Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup/removing files fix console log #4342

Draft
wants to merge 407 commits into
base: master
Choose a base branch
from
Draft

Cleanup/removing files fix console log #4342

wants to merge 407 commits into from

Conversation

MikesGlitch
Copy link
Contributor

No description provided.

j-f1 and others added 30 commits April 8, 2023 07:46
@j-f1
Blank commit to trigger image build
1504127
@j-f1
Add workflow_dispatch to edge image action so it can be manually run
0096907
@intiplink
github action workflow: revert old way to build images (#184)
82b4643
@albertogasparin
Use babel preset-typescript (#185)
47d77a3 
Seems like we already added `tsc` to build the project, but we use the
wrong babel preset (Flow) instead of the specific TS one. This is only
used in testing to make Jest work (from what I can tell).
@j-f1
Add express-rate-limit (#187)
a1af1ff 
CodeQL keeps yelling at us about this… I’m not sure if the filter is
smart enough to use this rate limit middleware to remove the warnings,
but at least we will be setting a reasonable bound on attempts to crack
the server password.
@MatissJanis
🔖 (23.4.1) fix rule creation from transaction list (actualbudget#188)
bc93604
@j-f1 @MatissJanis
Add a password set/reset script (#186)
104c980 
Co-authored-by: Matiss Janis Aboltins <[email protected]>
@j-f1
Add a handler for AxiosError errors (actualbudget#189)
652d75a
@MatissJanis @github-actions
🔖 (23.4.2) revert back to old autocomplete & keyboard shortcut fix (#…
2f54a94 
…192)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@Jackenmen
Add a field with all transactions to /nordigen/transactions endpoint …
7c744f0 
…(#190)

Helps with actualbudget#919 by adding the `all` field wit both
pending and booked transactions to the output of
`getTransactionsWithBalance()` and, by extension, the
`/nordigen/transactions` endpoint.

I could alter the `getTransactions()` to return the `all` field as well
but I figured that keeping it such that it returns the output from
Nordigen API 1:1 might be better so I left it as is. If you don't agree,
let me know and I'll update this.
@j-f1
Remove the unused migrations folder (actualbudget#195)
996f238
@henrikmaa
App secret service (actualbudget#194)
d60bb6a 
Co-authored-by: Henrik Maaland <[email protected]>
@MatissJanis
🐛 (nordigen) return JSON response for the secrets API (#197)
fb6dc5e 
A small fix: returning JSON response instead of plain-text.

The frontend always expects a JSON response. So a tiny fix here..
@MatissJanis
🔖 (23.5.0) various improvements (actualbudget#200)
9169bfa
@j-f1
Update README (actualbudget#201)
5d36ecb
@j-f1
Authenticate request for artifacts (actualbudget#204)
c2c8c17 
Previously, the latest artifact list was requested unauthenticated using
`ADD "https://api.github.com/..." /tmp/artifacts.json`. While this works
locally, on GitHub’s servers it seems that the per-IP rate limit was
exceeded. There isn’t a way to get Docker to pass the `Authorization`
header that I know of, so this work has been moved to an external shell
script that pulls down the relevant data.
@j-f1
Migrate to combined release notes action from main repo (actualbudget…
d1ff068 
…#208)
@MatissJanis @github-actions
🔖 (23.6.0) category hiding and filters for reports (actualbudget#207)
7c8e9bb 
Web: actualbudget#1087
Server: actualbudget/actual-server#207
Docs: actualbudget/docs#179

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@rich-howell @j-f1
Update README.md (#215)
8ac74ed 
Remove the bulk in favour of links to our core docs.

---------

Co-authored-by: Jed Fox <[email protected]>
@j-f1
Update “how it works” link (#216)
ca27949 
- actualbudget/docs#202
@rich-howell
Contributing readme link update (actualbudget#217)
5954141 
Replaced contributing link

<!-- Thank you for submitting a pull request! Make sure to follow the
instructions to write release notes for your PR — it should only take a
minute or two:
https://github.com/actualbudget/docs#writing-good-release-notes -->
@j-f1
Add a health check script (actualbudget#214)
5252f45 
This allows running a health check from inside the container. Usage:
`npm run health-check`. That may not work inside of Alpine containers,
so you can do `node src/scripts/health-check.js` directly instead. Fixes
actualbudget#213.
@MatissJanis
♻️ (crdt) use actual-app/crdt package instead of api (actualbudget#218)
debb33a 
Using the new CRDT package instead of API.
@Shazib
Update comments in docker-compose.yml (actualbudget#221)
28e0d71
@MatissJanis @github-actions
🔖 (23.7.0) Nordigen release, stability improvements (actualbudget#222)
8237eb5 
- web: actualbudget#1280
 - server: actualbudget/actual-server#222
 - docs: actualbudget/docs#223

