alois/Verso
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27,979 Commits 6 Branches 11 Tags
c7b56ff2952564cb64d1bc7aa046b6e4900d2f7e
Commit Graph

26 Commits

Author SHA1 Message Date
Jakob Ackermann c7b56ff295 [monorepo] remove contacts service (#33550) 
GitOrigin-RevId: 15478243e4d6a56b81eee28f76f9ef7dc54a45d7
 2026-05-27 08:07:19 +00:00
Lucie Germain ae00bcbeca [Security Upgrade]: pin @xmldom/xmldom to 0.8.13 (#33373) 
Adds a resolution in root package.json to force all consumers to
@xmldom/xmldom@0.8.13, fixing GHSA-wh4c-j3r5-mjhp, GHSA-j759-j44w-7fr8,
GHSA-x6wf-f3px-wcqx, GHSA-f6ww-3ggp-fr8h, and GHSA-2v35-w6hq-6mfw.

The vulnerable 0.7.13 entry in yarn.lock is replaced by 0.8.13
(minimum safe version across all five advisories).

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
GitOrigin-RevId: e1a301e3a1d637894284f35238ca0e8c23534276
 2026-05-25 08:05:19 +00:00
Lucie Germain 6fa708982b Pin argparse/underscore to 1.13.8 via yarn resolution (#33364) 
Fixes GHSA-cf4h-3jhx-xvhq (critical, arbitrary code execution) and
GHSA-qpx9-hpmf-5gmw (high, DoS via _.flatten/_.isEqual).

Vulnerable underscore@1.7.0 came from js-yaml@2.1.3 → argparse@0.1.16.
All other instances were already ≥1.13.8.

GitOrigin-RevId: b2ab4bc2682e19709694b7dd686134a439ade90c
 2026-05-22 08:06:48 +00:00
Olzhas Askar bb0dc07d22 Merge pull request #33741 from overleaf/lg-sanitize-html-upgrade 
[Security upgrade] Upgrade sanitize-html to 2.17.4 (GHSA-rpr9-rxv7-x643)

GitOrigin-RevId: 40a11361eac35d44a6fd7069e0d0d7c02a6628ec
 2026-05-21 08:06:33 +00:00
Miguel Serrano 107189cd5f [web] Clear hardcoded password in external SP auth (#33597) 
registerExternalAuthAdmin() now generates a random password on admin registration.

A migration clears the password for existing installs only in CE/SP

GitOrigin-RevId: 94a82d35dc8cd46915c31fb24f477c19367025eb
 2026-05-21 08:06:07 +00:00
Mathias Jakobsen 5d4f38e57a Merge pull request #33629 from overleaf/lg-fast-uri-resolution 
[Security upgrade] Pin fast-uri to 3.1.2 via resolutions (GHSA-q3j6-qgpj-74h6, GHSA-v39h-62p7-jpjc)

GitOrigin-RevId: 154e742e12cb68e8b1c8d5b88e1a188160746784
 2026-05-20 08:07:34 +00:00
Eric Mc Sween 2f32b9d61e Merge pull request #32706 from overleaf/em-dropbox-queue 
[third-party-datastore] Apply Dropbox→Overleaf updates inline, removing queue hop

GitOrigin-RevId: 1ea17eefe57aaf32634ce3395682f7eac2e53dc5
 2026-05-20 08:07:10 +00:00
Lucie Germain 2f08f6f6eb Bump mongoose to 8.22.1 (GHSA-wpg9-53fq-2r8h) (#33648) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
GitOrigin-RevId: f092e8d914ea5825e285fe4741bb42dd2c5d5fa3
 2026-05-20 08:07:05 +00:00
Andrew Rumble e9aedce4ab Merge pull request #33625 from overleaf/ar-update-vitest 
[monorepo] bump vitest to 4.1.5

GitOrigin-RevId: 22ba2249ae384fd59347c9aa45c70f51ccdf8890
 2026-05-18 08:06:49 +00:00
Andrew Rumble 19ad00c329 Merge pull request #33743 from overleaf/lg-systeminformation-upgrade 
[Security Upgrade] Upgrade systeminformation to 5.31.6 (GHSA-hvx9-hwr7-wjj9)

GitOrigin-RevId: bd75d2bc59e183d23972e367f40f753c08ca6967
 2026-05-18 08:06:41 +00:00
Andrew Rumble 25dfaab2a1 Merge pull request #33641 from overleaf/lg-fast-xml-builder-resolution 
[Security upgrade] Pin fast-xml-builder to 1.1.7 via resolutions (GHSA-5wm8-gmm8-39j9, GHSA-45c6-75p6-83cc)

