b5350cccf7
Add rack-attack throttler for all logins
...
We have a built-in bruteforce protection for built-in users. When users
are being created from LDAP on-the-fly, these limits cannot apply, as we
do not have a user object yet.
Instead, we can provide a more generous throttler to block attempts
2026-05-29 12:33:28 +02:00
33198e8d68
[75226] Update XWiki auth integration ( #23321 )
...
Update the XWiki auth screen: added client secret, aligned the UI with the storage UI.
Auth now supports only registered clients on the XWiki side.
---------
Co-authored-by: Jan Sandbrink <j.sandbrink@openproject.com >
2026-05-29 12:04:10 +02:00
f4ddfe11c8
Merge pull request #23256 from opf/fix/eslint-whitespace-errors
...
Fix auto-correctable eslint errors in `frontend/`
2026-05-29 11:32:14 +02:00
7af6f5d6cf
Merge pull request #23441 from opf/filter-form-component
...
Filter form component
2026-05-29 11:18:27 +02:00
6300d78765
Merge pull request #23419 from opf/dependabot/bundler/dev/mcp-0.16.0
...
Bump mcp from 0.15.0 to 0.16.0
2026-05-29 11:05:56 +02:00
4565b53957
Extract and use charset to properly serve inline text attachments ( #23432 )
...
* Extract and use charset to properly encode attachments
* Add the content type for external URLs
* Be more cautious when parsing charset from `file`
2026-05-29 10:51:37 +02:00
8c786e479e
Bump @vitest/eslint-plugin from 1.6.17 to 1.6.18 in /frontend in the vitest group across 1 directory ( #23447 )
...
Bump @vitest/eslint-plugin
Bumps the vitest group with 1 update in the /frontend directory: [@vitest/eslint-plugin](https://github.com/vitest-dev/eslint-plugin-vitest ).
Updates `@vitest/eslint-plugin` from 1.6.17 to 1.6.18
- [Release notes](https://github.com/vitest-dev/eslint-plugin-vitest/releases )
- [Commits](https://github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.17...v1.6.18 )
---
updated-dependencies:
- dependency-name: "@vitest/eslint-plugin"
dependency-version: 1.6.18
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: vitest
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-29 10:50:34 +02:00
a852d46cb6
Be more cautious when parsing charset from file
2026-05-29 10:30:07 +02:00
5330745e69
Add the content type for external URLs
2026-05-29 10:26:43 +02:00
6f63faeed1
Extract and use charset to properly encode attachments
2026-05-29 10:26:43 +02:00
ee8e954030
Fix frontend ESLint autocorrections (second pass)
...
Removes unnecessary type assertions that ESLint now detects after
library version drift. Adds eslint-disable for three casts that are
still required for type safety.
2026-05-29 10:16:40 +02:00
6d4acfc0c9
Ensure turbo mode is not blocked by using hidden filed for filter forms
2026-05-29 10:09:31 +02:00
db29c1d758
Bump @typescript-eslint/parser from 8.59.3 to 8.59.4 in /frontend in the typescript-eslint group ( #23446 )
...
Bump @typescript-eslint/parser
Bumps the typescript-eslint group in /frontend with 1 update: [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser ).
Updates `@typescript-eslint/parser` from 8.59.3 to 8.59.4
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases )
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md )
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.4/packages/parser )
---
updated-dependencies:
- dependency-name: "@typescript-eslint/parser"
dependency-version: 8.59.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: typescript-eslint
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-29 09:55:17 +02:00
89f3ab316b
Fix lookbook article that was broken by erb_lint
2026-05-29 09:42:34 +02:00
cda0ad9616
Add comment about rendered content in lookbook
2026-05-29 09:28:07 +02:00
ac41337290
Use Capybara helpers in testing
2026-05-29 09:28:06 +02:00
40135d35fb
Remove unused param for filter_form_class method
2026-05-29 09:28:05 +02:00
baf0f7351b
Update spec/forms/filters/filter_form_spec.rb
...
Co-authored-by: Alexander Brandon Coles <a.coles@openproject.com >
2026-05-29 09:28:04 +02:00
2a7e93d978
Add compatability for Work Package Queries
2026-05-29 09:28:03 +02:00
d726484b7b
Add Lookbook for Filter Forms
2026-05-29 09:28:03 +02:00
1f00123aa4
Extract a Filters::FilterForm that can be re-used in other primer forms
2026-05-29 09:28:02 +02:00
0fe1f31822
Get rid of CSS styling on #add_filter_block and #add_filter_select.
