Penar Musaraj
8ed001678f
DEV: Have licensee
check xmldom license ( #18840 )
2022-11-02 11:51:11 -04:00
David Taylor
449f7d5ed5
DEV: Automatically label chat PRs ( #18843 )
2022-11-02 15:43:59 +00:00
Kris
4201ca61e2
FIX: fix circle indicator on "my posts", color ( #18844 )
2022-11-02 11:43:28 -04:00
Frank
f6f436f694
FIX: New Topic button is now correctly disabled in a category where they have no permissions, even when filtered by tag ( #18741 )
2022-11-02 10:54:54 -04:00
Gerhard Schlager
954022aed2
DEV: Add chat plugin to Crowdin ( #18838 )
2022-11-02 15:18:02 +01:00
Discourse Translator Bot
82425b23ee
Update translations ( #18813 )
2022-11-02 15:13:47 +01:00
Roman Rizzi
0a5f548635
DEV: Move discourse-chat
to the core repo. ( #18776 )
...
As part of this move, we are also renaming `discourse-chat` to `chat`.
2022-11-02 10:41:30 -03:00
Osama Sayegh
e7e24843dc
DEV: Add integration specs for Github login ( #18808 )
...
Internal topic: t/82084.
2022-11-02 16:21:51 +03:00
Kris
2531828973
UX: hide new/unread counts in sidebar, use dot by default ( #18797 )
...
This updates the behavior of the list destination setting for links in the sidebar.
By default, new/unread content will show a dot like chat, rather than the count of new/unread topics.
If a user chooses to link to new/unread in the sidebar, we'll show the count.
The goal here is to find a simple default for typical users (new/unread indication, no counts, default links) while providing a different workflow for power users (showing new/unread counts, and linking directly to new/unread).
Internal Ref: /t/82626
2022-11-02 20:55:05 +09:00
Alan Guo Xiang Tan
46e9f402eb
DEV: Avoid cloning site settings in QUnit tests ( #18811 )
...
`siteSettings` is now a service which means there should only be one
state for `siteSettings` during the life time of the application. This
also helps to maintain parity with production where the `site` model
relies on the `siteSettings` service and not a clone of the attributes.
2022-11-02 20:07:17 +09:00
dependabot[bot]
e6856a3ca3
Build(deps): Bump tmpl from 1.0.4 to 1.0.5 in /app/assets/javascripts ( #18835 )
...
Bumps [tmpl](https://github.com/daaku/nodejs-tmpl ) from 1.0.4 to 1.0.5.
- [Release notes](https://github.com/daaku/nodejs-tmpl/releases )
- [Commits](https://github.com/daaku/nodejs-tmpl/commits/v1.0.5 )
---
updated-dependencies:
- dependency-name: tmpl
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-02 10:58:59 +01:00
Jarek Radosz
fc107be63f
FIX: Correct the post numbers in lastUnreadUrl
( #18831 )
...
Previously when a topic had e.g. 10 posts and you read them all, the link to the "first unread" would be `/11`, even when we knew there are only 10. (the topic route/controller would then fix that in the location bar after a second if you followed that URL)
2022-11-02 10:49:10 +01:00
Jarek Radosz
c32fe340f0
DEV: Fix mocha deprecations ( #18828 )
...
It now supports strict keyword argument matching by default.
2022-11-02 10:47:59 +01:00
Jarek Radosz
b9bcb225f2
DEV: Fix qunit hook issue ( #18829 )
2022-11-02 10:46:52 +01:00
Jarek Radosz
45e8995eb1
DEV: Force testem
upgrade ( #18834 )
...
1. Add `"testem": "latest"` to package.json
2. `yarn`
3. `npx yarn-deduplicate`
4. Remove the line from package.json
5. `yarn`
2022-11-02 10:45:17 +01:00
Blake Erickson
fefd938520
UX: Hide welcome topic from admins as well if not edited ( #18807 )
...