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@MatissJanis
🔖 (23.7.1) critical sync fixes (actualbudget#224)
c2ee928 
- web: actualbudget#1295
- server: actualbudget/actual-server#224
- docs: actualbudget/docs#225
@MatissJanis
🔖 (23.7.2) more patches (not so critical, but still annoying) (actual…
354152d 
…budget#225)

- web: actualbudget#1322
- server: actualbudget/actual-server#225
- docs: actualbudget/docs#230
@MatissJanis
⬆️ (nordigen-node) upgrade to v1.2.6 (actualbudget#229)
1de788e 
1. upgrade `nordigen-node` to 1.2.6 (which uses the new gocardless
domain)
2. allow accessing `nordigen` functionality via `/gocardless` to unblock
using the new API path in actual-web
@dependabot
build(deps): bump word-wrap from 1.2.3 to 1.2.4 (actualbudget#230)
723d9cd 
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3
to 1.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jonschlinkert/word-wrap/releases">word-wrap's
releases</a>.</em></p>
<blockquote>
<h2>1.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove default indent by <a
href="https://github.com/mohd-akram"><code>@​mohd-akram</code></a> in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li>
<li>🔒fix: CVE 2023 26115 (2) by <a
href="https://github.com/OlafConijn"><code>@​OlafConijn</code></a> in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li>
<li>:lock: fix: CVE-2023-26115 by <a
href="https://github.com/aashutoshrathi"><code>@​aashutoshrathi</code></a>
in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li>
<li>chore: publish workflow by <a
href="https://github.com/OlafConijn"><code>@​OlafConijn</code></a> in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/42">jonschlinkert/word-wrap#42</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mohd-akram"><code>@​mohd-akram</code></a> made
their first contribution in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li>
<li><a
href="https://github.com/OlafConijn"><code>@​OlafConijn</code></a> made
their first contribution in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li>
<li><a
href="https://github.com/aashutoshrathi"><code>@​aashutoshrathi</code></a>
made their first contribution in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4">https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/f64b188c7261d26b99e1e2075d6b12f21798e83a"><code>f64b188</code></a>
run verb to generate README</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/03ea08256ba0c8e8b02b1b304f0f5bd2b1863207"><code>03ea082</code></a>
Merge pull request <a
href="https://redirect.github.com/jonschlinkert/word-wrap/issues/42">#42</a>
from jonschlinkert/chore/publish-workflow</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/420dce9a2412b21881202b73a3c34f0edc53cb2e"><code>420dce9</code></a>
Merge pull request <a
href="https://redirect.github.com/jonschlinkert/word-wrap/issues/41">#41</a>
from jonschlinkert/fix/CVE-2023-26115-2</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/bfa694edf55bb84ff84512f13da6d68bf7593f06"><code>bfa694e</code></a>
Update .github/workflows/publish.yml</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/ace0b3c78f81aaf43040bab3bc91d3c5546d3fd2"><code>ace0b3c</code></a>
chore: bump version to 1.2.4</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/6fd727594676f3e1b196b08a320908bec2f4ca02"><code>6fd7275</code></a>
chore: add publish workflow</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/30d6daf60fce429f5f559252fa86ee78200652c4"><code>30d6daf</code></a>
chore: fix test</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/655929cabea6299dddf3b4a21fc3713fca701b48"><code>655929c</code></a>
chore: remove package-lock</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/49e08bbc32a84da5d79e6b7e0fa74ff6217f6d81"><code>49e08bb</code></a>
chore: added an additional testcase</li>
<li><a
href="https://github.com/jonschlinkert/word-wrap/commit/9f626935f3fac6ec0f3c4b26baea4eb9740d9645"><code>9f62693</code></a>
fix: cve 2023-26115</li>
<li>Additional commits viewable in <a
href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=word-wrap&package-manager=npm_and_yarn&previous-version=1.2.3&new-version=1.2.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/actualbudget/actual-server/network/alerts).

