                userId,
+                userId: user.id,
               },
             },
           ],
@@ -58,13 +57,15 @@ router.post(
     const documentIds = memberships
       .map((p) => p.documentId)
       .filter(Boolean) as string[];
-    const documents = await Document.withMembershipScope(userId)
-      .scope("withDrafts")
-      .findAll({
-        where: {
-          id: documentIds,
-        },
-      });
+    const documents = await Document.scope([
+      "withDrafts",
+      { method: ["withMembership", user.id] },
+      { method: ["withCollectionPermissions", user.id] },
+    ]).findAll({
+      where: {
+        id: documentIds,
+      },
+    });
 
     const groups = uniqBy(
       memberships.map((membership) => membership.group),

server/routes/api/oauthAuthentications/__snapshots__/oauthAuthentications.test.ts.snap

@@ -1,19 +0,0 @@
-// Jest Snapshot v1, https://goo.gl/fbAQLP
-
-exports[`oauthAuthentications.delete should require authentication 1`] = `
-{
-  "error": "authentication_required",
-  "message": "Authentication required",
-  "ok": false,
-  "status": 401,
-}
-`;
-
-exports[`oauthAuthentications.list should require authentication 1`] = `
-{
-  "error": "authentication_required",
-  "message": "Authentication required",
-  "ok": false,
-  "status": 401,
-}
-`;

server/routes/api/oauthAuthentications/oauthAuthentications.test.ts

@@ -1,194 +0,0 @@
-import { OAuthClient, OAuthAuthentication } from "@server/models";
-import {
-  buildOAuthAuthentication,
-  buildTeam,
-  buildUser,
-} from "@server/test/factories";
-import { getTestServer } from "@server/test/support";
-
-const server = getTestServer();
-
-describe("oauthAuthentications.list", () => {
-  it("should require authentication", async () => {
-    const res = await server.post("/api/oauthAuthentications.list");
-    const body = await res.json();
-    expect(res.status).toEqual(401);
-    expect(body).toMatchSnapshot();
-  });
-
-  it("should return list of oauth authentications for user", async () => {
-    const team = await buildTeam();
-    const user = await buildUser({ teamId: team.id });
-    const oauthClient = await OAuthClient.create({
-      teamId: team.id,
-      createdById: user.id,
-      name: "Test Client",
-      redirectUris: ["https://example.com/callback"],
-    });
-
-    await buildOAuthAuthentication({
-      oauthClientId: oauthClient.id,
-      user,
-      scope: ["read"],
-    });
-
-    const res = await server.post("/api/oauthAuthentications.list", {
-      body: {
-        token: user.getJwtToken(),
-      },
-    });
-
-    const body = await res.json();
-    expect(res.status).toEqual(200);
-    expect(body.data.length).toEqual(1);
-    expect(body.data[0].id).toBeDefined();
-    expect(body.data[0].oauthClient.name).toEqual("Test Client");
-    expect(body.policies).toBeDefined();
-  });
-
-  it("should only return authentications for requesting user", async () => {
-    const team = await buildTeam();
-    const user = await buildUser({ teamId: team.id });
-    const anotherUser = await buildUser({ teamId: team.id });
-    const oauthClient = await OAuthClient.create({
-      teamId: team.id,
-      createdById: user.id,
-      name: "Test Client",
-      redirectUris: ["https://example.com/callback"],
-    });
-
-    await buildOAuthAuthentication({
-      oauthClientId: oauthClient.id,
-      user: anotherUser,
-      scope: ["read"],
-    });
-
-    const res = await server.post("/api/oauthAuthentications.list", {
-      body: {
-        token: user.getJwtToken(),
-      },
-    });
-
-    const body = await res.json();
-    expect(res.status).toEqual(200);
-    expect(body.data.length).toEqual(0);
-  });
-});
-
-describe("oauthAuthentications.delete", () => {
-  it("should require authentication", async () => {
-    const res = await server.post("/api/oauthAuthentications.delete");
-    const body = await res.json();
-    expect(res.status).toEqual(401);
-    expect(body).toMatchSnapshot();
-  });
-
-  it("should delete all authentications for a client without scope", async () => {
-    const team = await buildTeam();
-    const user = await buildUser({ teamId: team.id });
-    const oauthClient = await OAuthClient.create({
-      teamId: team.id,
-      createdById: user.id,
-      name: "Test Client",
-      redirectUris: ["https://example.com/callback"],
-    });
-
-    await buildOAuthAuthentication({
-      oauthClientId: oauthClient.id,
-      user,
-      scope: ["read"],
-    });
-
-    const res = await server.post("/api/oauthAuthentications.delete", {
-      body: {
-        token: user.getJwtToken(),
-        oauthClientId: oauthClient.id,
-      },
-    });
-
-    const body = await res.json();
-    expect(res.status).toEqual(200);
-    expect(body.success).toBe(true);
-
-    const auths = await OAuthAuthentication.findAll({
-      where: {
-        userId: user.id,
-        oauthClientId: oauthClient.id,
-      },
-    });
-    expect(auths.length).toEqual(0);
-  });
-
-  it("should delete matching authentications for a client with scope", async () => {
-    const team = await buildTeam();
-    const user = await buildUser({ teamId: team.id });
-    const oauthClient = await OAuthClient.create({
-      teamId: team.id,
-      createdById: user.id,
-      name: "Test Client",
-      redirectUris: ["https://example.com/callback"],
-    });
-
-    await buildOAuthAuthentication({
-      oauthClientId: oauthClient.id,
-      user,
-      scope: ["read"],
-    });
-    await buildOAuthAuthentication({
-      oauthClientId: oauthClient.id,
-      user,
-      scope: ["write"],
-    });
-
-    const res = await server.post("/api/oauthAuthentications.delete", {
-      body: {
-        token: user.getJwtToken(),
-        oauthClientId: oauthClient.id,
-        scope: ["read"],
-      },
-    });
-
-    const body = await res.json();
-    expect(res.status).toEqual(200);
-    expect(body.success).toBe(true);
-
-    const auths = await OAuthAuthentication.findAll({
-      where: {
-        userId: user.id,
-        oauthClientId: oauthClient.id,
-      },
-    });
-    expect(auths.length).toEqual(1);
-    expect(auths[0].scope[0]).toEqual("write");
-  });
-
-  it("should only delete authentications for requesting user", async () => {
-    const team = await buildTeam();
-    const user = await buildUser({ teamId: team.id });
-    const anotherUser = await buildUser({ teamId: team.id });
-    const oauthClient = await OAuthClient.create({
-      teamId: team.id,
-      createdById: user.id,
-      name: "Test Client",
-      redirectUris: ["https://example.com/callback"],
-    });
-
-    const otherAuth = await buildOAuthAuthentication({
-      oauthClientId: oauthClient.id,
-      user: anotherUser,
-      scope: ["read"],
-    });
-
-    await server.post("/api/oauthAuthentications.delete", {
-      body: {
-        token: user.getJwtToken(),
-        oauthClientId: oauthClient.id,
-        scope: "read",
-      },
-    });
-
-    // Verify other user's auth still exists
-    const auth = await OAuthAuthentication.findByPk(otherAuth.id);
-    expect(auth).not.toBeNull();
-  });
-});

server/routes/api/oauthAuthentications/oauthAuthentications.ts

@@ -66,12 +66,12 @@ router.post(
   transaction(),
   async (ctx: APIContext<T.OAuthAuthenticationsDeleteReq>) => {
     const { user } = ctx.state.auth;
-    const { oauthClientId, scope } = ctx.input.body;
+    const { oauthClientId, scope } = ctx.request.body;
     const oauthAuthentications = await OAuthAuthentication.findAll({
       where: {
         userId: user.id,
         oauthClientId,
-        ...(scope ? { scope } : {}),
+        scope,
       },
       transaction: ctx.state.transaction,
     });

server/routes/api/oauthClients/oauthClients.test.ts

@@ -148,46 +148,6 @@ describe("oauthClients.info", () => {
     expect(body.data.id).toBeUndefined();
     expect(body.data.redirectUris).toBeUndefined();
   });
-
-  it("should validate redirectUri parameter", async () => {
-    const team = await buildTeam();
-    const admin = await buildAdmin({ teamId: team.id });
-    const user = await buildUser();
-
-    const client = await OAuthClient.create({
-      teamId: team.id,
-      createdById: admin.id,
-      name: "Test Client",
-      redirectUris: [
-        "https://example.com/callback",
-        "https://another.com/callback",
-      ],
-      published: true,
-    });
-
-    // Test with valid redirectUri
-    const validRes = await server.post("/api/oauthClients.info", {
-      body: {
-        token: user.getJwtToken(),
-        clientId: client.clientId,
-        redirectUri: "https://example.com/callback",
-      },
-    });
-
-    const validBody = await validRes.json();
-    expect(validRes.status).toEqual(200);
-    expect(validBody.data.name).toEqual("Test Client");
-
-    // Test with invalid redirectUri
-    const invalidRes = await server.post("/api/oauthClients.info", {
-      body: {
-        token: user.getJwtToken(),
-        clientId: client.clientId,
-        redirectUri: "https://malicious.com/callback",
-      },
-    });
-    expect(invalidRes.status).toEqual(400);
-  });
 });
 