Depends on: #18806
We have a banner that prompts to edit the welcome topic, so let's not
show it in the topic list until it has been edited. Previously this
banner covered the welcome topic, now the banner will be above the topic
list, so we need to hide the welcome topic.
2022-11-01 16:17:17 -06:00
dependabot[bot]
e79208888c
Build(deps): Bump zeitwerk from 2.6.3 to 2.6.4 ( #18830 )
...
Bumps [zeitwerk](https://github.com/fxn/zeitwerk ) from 2.6.3 to 2.6.4.
- [Release notes](https://github.com/fxn/zeitwerk/releases )
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md )
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.6.3...v2.6.4 )
---
updated-dependencies:
- dependency-name: zeitwerk
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-01 21:48:10 +01:00
dependabot[bot]
6029c6a4dc
Build(deps-dev): Bump mocha from 1.16.0 to 2.0.0 ( #18819 )
...
Bumps [mocha](https://github.com/freerange/mocha ) from 1.16.0 to 2.0.0.
- [Release notes](https://github.com/freerange/mocha/releases )
- [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md )
- [Commits](https://github.com/freerange/mocha/compare/v1.16.0...v2.0.0 )
---
updated-dependencies:
- dependency-name: mocha
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-01 21:33:39 +01:00
Jordan Vidrine
208d22cfc2
UX: Change placement of welcome cta ( #18806 )
2022-11-01 14:07:40 -05:00
Daniel Waterworth
167181f4b7
DEV: Quote values when constructing SQL ( #18827 )
...
All of these cases should already be safe, but still good to quote for
"defense in depth".
2022-11-01 14:05:13 -05:00
Kris
a356e2fe30
UX: update and consolodate published page styles ( #18792 )
2022-11-01 14:31:39 -04:00
dependabot[bot]
10ea279bc9
Build(deps): Bump rubocop from 1.37.1 to 1.38.0 ( #18821 )
...
Bumps [rubocop](https://github.com/rubocop/rubocop ) from 1.37.1 to 1.38.0.
- [Release notes](https://github.com/rubocop/rubocop/releases )
- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rubocop/rubocop/compare/v1.37.1...v1.38.0 )
---
updated-dependencies:
- dependency-name: rubocop
dependency-type: indirect
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-01 18:59:19 +01:00
David Taylor
e3da085e31
Version bump to v2.9.0.beta11 ( #18822 )
2022-11-01 17:00:05 +00:00
David Taylor
07ef1a80a1
SECURITY: Fix invite link email validation ( #18817 )
...
See https://github.com/discourse/discourse/security/advisories/GHSA-x8w7-rwmr-w278
Co-authored-by: Martin Brennan <martin@discourse.org>
2022-11-01 16:33:32 +00:00
David Taylor
68b4fe4cf8
SECURITY: Expand and improve SSRF Protections ( #18815 )
...
See https://github.com/discourse/discourse/security/advisories/GHSA-rcc5-28r3-23rr
Co-authored-by: OsamaSayegh <asooomaasoooma90@gmail.com>
Co-authored-by: Daniel Waterworth <me@danielwaterworth.com>
2022-11-01 16:33:17 +00:00
David Taylor
695b44269b
DEV: Do not remove debugger
statements from themes ( #18814 )
2022-11-01 13:56:33 +00:00
Alan Guo Xiang Tan
02304cae83
FIX: Can't change notification level of categories set to regular ( #18801 )
...
This commit fixes a bug on the client site where we would include the
`regular_category_ids` field when trying to update the notification levels of
categories for a user. The `regulary_category_ids` field should only be
included when the `mute_all_categories_by_default` is enabled
2022-11-01 07:15:53 +08:00
dependabot[bot]
d1c5529aad
Build(deps): Bump zeitwerk from 2.6.1 to 2.6.3 ( #18809 )
...
Bumps [zeitwerk](https://github.com/fxn/zeitwerk ) from 2.6.1 to 2.6.3.
