Merge branch 'master' of github.com:wekan/wekan

2025-04-24 05:57:13 -04:00 · 2021-05-09 07:53:08 +03:00 · 2021-05-09 07:53:08 +03:00 · 38655ee478
commit 38655ee478
parent 23ca25a1ca 8911fe5c8d
14 changed files with 8782 additions and 4492 deletions
--- a/.meteor/versions
+++ b/.meteor/versions
@ -1,7 +1,7 @@
 3stack:presence@1.1.2
 accounts-base@1.9.0
 accounts-oauth@1.2.0
-accounts-password@1.7.0
+accounts-password@1.7.1
 aldeed:collection2@2.10.0
 aldeed:collection2-core@1.2.0
 aldeed:schema-deny@1.1.0
@ -32,7 +32,7 @@ coffeescript-compiler@2.4.1
 cottz:publish-relations@2.0.8
 dburles:collection-helpers@1.1.0
 ddp@1.4.0
-ddp-client@2.4.0
+ddp-client@2.4.1
 ddp-common@1.4.0
 ddp-rate-limiter@1.0.9
 ddp-server@2.3.3
@ -92,7 +92,7 @@ modern-browsers@0.1.5
 modules@0.16.0
 modules-runtime@0.12.0
 momentjs:moment@2.29.1
-mongo@1.11.0
+mongo@1.11.1
 mongo-decimal@0.1.2
 mongo-dev-server@1.1.0
 mongo-id@1.0.7
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,25 @@
+# v5.28 2021-05-07 Wekan release
+
+This release adds the following new features:
+
+- [Mermaid Diagram](https://github.com/wekan/wekan/wiki/Mermaid-Diagram).
+  Thanks to xuguotong and xet7.
+
+and adds the following updates:
+
+- Updated dependencies
+  [Part 1](https://github.com/wekan/wekan/commit/521ef8b6dad4f00662f22702331193c16b91b482),
+  [Part 2](https://github.com/wekan/wekan/commit/48255f6f1e4a0caf0be006196f28295d0825eb95),
+  [Part 3](https://github.com/wekan/wekan/commit/a550c255e6c3bd2d609a1a45a213cdae7ab4f74d).
+  Thanks to developers of dependencies.
+
+and fixes the following bugs:
+
+- [Fix: BG color of StartDate](https://github.com/wekan/wekan/pull/3793).
+  Thanks to listenerri.
+
+Thanks to above GitHub users for their contributions and translators for their translations.
+
 # v5.27 2021-04-29 Wekan release

 This release fixes the following bugs:
--- a/Stackerfile.yml
+++ b/Stackerfile.yml
@ -1,5 +1,5 @@
 appId: wekan-public/apps/77b94f60-dec9-0136-304e-16ff53095928
-appVersion: "v5.27.0"
+appVersion: "v5.28.0"
 files:
  userUploads:
    - README.md
--- a/client/components/activities/activities.js
+++ b/client/components/activities/activities.js
@ -1,4 +1,4 @@
-import sanitizeXss from 'xss';
+import DOMPurify from 'dompurify';

 const activitiesPerPage = 500;

@ -162,11 +162,15 @@ BlazeComponent.extendComponent({
            {
              href: source.url,
            },
-            sanitizeXss(source.system),
+            DOMPurify.sanitize(source.system, {
+              ALLOW_UNKNOWN_PROTOCOLS: true,
+            }),
          ),
        );
      } else {
-        return sanitizeXss(source.system);
+        return DOMPurify.sanitize(source.system, {
+          ALLOW_UNKNOWN_PROTOCOLS: true,
+        });
      }
    }
    return null;
@ -190,10 +194,10 @@ BlazeComponent.extendComponent({
              href: attachment.url({ download: true }),
              target: '_blank',
            },
-            sanitizeXss(attachment.name()),
+            DOMPurify.sanitize(attachment.name()),
          ),
        )) ||
-      sanitizeXss(this.currentData().activity.attachmentName)
+      DOMPurify.sanitize(this.currentData().activity.attachmentName)
    );
  },