 describe("oauthClients.create", () => {

server/routes/api/oauthClients/oauthClients.ts

@@ -1,6 +1,5 @@
 import Router from "koa-router";
 import { UserRole } from "@shared/types";
-import { ValidationError } from "@server/errors";
 import auth from "@server/middlewares/authentication";
 import { rateLimiter } from "@server/middlewares/rateLimiter";
 import { transaction } from "@server/middlewares/transaction";
@@ -50,7 +49,7 @@ router.post(
   auth(),
   validate(T.OAuthClientsInfoSchema),
   async (ctx: APIContext<T.OAuthClientsInfoReq>) => {
-    const { id, clientId, redirectUri } = ctx.input.body;
+    const { id, clientId } = ctx.input.body;
     const { user } = ctx.state.auth;
 
     const oauthClient = await OAuthClient.findOne({
@@ -59,10 +58,6 @@ router.post(
     });
     authorize(user, "read", oauthClient);
 
-    if (redirectUri && !oauthClient.redirectUris.includes(redirectUri)) {
-      throw ValidationError("redirect_uri is invalid");
-    }
-
     const isInternalApp = oauthClient.teamId === user.teamId;
 
     ctx.body = {

server/routes/api/oauthClients/schema.ts

@@ -10,8 +10,6 @@ export const OAuthClientsInfoSchema = BaseSchema.extend({
 
       /** OAuth clientId */
       clientId: z.string().optional(),
-
-      redirectUri: z.string().optional(),
     })
     .refine((data) => data.id || data.clientId, {
       message: "Either id or clientId is required",

server/routes/api/pins/pins.ts

@@ -113,7 +113,7 @@ router.post(
       user.collectionIds(),
     ]);
 
-    const documents = await Document.withMembershipScope(user.id).findAll({
+    const documents = await Document.defaultScopeWithUser(user.id).findAll({
       where: {
         id: pins.map((pin) => pin.documentId),
         collectionId: collectionIds,

server/routes/api/stars/stars.ts

@@ -94,7 +94,7 @@ router.post(
       .map((star) => star.documentId)
       .filter(Boolean) as string[];
     const documents = documentIds.length
-      ? await Document.withMembershipScope(user.id).findAll({
+      ? await Document.defaultScopeWithUser(user.id).findAll({
           where: {
             id: documentIds,
             collectionId: collectionIds,

server/routes/api/userMemberships/userMemberships.ts

@@ -1,4 +1,5 @@
 import Router from "koa-router";
+
 import { Op, Sequelize } from "sequelize";
 import auth from "@server/middlewares/authentication";
 import { transaction } from "@server/middlewares/transaction";
@@ -45,8 +46,14 @@ router.post(
     const documentIds = memberships
       .map((p) => p.documentId)
       .filter(Boolean) as string[];
-    const documents = await Document.findByIds(documentIds, {
-      userId: user.id,
+    const documents = await Document.scope([
+      "withDrafts",
+      { method: ["withMembership", user.id] },
+      { method: ["withCollectionPermissions", user.id] },
+    ]).findAll({
+      where: {
+        id: documentIds,
+      },
     });
 
     const policies = presentPolicies(user, [...documents, ...memberships]);

server/routes/oauth/index.ts

@@ -25,7 +25,7 @@ const oauth = new OAuth2Server({
 
 router.post(
   "/authorize",
-  rateLimiter(RateLimiterStrategy.OneHundredPerHour),
+  rateLimiter(RateLimiterStrategy.FiftyPerHour),
   auth(),
   async (ctx) => {
     const { user } = ctx.state.auth;
@@ -42,8 +42,7 @@ router.post(
     const response = new OAuth2Server.Response(ctx.response);
 
     const authorizationCode = await oauth.authorize(request, response, {
-      // Require state to prevent CSRF attacks
-      allowEmptyState: false,
+      allowEmptyState: true,
       authorizationCodeLifetime:
         OAuthAuthorizationCode.authorizationCodeLifetime,
       authenticateHandler: {
@@ -67,39 +66,35 @@ router.post(
   }
 );
 
-router.post(
-  "/token",
-  rateLimiter(RateLimiterStrategy.OneHundredPerHour),
-  async (ctx) => {
-    // Note: These objects are mutated by the OAuth2Server library
-    const request = new OAuth2Server.Request(ctx.request);
-    const response = new OAuth2Server.Response(ctx.response);
-    const token = await oauth.token(request, response, {
-      accessTokenLifetime: OAuthAuthentication.accessTokenLifetime,
-      refreshTokenLifetime: OAuthAuthentication.refreshTokenLifetime,
-    });
+router.post("/token", async (ctx) => {
+  // Note: These objects are mutated by the OAuth2Server library
+  const request = new OAuth2Server.Request(ctx.request);
+  const response = new OAuth2Server.Response(ctx.response);
+  const token = await oauth.token(request, response, {
+    accessTokenLifetime: OAuthAuthentication.accessTokenLifetime,
+    refreshTokenLifetime: OAuthAuthentication.refreshTokenLifetime,
+  });
 
-    if (response.headers) {
-      ctx.set(response.headers);
-    }
-
-    ctx.body = {
-      access_token: token.accessToken,
-      refresh_token: token.refreshToken,
-      // OAuth2 spec says that the expires_in should be in seconds.
-      expires_in: token.accessTokenExpiresAt
-        ? Math.round((token.accessTokenExpiresAt.getTime() - Date.now()) / 1000)
-        : undefined,
-      token_type: "Bearer",
-      // OAuth2 spec says that the scope should be a space-separated list.
-      scope: token.scope?.join(" "),
-    };
+  if (response.headers) {
+    ctx.set(response.headers);
   }
-);
+
+  ctx.body = {
+    access_token: token.accessToken,
+    refresh_token: token.refreshToken,
+    // OAuth2 spec says that the expires_in should be in seconds.
+    expires_in: token.accessTokenExpiresAt
+      ? Math.round((token.accessTokenExpiresAt.getTime() - Date.now()) / 1000)
+      : undefined,
+    token_type: "Bearer",
+    // OAuth2 spec says that the scope should be a space-separated list.
+    scope: token.scope?.join(" "),
+  };
+});
 
 router.post(
   "/revoke",
-  rateLimiter(RateLimiterStrategy.OneHundredPerHour),
+  rateLimiter(RateLimiterStrategy.FiftyPerHour),
   validate(T.TokenRevokeSchema),
   transaction(),
   async (ctx: APIContext<T.TokenRevokeReq>) => {

server/services/cron.ts

@@ -7,8 +7,7 @@ export default function init() {
     for (const name in tasks) {
       const TaskClass = tasks[name];
       if (TaskClass.cron === schedule) {
-        // @ts-expect-error We won't instantiate an abstract class
-        await new TaskClass().schedule({ limit: 10000 });
+        await TaskClass.schedule({ limit: 10000 });
       }
     }
   }

server/services/websockets.ts

@@ -4,7 +4,6 @@ import cookie from "cookie";
 import Koa from "koa";
 import IO from "socket.io";
 import { createAdapter } from "socket.io-redis";
-import env from "@server/env";
 import { AuthenticationError } from "@server/errors";
 import Logger from "@server/logging/Logger";
 import Metrics from "@server/logging/Metrics";
@@ -39,8 +38,7 @@ export default function init(
     pingInterval: 15000,
     pingTimeout: 30000,
     cors: {
-      // Included for completeness, though CORS does not apply to websocket transport.
-      origin: env.isCloudHosted ? "*" : env.URL,
+      origin: "*",
       methods: ["GET", "POST"],
     },
   });
@@ -62,16 +60,6 @@ export default function init(
     "upgrade",
     function (req: IncomingMessage, socket: Duplex, head: Buffer) {
       if (req.url?.startsWith(path) && ioHandleUpgrade) {
-        // For on-premise deployments, ensure the websocket origin matches the deployed URL.
-        // In cloud-hosted we support any origin for custom domains.
-        if (
-          !env.isCloudHosted &&
-          (!req.headers.origin || !env.URL.startsWith(req.headers.origin))
-        ) {
-          socket.end(`HTTP/1.1 400 Bad Request\r\n`);
-          return;
-        }
-
         ioHandleUpgrade(req, socket, head);
         return;
       }