- [Release notes](https://github.com/fxn/zeitwerk/releases )
- [Changelog](https://github.com/fxn/zeitwerk/blob/main/CHANGELOG.md )
- [Commits](https://github.com/fxn/zeitwerk/compare/v2.6.1...v2.6.3 )
---
updated-dependencies:
- dependency-name: zeitwerk
dependency-type: indirect
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-01 06:54:19 +08:00
Penar Musaraj
b912bb955f
DEV: Mark bootbox
as deprecated ( #18795 )
2022-10-31 14:08:35 -04:00
David Taylor
d22fddf00a
UX: Ensure image size is maintained even after loading error ( #18805 )
2022-10-31 17:55:24 +00:00
Selase Krakani
586454bcf1
Refactor admin base controller ( #18453 )
...
* DEV: Add a dedicated Admin::StaffController base controller
The current parent(Admin:AdminController) for all admin-related controllers
uses a filter that allows only staff(admin, moderator) users.
This refactor makes Admin::AdminController filter for only admins as the name suggests and
introduces a base controller dedicated for staff-related endpoints.
* DEV: Set staff-only controllers parent to Admin::StaffController
Refactor staff-only controllers to inherit newly introduced
Admin::StaffController abstract controller. This conveys the
purpose of the parent controller better unlike the previously used parent
controller.
2022-10-31 12:02:26 +00:00
Natalie Tay
5e4bad0d8f
FIX: Evaluate all callbacks rather than override them ( #18788 )
2022-10-31 10:13:56 +08:00
Alan Guo Xiang Tan
cfefdf0832
UX: Switch no categories/tags configured text in sidebar to a link ( #18787 )
...
Internal Ref: /t/73500
2022-10-31 06:42:55 +08:00
Osama Sayegh
fa9e708cb7
FIX: Don't notify topic author about small action posts ( #18789 )
2022-10-31 06:26:20 +08:00
Gaurang Tandon
5ee5031bfa
UX: Fix grammar typo in trust_level_unlocked_tip ( #18793 )
2022-10-31 06:25:37 +08:00
dependabot[bot]
33946efd28
Build(deps): Bump jsdom from 20.0.1 to 20.0.2 in /app/assets/javascripts ( #18800 )
...
Bumps [jsdom](https://github.com/jsdom/jsdom ) from 20.0.1 to 20.0.2.
- [Release notes](https://github.com/jsdom/jsdom/releases )
- [Changelog](https://github.com/jsdom/jsdom/blob/master/Changelog.md )
- [Commits](https://github.com/jsdom/jsdom/compare/20.0.1...20.0.2 )
---
updated-dependencies:
- dependency-name: jsdom
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-30 22:40:43 +01:00
dependabot[bot]
20b083354d
Build(deps): Bump cose from 1.2.1 to 1.3.0 ( #18799 )
...
Bumps [cose](https://github.com/cedarcode/cose-ruby ) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/cedarcode/cose-ruby/releases )
- [Changelog](https://github.com/cedarcode/cose-ruby/blob/master/CHANGELOG.md )
- [Commits](https://github.com/cedarcode/cose-ruby/compare/v1.2.1...v1.3.0 )
---
updated-dependencies:
- dependency-name: cose
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-30 22:24:50 +01:00
dependabot[bot]
128b97d810
Build(deps): Bump net-smtp from 0.3.2 to 0.3.3 ( #18798 )
...
Bumps [net-smtp](https://github.com/ruby/net-smtp ) from 0.3.2 to 0.3.3.
- [Release notes](https://github.com/ruby/net-smtp/releases )
- [Changelog](https://github.com/ruby/net-smtp/blob/master/NEWS.md )
- [Commits](https://github.com/ruby/net-smtp/compare/v0.3.2...v0.3.3 )
---
updated-dependencies:
- dependency-name: net-smtp
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-30 22:24:42 +01:00
dependabot[bot]
cfe264ee39
Build(deps): Bump @babel/standalone in /app/assets/javascripts ( #18784 )
...