...
Instead make it CSS classes and put it on the old instances
2026-05-29 09:28:01 +02:00
031c3ce1cc
[73372] Wrong icon used when changing non working days ( #23292 )
...
* Create a new dialog component for non-working days
* Change the non-working days component
* Add feature spec
* Fix reload after canceling the action
* preserve submitted form data for confirmation, and simplify cancel handling
* Change header text
* Remove the typescript unnecessary codes and listening to a form submit and call update on confirm changes
2026-05-29 09:08:48 +02:00
bfa2588bf4
[74198] Remove newest projects in project widget on homepage ( #23136 )
...
* Add footer component for widget box
* Add footer component to the widget box as a slot
* Change projects widget to show the favorite projects
* Fix failing test
* Change the subitems widget
* Change the costs and budgets widgets
* Change the meeting widget
* Change the WPs widget in version
* Change memebers widget in project overview
* Change the favorite projects widget in my page
# Conflicts:
# frontend/src/app/shared/components/grids/widgets/project-favorites/widget-project-favorites.component.ts
* Add the widget box to the lookbook
* Add footer for members widget in dashboard
* Fix members widget capability check
* Add feature spec for favorites projects in my page
* Remove committed demo project gitlink
* Remove temporary body variables from the costs and budgets widget templates
* Remove the scroll for favorites widget
* Remove scrollbar for members and favorite projects widgets
* Change projects block to favorite projects
* Refine feature specs
* Fix the widget footer styles globally
* Rename the component name from project favorites to favorite projects
* Rename the test selector for project name
* Move widget content inside the body
* grid widgets stretch their content area so widget footers stay pinned to the bottom
* Ensure frontend-rendered grid widgets keep their turbo-loaded content in the widget flex layout so server-rendered footers stay pinned to the bottom
2026-05-29 08:37:17 +02:00
a152141163
Merge branch 'release/17.5' into dev
2026-05-29 04:58:27 +00:00
537cf6d71f
update locales from crowdin [ci skip]
2026-05-29 04:41:11 +00:00
61d82d4e1f
update locales from crowdin [ci skip]
2026-05-29 04:35:51 +00:00
e3184d47c1
Fix ESLint errors in project-edit-field
...
Adds explicit type assertions for `this.resource` when passed to
`isNewResource()`, which expects `{ id: string | null }`. The base
`Field.resource` is typed as `any`, causing two `no-unsafe-argument`
errors.
2026-05-28 21:01:45 +02:00
2f5106881f
Fix ESLint errors in wp-list-invalid-query
...
Replaces global lodash (`_`) calls with native Array methods (`map`,
`find`, `filter`, `forEach`, `slice`) and adds proper type annotations
to eliminate all 38 `@typescript-eslint/no-unsafe-*` and
`no-explicit-any` errors. Introduces a local `QueryFormSchema`
intersection type so schema attribute access is statically typed.
2026-05-28 21:01:36 +02:00
ab45745eac
Fix frontend ESLint autocorrections
...
Apply safe TypeScript ESLint cleanups and trailing whitespace fixes
across frontend files.
Keep DOM lookups typed and nullable when generic autocorrection would
otherwise assert through missing elements or erase intended guards.
2026-05-28 20:44:00 +02:00
5de5f3fb77
Bump ruby/setup-ruby from 1.306.0 to 1.310.0 ( #23418 )
...
Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby ) from 1.306.0 to 1.310.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases )
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb )
- [Commits](https://github.com/ruby/setup-ruby/compare/c4e5b1316158f92e3d49443a9d58b31d25ac0f8f...afeafc3d1ab54a631816aba4c914a0081c12ff2f )
---
updated-dependencies:
- dependency-name: ruby/setup-ruby
dependency-version: 1.310.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-28 20:26:36 +02:00
70d96e3080
Merge pull request #23302 from opf/bug/74773-closed-work-packages-are-still-considered-to-be-part-of-the-bucket
...
Bug/74773 closed work packages are still considered to be part of the bucket
2026-05-28 19:25:09 +03:00
4ec84e75ac
Merge pull request #23438 from opf/fix/flaky-inbox_column_spec
...