server/test/factories.ts

@@ -756,19 +756,15 @@ export async function buildOAuthAuthorizationCode(
 }
 
 export async function buildOAuthAuthentication({
-  oauthClientId,
   user,
   scope,
 }: {
-  oauthClientId?: string;
   user: User;
   scope: string[];
 }) {
-  const oauthClient = oauthClientId
-    ? await OAuthClient.findByPk(oauthClientId, { rejectOnEmpty: true })
-    : await buildOAuthClient({
-        teamId: user.teamId,
-      });
+  const oauthClient = await buildOAuthClient({
+    teamId: user.teamId,
+  });
   const oauthInterfaceClient = {
     id: oauthClient.clientId,
     grants: ["authorization_code"],

server/utils/oauth/OAuthInterface.ts

@@ -1,8 +1,8 @@
-import crypto from "crypto";
 import {
   RefreshTokenModel,
   AuthorizationCodeModel,
 } from "@node-oauth/oauth2-server";
+import rs from "randomstring";
 import { Required } from "utility-types";
 import { Scope } from "@shared/types";
 import { isUrl } from "@shared/utils/urls";
@@ -41,21 +41,17 @@ export const OAuthInterface: RefreshTokenModel &
   grants: ["authorization_code", "refresh_token"],
 
   async generateAccessToken() {
-    return `${OAuthAuthentication.accessTokenPrefix}${crypto
-      .randomBytes(32)
-      .toString("hex")}`;
+    return `${OAuthAuthentication.accessTokenPrefix}${rs.generate(32)}`;
   },
 
   async generateRefreshToken() {
-    return `${OAuthAuthentication.refreshTokenPrefix}${crypto
-      .randomBytes(32)
-      .toString("hex")}`;
+    return `${OAuthAuthentication.refreshTokenPrefix}${rs.generate(32)}`;
   },
 
   async generateAuthorizationCode() {
-    return `${OAuthAuthorizationCode.authorizationCodePrefix}${crypto
-      .randomBytes(32)
-      .toString("hex")}`;
+    return `${OAuthAuthorizationCode.authorizationCodePrefix}${rs.generate(
+      32
+    )}`;
   },
 
   async getAccessToken(accessToken: string) {
@@ -143,12 +139,10 @@ export const OAuthInterface: RefreshTokenModel &
   },
 
   async saveToken(token, client, user) {
-    const {
-      accessToken,
-      refreshToken,
-      accessTokenExpiresAt,
-      refreshTokenExpiresAt,
-    } = token;
+    const accessToken = token.accessToken;
+    const refreshToken = token.refreshToken;
+    const accessTokenExpiresAt = token.accessTokenExpiresAt;
+    const refreshTokenExpiresAt = token.refreshTokenExpiresAt;
     const accessTokenHash = hash(accessToken);
     const refreshTokenHash = refreshToken ? hash(refreshToken) : undefined;
 
@@ -239,13 +233,13 @@ export const OAuthInterface: RefreshTokenModel &
    * @returns True if the URI is valid, false otherwise.
    */
   async validateRedirectUri(uri, client) {
-    if (uri.includes("#") || uri.includes("*")) {
+    if (uri.includes("#")) {
       return false;
     }
     if (!client.redirectUris?.includes(uri)) {
       return false;
     }
-    if (!isUrl(uri, { requireHttps: true })) {
+    if (!isUrl(uri)) {
       return false;
     }
 

server/utils/permissions.ts

@@ -99,7 +99,10 @@ export const getDocumentPermission = async ({
   documentId: string;
   skipMembershipId?: string;
 }): Promise<DocumentPermission | undefined> => {
-  const document = await Document.findByPk(documentId, { userId });
+  const document = await Document.scope({
+    method: ["withCollectionPermissions", userId],
+  }).findOne({ where: { id: documentId } });
+
   const permissions: DocumentPermission[] = [];
 
   const collection = document?.collection;

shared/editor/commands/table.ts

@@ -44,11 +44,11 @@ export function createTable({
   };
 }
 
-export function createTableInner(
+function createTableInner(
   state: EditorState,
   rowsCount: number,
   colsCount: number,
-  colWidth?: number,
+  colWidth: number,
   withHeaderRow = true,
   cellContent?: Node
 ) {

shared/editor/nodes/Table.ts

@@ -1,7 +1,5 @@
 import { chainCommands } from "prosemirror-commands";
-import { InputRule } from "prosemirror-inputrules";
 import { NodeSpec, Node as ProsemirrorNode } from "prosemirror-model";
-import { TextSelection } from "prosemirror-state";
 import {
   addColumnAfter,
   addRowAfter,
@@ -25,7 +23,6 @@ import {
   deleteColSelection,
   deleteRowSelection,
   moveOutOfTable,
-  createTableInner,
 } from "../commands/table";
 import { MarkdownSerializerState } from "../lib/markdown/serializer";
 import { FixTablesPlugin } from "../plugins/FixTables";
@@ -104,18 +101,6 @@ export default class Table extends Node {
     };
   }
 
-  inputRules() {
-    return [
-      new InputRule(/^(\|--)$/, (state, _, start, end) => {
-        const nodes = createTableInner(state, 2, 2);
-        const tr = state.tr.replaceWith(start - 1, end, nodes).scrollIntoView();
-        const resolvedPos = tr.doc.resolve(start + 1);
-        tr.setSelection(TextSelection.near(resolvedPos));
-        return tr;
-      }),
-    ];
-  }
-
   toMarkdown(state: MarkdownSerializerState, node: ProsemirrorNode) {
     state.renderTable(node);
     state.closeBlock(node);

shared/editor/nodes/index.ts

@@ -56,8 +56,8 @@ export const basicExtensions: Nodes = [
   Emoji,
   Text,
   SimpleImage,
-  Code,
   Bold,
+  Code,
   Italic,
   Underline,
   Link,

shared/i18n/locales/en_US/translation.json

@@ -840,7 +840,6 @@
   "Already have an account? Go to <1>login</1>.": "Already have an account? Go to <1>login</1>.",
   "An error occurred": "An error occurred",
   "The OAuth client could not be found, please check the provided client ID": "The OAuth client could not be found, please check the provided client ID",
-  "The OAuth client could not be loaded, please check the redirect URI is valid": "The OAuth client could not be loaded, please check the redirect URI is valid",
   "Required OAuth parameters are missing": "Required OAuth parameters are missing",
   "Authorize": "Authorize",
   "{{ appName }} wants to access {{ teamName }}": "{{ appName }} wants to access {{ teamName }}",
@@ -888,8 +887,6 @@
   "Manage which third-party and internal applications have been granted access to your {{ appName }} account.": "Manage which third-party and internal applications have been granted access to your {{ appName }} account.",
   "API": "API",
   "API keys can be used to authenticate with the API and programatically control\n          your workspace's data. For more details see the <em>developer documentation</em>.": "API keys can be used to authenticate with the API and programatically control\n          your workspace's data. For more details see the <em>developer documentation</em>.",
-  "Application published": "Application published",
-  "Application updated": "Application updated",
   "Client secret rotated": "Client secret rotated",
   "Rotate secret": "Rotate secret",
   "Rotating the client secret will invalidate the current secret. Make sure to update any applications using these credentials.": "Rotating the client secret will invalidate the current secret. Make sure to update any applications using these credentials.",

shared/styles/globals.ts

@@ -113,11 +113,4 @@ export default createGlobalStyle<Props>`
     outline-offset: -1px;
     outline-width: initial;
   }
-
-  :root {
-    --sat: env(safe-area-inset-top);
-    --sar: env(safe-area-inset-right);
-    --sab: env(safe-area-inset-bottom);
-    --sal: env(safe-area-inset-left);
-  }
 `;

shared/utils/browser.ts

@@ -13,32 +13,6 @@ export function isTouchDevice(): boolean {
   return window.matchMedia?.("(hover: none) and (pointer: coarse)")?.matches;
 }
 