@ -232,7 +236,7 @@ BlazeComponent.extendComponent({

 Template.activity.helpers({
  sanitize(value) {
-    return sanitizeXss(value);
+    return DOMPurify.sanitize(value, { ALLOW_UNKNOWN_PROTOCOLS: true });
  },
 });

@ -246,7 +250,7 @@ function createCardLink(card) {
          href: card.originRelativeUrl(),
          class: 'action-card',
        },
-        sanitizeXss(card.title),
+        DOMPurify.sanitize(card.title, { ALLOW_UNKNOWN_PROTOCOLS: true }),
      ),
    )
  );
@ -263,7 +267,7 @@ function createBoardLink(board, list) {
          href: board.originRelativeUrl(),
          class: 'action-board',
        },
-        sanitizeXss(text),
+        DOMPurify.sanitize(text, { ALLOW_UNKNOWN_PROTOCOLS: true }),
      ),
    )
  );
--- a/client/components/cards/cardDate.js
+++ b/client/components/cards/cardDate.js
@ -187,7 +187,7 @@ class CardStartDate extends CardDate {
    // if dueAt or endAt exist & are > startAt, startAt doesn't need to be flagged
    if ((endAt && theDate.isAfter(endAt)) || (dueAt && theDate.isAfter(dueAt)))
      classes += 'long-overdue';
-    else if (theDate.isBefore(now, 'minute')) classes += 'almost-due';
+    else if (theDate.isAfter(now)) classes += '';
    else classes += 'current';
    return classes;
  }
--- a/client/components/main/editor.js
+++ b/client/components/main/editor.js
@ -273,10 +273,12 @@ Template.editor.onRendered(() => {
  }
 });

-import sanitizeXss from 'xss';
+import DOMPurify from 'dompurify';

 // Additional  safeAttrValue function to allow for other specific protocols
 // See https://github.com/leizongmin/js-xss/issues/52#issuecomment-241354114
+
+/*
 function mySafeAttrValue(tag, name, value, cssFilter) {
  // only when the tag is 'a' and attribute is 'href'
  // then use your custom function
@ -302,6 +304,7 @@ function mySafeAttrValue(tag, name, value, cssFilter) {
    return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
  }
 }
+*/

 // XXX I believe we should compute a HTML rendered field on the server that
 // would handle markdown and user mentions. We can simply have two
@ -317,7 +320,9 @@ Blaze.Template.registerHelper(
    let content = Blaze.toHTML(view.templateContentBlock);
    const currentBoard = Boards.findOne(Session.get('currentBoard'));
    if (!currentBoard)
-      return HTML.Raw(sanitizeXss(content, { safeAttrValue: mySafeAttrValue }));
+      return HTML.Raw(
+        DOMPurify.sanitize(content, { ALLOW_UNKNOWN_PROTOCOLS: true }),
+      );
    const knowedUsers = currentBoard.members.map(member => {
      const u = Users.findOne(member.userId);
      if (u) {
@ -361,7 +366,9 @@ Blaze.Template.registerHelper(
      content = content.replace(fullMention, Blaze.toHTML(link));
    }

-    return HTML.Raw(sanitizeXss(content, { safeAttrValue: mySafeAttrValue }));
+    return HTML.Raw(
+      DOMPurify.sanitize(content, { ALLOW_UNKNOWN_PROTOCOLS: true }),
+    );
  }),
 );

