* [web] Fix preview next-invoice date for cadence-change upgrades
When upgrading from a monthly plan to an annual plan (or vice versa) the
user pays for a full new-cadence term today, so the next payment is one
new-term-length from now — not the current cycle's period end. Previously
we always echoed subscription.periodEnd in the preview, which surfaced
the stale current-cycle date and misled the user into thinking they'd
be charged again ~25 days later.
makeChangePreview now compares the current and next plans' annual flag:
on a cadence flip it returns now + 1 year or now + 1 month; otherwise it
keeps the existing behaviour.
Closes#33283.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* Format
* Fix next invoice date using priceincents
* Apply suggestions from code review
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
GitOrigin-RevId: 05b660ecb518c04b60e88f2ddc7531733245bdde
Adds a resolution in root package.json to force all consumers to
@xmldom/xmldom@0.8.13, fixing GHSA-wh4c-j3r5-mjhp, GHSA-j759-j44w-7fr8,
GHSA-x6wf-f3px-wcqx, GHSA-f6ww-3ggp-fr8h, and GHSA-2v35-w6hq-6mfw.
The vulnerable 0.7.13 entry in yarn.lock is replaced by 0.8.13
(minimum safe version across all five advisories).
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
GitOrigin-RevId: e1a301e3a1d637894284f35238ca0e8c23534276
Fixes GHSA-cf4h-3jhx-xvhq (critical, arbitrary code execution) and
GHSA-qpx9-hpmf-5gmw (high, DoS via _.flatten/_.isEqual).
Vulnerable underscore@1.7.0 came from js-yaml@2.1.3 → argparse@0.1.16.
All other instances were already ≥1.13.8.
GitOrigin-RevId: b2ab4bc2682e19709694b7dd686134a439ade90c
* increase scanStream COUNT for project notifications
* fix Bull queue.add delay option being ignored
* parse timestamp to number before adding to notification queue
* fix outdated comments in project_notifications script
GitOrigin-RevId: 98bb638228550b2f6f2de90280a06c47e022cf96
* [web] Add SVG support to file-view panel
Adds support by reading the content of the downloaded SVG, then creating a blob and rendering it as native HTML.
GitOrigin-RevId: e80c491a10db6f5757c568430e17d9cbb613c5b4
registerExternalAuthAdmin() now generates a random password on admin registration.
A migration clears the password for existing installs only in CE/SP
GitOrigin-RevId: 94a82d35dc8cd46915c31fb24f477c19367025eb
* Initial working version of library search
draft fetch allowing optional search param
draft debounce search
draft search bar
draft using for search
draft search params
draft data index creation
draft prefix-regex search
draft add fields only on search
draft index setup
draft search tests
draft search tests for extra params
draft using correct display value from bib entry for tokenization
* Library search handles diacritics
* Library styling and refreshing table data without
reloading table
* Updating mongo search query and creating migration
scripts for existing data
* Using Mongo query for sorting results
* Moving copied files into shared directory
* Addressing review comments
* Pulling changes from bibtex-search-token for consistency with migration
* Fixing lint
* Using mongo collation for handling case and diacritics in search queries
* Boosting citation keys with check for tokens
* Removing double foldLatinDigraphs call
* Matching figma designs for Library search component
* Adding cursor for paginated Library search results
* Re-fixing flash after searching library
* Unit test for cursor search
* Using same cursor object for search and get all results
* Data migration moved to manual script
GitOrigin-RevId: b7e6a1f07f775c8450dd97e7269cab3b68ca0eb3
The init script chowns all subdirectories but not the mount point
itself. When the host volume is owned by a non-www-data user with
restrictive permissions (e.g. 770), the web process cannot traverse
the directory and crashes with EACCES, causing a 502.
Fixes#1325 and #1465
COPYBARA_INTEGRATE_REVIEW=https://github.com/overleaf/overleaf/pull/1475 from ev-not-eve:patch-1 269a80500f
Co-authored-by: Evelyn <evansvevelyn@gmail.com>
GitOrigin-RevId: 959051861246c9f3958e56861821b92d84167926
Jakob Ackermann