-/**
- * Returns the safe area insets for the current device.
- */
-export function getSafeAreaInsets(): {
-  top: number;
-  right: number;
-  bottom: number;
-  left: number;
-} {
-  // Check if CSS environment variables are supported
-  const style = getComputedStyle(document.documentElement);
-  const supportsEnv = window.CSS?.supports?.("top", "env(safe-area-inset-top)");
-
-  if (supportsEnv) {
-    return {
-      top: parseFloat(style.getPropertyValue("--sat") || "0"),
-      right: parseFloat(style.getPropertyValue("--sar") || "0"),
-      bottom: parseFloat(style.getPropertyValue("--sab") || "0"),
-      left: parseFloat(style.getPropertyValue("--sal") || "0"),
-    };
-  }
-
-  // Fallback to zero if not supported
-  return { top: 0, right: 0, bottom: 0, left: 0 };
-}
-
 /**
  * Returns true if the client is running on a Mac.
  */

shared/utils/urls.ts

@@ -98,15 +98,7 @@ export function isCollectionUrl(url: string) {
  * @param options Parsing options.
  * @returns True if a url, false otherwise.
  */
-export function isUrl(
-  text: string,
-  options?: {
-    /** Require the url to have a hostname. */
-    requireHostname?: boolean;
-    /** Require the url not to use HTTP, custom protocols are ok. */
-    requireHttps?: boolean;
-  }
-) {
+export function isUrl(text: string, options?: { requireHostname: boolean }) {
   if (text.match(/\n/)) {
     return false;
   }
@@ -121,9 +113,6 @@ export function isUrl(
     if (url.hostname) {
       return true;
     }
-    if (options?.requireHttps && url.protocol === "http:") {
-      return false;
-    }
 
     return (
       url.protocol !== "" &&

vite.config.ts

@@ -94,9 +94,6 @@ export default () =>
           modifyURLPrefix: {
             "": `${environment.CDN_URL ?? ""}/static/`,
           },
-          skipWaiting: true,
-          clientsClaim: true,
-          cleanupOutdatedCaches: true,
           runtimeCaching: [
             {
               urlPattern: /api\/urls\.unfurl$/,
@@ -112,34 +109,6 @@ export default () =>
                 },
               },
             },
-            {
-              urlPattern: /api\/attachments\.redirect/,
-              handler: "CacheFirst",
-              options: {
-                cacheName: "attachments-redirect-cache",
-                expiration: {
-                  maxEntries: 100,
-                  maxAgeSeconds: 120, // 120 seconds
-                },
-                cacheableResponse: {
-                  statuses: [0, 200, 302], // Include redirects
-                },
-              },
-            },
-            {
-              urlPattern: /api\/files\.get/,
-              handler: "CacheFirst",
-              options: {
-                cacheName: "files-cache",
-                expiration: {
-                  maxEntries: 50,
-                  maxAgeSeconds: 604800, // 7 days
-                },
-                cacheableResponse: {
-                  statuses: [0, 200, 206], // Include partial content for range requests
-                },
-              },
-            },
           ],
         },
         manifest: {

yarn.lock

@@ -105,32 +105,32 @@
     "@smithy/util-utf8" "^2.0.0"
     tslib "^2.6.2"
 
-"@aws-sdk/client-s3@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/client-s3/-/client-s3-3.797.0.tgz#27d809ddc08b4f026bdf3b01c1c43c5cb5d06e43"
-  integrity sha512-N7pB94mXi4fCt+rYmR9TzfbbwZsWs6Mnk/jDNX9sAZyWkZQnS3AZ/nRtnUmdCimdnOPOMNVjmAoZ4mW3Ff8LDw==
+"@aws-sdk/client-s3@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/client-s3/-/client-s3-3.787.0.tgz#ebb55ec36cd8f0b7e5e89e48c4d1b6ed1f6156dc"
+  integrity sha512-eGLCWkN0NlntJ9yPU6OKUggVS4cFvuZJog+cFg1KD5hniLqz7Y0YRtB4uBxW212fK3XCfddgyscEOEeHaTQQTw==
   dependencies:
     "@aws-crypto/sha1-browser" "5.2.0"
     "@aws-crypto/sha256-browser" "5.2.0"
     "@aws-crypto/sha256-js" "5.2.0"
-    "@aws-sdk/core" "3.796.0"
-    "@aws-sdk/credential-provider-node" "3.797.0"
+    "@aws-sdk/core" "3.775.0"
+    "@aws-sdk/credential-provider-node" "3.787.0"
     "@aws-sdk/middleware-bucket-endpoint" "3.775.0"
     "@aws-sdk/middleware-expect-continue" "3.775.0"
-    "@aws-sdk/middleware-flexible-checksums" "3.796.0"
+    "@aws-sdk/middleware-flexible-checksums" "3.787.0"
     "@aws-sdk/middleware-host-header" "3.775.0"
     "@aws-sdk/middleware-location-constraint" "3.775.0"
     "@aws-sdk/middleware-logger" "3.775.0"
     "@aws-sdk/middleware-recursion-detection" "3.775.0"
-    "@aws-sdk/middleware-sdk-s3" "3.796.0"
+    "@aws-sdk/middleware-sdk-s3" "3.775.0"
     "@aws-sdk/middleware-ssec" "3.775.0"
-    "@aws-sdk/middleware-user-agent" "3.796.0"
+    "@aws-sdk/middleware-user-agent" "3.787.0"
     "@aws-sdk/region-config-resolver" "3.775.0"
-    "@aws-sdk/signature-v4-multi-region" "3.796.0"
+    "@aws-sdk/signature-v4-multi-region" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@aws-sdk/util-endpoints" "3.787.0"
     "@aws-sdk/util-user-agent-browser" "3.775.0"
-    "@aws-sdk/util-user-agent-node" "3.796.0"
+    "@aws-sdk/util-user-agent-node" "3.787.0"
     "@aws-sdk/xml-builder" "3.775.0"
     "@smithy/config-resolver" "^4.1.0"
     "@smithy/core" "^3.2.0"
@@ -167,23 +167,23 @@
     "@smithy/util-waiter" "^4.0.3"
     tslib "^2.6.2"
 
-"@aws-sdk/client-sso@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.797.0.tgz#94d123568830788980cc8712a94d3b20de735e4c"
-  integrity sha512-9xuR918p7tShR67ZL+AOSbydpJxSHAOdXcQswxxWR/hKCF7tULX7tyL3gNo3l/ETp0CDcStvorOdH/nCbzEOjw==
+"@aws-sdk/client-sso@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.787.0.tgz#39f1182296b586cb957b449b5f0dabd8f378cf1a"
+  integrity sha512-L8R+Mh258G0DC73ktpSVrG4TT9i2vmDLecARTDR/4q5sRivdDQSL5bUp3LKcK80Bx+FRw3UETIlX6mYMLL9PJQ==
   dependencies:
     "@aws-crypto/sha256-browser" "5.2.0"
     "@aws-crypto/sha256-js" "5.2.0"
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/middleware-host-header" "3.775.0"
     "@aws-sdk/middleware-logger" "3.775.0"
     "@aws-sdk/middleware-recursion-detection" "3.775.0"
-    "@aws-sdk/middleware-user-agent" "3.796.0"
+    "@aws-sdk/middleware-user-agent" "3.787.0"
     "@aws-sdk/region-config-resolver" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@aws-sdk/util-endpoints" "3.787.0"
     "@aws-sdk/util-user-agent-browser" "3.775.0"
-    "@aws-sdk/util-user-agent-node" "3.796.0"
+    "@aws-sdk/util-user-agent-node" "3.787.0"
     "@smithy/config-resolver" "^4.1.0"
     "@smithy/core" "^3.2.0"
     "@smithy/fetch-http-handler" "^5.0.2"
@@ -211,40 +211,40 @@
     "@smithy/util-utf8" "^4.0.0"
     tslib "^2.6.2"
 
-"@aws-sdk/core@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.796.0.tgz#6076b78772c1eb97ec6ea9064c85ce500e0aa889"
-  integrity sha512-tH8Sp7lCxISVoLnkyv4AouuXs2CDlMhTuesWa0lq2NX1f+DXsMwSBtN37ttZdpFMw3F8mWdsJt27X9h2Oq868A==
+"@aws-sdk/core@3.775.0":
+  version "3.775.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.775.0.tgz#5d22ba78f07c07b48fb4d5b18172b9a896c0cbd0"
+  integrity sha512-8vpW4WihVfz0DX+7WnnLGm3GuQER++b0IwQG35JlQMlgqnc44M//KbJPsIHA0aJUJVwJAEShgfr5dUbY8WUzaA==
   dependencies:
     "@aws-sdk/types" "3.775.0"
     "@smithy/core" "^3.2.0"
     "@smithy/node-config-provider" "^4.0.2"
     "@smithy/property-provider" "^4.0.2"
     "@smithy/protocol-http" "^5.1.0"
-    "@smithy/signature-v4" "^5.1.0"
+    "@smithy/signature-v4" "^5.0.2"
     "@smithy/smithy-client" "^4.2.0"
     "@smithy/types" "^4.2.0"
     "@smithy/util-middleware" "^4.0.2"
     fast-xml-parser "4.4.1"
     tslib "^2.6.2"
 
