chore: update dependencies (#1393)

* chore: update sqlite3

* chore: update nextjs

* chore: update semver

* chore: update email-templates

* chore: update express and express-openapi-validator

* chore: override cross-spawn as the packages using it didnt update it

* chore: update undici

* feat: use csrf-csrf instead of deprecated csurf

* chore: override cookie

* chore: remove the overrides

* chore: update lockfile

* chore: revert cypress update

* chore: revert revert cypress update

* chore: update cypress

* ci(cypress): upload video artifacts for debugging

* chore(cypress): generate videos

* ci(cypress): remove unnecessary matrix.browser in the artifact name

* chore: update to es2021

---------

Co-authored-by: Gauthier <mail@gauthierth.fr>
This commit is contained in:
fallenbagel
2025-03-08 02:45:14 +08:00
committed by GitHub
parent e97a13e1e4
commit dcc13080bc
9 changed files with 1430 additions and 1401 deletions

View File

@@ -36,3 +36,10 @@ jobs:
# Fix test titles in cypress dashboard # Fix test titles in cypress dashboard
COMMIT_INFO_MESSAGE: ${{github.event.pull_request.title}} COMMIT_INFO_MESSAGE: ${{github.event.pull_request.title}}
COMMIT_INFO_SHA: ${{github.event.pull_request.head.sha}} COMMIT_INFO_SHA: ${{github.event.pull_request.head.sha}}
- name: Upload video files
uses: actions/upload-artifact@v4
with:
name: cypress-videos
path: |
cypress/videos
cypress/screenshots

View File

@@ -4,6 +4,7 @@ export default defineConfig({
projectId: 'xkm1b4', projectId: 'xkm1b4',
e2e: { e2e: {
baseUrl: 'http://localhost:5055', baseUrl: 'http://localhost:5055',
video: true,
experimentalSessionAndOrigin: true, experimentalSessionAndOrigin: true,
}, },
env: { env: {

2
next-env.d.ts vendored
View File

@@ -2,4 +2,4 @@
/// <reference types="next/image-types/global" /> /// <reference types="next/image-types/global" />
// NOTE: This file should not be edited // NOTE: This file should not be edited
// see https://nextjs.org/docs/basic-features/typescript for more information. // see https://nextjs.org/docs/pages/building-your-application/configuring/typescript for more information.

View File

@@ -47,16 +47,16 @@
"bcrypt": "5.1.0", "bcrypt": "5.1.0",
"bowser": "2.11.0", "bowser": "2.11.0",
"connect-typeorm": "1.1.4", "connect-typeorm": "1.1.4",
"cookie-parser": "1.4.6", "cookie-parser": "1.4.7",
"copy-to-clipboard": "3.3.3", "copy-to-clipboard": "3.3.3",
"country-flag-icons": "1.5.5", "country-flag-icons": "1.5.5",
"cronstrue": "2.23.0", "cronstrue": "2.23.0",
"csurf": "1.11.0", "csrf-csrf": "^3.1.0",
"date-fns": "2.29.3", "date-fns": "2.29.3",
"dayjs": "1.11.7", "dayjs": "1.11.7",
"email-templates": "9.0.0", "email-templates": "12.0.1",
"email-validator": "2.0.4", "email-validator": "2.0.4",
"express": "4.18.2", "express": "4.21.2",
"express-openapi-validator": "4.13.8", "express-openapi-validator": "4.13.8",
"express-rate-limit": "6.7.0", "express-rate-limit": "6.7.0",
"express-session": "1.17.3", "express-session": "1.17.3",
@@ -64,15 +64,15 @@
"gravatar-url": "3.1.0", "gravatar-url": "3.1.0",
"lodash": "4.17.21", "lodash": "4.17.21",
"mime": "3", "mime": "3",
"next": "^14.2.4", "next": "^14.2.24",
"node-cache": "5.1.2", "node-cache": "5.1.2",
"node-gyp": "9.3.1", "node-gyp": "9.3.1",
"node-schedule": "2.1.1", "node-schedule": "2.1.1",
"nodemailer": "6.9.1", "nodemailer": "6.10.0",
"openpgp": "5.7.0", "openpgp": "5.11.2",
"pg": "8.11.0", "pg": "8.11.0",
"plex-api": "5.3.2", "plex-api": "5.3.2",
"pug": "3.0.2", "pug": "3.0.3",
"react": "^18.3.1", "react": "^18.3.1",
"react-ace": "10.1.0", "react-ace": "10.1.0",
"react-animate-height": "2.1.2", "react-animate-height": "2.1.2",
@@ -91,14 +91,14 @@
"react-use-clipboard": "1.0.9", "react-use-clipboard": "1.0.9",
"reflect-metadata": "0.1.13", "reflect-metadata": "0.1.13",
"secure-random-password": "0.2.3", "secure-random-password": "0.2.3",
"semver": "7.3.8", "semver": "7.7.1",
"sharp": "^0.33.4", "sharp": "^0.33.4",
"sqlite3": "5.1.4", "sqlite3": "5.1.7",
"swagger-ui-express": "4.6.2", "swagger-ui-express": "4.6.2",
"swr": "2.2.5", "swr": "2.2.5",
"tailwind-merge": "^2.6.0", "tailwind-merge": "^2.6.0",
"typeorm": "0.3.11", "typeorm": "0.3.11",
"undici": "^6.20.1", "undici": "^7.3.0",
"web-push": "3.5.0", "web-push": "3.5.0",
"wink-jaro-distance": "^2.0.0", "wink-jaro-distance": "^2.0.0",
"winston": "3.8.2", "winston": "3.8.2",
@@ -106,7 +106,7 @@
"xml2js": "0.4.23", "xml2js": "0.4.23",
"yamljs": "0.3.0", "yamljs": "0.3.0",
"yup": "0.32.11", "yup": "0.32.11",
"zod": "3.20.6" "zod": "3.24.2"
}, },
"devDependencies": { "devDependencies": {
"@commitlint/cli": "17.4.4", "@commitlint/cli": "17.4.4",
@@ -116,8 +116,8 @@
"@semantic-release/exec": "6.0.3", "@semantic-release/exec": "6.0.3",
"@semantic-release/git": "10.0.1", "@semantic-release/git": "10.0.1",
"@tailwindcss/aspect-ratio": "0.4.2", "@tailwindcss/aspect-ratio": "0.4.2",
"@tailwindcss/forms": "0.5.3", "@tailwindcss/forms": "0.5.10",
"@tailwindcss/typography": "0.5.9", "@tailwindcss/typography": "0.5.16",
"@types/bcrypt": "5.0.0", "@types/bcrypt": "5.0.0",
"@types/cookie-parser": "1.4.3", "@types/cookie-parser": "1.4.3",
"@types/country-flag-icons": "1.2.0", "@types/country-flag-icons": "1.2.0",
@@ -146,7 +146,7 @@
"commitizen": "4.3.0", "commitizen": "4.3.0",
"copyfiles": "2.4.1", "copyfiles": "2.4.1",
"cy-mobile-commands": "0.3.0", "cy-mobile-commands": "0.3.0",
"cypress": "12.7.0", "cypress": "14.1.0",
"cz-conventional-changelog": "3.3.0", "cz-conventional-changelog": "3.3.0",
"eslint": "8.35.0", "eslint": "8.35.0",
"eslint-config-next": "^14.2.4", "eslint-config-next": "^14.2.4",
@@ -159,8 +159,8 @@
"eslint-plugin-react-hooks": "4.6.0", "eslint-plugin-react-hooks": "4.6.0",
"husky": "8.0.3", "husky": "8.0.3",
"lint-staged": "13.1.2", "lint-staged": "13.1.2",
"nodemon": "2.0.20", "nodemon": "3.1.9",
"postcss": "8.4.21", "postcss": "8.4.31",
"prettier": "2.8.4", "prettier": "2.8.4",
"prettier-plugin-organize-imports": "3.2.2", "prettier-plugin-organize-imports": "3.2.2",
"prettier-plugin-tailwindcss": "0.2.3", "prettier-plugin-tailwindcss": "0.2.3",

