Kate
2eaad341b4
Merge pull request #61870 from nextcloud/kano-ocm-token-confinement
...
fix(auth): confine OCM access token to the masked share endpoint
2026-07-07 15:54:49 +02:00
Kate
bc162c7706
Merge pull request #61858 from nextcloud/test/heic
...
test: fix HEIC tests
2026-07-07 15:10:08 +02:00
Micke Nordin
db96073459
fix(auth): confine OCM access token to the masked share endpoint
...
Gate the temporary-token bearer auth behind an allowOcmAccessToken flag
that only the public, share-masked webdav endpoints set, and drop the
BearerAuth backend from the CalDAV/CardDAV entrypoints. The token is now
honored only on /public.php/webdav, where per-share masking applies.
Assisted-by: ClaudeCode:claude-fable-5
Signed-off-by: Micke Nordin <kano@sunet.se>
2026-07-07 13:56:32 +02:00
Stephan Orbaugh
7c41ebcd80
Merge pull request #61751 from nextcloud/test/files-pw
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Psalm static code analysis / changes (push) Waiting to run
Psalm static code analysis / static-code-analysis (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions
test(files): migrate end-to-end tests to PlayWright
2026-07-07 13:49:26 +02:00
Ferdinand Thiessen
1479eba07b
test: fix HEIC tests
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-07 13:30:58 +02:00
Kate
ed052e6fa4
Merge pull request #61128 from nextcloud/feat/ocp/interaction
...
feat(OCP): Add Interaction API
2026-07-07 12:42:46 +02:00
Joas Schilling
efe0f83881
Merge pull request #61682 from nextcloud/feat/improve-bruteforce-protection-command-output
...
feat(bruteforce): improve bruteforce protection command output
2026-07-07 11:03:34 +02:00
Andy Scherzinger
68dd6aca6b
Merge pull request #61841 from nextcloud/fix/dont-break-cache-entry
...
fix(Sharing): Don't break cache entry by setting path to null
2026-07-07 08:54:27 +02:00
Carl Schwan
92f7adc31e
Merge pull request #61511 from Murena-SAS/dev/dont-scan-appdata
...
Fix the ScanFiles job to not trigger scans of root directory for every single user
2026-07-07 08:26:12 +02:00
provokateurin
fb17121065
refactor(files_sharing,Share20): Use Interaction API to apply restrictions
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
provokateurin
65366c98ca
refactor(Share20\Manager): Rename generalChecks method and remove unused parameter
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
provokateurin
6cfda6849c
feat(Interaction): Implement all existing restrictions
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
provokateurin
1838fb7e79
feat(OCP): Add Interaction API
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
Nextcloud bot
da847486b5
fix(l10n): Update translations from Transifex
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2026-07-07 00:22:58 +00:00
Ferdinand Thiessen
3ce99632d8
ci: move one runner from cypress to playwright
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-06 18:22:10 +02:00
Ferdinand Thiessen
d2e9b78e2c
test(files): migrate end-to-end tests to PlayWright
...
Assisted-by: ClaudeCode:claude-opus-4-8
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-06 18:22:10 +02:00
Andy Scherzinger
4e0aef94bb
Merge pull request #61847 from nextcloud/ci/noid/ai-policy-action-sync
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Psalm static code analysis / changes (push) Waiting to run
Psalm static code analysis / static-code-analysis (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions
ci: Update policy check to org-latest
2026-07-06 17:41:48 +02:00
Kate
fe19ec8728
Merge pull request #61848 from nextcloud/build/rector-strict/php83
...
build(rector-strict): Bump PHP set to 8.3
2026-07-06 17:23:57 +02:00
Andy Scherzinger
a3c4a5a8b6
Merge pull request #61838 from nextcloud/carl/perf/groupmapper
...
perf: Don't fetch full group object in AuthorizedGroupMapper
2026-07-06 16:58:03 +02:00
provokateurin
cfaf39f8cc
build(rector-strict): Bump PHP set to 8.3
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-06 16:32:20 +02:00
Andy Scherzinger
9f7f5a4dc3
ci: Update policy check to org-latest
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2026-07-06 15:51:57 +02:00
Andy Scherzinger
521f59caa5
Merge pull request #61828 from nextcloud/dependabot/npm_and_yarn/multi-796da5f76d
...
chore(deps): bump qs and @cypress/request
2026-07-06 15:50:19 +02:00
Marcel Klehr
f5f88f92ae
fix(Sharing): Don't break cache entry by setting path to null
...
see #58676
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2026-07-06 14:00:30 +02:00
Carl Schwan
636aaf7851
perf: Don't fetch full group object in AuthorizedGroupMapper
...