-"@aws-sdk/credential-provider-env@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.796.0.tgz#4ed6903814868b0f9daa8c8db449b1f1adcda041"
-  integrity sha512-kQzGKm4IOYYO6vUrai2JocNwhJm4Aml2BsAV+tBhFhhkutE7khf9PUucoVjB78b0J48nF+kdSacqzY+gB81/Uw==
+"@aws-sdk/credential-provider-env@3.775.0":
+  version "3.775.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.775.0.tgz#b8c81818f4c62d89b5f04dc410ab9b48e954f22c"
+  integrity sha512-6ESVxwCbGm7WZ17kY1fjmxQud43vzJFoLd4bmlR+idQSWdqlzGDYdcfzpjDKTcivdtNrVYmFvcH1JBUwCRAZhw==
   dependencies:
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/property-provider" "^4.0.2"
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/credential-provider-http@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.796.0.tgz#7f36074021b2605dba4b758b4b0ca98fb5b965ad"
-  integrity sha512-wWOT6VAHIKOuHdKFGm1iyKvx7f6+Kc/YTzFWJPuT+l+CPlXR6ylP1UMIDsHHLKpMzsrh3CH77QDsjkhQrnKkfg==
+"@aws-sdk/credential-provider-http@3.775.0":
+  version "3.775.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.775.0.tgz#0fbc7f4e6cada37fc9b647de0d7c12a42a44bcc6"
+  integrity sha512-PjDQeDH/J1S0yWV32wCj2k5liRo0ssXMseCBEkCsD3SqsU8o5cU82b0hMX4sAib/RkglCSZqGO0xMiN0/7ndww==
   dependencies:
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/fetch-http-handler" "^5.0.2"
     "@smithy/node-http-handler" "^4.0.4"
@@ -255,18 +255,18 @@
     "@smithy/util-stream" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/credential-provider-ini@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.797.0.tgz#e617edac6dbd761e13826d49092b85a337bf29a2"
-  integrity sha512-Zpj6pJ2hnebrhLDr+x61ArMUkjHG6mfJRfamHxeVTgZkhLcwHjC5aM4u9pWTVugIaPY+VBtgkKPbi3TRbHlt2g==
+"@aws-sdk/credential-provider-ini@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.787.0.tgz#906ece004141462ae695504b6c07d1200688fd6c"
+  integrity sha512-hc2taRoDlXn2uuNuHWDJljVWYrp3r9JF1a/8XmOAZhVUNY+ImeeStylHXhXXKEA4JOjW+5PdJj0f1UDkVCHJiQ==
   dependencies:
-    "@aws-sdk/core" "3.796.0"
-    "@aws-sdk/credential-provider-env" "3.796.0"
-    "@aws-sdk/credential-provider-http" "3.796.0"
-    "@aws-sdk/credential-provider-process" "3.796.0"
-    "@aws-sdk/credential-provider-sso" "3.797.0"
-    "@aws-sdk/credential-provider-web-identity" "3.797.0"
-    "@aws-sdk/nested-clients" "3.797.0"
+    "@aws-sdk/core" "3.775.0"
+    "@aws-sdk/credential-provider-env" "3.775.0"
+    "@aws-sdk/credential-provider-http" "3.775.0"
+    "@aws-sdk/credential-provider-process" "3.775.0"
+    "@aws-sdk/credential-provider-sso" "3.787.0"
+    "@aws-sdk/credential-provider-web-identity" "3.787.0"
+    "@aws-sdk/nested-clients" "3.787.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/credential-provider-imds" "^4.0.2"
     "@smithy/property-provider" "^4.0.2"
@@ -274,17 +274,17 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/credential-provider-node@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.797.0.tgz#bf82e239b14c8fcc7da660c2bc1ec042123638d9"
-  integrity sha512-xJSWvvnmzEfHbqbpN4F3E3mI9+zJ/VWLGiKOjzX1Inbspa5WqNn2GoMamolZR2TvvZS4F3Hp73TD1WoBzkIjuw==
+"@aws-sdk/credential-provider-node@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.787.0.tgz#3e5cdafb0fecca25b7430f848cbca85000b25c33"
+  integrity sha512-JioVi44B1vDMaK2CdzqimwvJD3uzvzbQhaEWXsGMBcMcNHajXAXf08EF50JG3ZhLrhhUsT1ObXpbTaPINOhh+g==
   dependencies:
-    "@aws-sdk/credential-provider-env" "3.796.0"
-    "@aws-sdk/credential-provider-http" "3.796.0"
-    "@aws-sdk/credential-provider-ini" "3.797.0"
-    "@aws-sdk/credential-provider-process" "3.796.0"
-    "@aws-sdk/credential-provider-sso" "3.797.0"
-    "@aws-sdk/credential-provider-web-identity" "3.797.0"
+    "@aws-sdk/credential-provider-env" "3.775.0"
+    "@aws-sdk/credential-provider-http" "3.775.0"
+    "@aws-sdk/credential-provider-ini" "3.787.0"
+    "@aws-sdk/credential-provider-process" "3.775.0"
+    "@aws-sdk/credential-provider-sso" "3.787.0"
+    "@aws-sdk/credential-provider-web-identity" "3.787.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/credential-provider-imds" "^4.0.2"
     "@smithy/property-provider" "^4.0.2"
@@ -292,57 +292,57 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/credential-provider-process@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.796.0.tgz#d22d8adf73985fb218ff74365cd86b71bbd64513"
-  integrity sha512-r4e8/4AdKn/qQbRVocW7oXkpoiuXdTv0qty8AASNLnbQnT1vjD1bvmP6kp4fbHPWgwY8I9h0Dqjp49uy9Bqyuw==
+"@aws-sdk/credential-provider-process@3.775.0":
+  version "3.775.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.775.0.tgz#7ab90383f12461c5d20546e933924e654660542b"
+  integrity sha512-A6k68H9rQp+2+7P7SGO90Csw6nrUEm0Qfjpn9Etc4EboZhhCLs9b66umUsTsSBHus4FDIe5JQxfCUyt1wgNogg==
   dependencies:
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/property-provider" "^4.0.2"
     "@smithy/shared-ini-file-loader" "^4.0.2"
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/credential-provider-sso@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.797.0.tgz#ea22714498157c937acd3170660b10ae0348366a"
-  integrity sha512-VlyWnjTsTnBXqXcEW0nw3S7nj00n9fYwF6uU6HPO9t860yIySG01lNPAWTvAt3DfVL5SRS0GANriCZF6ohcMcQ==
+"@aws-sdk/credential-provider-sso@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.787.0.tgz#77ab6c01e4497d7ff2e6c7f081f3d8695744884b"
+  integrity sha512-fHc08bsvwm4+dEMEQKnQ7c1irEQmmxbgS+Fq41y09pPvPh31nAhoMcjBSTWAaPHvvsRbTYvmP4Mf12ZGr8/nfg==
   dependencies:
-    "@aws-sdk/client-sso" "3.797.0"
-    "@aws-sdk/core" "3.796.0"
-    "@aws-sdk/token-providers" "3.797.0"
+    "@aws-sdk/client-sso" "3.787.0"
+    "@aws-sdk/core" "3.775.0"
+    "@aws-sdk/token-providers" "3.787.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/property-provider" "^4.0.2"
     "@smithy/shared-ini-file-loader" "^4.0.2"
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/credential-provider-web-identity@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.797.0.tgz#e52b5a054a71f83ffafe3461b41851d5008d84de"
-  integrity sha512-DIb05FEmdOX7bNsqSVEAB3UkaDgrYHonQ2+gcBLqZ7LoDNnovHIlvC5jii93usgEStxITZstnzw+49keNEgVWw==
+"@aws-sdk/credential-provider-web-identity@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.787.0.tgz#d492d1f4a90b70f3a71a65f11b8d3ef79fb2759e"
+  integrity sha512-SobmCwNbk6TfEsF283mZPQEI5vV2j6eY5tOCj8Er4Lzraxu9fBPADV+Bib2A8F6jlB1lMPJzOuDCbEasSt/RIw==
   dependencies:
-    "@aws-sdk/core" "3.796.0"
-    "@aws-sdk/nested-clients" "3.797.0"
+    "@aws-sdk/core" "3.775.0"
+    "@aws-sdk/nested-clients" "3.787.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/property-provider" "^4.0.2"
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/crt-loader@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/crt-loader/-/crt-loader-3.796.0.tgz#1cba5b2ea9f50b7a904cb5902a7751b90b65b1b3"
-  integrity sha512-dfTl4hCDKJSJTq4mPSQsv65p9XlYof+SVWKxQRu6OQBCOuhGPEhr7vN0byONBdwjhiY0WECjCANDi84lDVysdQ==
+"@aws-sdk/crt-loader@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/crt-loader/-/crt-loader-3.787.0.tgz#570c7e3cc79d20b2391beb1dafe2215343a9ac29"
+  integrity sha512-NQWFDkYF/lzz2m3icdVr+a0Ua/fN4dij3GPwU+Hr/nzrFR6z7txG3U4m2zkSELJ0PDT4k/1NsgmnQlpyxg0NDg==
   dependencies:
-    "@aws-sdk/util-user-agent-node" "3.796.0"
+    "@aws-sdk/util-user-agent-node" "3.787.0"
     aws-crt "^1.24.0"
     tslib "^2.6.2"
 
