Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00
Code Issues Releases Activity
810 commits 2 branches 41 tags 48 MiB
Commit graph

106 commits

Author SHA1 Message Date
Maksim Eltyshev
8df49a636a build: Use Node.js v22 2025-06-16 21:32:54 +02:00
Maksim Eltyshev
04b97b66cb chore: Update dependencies 2025-06-03 13:02:16 +02:00
Maksim Eltyshev
a2495b664e chore: Add missing things 2025-06-02 19:44:08 +02:00
Roman Zavarnitsyn
c0b0436851
feat: Add ability to mention users in comments (#1162) 2025-05-30 22:01:29 +02:00
Roman Zavarnitsyn
42817c5199
feat: Add CSV attachment viewer (#1154) 2025-05-27 14:19:44 +02:00
Maksim Eltyshev
2db75ed420 chore: Downgrade and pin i18next version 2025-05-21 13:25:54 +02:00
Maksim Eltyshev
dd8cd2f4fd chore: Bump vite to version 6 2025-05-10 21:45:31 +02:00
Maksim Eltyshev
2ee1166747 feat: Version 2 
Closes #627, closes #1047
 2025-05-10 02:09:06 +02:00
dependabot[bot]
db22394f45 chore(deps): Bump @babel/runtime from 7.26.0 to 7.27.0 in /client (#1100) 
Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.26.0 to 7.27.0.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.0/packages/babel-runtime)

---
updated-dependencies:
- dependency-name: "@babel/runtime"
  dependency-version: 7.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-22 15:57:21 +02:00
dependabot[bot]
15f87bdad9 chore(deps): Bump http-proxy-middleware from 2.0.7 to 2.0.9 in /client (#1095) 
Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 2.0.7 to 2.0.9.
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md)
- [Commits](https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.9)

---
updated-dependencies:
- dependency-name: http-proxy-middleware
  dependency-version: 2.0.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 01:15:08 +02:00
dependabot[bot]
bf289f514c chore(deps): Bump @babel/helpers from 7.26.0 to 7.26.10 in /client (#1063) 
Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.26.0 to 7.26.10.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-helpers)

---
updated-dependencies:
- dependency-name: "@babel/helpers"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 01:05:00 +02:00
dependabot[bot]
98d1df7edb chore(deps-dev): Bump axios from 1.7.7 to 1.8.2 in /client (#1062) 
Bumps [axios](https://github.com/axios/axios) from 1.7.7 to 1.8.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.7.7...v1.8.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-21 01:04:52 +02:00
dependabot[bot]
ac09d9b6bd chore(deps): Bump path-to-regexp and express in /client (#1013) 
Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `path-to-regexp` from 0.1.10 to 0.1.12
- [Release notes](https://github.com/pillarjs/path-to-regexp/releases)
- [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md)
- [Commits](https://github.com/pillarjs/path-to-regexp/compare/v0.1.10...v0.1.12)

Updates `express` from 4.21.1 to 4.21.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.2/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.21.1...4.21.2)

---
updated-dependencies:
- dependency-name: path-to-regexp
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-13 16:20:25 +01:00
dependabot[bot]
b909d03997 chore(deps): Bump nanoid in /client (#1011) 
Bumps  and [nanoid](https://github.com/ai/nanoid). These dependencies needed to be updated together.

Updates `nanoid` from 5.0.8 to 5.0.9
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ai/nanoid/compare/5.0.8...5.0.9)

Updates `nanoid` from 3.3.7 to 5.0.9
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ai/nanoid/compare/5.0.8...5.0.9)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: direct:production
- dependency-name: nanoid
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-13 16:20:04 +01:00
Maksim Eltyshev
ba632a8ab1 fix: Downgrade i18next to fix language change issue 2024-11-28 11:16:17 +01:00
Maksim Eltyshev
e243e15043 chore: Update dependencies 2024-11-22 17:13:17 +01:00
dependabot[bot]
8a99790f97 chore(deps): Bump cross-spawn from 7.0.3 to 7.0.6 in /client (#951) 
Bumps [cross-spawn](https://github.com/moxystudio/node-cross-spawn) from 7.0.3 to 7.0.6.
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6)

---
updated-dependencies:
- dependency-name: cross-spawn
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-11-22 16:17:53 +01:00
dependabot[bot]
776c7b0ac9 chore(deps): Bump http-proxy-middleware from 2.0.6 to 2.0.7 in /client (#922) 
Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/v2.0.7/CHANGELOG.md)
- [Commits](https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7)

---
updated-dependencies:
- dependency-name: http-proxy-middleware
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-27 21:18:12 +01:00
dependabot[bot]
d648edc680 chore(deps): Bump cookie and express in /client (#912) 
Bumps [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `cookie` from 0.6.0 to 0.7.1
- [Release notes](https://github.com/jshttp/cookie/releases)
- [Commits](https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.1)

Updates `express` from 4.21.0 to 4.21.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.21.0...4.21.1)

---
updated-dependencies:
- dependency-name: cookie
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-17 22:15:39 +02:00
Nalem7
096feb35bb test: Add BDD UI tests using Playwright (#911) 2024-10-17 22:06:48 +02:00
dependabot[bot]
77c0a5975f chore(deps): Bump rollup from 2.79.1 to 2.79.2 in /client (#898) 
Bumps [rollup](https://github.com/rollup/rollup) from 2.79.1 to 2.79.2.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v2.79.1...v2.79.2)