Bumps [@babel/standalone](https://github.com/babel/babel/tree/HEAD/packages/babel-standalone ) from 7.19.6 to 7.20.0.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.20.0/packages/babel-standalone )
---
updated-dependencies:
- dependency-name: "@babel/standalone"
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-30 21:32:41 +01:00
Blake Erickson
f7a4fd1f49
FIX: Follow up fixes for password-reset error page ( #18794 )
...
* FIX: Follow up fixes for password-reset error page
Pass in `base_url` to the template
Use `.html_safe` since the message now contains html
Follow up to: 9b1536fb83
* Update specs to pass in the base_url
2022-10-28 15:41:26 -06:00
Blake Erickson
f70d71c5e3
UX: Change emoji graphic on invite error page ( #18790 )
...
Switch to using the sweat-smile emoji instead of the cry emoji on the
error page when you have already redeemed your invite.
2022-10-28 11:34:38 -06:00
Penar Musaraj
0297c79cbe
FIX: simplify display of multiple AJAX errors ( #18763 )
...
Our dialog service doesn't accept HTML by default and we shouldn't include HTML in the error message string. And given that the Ajax error handler is called in multiple contexts, it's tricky to properly support line breaks via either HTML or `\n` so we are opting for plain text in AJAX error messages.
2022-10-28 08:37:08 -04:00
Osama Sayegh
e120c94236
FIX: Don't attempt to add user again to a group when syncing groups via SSO ( #18772 )
...
This commit fixes a regression introduced in 8979adc
where under certain conditions the groups syncing logic in Discourse Connect would try to add users to groups they're already members of and cause errors when users try to sign in using Discourse Connect.
2022-10-28 13:27:12 +03:00
Jarek Radosz
fa5f43e7c0
DEV: Delete old buffered-render
attributes ( #18786 )
...
That mixin was removed in 1a31a403ce
(January 2020)
2022-10-28 08:30:14 +08:00
Alan Guo Xiang Tan
4244b1c57d
FIX: Ignore unique conflicts when backfilling sidebar defaults ( #18785 )
...
`insert_all!` raises an error when the insertion violates any unique
constraints which is not what we want here.
Follow-up to 1b56a55f50
2022-10-28 07:47:41 +08:00
Sam
d99293d837
FEATURE: reduce suspicious distance logins warning to 100km ( #18767 )
...
Suspicious login emails are incredibly rare, we are concerned they are in
fact too rare. Attempt to reduce the distance down to 100km.
2022-10-28 07:01:11 +08:00
dependabot[bot]
249f322ac9
Build(deps-dev): Bump test-prof from 1.0.10 to 1.0.11 ( #18781 )
...
Bumps [test-prof](https://github.com/test-prof/test-prof ) from 1.0.10 to 1.0.11.
- [Release notes](https://github.com/test-prof/test-prof/releases )
- [Changelog](https://github.com/test-prof/test-prof/blob/master/CHANGELOG.md )
- [Commits](https://github.com/test-prof/test-prof/compare/v1.0.10...v1.0.11 )
---
updated-dependencies:
- dependency-name: test-prof
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-28 06:37:58 +08:00
dependabot[bot]
3e5d0f2e99
Build(deps): Bump json_schemer from 0.2.21 to 0.2.22 ( #18782 )
...
Bumps [json_schemer](https://github.com/davishmcclurg/json_schemer ) from 0.2.21 to 0.2.22.
- [Release notes](https://github.com/davishmcclurg/json_schemer/releases )
- [Commits](https://github.com/davishmcclurg/json_schemer/compare/v0.2.21...v0.2.22 )
---
updated-dependencies:
- dependency-name: json_schemer
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-28 06:36:18 +08:00
Kris
9c2f0edbec
UX: make whole category box clickable ( #18780 )
2022-10-27 15:27:53 -04:00
Dan Gebhardt
952b033165
FIX: Ensure that custom {{action}} modifier works with actions hash ( #18779 )
...
A callback that's provided as a string, such as `{{action "doSomething"}}`, may target the method `doSomething` on the context OR the context's `action` hash (if it exists).
2022-10-27 20:12:34 +01:00