-"@aws-sdk/lib-storage@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/lib-storage/-/lib-storage-3.797.0.tgz#8947c3f27fcd7b77ce171929b2ee96feed9ba3b7"
-  integrity sha512-hGacJXiFBnhkDhDuirptViR0ZfpvE6ENt+xJFV76F5OX8RvO7UhEkq9wdq/GzlSwrPB2XBfoYQgdtHJpjHs2zA==
+"@aws-sdk/lib-storage@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/lib-storage/-/lib-storage-3.787.0.tgz#fb7af2a869c31948073e7480ed1003c9755d35c4"
+  integrity sha512-iIMbmd9uASD3KFfGeH/OeVo4oxAeqbuXDmhoVEJb4M0hZ4yJ2o9v1V0TEaHwIXcrdlc0H8rCpd9opmV74MBxrA==
   dependencies:
     "@smithy/abort-controller" "^4.0.2"
     "@smithy/middleware-endpoint" "^4.1.0"
@@ -375,15 +375,15 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/middleware-flexible-checksums@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.796.0.tgz#c5a13c5dc7fd217e3d3514d3a75ae71c4b0ce5c6"
-  integrity sha512-JTqnyzGlbvXDcEnBtd5LFNrCFKUHnGyp/V9+BkvzNP02WXABLWzYvj1TCaf5pQySwK/b4kVn5lvbpTi0rXqjZw==
+"@aws-sdk/middleware-flexible-checksums@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-flexible-checksums/-/middleware-flexible-checksums-3.787.0.tgz#bc887dcfd0193a41eef6b58c18c682478a108b07"
+  integrity sha512-X71qEwWoixFmwowWzlPoZUR3u1CWJ7iAzU0EzIxqmPhQpQJLFmdL1+SRjqATynDPZQzLs1a5HBtPT++EnZ+Quw==
   dependencies:
     "@aws-crypto/crc32" "5.2.0"
     "@aws-crypto/crc32c" "5.2.0"
     "@aws-crypto/util" "5.2.0"
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/is-array-buffer" "^4.0.0"
     "@smithy/node-config-provider" "^4.0.2"
@@ -432,18 +432,18 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/middleware-sdk-s3@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.796.0.tgz#f20d77f02f27fd47178500581ae340f012652004"
-  integrity sha512-5o78oE79sGOtYkL7Up02h2nmr9UhGQZJgxE29EBdTw4dZ1EaA46L+C8oA+fBCmAB5xPQsjQqvhRrsr4Lcp+jZQ==
+"@aws-sdk/middleware-sdk-s3@3.775.0":
+  version "3.775.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.775.0.tgz#7b65832ec5a9ccccc8c7337780f722fa59f09d41"
+  integrity sha512-zsvcu7cWB28JJ60gVvjxPCI7ZU7jWGcpNACPiZGyVtjYXwcxyhXbYEVDSWKsSA6ERpz9XrpLYod8INQWfW3ECg==
   dependencies:
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@aws-sdk/util-arn-parser" "3.723.0"
     "@smithy/core" "^3.2.0"
     "@smithy/node-config-provider" "^4.0.2"
     "@smithy/protocol-http" "^5.1.0"
-    "@smithy/signature-v4" "^5.1.0"
+    "@smithy/signature-v4" "^5.0.2"
     "@smithy/smithy-client" "^4.2.0"
     "@smithy/types" "^4.2.0"
     "@smithy/util-config-provider" "^4.0.0"
@@ -461,12 +461,12 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/middleware-user-agent@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.796.0.tgz#80149d7f9034d41d35de88d96a6b73c1cb06413b"
-  integrity sha512-IeNg+3jNWT37J45opi5Jx89hGF0lOnZjiNwlMp3rKq7PlOqy8kWq5J1Gxk0W3tIkPpuf68CtBs/QFrRXWOjsZw==
+"@aws-sdk/middleware-user-agent@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.787.0.tgz#3d657c0ba1aec72bca079f4691ba20f25569fcfc"
+  integrity sha512-Lnfj8SmPLYtrDFthNIaNj66zZsBCam+E4XiUDr55DIHTGstH6qZ/q6vg0GfbukxwSmUcGMwSR4Qbn8rb8yd77g==
   dependencies:
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@aws-sdk/util-endpoints" "3.787.0"
     "@smithy/core" "^3.2.0"
@@ -474,23 +474,23 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/nested-clients@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/nested-clients/-/nested-clients-3.797.0.tgz#59699196a9b3fa43b021bdf1715e531d74885f75"
-  integrity sha512-xCsRKdsv0GAg9E28fvYBdC3JR2xdtZ2o41MVknOs+pSFtMsZm3SsgxObN35p1OTMk/o/V0LORGVLnFQMlc5QiA==
+"@aws-sdk/nested-clients@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/nested-clients/-/nested-clients-3.787.0.tgz#e8a5a6e7d0b599a7f9f15b900d3223ad080b0a81"
+  integrity sha512-xk03q1xpKNHgbuo+trEf1dFrI239kuMmjKKsqLEsHlAZbuFq4yRGMlHBrVMnKYOPBhVFDS/VineM991XI52fKg==
   dependencies:
     "@aws-crypto/sha256-browser" "5.2.0"
     "@aws-crypto/sha256-js" "5.2.0"
-    "@aws-sdk/core" "3.796.0"
+    "@aws-sdk/core" "3.775.0"
     "@aws-sdk/middleware-host-header" "3.775.0"
     "@aws-sdk/middleware-logger" "3.775.0"
     "@aws-sdk/middleware-recursion-detection" "3.775.0"
-    "@aws-sdk/middleware-user-agent" "3.796.0"
+    "@aws-sdk/middleware-user-agent" "3.787.0"
     "@aws-sdk/region-config-resolver" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@aws-sdk/util-endpoints" "3.787.0"
     "@aws-sdk/util-user-agent-browser" "3.775.0"
-    "@aws-sdk/util-user-agent-node" "3.796.0"
+    "@aws-sdk/util-user-agent-node" "3.787.0"
     "@smithy/config-resolver" "^4.1.0"
     "@smithy/core" "^3.2.0"
     "@smithy/fetch-http-handler" "^5.0.2"
@@ -530,27 +530,27 @@
     "@smithy/util-middleware" "^4.0.2"
     tslib "^2.6.2"
 
-"@aws-sdk/s3-presigned-post@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/s3-presigned-post/-/s3-presigned-post-3.797.0.tgz#37f87d205bbb649c82ecd0ce1831755e4ff25d7b"
-  integrity sha512-imfnmmH4P6hVh7NE51wP5FoBzyzph2dYqzAC/bF2bXjCv+/FaiPEt598K0A1mt4BUB5Y+0J3GcigOwzWHFU/SA==
+"@aws-sdk/s3-presigned-post@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/s3-presigned-post/-/s3-presigned-post-3.787.0.tgz#06b73ff35afc165a3208fc9a858b12a1e53d5148"
+  integrity sha512-/mM9VvdjC5fBa1WqlygmjTZ4R2fNsMjSc03JfdtcLWDShFZ61gungGZVSvsBbwh/YcVe1sKOnJz4qBQxl/ey8g==
   dependencies:
-    "@aws-sdk/client-s3" "3.797.0"
+    "@aws-sdk/client-s3" "3.787.0"
     "@aws-sdk/types" "3.775.0"
     "@aws-sdk/util-format-url" "3.775.0"
     "@smithy/middleware-endpoint" "^4.1.0"
-    "@smithy/signature-v4" "^5.1.0"
+    "@smithy/signature-v4" "^5.0.2"
     "@smithy/types" "^4.2.0"
     "@smithy/util-hex-encoding" "^4.0.0"
     "@smithy/util-utf8" "^4.0.0"
     tslib "^2.6.2"
 
