thibaud-lclr/api-client
1
0
Fork 0
Code Packages Activity Actions
6071 commits 1 branch 0 tags 94 MiB
Commit graph

491 commits

Author SHA1 Message Date
James George
ad4041e51a chore: address remaining production audit findings 
Bump handlebars to 4.7.9, @apollo/server to 5.5.0, and
nodemailer to 8.0.4 in the backend. Add narrow pnpm
overrides for path-to-regexp (8.4.0) and dompurify (3.3.3).
Move unplugin-icons to devDependencies in sh-admin to keep
dev-only transitive packages out of the production audit.
 2026-03-30 12:50:14 +05:30
Mir Arif Hasan
8ac1b29b88
fix: use team.findMany for fetching user teams (#6057) 2026-03-28 08:37:10 +06:00
James George
d5a19320b8 chore: bump version to 2026.3.0 2026-03-27 19:52:07 +05:30
Mir Arif Hasan
e4eee306a7
chore: patch dependency vulnerabilities and harden production image (#6055) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-27 19:26:26 +05:30
Nahid Hasan
60c607c185
fix: validate device-login redirect_uri to prevent token theft via DNS wildcard bypass (#6012) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-27 14:45:46 +05:30
Mir Arif Hasan
59c1b595a6
feat: show user workspace memberships in admin dashboard (#5968) 
Co-authored-by: Anwarul Islam <anwaarulislaam@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-26 00:28:36 +05:30
Mir Arif Hasan
06bdd7ca6a
feat: add MAILER_SMTP_IGNORE_TLS and optional SMTP auth (#5972) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-25 23:30:46 +05:30
Mir Arif Hasan
da3b8c5d37
fix(backend): prevent stored XSS via mock server responses and cross-team request moves (#6006) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-25 16:16:38 +05:30
Mir Arif Hasan
2fcf5b7a5f
chore: security patch for the dependency chain v2026.3.0 (#6013) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-24 16:34:36 +05:30
James George
4cbe23cf00 chore: bump version to 2026.2.1 2026-03-04 19:09:52 +05:30
Mir Arif Hasan
a91acdd6bf
fix(backend): bump Prisma packages to 7.4.2 (#5932) 2026-03-04 11:42:59 +05:30
Mir Arif Hasan
1f4ae3dd88
fix(backend): enforce user ownership when deleting PAT (#5916) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-02 23:35:19 +05:30
Mir Arif Hasan
d6ea86dcca
fix(backend): prevent request payload from overriding id and name (#5913) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-03-02 21:50:43 +05:30
Mir Arif Hasan
57be05cdcb
fix(backend): prevent IDOR in user collection and request endpoints (#5902) 2026-02-24 23:32:43 +05:30
Mir Arif Hasan
803e4633a2
feat: api documentation versioning (#5676) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-23 20:11:55 +05:30
Mir Arif Hasan
a1be60da64
fix(backend): resolve security advisories for IDOR and onboarding bypass (#5897) 
Improve error handling in the onboarding status check

---

Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-23 18:11:45 +05:30
James George
a40c491f7a chore: bump version to 2026.2.0 2026-02-23 17:46:08 +05:30
Leonic
1de672b8bd
feat(sh-admin): add search and pagination to teams list (#5803) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-20 14:13:14 +05:30
Mir Arif Hasan
4fe0e376bb
chore: security patch for the dependency chain v2026.2.0 (#5887) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-02-19 12:48:50 +05:30
James George
32114fc8ef chore: bump version to 2026.1.1 2026-02-04 22:54:23 +05:30
Mir Arif Hasan
bf11e7ee22
chore(backend): upgrade nodemailer dependency to v8 (#5833) 2026-02-04 18:40:13 +05:30
Mir Arif Hasan
37e9207b43
fix(backend): resolve database connection leak in infra-config operations (#5825) 2026-02-04 17:25:00 +05:30
No jae gun
2dc3463b69
fix(backend): use duration instead of timestamp for auth cookie maxAge (#5821) 
The maxAge option in Express's res.cookie() expects a duration in milliseconds, not an absolute timestamp. The previous code was adding `Date.now()` to the validity period, causing cookies to expire decades in the future instead of the intended 1 day / 7 days.

This was particularly problematic on macOS due to stricter cookie handling by Safari/WebKit.