--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -1,35 +1,8 @@
 {
  "name": "wekan",
-  "version": "v5.27.0",
+  "version": "v5.28.0",
  "description": "Open-Source kanban",
  "private": true,
-  "scripts": {
-    "lint": "eslint --cache --ext .js --ignore-path .eslintignore .",
-    "lint:eslint:fix": "eslint --ext .js --ignore-path .eslintignore --fix .",
-    "lint:staged": "lint-staged",
-    "prettify": "prettier --write '**/*.js' '**/*.jsx'",
-    "test": "npm run lint"
-  },
-  "lint-staged": {
-    "*.js": [
-      "meteor npm run prettify",
-      "meteor npm run lint:eslint:fix",
-      "git add --force"
-    ],
-    "*.jsx": [
-      "meteor npm run prettify",
-      "meteor npm run lint:eslint:fix",
-      "git add --force"
-    ],
-    "*.json": [
-      "prettier --write",
-      "git add --force"
-    ]
-  },
-  "pre-commit": "lint:staged",
-  "eslintConfig": {
-    "extends": "@meteorjs/eslint-config-meteor"
-  },
  "repository": {
    "type": "git",
    "url": "git+https://github.com/wekan/wekan.git"
@ -40,43 +13,33 @@
  },
  "homepage": "https://wekan.github.io",
  "devDependencies": {
-    "babel-eslint": "^10.1.0",
-    "eslint": "^5.16.0",
-    "eslint-config-meteor": "0.0.9",
-    "eslint-config-prettier": "^3.6.0",
-    "eslint-import-resolver-meteor": "^0.4.0",
-    "eslint-plugin-import": "^2.20.0",
-    "eslint-plugin-meteor": "^5.1.0",
-    "eslint-plugin-prettier": "^3.1.2",
-    "lint-staged": "^7.3.0",
-    "pre-commit": "^1.2.2",
-    "prettier": "^1.19.1",
-    "prettier-eslint": "^9.0.2"
+    "flatted": "^3.1.1"
  },
  "dependencies": {
-    "@babel/core": "^7.9.6",
-    "@babel/runtime": "^7.9.6",
-    "ajv": "^6.12.4",
+    "@babel/core": "^7.14.0",
+    "@babel/runtime": "^7.14.0",
+    "@liradb2000/markdown-it-mermaid": "^0.4.2",
+    "ajv": "^6.12.6",
    "babel-runtime": "^6.26.0",
-    "bcrypt": "^5.0.0",
-    "bson": "^4.0.3",
-    "bunyan": "^1.8.12",
+    "bcryptjs": "^2.4.3",
+    "bson": "^4.3.0",
+    "bunyan": "^1.8.15",
+    "core-js": "^2.6.12",
+    "dompurify": "^2.2.8",
    "es6-promise": "^4.2.4",
    "exceljs": "^4.2.1",
    "fibers": "^5.0.0",
-    "flatted": "^3.0.4",
    "gridfs-stream": "https://github.com/wekan/gridfs-stream/tarball/master",
    "jszip": "^3.6.0",
-    "ldapjs": "^2.1.1",
-    "markdown-it": "^12.0.2",
+    "ldapjs": "^2.2.4",
+    "markdown-it": "^12.0.6",
    "markdown-it-emoji": "^2.0.0",
    "meteor-node-stubs": "^1.0.3",
-    "mongodb": "^3.6.2",
+    "mongodb": "^3.6.6",
    "os": "^0.1.1",
    "page": "^1.11.5",
-    "papaparse": "^5.2.0",
-    "qs": "^6.9.4",
-    "source-map-support": "^0.5.19",
-    "xss": "^1.0.8"
+    "papaparse": "^5.3.0",
+    "qs": "^6.10.1",
+    "source-map-support": "^0.5.19"
  }
 }
--- a/packages/markdown/src/checkNpmVersions.js
+++ b/packages/markdown/src/checkNpmVersions.js
@ -1,5 +1,5 @@
 import { checkNpmVersions } from 'meteor/tmeasday:check-npm-versions';

 checkNpmVersions({
-    'xss': '1.0.8',
+    'dompurify': '2.2.8',
 }, 'my:xss');
--- a/packages/markdown/src/template-integration.js
+++ b/packages/markdown/src/template-integration.js
@ -1,4 +1,5 @@
-import sanitizeXss from 'xss';
+import DOMPurify from 'dompurify';
+
 var Markdown = require('markdown-it')({
  html: true,
  linkify: true,
@ -6,7 +7,9 @@ var Markdown = require('markdown-it')({
  breaks: true,
 });

+import markdownItMermaid from "@liradb2000/markdown-it-mermaid";