-"@aws-sdk/s3-request-presigner@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/s3-request-presigner/-/s3-request-presigner-3.797.0.tgz#f375beb8a892f2b8452d0d6da38bd60f46afc4ab"
-  integrity sha512-ncEsGwmQIkXi3IREbGLC6X5sY38WM1WUAdaU5uQmBPOGEVQHtDyrIObBsIzK99j83SGWi8RqO7/n0jMGZPmeQw==
+"@aws-sdk/s3-request-presigner@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/s3-request-presigner/-/s3-request-presigner-3.787.0.tgz#1a8eadf330446e53cdca11fa0c08ae3d45a00f9c"
+  integrity sha512-WBm0AS3RRURNN0yjYXHaiI692boVwWXGt3RLdI7tYBX58E1Zb5nzC8rlk81O9Xe7ZTgTC1KCr8y4+jcBD+zwJg==
   dependencies:
-    "@aws-sdk/signature-v4-multi-region" "3.796.0"
+    "@aws-sdk/signature-v4-multi-region" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@aws-sdk/util-format-url" "3.775.0"
     "@smithy/middleware-endpoint" "^4.1.0"
@@ -559,38 +559,38 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/signature-v4-crt@^3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-crt/-/signature-v4-crt-3.796.0.tgz#28df0cf702aa7e2c5e50e359776bf0f36b648e0b"
-  integrity sha512-RCYhLuRE8mhzpE5DzU3Mu11M1KdC480OQ+coB/h0c39VlYkcE8MGTB+eOjGOoYQx3RtFBs/y0RTSR4kj8Oo21Q==
+"@aws-sdk/signature-v4-crt@^3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-crt/-/signature-v4-crt-3.787.0.tgz#6932f0f437536fc528d4cc45a79daf08819d64a3"
+  integrity sha512-TATbx7B/54UIyLawAM0eTkQfnfn9KlEXV1jymniEHQtsfL68VND9/uFdOp51Ob9eTo5Q3qghH0RMHZaOpRVuGA==
   dependencies:
-    "@aws-sdk/crt-loader" "3.796.0"
-    "@aws-sdk/signature-v4-multi-region" "3.796.0"
+    "@aws-sdk/crt-loader" "3.787.0"
+    "@aws-sdk/signature-v4-multi-region" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/querystring-parser" "^4.0.2"
-    "@smithy/signature-v4" "^5.1.0"
+    "@smithy/signature-v4" "^5.0.2"
     "@smithy/types" "^4.2.0"
     "@smithy/util-middleware" "^4.0.2"
     tslib "^2.6.2"
 
-"@aws-sdk/signature-v4-multi-region@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.796.0.tgz#b32b0ee252c87a7c18c215407b1f189927ef850c"
-  integrity sha512-JAOLdvazTc9HlTFslSrIOrKRMuOruuM3FeGw0hyfLP/RIbjd9bqe/xLIzDSJr3wpCpJs0sXoofwJgXtgTipvjA==
+"@aws-sdk/signature-v4-multi-region@3.775.0":
+  version "3.775.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.775.0.tgz#80cf60f3c9a9ea00f86529f2c4497a8ce936960a"
+  integrity sha512-cnGk8GDfTMJ8p7+qSk92QlIk2bmTmFJqhYxcXZ9PysjZtx0xmfCMxnG3Hjy1oU2mt5boPCVSOptqtWixayM17g==
   dependencies:
-    "@aws-sdk/middleware-sdk-s3" "3.796.0"
+    "@aws-sdk/middleware-sdk-s3" "3.775.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/protocol-http" "^5.1.0"
-    "@smithy/signature-v4" "^5.1.0"
+    "@smithy/signature-v4" "^5.0.2"
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@aws-sdk/token-providers@3.797.0":
-  version "3.797.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.797.0.tgz#9f8c316f1adfda592c8dc6e69082879896720696"
-  integrity sha512-TLFkP4BBdkH2zCXhG3JjaYrRft25MMZ+6/YDz1C/ikq2Zk8krUbVoSmhtYMVz10JtxAPiQ++w0vI/qbz2JSDXg==
+"@aws-sdk/token-providers@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.787.0.tgz#18c761fb21ee25c8c3a35703876f0c733b4ae743"
+  integrity sha512-d7/NIqxq308Zg0RPMNrmn0QvzniL4Hx8Qdwzr6YZWLYAbUSvZYS2ppLR3BFWSkV6SsTJUx8BuDaj3P8vttkrog==
   dependencies:
-    "@aws-sdk/nested-clients" "3.797.0"
+    "@aws-sdk/nested-clients" "3.787.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/property-provider" "^4.0.2"
     "@smithy/shared-ini-file-loader" "^4.0.2"
@@ -649,12 +649,12 @@
     bowser "^2.11.0"
     tslib "^2.6.2"
 
-"@aws-sdk/util-user-agent-node@3.796.0":
-  version "3.796.0"
-  resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.796.0.tgz#72c2ea1f32d2eb1200e111f48fd8a3c005f5202c"
-  integrity sha512-9fQpNcHgVFitf1tbTT8V1xGRoRHSmOAWjrhevo6Tc0WoINMAKz+4JNqfVGWRE5Tmtpq0oHKo1RmvxXQQtJYciA==
+"@aws-sdk/util-user-agent-node@3.787.0":
+  version "3.787.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.787.0.tgz#58e63e99586cde1c1314f74b94596780321442f5"
+  integrity sha512-mG7Lz8ydfG4SF9e8WSXiPQ/Lsn3n8A5B5jtPROidafi06I3ckV2WxyMLdwG14m919NoS6IOfWHyRGSqWIwbVKA==
   dependencies:
-    "@aws-sdk/middleware-user-agent" "3.796.0"
+    "@aws-sdk/middleware-user-agent" "3.787.0"
     "@aws-sdk/types" "3.775.0"
     "@smithy/node-config-provider" "^4.0.2"
     "@smithy/types" "^4.2.0"
@@ -4386,10 +4386,10 @@
     "@smithy/types" "^4.2.0"
     tslib "^2.6.2"
 
-"@smithy/signature-v4@^5.1.0":
-  version "5.1.0"
-  resolved "https://registry.yarnpkg.com/@smithy/signature-v4/-/signature-v4-5.1.0.tgz#2c56e5b278482b04383d84ea2c07b7f0a8eb8f63"
-  integrity sha512-4t5WX60sL3zGJF/CtZsUQTs3UrZEDO2P7pEaElrekbLqkWPYkgqNW1oeiNYC6xXifBnT9dVBOnNQRvOE9riU9w==
+"@smithy/signature-v4@^5.0.2":
+  version "5.0.2"
+  resolved "https://registry.yarnpkg.com/@smithy/signature-v4/-/signature-v4-5.0.2.tgz#363854e946fbc5bc206ff82e79ada5d5c14be640"
+  integrity sha512-Mz+mc7okA73Lyz8zQKJNyr7lIcHLiPYp0+oiqiMNc/t7/Kf2BENs5d63pEj7oPqdjaum6g0Fc8wC78dY1TgtXw==
   dependencies:
     "@smithy/is-array-buffer" "^4.0.0"
     "@smithy/protocol-http" "^5.1.0"
@@ -12267,10 +12267,10 @@ nodemailer@^6.10.0:
   resolved "https://registry.yarnpkg.com/nodemailer/-/nodemailer-6.10.0.tgz#1f24c9de94ad79c6206f66d132776b6503003912"
   integrity sha512-SQ3wZCExjeSatLE/HBaXS5vqUOQk6GtBdIIKxiFdmm01mOQZX/POJkO3SUX1wDiYcwUOJwT23scFSC9fY2H8IA==
 
-nodemon@^3.1.10:
-  version "3.1.10"
-  resolved "https://registry.yarnpkg.com/nodemon/-/nodemon-3.1.10.tgz#5015c5eb4fffcb24d98cf9454df14f4fecec9bc1"
-  integrity sha512-WDjw3pJ0/0jMFmyNDp3gvY2YizjLmmOUQo6DEBY+JgdvW/yQ9mEeSw6H5ythl5Ny2ytb7f9C2nIbjSxMNzbJXw==
+nodemon@^3.1.9:
+  version "3.1.9"
+  resolved "https://registry.yarnpkg.com/nodemon/-/nodemon-3.1.9.tgz#df502cdc3b120e1c3c0c6e4152349019efa7387b"
+  integrity sha512-hdr1oIb2p6ZSxu3PB2JWWYS7ZQ0qvaZsc3hK8DR8f02kRzc8rjYmxAIvdz+aYC+8F2IjNaB7HMcSDg8nQpJxyg==
   dependencies:
     chokidar "^3.5.2"
     debug "^4"
@@ -12851,30 +12851,30 @@ performance-now@^2.1.0:
   resolved "https://registry.yarnpkg.com/performance-now/-/performance-now-2.1.0.tgz#6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"
   integrity "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns= sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow=="
 