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@MatissJanis
♻️ rename nordigen to gocardless (actualbudget#231)
20c2f19 
Just renaming things from Nordigen to Gocardless.
nsulzer and others added 23 commits January 14, 2025 22:21
@nsulzer @UnderKoen
Add GoCardless integration for COMMERZBANK_COBADEFF (actualbudget#537)
205ccfe 
* Add GoCardless integration for COMMERZBANK_COBADEFF

* Add optional iban property to creditorAccount

* Use fallback for normalizeAccount and calculateStartingBalance

* Update src/app-gocardless/banks/commerzbank_cobadeff.js

---------

Co-authored-by: Koen van Staveren <[email protected]>
@matt-fidd
Use the maximum access validity time provided by GoCardless (actualbu…
45d53ff 
…dget#551)

* use validForMax supplied by GoCardless

* remove overrides in bank handlers

* note

* update types
@sergiofmreis @coderabbitai
Add support for ABANCA_CORP_CAGLPTPL payee name (actualbudget#550)
ecb4d71 
* add support for ABANCA_CORP_CAGLPTPL payee name

* Create Release Notes file

* Lint institutionIds array

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

---------

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@ihhha
Add "Caixa Geral De Depositos" Portugal to banks with limited history (
c53e9e9 
…actualbudget#547)

* Add "Caixa Geral De Depositos" Portugal to banks with limited history

* Create Release Notes file

* Update to alphabetical order
@matt-fidd
add direkt_heladef1822 to bank-factory (actualbudget#554)
5f82315
@lnagel
Add support for LHV_LHVBEE22 (actualbudget#542)
0f2226e 
* Add support for LHV_LHVBEE22

* Add upcoming-release-notes/542.md

* Don't set bookingDate unless booked

* Add a basic spec file

* Add test case for invalid date and date validation to handle it

* Remove accessValidForDays
@Knocks83
Add health check to docker compose (actualbudget#546)
5ada00c 
* Add health check to docker compose

* Added release note for PR

* Readded the mistakenly-deleted array to the release note author
@DennaGherlyn
SSK_DUSSELDORF_DUSSDEDDXXX: remove non-booked transactions from import (
0312f51 
actualbudget#553)

* remove non-booked transactions from import

* Add release notes

* minor fix to please the linter

* Add coderabbit suggestions

* add test file

* fix test

* add coderabbit fixes to test file

* fix mock console

* Correct consoleSpy to make linter happy

* Add mock cleanup
@jfdoming @github-actions
🔖 (25.2.0) (actualbudget#561)
ca480a8 
* 🔖 (25.2.0)

* Remove used release notes

* Pull in newly built npm package

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@matt-fidd
dynamically load GoCardless handlers (actualbudget#557)
abeeb05 
* dynamically load GoCardless handlers

* note
@MikesGlitch @jfdoming
A note informing of the repo merge of actual-server into the actual r…
8b49a25 
…epo (actualbudget#560)

* Update README.md

* Create 560.md

* Update README.md

Co-authored-by: Julian Dominguez-Schatz <[email protected]>

---------

Co-authored-by: Julian Dominguez-Schatz <[email protected]>
@MikesGlitch
Fix esm error on windows (actualbudget#566)
e1a694a 
* fix esm error on windows

* release notes

* renaming release note
@matt-fidd
🔖 (25.2.1) (actualbudget#565)
cac4761
@MikesGlitch
Moved actual-server into actual repo
8c0ca48
@MikesGlitch
Merge branch 'oldserver_master' into actual-server-into-actual
e88bd78
@MikesGlitch
updating yarn lock file to accomodate sync-server
722e30e
@MikesGlitch
integrating actual-server git workflows
83ba751
@MikesGlitch
docker updates for the new structure of sync server
af3598e
@MikesGlitch
updating docker with new references to sync-server
46aa79a
@MikesGlitch
release notes
c947d96
@MikesGlitch
updating the way the server loads the actual web build path to accoun…
ce99c49 
…t for different folder structure
@MikesGlitch
removing unneeded files
c5b6758
@MikesGlitch
fix some security warnings
fe65fcc
@netlify Netlify
Copy link

netlify bot commented Feb 9, 2025
edited
Loading

Deploy Preview for actualbudget ready!

