node-fetch: 2.6.0 -> 2.6.1 (security)
browserslist: 4.14.0 -> 4.14.1
stylelint: 13.6.1 -> 13.7.0
Obligatory bump to versions.json as this commit requires rebuilding
client assets (dev dependencies updates affect style.css).
As usual, rebuilds will be in the next commit by the build bot.
src/js/misc/utils.js: Added page.getPrettyUptime().
Updated dependency:
helmet: 3.23.3 -> 4.1.0
lolisafe.js: Disabled CSP by default.
Since helmet 4, CSP would instead be enabled by default.
Added new dev dependencies:
bulma, gulp-sass, node-sass
Updated some dependencies
Various other things related to styling
Bumped v1 version string and rebuilt client assets
UPDATE YOUR CONFIG FILE IF YOU USE CHUNKED UPLOADS!
Read more about this at the end.
Added new dependency: blake3
Hashes will be created as the uploads are being written to disk.
With exception for chunked uploads!
For them specifically, their hashes will be created as they're being
rebuilt into a single file.
Should still be a lot better than the previous case where it had to
re-read the already written files.
To support that feature, added a new file
controllers/multerStorageController.js.
It's just a custom storage engine for Multer.
chunkSize option now allows setting max chunk size from config file.
Previously it was hardcoded to 95MB, but assuming you have paid
Cloudflare plans, you can actually have up to 500MB.
Also moved the option to be after maxSize and before urlMaxSize.
Made a lot more sense to me this way, as chunked uploads only work on
regular uploads.
Updated v1 version string and rebuilt client assets.
systeminformation: 4.23.9 -> 4.26.1
eslint-plugin-compat: 3.5.1 -> 3.6.0
Renamed all .eslintrc.json to .eslintrc.js.
Removed unnecessary init for missing params in favor of default params.
Buble will take care of compiling that for old browsers.
Bumped ecmaVersion for client JS from 6 (2015) to 7 (2016).
Buble should support compiling ES2016 features as well.
Properly deny some actions when an online section is still loading.
Properly apply progress cursor on items/buttons that shouldn't be used
while an online section is still loading.
Bumped v1 version string and rebuilt client assets.
Added "yarn migrate" as alias for "node ./database/migration.js".
Updated README.md about it.
Added a new column to users database: registration.
It will be used to store user's registration timestamp.
Registration date will be displayed in Dashboard's Manage Users.
Since this is a new column,
existing users will not have registration dates.
Last token change date will now be displayed in Dashboard as well.
<code> elements will now properly have relative font size.
User ID will now be displayed in Edit user dialog for reference purpose.
Bumped v1 version string and rebuilt client assets.
Updated screenshot.
Edited claim about node 12 not being tested, as I've tested it.
Couldn't find any issues.
Added a new section about updating when you have modified some files.
Rephrased ClamAV support section a bit.
Updated dependencies:
knex: 0.21.0 -> 0.21.1
Rebuilt yarn.lock file with node 12.
Nothing significant really changed.
Things seem to be backward compatible to node 10.
Updated README.md to emphasize Node 10.x is the oldest supported version
and that Node 12.x have NOT been tested.
I'll work on testing Node 12.x in the near future though!
Please consult the Help? button again to learn all the syntax changes!
The prompt will now also have its width expanded!
Updated dependency, knex: 0.20.13 -> 0.20.15.
Added new dependency: search-query-parser.
Updated all sub-dependencies.
Critical? Admins-only API /users/edit will no longer return NEW password
salt of the user when randomizing their password.
Added page.escape() function to js/misc/utils.js.
This will be used to escape input in upload filters input box.
The same function used in utilsController.js.
Pretty dates will now use / instead of - for date separator.
This is due to the fact that date range key for filtering uploads
can not accepts dates with - separator.
To avoid inconsistency, we will now use / separator.
Caching system of album public pages will now be disabled during
development (yarn develop).
Cleaned up domClick() function in js/dashboard.js.
If using date or expiry range keys when filtering uploads, attach
client's timezone offset to the API requets.