-pg-cloudflare@^1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/pg-cloudflare/-/pg-cloudflare-1.2.5.tgz#2e3649c38a7a9c74a7e5327c8098a2fd9af595bd"
-  integrity sha512-OOX22Vt0vOSRrdoUPKJ8Wi2OpE/o/h9T8X1s4qSkCedbNah9ei2W2765be8iMVxQUsvgT7zIAT2eIa9fs5+vtg==
+pg-cloudflare@^1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/pg-cloudflare/-/pg-cloudflare-1.1.1.tgz#e6d5833015b170e23ae819e8c5d7eaedb472ca98"
+  integrity "sha1-5tWDMBWxcOI66Bnoxdfq7bRyypg= sha512-xWPagP/4B6BgFO+EKz3JONXv3YDgvkbVrGw2mTo3D6tVDQRh1e7cqVGvyR3BE+eQgAvx1XhW/iEASj4/jCWl3Q=="
 
-pg-connection-string@^2.6.1, pg-connection-string@^2.8.5:
-  version "2.8.5"
-  resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.8.5.tgz#82cefd0269cb64a09603342d9b69e8392e6eb6cd"
-  integrity sha512-Ni8FuZ8yAF+sWZzojvtLE2b03cqjO5jNULcHFfM9ZZ0/JXrgom5pBREbtnAw7oxsxJqHw9Nz/XWORUEL3/IFow==
+pg-connection-string@^2.6.1, pg-connection-string@^2.7.0:
+  version "2.7.0"
+  resolved "https://registry.yarnpkg.com/pg-connection-string/-/pg-connection-string-2.7.0.tgz#f1d3489e427c62ece022dba98d5262efcb168b37"
+  integrity sha512-PI2W9mv53rXJQEOb8xNR8lH7Hr+EKa6oJa38zsK0S/ky2er16ios1wLKhZyxzD7jUReiWokc9WK5nxSnC7W1TA==
 
 pg-int8@1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/pg-int8/-/pg-int8-1.0.1.tgz#943bd463bf5b71b4170115f80f8efc9a0c0eb78c"
   integrity "sha1-lDvUY79bcbQXARX4D478mgwOt4w= sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw=="
 
-pg-pool@^3.9.6:
-  version "3.9.6"
-  resolved "https://registry.yarnpkg.com/pg-pool/-/pg-pool-3.9.6.tgz#c6fde89dee615d6c262724e68a3a37e9593157fc"
-  integrity sha512-rFen0G7adh1YmgvrmE5IPIqbb+IgEzENUm+tzm6MLLDSlPRoZVhzU1WdML9PV2W5GOdRA9qBKURlbt1OsXOsPw==
+pg-pool@^3.8.0:
+  version "3.8.0"
+  resolved "https://registry.yarnpkg.com/pg-pool/-/pg-pool-3.8.0.tgz#e6bce7fc4506a8d6106551363fc5283e5445b776"
+  integrity sha512-VBw3jiVm6ZOdLBTIcXLNdSotb6Iy3uOCwDGFAksZCXmi10nyRvnP2v3jl4d+IsLYRyXf6o9hIm/ZtUzlByNUdw==
 
-pg-protocol@^1.9.5:
-  version "1.9.5"
-  resolved "https://registry.yarnpkg.com/pg-protocol/-/pg-protocol-1.9.5.tgz#e544eff37d6ab79c26281d7c0b59ac9be4862686"
-  integrity sha512-DYTWtWpfd5FOro3UnAfwvhD8jh59r2ig8bPtc9H8Ds7MscE/9NYruUQWFAOuraRl29jwcT2kyMFQ3MxeaVjUhg==
+pg-protocol@^1.8.0:
+  version "1.8.0"
+  resolved "https://registry.yarnpkg.com/pg-protocol/-/pg-protocol-1.8.0.tgz#c707101dd07813868035a44571488e4b98639d48"
+  integrity sha512-jvuYlEkL03NRvOoyoRktBK7+qU5kOvlAwvmrH8sr3wbLrOdVWsRxQfz8mMy9sZFsqJ1hEWNfdWKI4SAmoL+j7g==
 
 pg-tsquery@^8.4.2:
   version "8.4.2"
@@ -12892,18 +12892,18 @@ pg-types@^2.1.0:
     postgres-date "~1.0.4"
     postgres-interval "^1.1.0"
 
-pg@^8.15.6:
-  version "8.15.6"
-  resolved "https://registry.yarnpkg.com/pg/-/pg-8.15.6.tgz#2a28e98fb6cab18b886ce58b2c184d712a94880a"
-  integrity sha512-yvao7YI3GdmmrslNVsZgx9PfntfWrnXwtR+K/DjI0I/sTKif4Z623um+sjVZ1hk5670B+ODjvHDAckKdjmPTsg==
+pg@^8.14.1:
+  version "8.14.1"
+  resolved "https://registry.yarnpkg.com/pg/-/pg-8.14.1.tgz#2e3d1f287b64797cdfc8d1ba000f61a7ff8d66ed"
+  integrity sha512-0TdbqfjwIun9Fm/r89oB7RFQ0bLgduAhiIqIXOsyKoiC/L54DbuAAzIEN/9Op0f1Po9X7iCPXGoa/Ah+2aI8Xw==
   dependencies:
-    pg-connection-string "^2.8.5"
-    pg-pool "^3.9.6"
-    pg-protocol "^1.9.5"
+    pg-connection-string "^2.7.0"
+    pg-pool "^3.8.0"
+    pg-protocol "^1.8.0"
     pg-types "^2.1.0"
     pgpass "1.x"
   optionalDependencies:
-    pg-cloudflare "^1.2.5"
+    pg-cloudflare "^1.1.1"
 
 pgpass@1.x:
   version "1.0.4"
@@ -13542,10 +13542,10 @@ react-merge-refs@^2.1.1:
   resolved "https://registry.yarnpkg.com/react-merge-refs/-/react-merge-refs-2.1.1.tgz#e46763f8f1b881c0226ee54a1a2a10ffefba0233"
   integrity sha512-jLQXJ/URln51zskhgppGJ2ub7b2WFKGq3cl3NYKtlHoTG+dN2q7EzWrn3hN3EgPsTMvpR9tpq5ijdp7YwFZkag==
 
-react-portal@^4.3.0:
-  version "4.3.0"
-  resolved "https://registry.yarnpkg.com/react-portal/-/react-portal-4.3.0.tgz#92ca3492b1309883134f317a6aa88004534c860f"
-  integrity sha512-qs/2uKq1ifB3J1+K8ExfgUvCDZqlqCkfOEhqTELEDTfosloKiuzOzc7hl7IQ/7nohiFZD41BUYU0boAsIsGYHw==
+react-portal@^4.2.2:
+  version "4.2.2"
+  resolved "https://registry.yarnpkg.com/react-portal/-/react-portal-4.2.2.tgz#bff1e024147d6041ba8c530ffc99d4c8248f49fa"
+  integrity "sha1-v/HgJBR9YEG6jFMP/JnUyCSPSfo= sha512-vS18idTmevQxyQpnde0Td6ZcUlv+pD8GTyR42n3CHUQq9OHi1C4jDE4ZWEbEsrbrLRhSECYiao58cvocwMtP7Q=="
   dependencies:
     prop-types "^15.5.8"
 
@@ -15766,10 +15766,10 @@ vite-plugin-static-copy@^0.17.0:
     fs-extra "^11.1.0"
     picocolors "^1.0.0"
 
-vite@^6.3.4:
-  version "6.3.4"
-  resolved "https://registry.yarnpkg.com/vite/-/vite-6.3.4.tgz#d441a72c7cd9a93b719bb851250a4e6c119c9cff"
-  integrity sha512-BiReIiMS2fyFqbqNT/Qqt4CVITDU9M9vE+DKcVAsB+ZV0wvTKd+3hMbkpxz1b+NmEDMegpVbisKiAZOnvO92Sw==
+vite@^6.3.3:
+  version "6.3.3"
+  resolved "https://registry.yarnpkg.com/vite/-/vite-6.3.3.tgz#497392c3f2243194e4dbf09ea83e9a3dddf49b88"
+  integrity sha512-5nXH+QsELbFKhsEfWLkHrvgRpTdGJzqOZ+utSdmPTvwHmvU6ITTm3xx+mRusihkcI8GeC7lCDyn3kDtiki9scw==
   dependencies:
     esbuild "^0.25.0"
     fdir "^6.4.4"