+/*
 // Static URL Scheme Listing
 var urlschemes = [
  "aodroplink",
@ -19,7 +22,7 @@ var urlschemes = [
  "mailspring"
 ];

-// Better would be a field in the admin backend to set this dynamically 
+// Better would be a field in the admin backend to set this dynamically
 // instead of putting all known or wanted url schemes here hard into code
 // but i was not able to access those settings
 // var urlschemes = currentSetting.automaticLinkedUrlSchemes.split('\n');
@ -44,14 +47,18 @@ function mySafeAttrValue(tag, name, value, cssFilter) {
      // use the default safeAttrValue function to process all non cbthunderlinks
      return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
    }
+//  } else if (tag === 'svg') {
+//    return `<img src="data:image/svg+xml;base64,` + atob(value) + `"></img>`;
  } else {
    // use the default safeAttrValue function to process it
    return sanitizeXss.safeAttrValue(tag, name, value, cssFilter);
  }
 };
+*/

 var emoji = require('markdown-it-emoji');
 Markdown.use(emoji);
+Markdown.use(markdownItMermaid);

 if (Package.ui) {
  const Template = Package.templating.Template;
@ -66,6 +73,6 @@ if (Package.ui) {
      text = Blaze._toText(self.templateContentBlock, HTML.TEXTMODE.STRING);
    }

-    return HTML.Raw(sanitizeXss(Markdown.render(text), { safeAttrValue: mySafeAttrValue }));
+    return HTML.Raw(DOMPurify.sanitize(Markdown.render(text), {ALLOW_UNKNOWN_PROTOCOLS: true}));
  }));
 }
--- a/public/api/wekan.html
+++ b/public/api/wekan.html
@ -7,7 +7,7 @@
    <meta charset="utf-8">
    <meta content="IE=edge,chrome=1" http-equiv="X-UA-Compatible">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
-    <title>Wekan REST API v5.27</title>
+    <title>Wekan REST API v5.28</title>

    <style>
    </style>
@ -1550,7 +1550,7 @@ var n=this.pipeline.run(e.tokenizer(t)),r=new e.Vector,i=[],o=this._fields.reduc
 	  	<ul class="toc-list-h1">
        
          <li>
-            <a href="#wekan-rest-api" class="toc-h1 toc-link" data-title="Wekan REST API v5.27">Wekan REST API v5.27</a>
+            <a href="#wekan-rest-api" class="toc-h1 toc-link" data-title="Wekan REST API v5.28">Wekan REST API v5.28</a>
            
          </li>
        
@ -2098,7 +2098,7 @@ var n=this.pipeline.run(e.tokenizer(t)),r=new e.Vector,i=[],o=this._fields.reduc
    <div class="page-wrapper">
      <div class="dark-box"></div>
      <div class="content">
-        <h1 id="wekan-rest-api">Wekan REST API v5.27</h1>
+        <h1 id="wekan-rest-api">Wekan REST API v5.28</h1>
 <blockquote>
 <p>Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.</p>
 </blockquote>
--- a/public/api/wekan.yml
+++ b/public/api/wekan.yml
@ -1,7 +1,7 @@
 swagger: '2.0'
 info:
  title: Wekan REST API
-  version: v5.27
+  version: v5.28
  description: |
    The REST API allows you to control and extend Wekan with ease.

--- a/sandstorm-pkgdef.capnp
+++ b/sandstorm-pkgdef.capnp
@ -22,10 +22,10 @@ const pkgdef :Spk.PackageDefinition = (
    appTitle = (defaultText = "Wekan"),
    # The name of the app as it is displayed to the user.

-    appVersion = 527,
+    appVersion = 528,
    # Increment this for every release.

-    appMarketingVersion = (defaultText = "5.27.0~2021-04-29"),
+    appMarketingVersion = (defaultText = "5.28.0~2021-05-07"),
    # Human-readable presentation of the app version.

    minUpgradableAppVersion = 0,
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@ -1,5 +1,5 @@
 name: wekan
-version: '5.27'
+version: '5.28'
 summary: The open-source kanban
 description: |
   Wekan is an open-source and collaborative kanban board application.