Name Link
🔨 Latest commit 47d64e0
🔍 Latest deploy log https://app.netlify.com/sites/actualbudget/deploys/67aa4b1f11c95f000867e3a3
😎 Deploy Preview https://deploy-preview-4342.demo.actualbudget.org
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 9, 2025
edited
Loading

Bundle Stats — desktop-client

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
16 6.81 MB → 6.83 MB (+25.89 kB) +0.37%
Changeset
File Δ Size
locale/de.json 📈 +14.11 kB (+14.58%) 96.74 kB → 110.85 kB
locale/nl.json 📈 +10.96 kB (+13.06%) 83.87 kB → 94.83 kB
locale/pt-BR.json 📈 +760 B (+0.72%) 103.29 kB → 104.03 kB
locale/en.json 📈 +88 B (+0.09%) 99.34 kB → 99.43 kB
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

Asset File Size % Changed
static/js/de.js 96.74 kB → 110.85 kB (+14.11 kB) +14.58%
static/js/nl.js 83.87 kB → 94.83 kB (+10.96 kB) +13.06%
static/js/pt-BR.js 103.29 kB → 104.03 kB (+760 B) +0.72%
static/js/en.js 99.34 kB → 99.43 kB (+88 B) +0.09%

Smaller

No assets were smaller

Unchanged

Asset File Size % Changed
static/js/en-GB.js 99.33 kB 0%
static/js/workbox-window.prod.es5.js 5.69 kB 0%
static/js/indexeddb-main-thread-worker-e59fee74.js 13.5 kB 0%
static/js/resize-observer.js 18.37 kB 0%
static/js/BackgroundImage.js 122.29 kB 0%
static/js/uk.js 111.11 kB 0%
static/js/useAccountPreviewTransactions.js 1.69 kB 0%
static/js/AppliedFilters.js 10.52 kB 0%
static/js/narrow.js 84.94 kB 0%
static/js/wide.js 102.8 kB 0%
static/js/ReportRouter.js 1.59 MB 0%
static/js/index.js 4.29 MB 0%

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 9, 2025
edited
Loading

Bundle Stats — loot-core

Hey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle.

As this PR is updated, I'll keep you updated on how the bundle size is impacted.

Total

Files count Total bundle size % Changed
1 1.33 MB 0%
Changeset
File Δ Size
node_modules/side-channel/node_modules/object-inspect/index.js 🆕 +18.55 kB 0 B → 18.55 kB
node_modules/object-inspect/index.js 🔥 -18.55 kB (-100%) 18.55 kB → 0 B
View detailed bundle breakdown

Added

No assets were added

Removed

No assets were removed

Bigger

No assets were bigger

Smaller

No assets were smaller

Unchanged

Asset File Size % Changed
kcab.worker.js 1.33 MB 0%

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 9, 2025
View reviewed changes
packages/sync-server/src/app-simplefin/app-simplefin.js
let username = null;
let password = null;
let baseUrl = null;
if (!accessKey || !accessKey.match(/^.*\/\/.*:.*@.*$/)) {

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High

This
regular expression
Loading
that depends on
a user-provided value
Loading
may run slow on strings starting with '//' and with many repetitions of '//'.
This
regular expression
Loading
that depends on
a user-provided value
Loading
may run slow on strings starting with '//:' and with many repetitions of ':'.
This
regular expression
Loading
that depends on
a user-provided value
Loading
may run slow on strings starting with '//:@' and with many repetitions of '@'.
packages/sync-server/src/app-simplefin/app-simplefin.js
Comment on lines +293 to +297
const req = https.request(new URL(token), options, (res) => {
res.on('data', (d) => {
resolve(d.toString());
});
});

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
packages/sync-server/src/app-simplefin/app-simplefin.js
Comment on lines +361 to +386
const req = https.request(
new URL(`${sfin.baseUrl}/accounts${queryString}`),
options,
(res) => {
let data = '';
res.on('data', (d) => {
data += d;
});
res.on('end', () => {
if (res.statusCode === 403) {
reject(new Error('Forbidden'));
} else {
try {
const results = JSON.parse(data);
results.sferrors = results.errors;
results.hasError = false;
results.errors = {};
resolve(results);
} catch (e) {
console.log(`Error parsing JSON response: ${data}`);
reject(e);
}
}
});
},
);

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

The
URL
Loading
of this request depends on a
user-provided value
Loading
.
packages/sync-server/src/app-sync.js
syncVersion: syncFormatVersion,
name: name,
encryptMeta: encryptMeta,
owner:

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
packages/sync-server/src/app-sync.js
res.status(400).send('Single file ID is required');
return;
}

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a
user-provided value
Loading
.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🚧 WIP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.