This will be used by the server to calculate timezone differences.
Success prompt when changing token will now auto-close.
Removed ID column from Manage Users.
Improved success prompt when editing users.
This will properly list all of the edited fields at once,
excluding user group change.
Success message for user group change will require a bit more changes
on the API endpoint, which is a bit annoying.
Rebuilt client-side assets and bumped v1 version string.
Updated all dependencies.
Some latest version of dependencies such as bcrypt and sharp
requires Node 10+.
Updated fontello.css to uses latest version string from versions.js.
When updating version strings in commit
2670db269d, I forgot to rebuild this css.
Rebuilt all CSS assets, not sure why.
Probably due to browserslist being updated?
While I was as it, I also updated safe.fiery.me's node version to
10.19.0.
This doesn't use the server's built-in ability to accept multiple URLs
per API request.
It behaves the same as regular uploads, in that it executes one API call
per file, simultaneously.
I figured this is a better implementation to shift queues faster.
---
Fetch error from URL uploads due to exceeding size limit will no longer
be logged in server's console.
Clients will also see better formatted error message for URL uploads'
file size limit errors.
---
Bumped dependencies:
knex: 0.20.2 -> 0.20.3
systeminformation: 4.15.3 -> 4.16.0
Bumped v1 version string
As it turns out, Dropzone had a built-in timeout of 30 seconds.
There'll be no timeout now (thus respecting timeout settings of the
server and/or CDN).
While I was at it, I also refactored the bits for initializing Dropzone.
Also added a hacky method to handle Dropzone timeout,
in case someone wants to re-enable that.
"Hacky" due to lack of Dropzone's built-in timeout event handler.
Updated dev dependency:
eslint: 6.6.0 -> 6.7.1
bcrypt: 3.0.6 -> 3.0.7
knex: 0.20.1 -> 0.20.2
sharp: 0.23.2 -> 0.23.3
Dev dependency:
browserslist: 4.7.2 -> 4.7.3
As always, this was a full upgrade, so sub-dependencies were also
upgraded if applicable (more details in yarn.lock).
I noticed stylelint also got updated to v12, but I will be postponing
that till gulp-stylelint updates its peer dependency requirement.
Uploads thumbs view (dashboard) will no longer use smooth scrolling on
page change, etc.
This used to cause all thumbs to be loaded anyway when navigating with
its bottom pagination bar.
Bumped v1 version string.
---
Updated dependency:
systeminformation: 4.14.17 -> 4.15.3
Replaced all instances of DB .whereRaw with their much safer equivalent
methods.
All previous usages of .whereRaw were vulnerable to SQL injections,
cause we were passing the data directly.
Fortunately, they were only used in API routes that required staff
(moderators included) accounts.
---
Updated dependency:
helmet: 3.21.1 -> 3.21.2
Rewritten codes for home uploader config.
All options are now defined in a single config object in home.js.
Config tab content will be dynamically generated through that config.
This should eliminate the need of modifying home.njk whenever a new
option needs to be added,
make the codes more readable, and easier to extend.
Upgrade stylelint dev dependency.
Bumped v1 version string.
Added gulp-replace dev dependency.
Removed version strings of Fontello fonts from fontello.css
Added "build:fontello" Gulp task which will append version string to
Fontello fonts, then do the usual processing for CSS file.
It will use type 5 from versions.json, if available.
Also updated src/README.md about it.
Removed version strings from _globals.njk,
in favor of src/versions.json.
That versions in that file can be bumped with "yarn bump-versions".
v1 is automatically bumped when doing "yarn build" as well.
Added README file in src directory, explaining versions.json file.
Added README file in scripts directory, detailing usage of each scripts.
Version strings will no longer be appended when cacheControl is disabled
in config file.
After all, version strings are only needed when the static assets are
cached indefinitely in users' browsers.
Initial Cloudflare's cache purging will no longer be executed when
cloudflare -> purgeCache is disabled, even if cacheControl is enabled.
Just in case someone wants to use version strings for other use cases.
Actually use custom metaDesc variable on meta description tag.