GitOrigin-RevId: ab13841bd8c20da98a136567cf7436ebb9f73722
 2026-05-15 08:08:40 +00:00
renovate[bot] fc66bbfb26 [CoreI] Update dependency axios to v1.15.2 from 1.15.0 [SECURITY] (#33398) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
GitOrigin-RevId: 567d0e7463084e872187a72085714f68d84dc5b6
 2026-05-14 08:06:04 +00:00
Alf Eaton 00ddd8185c Upgrade webpack and related dependencies (#31638) 
GitOrigin-RevId: e188a6ab9f7a024c1769a85e1d4e40ccb5d02213
 2026-05-14 08:05:51 +00:00
Jakob Ackermann b62d4814c3 [monorepo] turn throw statements in callback code into callback calls (#33524) 
* [eslint-plugin] add rule for throw inside callback code

* [monorepo] enable our custom eslint plugins globally

* [monorepo] fix running make lint from root

* [monorepo] turn throw statements in callback code into callback calls

* [monorepo] add eslint-plugin libraries to all the Dockerfiles

* [monorepo] install eslint-plugin library at the root level

* [linked-url-proxy] add eslint-plugin library into Dockerfile

* [latexqc] add our eslint-plugin to eslint config

GitOrigin-RevId: b05e3ebbefb62370f2422e83880dd3913815270d
 2026-05-14 08:05:47 +00:00
Andrew Rumble 5e3561aedc Merge pull request #33655 from overleaf/lg-ip-address-resolution 
Pin ip-address to 10.1.1 via resolutions (GHSA-v2v4-37r5-5v8g)

GitOrigin-RevId: c0233698549fee7f32c8a95a17b793b8535922c1
 2026-05-14 08:05:30 +00:00
renovate[bot] 5c5a80923a [Platform] Update dependency dompurify to v3.4.0 from 3.3.3 [SECURITY] (#33227) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
GitOrigin-RevId: da9d98ac0b4d3690bd2db18f7c4f61cf45fb379a
 2026-05-12 08:05:58 +00:00
Andrew Rumble 45005d2783 Merge pull request #33483 from overleaf/ar-remove-unused-sandboxed-module-deps 
[monorepo] remove sandboxed-module from services that don't use it

GitOrigin-RevId: dbb9c3b11f4b5436a447942713ce02ff3efb0b50
 2026-05-11 08:06:20 +00:00
Brian Gough 3940f8c2a7 Merge pull request #33504 from overleaf/bg-upgrade-yauzl 
Upgrade yauzl library in web to version 3.3.0

GitOrigin-RevId: 82b4158db7a432f4257bd48402840f07801c6d07
 2026-05-11 08:05:47 +00:00
renovate[bot] 47f80317e4 [CoreI] Update dependency nodemailer to v8.0.5 [SECURITY] (#32703) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
GitOrigin-RevId: 3ae15cc3adad3d0212c46b5c478210dc9f20ef08
 2026-05-08 08:10:18 +00:00
renovate[bot] de9b07f0b9 [Platform] Update dependency lodash to v4.18.1 from 4.17.23 [SECURITY] (#33229) 
* Upgrade lodash resolution to 4.18.1

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* update lodash in rest of packages

---------

Co-authored-by: Eric Mc Sween <5454374+emcsween@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Anna Fields <acfields11@gmail.com>
GitOrigin-RevId: 66ce1610993a592899c25155757ca3267ebcd5c1
 2026-05-07 08:07:41 +00:00
Alf Eaton 37a68a9c5e Reapply "Add Vertex as an AI provider (#32450)" (#33339) 
GitOrigin-RevId: d506c99cf32fae97b6721923256bd980120fbeed
 2026-05-06 08:07:19 +00:00
Andrew Rumble f434b1fc28 Merge pull request #33149 from overleaf/ar-ja-remove-i18next-additional-packages 
[web] remove i18next additional libraries

GitOrigin-RevId: 98fc17b409090db32b02bb66953f1c2e6efee608
 2026-05-06 08:05:41 +00:00
Alf Eaton e3f88791da Revert "Add Vertex as an AI provider (#32450)" (#33309) 
This reverts commit 20d895350ee13a7683f178bc83b87f0e765c7af6.

GitOrigin-RevId: 6be06b0fee0b038c42db45fce2377efd5d5a47dc
 2026-05-01 08:06:32 +00:00
Alf Eaton f00dab5cc0 Add Vertex as an AI provider (#32450) 
GitOrigin-RevId: 20d895350ee13a7683f178bc83b87f0e765c7af6
 2026-05-01 08:06:25 +00:00
Domagoj Kriskovic 9e677a2c1e Use overleaf CDN for loading pyodide packages 
GitOrigin-RevId: e17ff3387166421a546a9519786d77ba12cdffc4
 2026-04-30 08:05:23 +00:00
Anna Claire Fields 0d64a88a46 Yarn 4 Migration (#32253) 
Migrates the Overleaf monorepo package manager from npm (v11) to Yarn 4 (v4.9.1) using node-modules linker mode.

GitOrigin-RevId: 50d32ab01955c15e29679eff9e9e9cfb897fab2d
 2026-04-28 08:52:37 +00:00