a9957481b6
chore(deps): Bump send and express in /client ( #877 )
...
Bumps [send](https://github.com/pillarjs/send ) and [express](https://github.com/expressjs/express ). These dependencies needed to be updated together.
Updates `send` from 0.18.0 to 0.19.0
- [Release notes](https://github.com/pillarjs/send/releases )
- [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md )
- [Commits](https://github.com/pillarjs/send/compare/0.18.0...0.19.0 )
Updates `express` from 4.19.2 to 4.21.0
- [Release notes](https://github.com/expressjs/express/releases )
- [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md )
- [Commits](https://github.com/expressjs/express/compare/4.19.2...4.21.0 )
---
updated-dependencies:
- dependency-name: send
dependency-type: indirect
- dependency-name: express
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
36b05a5478
chore(deps): Bump webpack from 5.91.0 to 5.94.0 in /client ( #864 )
...
Bumps [webpack](https://github.com/webpack/webpack ) from 5.91.0 to 5.94.0.
- [Release notes](https://github.com/webpack/webpack/releases )
- [Commits](https://github.com/webpack/webpack/compare/v5.91.0...v5.94.0 )
---
updated-dependencies:
- dependency-name: webpack
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
6a7a582045
chore(deps): Bump socket.io-parser from 3.3.3 to 3.3.4 in /client ( #833 )
...
Bumps [socket.io-parser](https://github.com/Automattic/socket.io-parser ) from 3.3.3 to 3.3.4.
- [Release notes](https://github.com/Automattic/socket.io-parser/releases )
- [Changelog](https://github.com/socketio/socket.io-parser/blob/3.3.4/CHANGELOG.md )
- [Commits](https://github.com/Automattic/socket.io-parser/compare/3.3.3...3.3.4 )
---
updated-dependencies:
- dependency-name: socket.io-parser
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
9dc38932fb
feat: Languages with country codes
1 year ago
b8d7e713b9
chore: Update dependencies
2 years ago
fff0552081
chore: Update dependencies
...
Closes #726
2 years ago
cc32daa009
feat: Display clickable links in tasks ( #694 )
...
Closes #330
2 years ago
9e8ff3b579
chore: Revert remark-gfm update
2 years ago
239611ad51
chore: Update dependencies
2 years ago
743f2956c8
feat: Improve OIDC SSO ( #524 )
...
The OIDC implementation merged in https://github.com/plankanban/planka/pull/491 is flawed for multiple reasons.
It assumes that the access_token returned by the IDP has to be a JWT parseable by the RP which is not the case [1].
Many major IDPs do issue tokens which are not JWTs and RPs should not rely on the contents of these at all.
The only signed token which has a standardized format for direct RP consumption is the OIDC ID token (id_token), but this by default doesn't contain many claims, especially role claims are omitted from them by default for size reasons. To get these additional claims into the ID token, one needs an IDP with support for the "claims" parameter.
It requires manual specification of the JWKS URL which is mandatory in any OIDC discovery document and thus never needs to be manually specified.
It also makes the questionable decision to use a client-side code flow with PKCE where a normal code flow would be much more appropriate as all user data is processed in the backend which can securely hold a client secret (confidential client). This has far wider IDP support, is safer (due to direct involvement of the IDP in obtaining user information) and doesn't require working with ID tokens and claim parameters.
By using a server-side code flow we can also offload most complexity to the server alone, no longer requiring an additional OIDC library on the web client.
Also silent logout doesn't work on most IDPs for security reasons, one needs to actually redirect the user over to the IDP, which then prompts them once more if they actually want to log out.
This implementation should work with any OIDC-compliant IDP and even OAuth 2.0-only IDPs as long as they serve and OIDC discovery document.
[1] rfc-editor.org/rfc/rfc6749#section-5.1
2 years ago
8e0c60f5be
fix: OIDC finalization and refactoring
2 years ago
107cb85ba2
feat: OIDC with PKCE flow ( #491 )
2 years ago
d627a19935
chore(deps): Bump json5 from 1.0.1 to 1.0.2 in /client ( #370 )
...
Bumps [json5](https://github.com/json5/json5 ) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases )
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md )
- [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2 )
---
updated-dependencies:
- dependency-name: json5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
3 years ago
a858419f3c
fix: Fix router synchronization with redux store
3 years ago
db4e5a89f9
fix: Improve building
3 years ago
b0d23373c0
chore: Update dependencies
3 years ago
5381d45e50
meta: Share global eslint config, move prettier config ( #339 )
3 years ago
9495234066
ref: Little refactoring
3 years ago
b08e731419
fix: Front-end base url with path ( #303 )
...
Closes #43 , closes #111 , closes #272
3 years ago
e5bd73f33e
fix: Prevent popup from leaving window
3 years ago
3df07c10fa
fix: Use password strength estimator
...
Closes #294
3 years ago
7786533a90
feat: Improve security of access tokens ( #279 )
...
Closes #275
3 years ago
fe62180cda
chore: Update dependencies
3 years ago
86e4864d1b
feat: Add gallery for attachments
4 years ago
76fcd79203
fix: Fix markdown line breaks
...
Closes #257
4 years ago
486e663a3d
feat: Store accessToken in cookies instead of localStorage
4 years ago
6f219e5368
Fix pre-commit hook, update dependencies
4 years ago
e239d85901
Update dependencies
4 years ago
f539e7b76d
Fix language loading. Closes #207
4 years ago
0c92623109
Update dependencies
4 years ago
1a5c0f53f8
Fix board deletion, update dependencies. Closes #146
4 years ago
b39119ace4
Project managers, board members, auto-update after reconnection, refactoring
5 years ago
a3d1a8a09a
Add support for GitHub Flavored Markdown. Closes #107
5 years ago
cf21bef9ee
Fix file attach from clipboard when copy from browser. Closes #96
5 years ago
f718464940
Fix variables in update-card, update dependencies. Closes #85
5 years ago
3d6f9cc0e5
Adjust label width, update dependencies. Closes #75
5 years ago
179ad3610f
Update dependencies
5 years ago
de1f7c7564
Update dependencies
5 years ago
c28fada7ee
Update readme, update dependencies
5 years ago
ab020fc324
Update dependencies
5 years ago
767d39586c
Add test libs, update dependencies
5 years ago
8fc6bb2e3e
Update dependencies
5 years ago
c6ee7d54bb
Prepare for collection board type, refactoring, update dependencies
5 years ago
2d92ade8dc
Add scrollbar for board tabs, update dependencies
6 years ago
ff95a12578
Background gradients, migrate from CSS to SCSS, remove !important
6 years ago
38f68c1b82
Update dependencies
6 years ago
6a7ad7a24b
Update dependencies
6 years ago
844b3ab8f1
Fix Docker image, update dependencies
6 years ago
246eb17249
Add dropzone for attachment, paste attachment from clipboard
6 years ago
87a3cf751a
Fix language detection for some browsers
6 years ago
dependabot[bot]
Maksim Eltyshev
HannesOberreiter
Lorenz Brun
gorrilla10101
Rafly Maulana
Jacques Lorentz
SimonTagne
ejo090