Fix flaky menu-based reorder specs, also renaming `wait_for_` Cuprite helpers
2026-05-28 18:09:20 +02:00
38fbc5a61c
Update the with_backlog_neighbours description to with information about the neighbouring ids and their role.
2026-05-28 18:42:38 +03:00
c8a2356729
Add a better comment describing the case when the prev argument is blank.
2026-05-28 18:42:37 +03:00
bad9840d72
Order neighbour scope ordering when calculating prev/next ids to match the default order of acts_as_list.
2026-05-28 18:42:37 +03:00
50d4072d94
Update with_backlogs_neighbours scope comment
...
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
2026-05-28 18:42:36 +03:00
641ade7c41
Remove unnecessary includes, the engine already includes the patch.
2026-05-28 18:42:35 +03:00
bfc95792b7
[ #74773 ] Closed work packages are still considered to be part of the bucket.
...
https://community.openproject.org/wp/74773
Add backlog neighbours scope
Use the with_backlogs_neighbours in the work package card menu.
2026-05-28 18:42:35 +03:00
46b8341b15
Fix flaky menu-based reorder specs
...
Wraps menu-move clicks in `wait_for_turbo_stream` so the Turbo Stream
morph completes before subsequent assertions or actions. Drag-and-drop
methods already did this; menu-based moves did not, causing intermittent
CI failures.
Dialog-opening actions ("Move to sprint") pass `wait: false` since no
immediate Turbo Stream fires.
2026-05-28 17:32:15 +02:00
d8708d8a62
Rename cuprite wait helper timeout: to wait:
...
Aligns with Capybara's `wait:` option naming conventions. A falsey value
skips the wait entirely, letting callers opt out of synchronisation.
2026-05-28 17:32:14 +02:00
c5df0c29f0
Merge pull request #23182 from opf/code-maintenance/74769-remove-portfolio_models-feature-flag
...
[#74769 ] Remove portfolio_models feature flag
2026-05-28 17:20:48 +02:00
c214fedc45
Bump codemirror and @types/codemirror in /frontend ( #23430 )
...
Bumps [codemirror](https://github.com/codemirror/basic-setup ) and [@types/codemirror](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/codemirror ). These dependencies needed to be updated together.
Updates `codemirror` from 5.65.20 to 5.65.21
- [Changelog](https://github.com/codemirror/basic-setup/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codemirror/basic-setup/commits )
Updates `@types/codemirror` from 5.60.5 to 5.60.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/codemirror )
---
updated-dependencies:
- dependency-name: codemirror
dependency-version: 5.65.21
dependency-type: direct:production
update-type: version-update:semver-patch
- dependency-name: "@types/codemirror"
dependency-version: 5.60.17
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-28 17:07:37 +02:00
4c752e257b
Bump angular-eslint dependencies to 21.4.0 ( #23397 )
...
Bump angular-eslint to ^21.4.0
Remove explicit `@angular-eslint/*` dev dependencies. The core
`angular-eslint` package should resolve these packages.
See: https://github.com/angular-eslint/angular-eslint/blob/main/packages/angular-eslint/README.md
2026-05-28 16:54:17 +02:00
278ffad4ed
Merge pull request #23409 from opf/dependabot/npm_and_yarn/frontend/dev/uirouter/angular-21.0.0
...
Bump @uirouter/angular from 17.0.0 to 21.0.0 in /frontend
2026-05-28 14:49:54 +02:00
42160abe5e
Merge branch 'release/17.5' into dev
2026-05-28 12:40:24 +00:00
8d1e568433
Merge branch 'release/17.4' into release/17.5
2026-05-28 12:32:41 +00:00
1dd837e801
Merge pull request #23433 from opf/chore/backport-ssrf-documentation
...
Backport SSRF documentation to live
2026-05-28 14:31:45 +02:00
633a454cba
Merge branch 'release/17.4' into release/17.5
2026-05-28 12:26:58 +00:00
d3a4d2ee74
fix: delay adding role to make migration not crash due to schema errors ( #23426 )
...
* fix: delay adding role to make migration not crash due to schema errors
* update spec to execute part of migration now done in background
2026-05-28 14:26:01 +02:00
Oliver Günther