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-02 12:32:10 +02:00
Maksim Eltyshev
c43f828af4 chore: Update version 2024-09-16 21:21:30 +02:00
Maksim Eltyshev
cefc3d66eb chore: Update dependencies 2024-09-16 12:04:56 +02:00
dependabot[bot]
024821edad chore(deps): Bump micromatch from 4.0.7 to 4.0.8 in /client (#879) 
Bumps [micromatch](https://github.com/micromatch/micromatch) from 4.0.7 to 4.0.8.
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/micromatch/compare/4.0.7...4.0.8)

---
updated-dependencies:
- dependency-name: micromatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-13 22:43:00 +02:00
dependabot[bot]
3aeb8131eb chore(deps): Bump send and express in /client (#877) 
Bumps [send](https://github.com/pillarjs/send) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases)
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md)
- [Commits](https://github.com/pillarjs/send/compare/0.18.0...0.19.0)

Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.19.2...4.21.0)

---
updated-dependencies:
- dependency-name: send
  dependency-type: indirect
- dependency-name: express
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-13 22:42:39 +02:00
dependabot[bot]
2e536d5daa chore(deps): Bump webpack from 5.91.0 to 5.94.0 in /client (#864) 
Bumps [webpack](https://github.com/webpack/webpack) from 5.91.0 to 5.94.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.91.0...v5.94.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-13 22:42:08 +02:00
dependabot[bot]
bb2ceec426 chore(deps): Bump socket.io-parser from 3.3.3 to 3.3.4 in /client (#833) 
Bumps [socket.io-parser](https://github.com/Automattic/socket.io-parser) from 3.3.3 to 3.3.4.
- [Release notes](https://github.com/Automattic/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/3.3.4/CHANGELOG.md)
- [Commits](https://github.com/Automattic/socket.io-parser/compare/3.3.3...3.3.4)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-23 12:50:41 +02:00
Maksim Eltyshev
07e1903bb5 feat: Languages with country codes 2024-07-21 19:33:57 +02:00
Maksim Eltyshev
052ead4bad chore: Update dependencies 2024-06-02 01:34:03 +02:00
Maksim Eltyshev
52fb86f9e9 chore: Update dependencies 
Closes #726
 2024-04-23 15:45:47 +02:00
HannesOberreiter
800d2d012d feat: Display clickable links in tasks (#694) 
Closes #330
 2024-04-10 15:53:05 +02:00
Maksim Eltyshev
8110b7f3a5 chore: Revert remark-gfm update 2023-11-23 14:40:44 +01:00
Maksim Eltyshev
22aa3c4adf chore: Update dependencies 2023-11-17 14:34:10 +01:00
Lorenz Brun
9011ee61da feat: Improve OIDC SSO (#524) 
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.

It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.

It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.

It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.

By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.

Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.

This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.

[1] rfc-editor.org/rfc/rfc6749#section-5.1
 2023-10-19 17:39:21 +05:00
Maksim Eltyshev
b9716c6e3a fix: OIDC finalization and refactoring 2023-10-17 19:18:19 +02:00
gorrilla10101
6941500c7b feat: OIDC with PKCE flow (#491) 2023-09-04 20:06:59 +05:00
dependabot[bot]
d260d2dac0 chore(deps): Bump json5 from 1.0.1 to 1.0.2 in /client (#370) 
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-01-09 02:26:00 +05:00
Maksim Eltyshev
381146b991 fix: Fix router synchronization with redux store 2022-12-15 01:34:48 +01:00
Maksim Eltyshev
0dda762e99 fix: Improve building 2022-11-30 02:50:38 +01:00
Maksim Eltyshev
fa8afd7b6e chore: Update dependencies 2022-11-21 00:54:05 +01:00
Rafly Maulana
14434b81fe meta: Share global eslint config, move prettier config (#339) 2022-11-21 00:22:01 +05:00
Maksim Eltyshev
fa3a3ba2c0 ref: Little refactoring 2022-11-20 15:05:21 +01:00
Jacques Lorentz
2a64fc1a53 fix: Front-end base url with path (#303) 
Closes #43, closes #111, closes #272
 2022-09-30 14:48:58 +05:00
Maksim Eltyshev
e733a03c55 fix: Prevent popup from leaving window 2022-09-16 14:39:41 +05:00
Maksim Eltyshev
d0283aa89c fix: Use password strength estimator 
Closes #294
 2022-09-03 22:47:06 +05:00
SimonTagne
2b4c2b0f49 feat: Improve security of access tokens (#279) 
Closes #275
 2022-08-09 21:03:21 +05:00
Maksim Eltyshev
2f0eecaf2a chore: Update dependencies 2022-07-24 17:04:26 +02:00
Maksim Eltyshev
8f4d60c46f feat: Add gallery for attachments 2022-06-20 18:27:39 +02:00
ejo090
685cfe7cbe fix: Fix markdown line breaks 
Closes #257
 2022-06-06 17:37:43 +05:00
Maksim Eltyshev
7ef55ec578 feat: Store accessToken in cookies instead of localStorage 2022-04-26 18:01:55 +05:00