Addresses #5818

Co-authored-by: njg7194 <njg7194@users.noreply.github.com>
 2026-02-04 11:08:07 +05:30
James George
8991f2a490 chore: bump version to 2026.1.0 2026-01-23 21:18:39 +05:30
shaezard
1824990980
fix: add teamID/userUid filter to updateMany queries, Fixed Row level locking to prevent deadlocks and achieve ~100x performance improvement (#5647) 
* fix: add teamID/userUid filter to updateMany queries

Prevents cross-user/cross-team orderIndex corruption

* fix: fix orderIndex of existing collections

* feat(backend): add cascade delete for collections

- Add onDelete: Cascade to TeamCollection parent relationship
- Add onDelete: Cascade to UserRequest → UserCollection relationship
- Remove manual recursive deleteCollectionData methods
- Simplify deleteUserCollection and deleteTeamCollection services
- Add Prisma migration for cascade delete foreign keys

Resolves #5654

* refactor(team-collection): remove manual deleteCollectionData method

Resolves #5654

* fix(backend): fixed locking mechanisms for collections and requests

- User/Team Collection/Requests

Resolves #5666

---------

Co-authored-by: Abdur Rahman Daanish <abdurrahman_daanish@intuit.com>
 2026-01-23 00:32:48 +06:00
Mir Arif Hasan
4f13549ed2
chore: security patch for the dependency chain v2026.1.0 (#5786) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2026-01-21 23:25:40 +05:30
Mir Arif Hasan
992579e285
fix: improve endpoint parsing in parseExample method (#5762) 2026-01-20 12:46:13 +06:00
James George
9693a82a87 chore: bump version to 2025.12.1 2026-01-05 16:15:09 +05:30
Mir Arif Hasan
212b15890e
chore: apply ThrottlerBehindProxyGuard across controllers (#5746) 2026-01-05 14:02:56 +06:00
Mir Arif Hasan
442242c8ca
chore: security patch for the quic-go vulnerability (#5710) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
Co-authored-by: Nahid Hasan <52489202+nahidhasan94@users.noreply.github.com>
 2025-12-19 21:00:22 +05:30
James George
440868d635 chore: bump version to 2025.12.0 2025-12-19 17:19:24 +05:30
Mir Arif Hasan
05927f3d4d
chore: security patch for the dependency chain v2025.12.0 (#5678) 
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-12-12 16:58:35 +05:30
James George
3527f217c9 chore: bump version to 2025.11.2 2025-12-10 18:58:30 +05:30
Mir Arif Hasan
92e3f52b47
chore: add sslmode support to PrismaService database URL parser (#5671) 2025-12-10 12:19:17 +06:00
Mir Arif Hasan
52735a166d
fix: add database URL parsing to PrismaService (#5656) 
* fix: add database URL parsing to PrismaService

* fix: feedback

* chore: add pool connectivity check to PrismaService
 2025-12-04 11:55:22 +06:00
James George
77d0956180 chore: bump version to 2025.11.1 2025-12-03 23:02:12 +05:30
Mir Arif Hasan
008335c715
feat: add auto-create collection option to mock server creation (#5637) 
Co-authored-by: Anwarul Islam <anwaarulislaam@gmail.com>
 2025-12-03 23:01:06 +05:30
Mir Arif Hasan
88c7e189cf
hotfix: clean up published docs with deleted collections (#5624) 2025-12-02 14:07:08 +06:00
Nivedin
ab52efc075
feat: improve documentation UI and add published docs indicators (#5620) 
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
 2025-11-27 12:29:29 +05:30
James George
c50076ef2e chore: bump dependencies 
Follow up to #5590.
 2025-11-26 11:06:57 +05:30
James George
7bcd268725 chore: bump version to 2025.11.0 2025-11-26 10:39:09 +05:30
Anwarul Islam
03212386fb
feat: add platform-specific import support for personal collections (#5570) 
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-11-25 22:03:21 +05:30
Nivedin
e63bfe3723
feat: API Documentation (#5499) 
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-11-25 11:26:57 +05:30
Mir Arif Hasan
92031c84c1
fix: filter undefined values in config and update build files (#5610) 2025-11-24 19:55:08 +06:00
Mir Arif Hasan
904a1b0405
chore: security patch for the dependency chain v2025.11.0 (#5590) 
Bump dependencies and account for breaking changes.

---------

Co-authored-by: James George <25279263+jamesgeorge007@users.noreply.github.com>
 2025-11-24 14:21:29 +05:30
James George
8b164f9e31 chore: bump version to 2025.10.1 2025-11-13 00:11:21 +05:30
James George
dae02c839f
fix: prevent log injection 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
 2025-10-30 23:06:42 +05:30
Anwarul Islam
e607f9db24
feat(common): mock server ui improvements (#5532) 
- Update active state styles for better visibility in the mock server.
- BE updates catered to improving content type handling in the mock server.
- Introduced a `disableMockServerInPersonalWorkspace` platform-level feature flag.
- Remove inactive keyboard shorthand nudges from the Mock server dashboard context menu.

---

Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
 2025-10-30 15:17:16 +05:30
Anwarul Islam
c0e3ff49b3
fix (common): address mock server issues and improve the UI (#5517) 
Co-authored-by: nivedin <nivedinp@gmail.com>
Co-authored-by: jamesgeorge007 <25279263+jamesgeorge007@users.noreply.github.com>
Co-authored-by: mirarifhasan <arif.ishan05@gmail.com>
 2025-10-29 16:25:02 +05:30
Mir Arif Hasan
213c5436bc
chore: mock server name validation and prevent duplicates (#5524) 2025-10-29 14:41:52 +06:00