2753
pnpm-lock.yaml generated

File diff suppressed because it is too large Load Diff

View File

@@ -28,7 +28,7 @@ import restartFlag from '@server/utils/restartFlag';
import { getClientIp } from '@supercharge/request-ip'; import { getClientIp } from '@supercharge/request-ip';
import { TypeormStore } from 'connect-typeorm/out'; import { TypeormStore } from 'connect-typeorm/out';
import cookieParser from 'cookie-parser'; import cookieParser from 'cookie-parser';
import csurf from 'csurf'; import { doubleCsrf } from 'csrf-csrf';
import type { NextFunction, Request, Response } from 'express'; import type { NextFunction, Request, Response } from 'express';
import express from 'express'; import express from 'express';
import * as OpenApiValidator from 'express-openapi-validator'; import * as OpenApiValidator from 'express-openapi-validator';
@@ -162,18 +162,23 @@ app
} }
}); });
if (settings.network.csrfProtection) { if (settings.network.csrfProtection) {
server.use( const { doubleCsrfProtection, generateToken } = doubleCsrf({
csurf({ getSecret: () => settings.clientId,
cookie: { cookieName: 'XSRF-TOKEN',
cookieOptions: {
httpOnly: true, httpOnly: true,
sameSite: true, sameSite: 'strict',
secure: !dev, secure: !dev,
}, },
}) size: 64,
); ignoredMethods: ['GET', 'HEAD', 'OPTIONS'],
});
server.use(doubleCsrfProtection);
server.use((req, res, next) => { server.use((req, res, next) => {
res.cookie('XSRF-TOKEN', req.csrfToken(), { res.cookie('XSRF-TOKEN', generateToken(req, res), {
sameSite: true, sameSite: 'strict',
secure: !dev, secure: !dev,
}); });
next(); next();

View File

@@ -50,6 +50,7 @@ class PreparedEmail extends Email {
}, },
send: true, send: true,
transport: transport, transport: transport,
preview: false,
}); });
} }
} }

View File

@@ -31,7 +31,7 @@ if (typeof window !== 'undefined') {
const headers = { const headers = {
...(init?.headers || {}), ...(init?.headers || {}),
...(csrfToken ? { 'XSRF-TOKEN': csrfToken } : {}), ...(csrfToken ? { 'X-CSRF-TOKEN': csrfToken } : {}),
}; };
const newInit: RequestInit = { const newInit: RequestInit = {

View File

@@ -1,6 +1,6 @@
{ {
"compilerOptions": { "compilerOptions": {
"target": "es5", "target": "ES2021",
"lib": ["dom", "dom.iterable", "esnext"], "lib": ["dom", "dom.iterable", "esnext"],
"allowJs": true, "allowJs": true,
"skipLibCheck": true, "skipLibCheck": true,