This is very expensive when multiple group backends are enabled as we
don't cache which groups is included in which backend unlike in the User
Manager.
Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-07-06 13:20:03 +02:00
Nextcloud bot
f2629694dc
fix(l10n): Update translations from Transifex
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2026-07-06 00:22:24 +00:00
Andy Scherzinger
8c694f3add
Merge pull request #61759 from nextcloud/dependabot/npm_and_yarn/stylelint-17.14.0
...
chore(deps-dev): bump stylelint from 17.12.0 to 17.14.0
2026-07-05 22:24:52 +02:00
dependabot[bot]
27fd99fa13
chore(deps-dev): bump stylelint from 17.12.0 to 17.14.0
...
Bumps [stylelint](https://github.com/stylelint/stylelint ) from 17.12.0 to 17.14.0.
- [Release notes](https://github.com/stylelint/stylelint/releases )
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md )
- [Commits](https://github.com/stylelint/stylelint/compare/17.12.0...17.14.0 )
---
updated-dependencies:
- dependency-name: stylelint
dependency-version: 17.14.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-07-05 20:00:45 +00:00
Andy Scherzinger
3a64d4a371
Merge pull request #61736 from nakatani-yo/fix/ratelimit-middleware-phpdoc
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Psalm static code analysis / changes (push) Waiting to run
Psalm static code analysis / static-code-analysis (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions
docs(ratelimit): add missing @param documentation
2026-07-05 16:36:39 +02:00
Andy Scherzinger
b3210c74a6
Merge pull request #61767 from nextcloud/dependabot/npm_and_yarn/build/frontend-legacy/focus-trap-8.2.2
...
chore(deps): bump focus-trap from 8.0.1 to 8.2.2 in /build/frontend-legacy
2026-07-05 15:24:32 +02:00
nextcloud-command
a9000840b3
chore(assets): Recompile assets
...
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
2026-07-05 12:29:56 +00:00
dependabot[bot]
51baeaf2e6
chore(deps): bump focus-trap in /build/frontend-legacy
...
Bumps [focus-trap](https://github.com/focus-trap/focus-trap ) from 8.0.1 to 8.2.2.
- [Release notes](https://github.com/focus-trap/focus-trap/releases )
- [Changelog](https://github.com/focus-trap/focus-trap/blob/master/CHANGELOG.md )
- [Commits](https://github.com/focus-trap/focus-trap/compare/v8.0.1...v8.2.2 )
---
updated-dependencies:
- dependency-name: focus-trap
dependency-version: 8.2.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-07-05 12:01:57 +00:00
Andy Scherzinger
ff020ad159
Merge pull request #61762 from nextcloud/dependabot/npm_and_yarn/sass-1.101.0
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
chore(deps-dev): bump sass from 1.100.0 to 1.101.0
2026-07-05 08:10:47 +02:00
dependabot[bot]
5ca36540b5
chore(deps-dev): bump sass from 1.100.0 to 1.101.0
...
Bumps [sass](https://github.com/sass/dart-sass ) from 1.100.0 to 1.101.0.
- [Release notes](https://github.com/sass/dart-sass/releases )
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md )
- [Commits](https://github.com/sass/dart-sass/compare/1.100.0...1.101.0 )
---
updated-dependencies:
- dependency-name: sass
dependency-version: 1.101.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-07-05 05:29:07 +00:00
dependabot[bot]
0caad39f6d
chore(deps): bump qs and @cypress/request
...
Bumps [qs](https://github.com/ljharb/qs ) and [@cypress/request](https://github.com/cypress-io/request ). These dependencies needed to be updated together.
Updates `qs` from 6.14.2 to 6.15.3
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.14.2...v6.15.3 )
Updates `@cypress/request` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/cypress-io/request/releases )
- [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md )
- [Commits](https://github.com/cypress-io/request/compare/v4.0.0...v4.0.1 )
---
updated-dependencies:
- dependency-name: qs
dependency-version: 6.15.3
dependency-type: indirect
- dependency-name: "@cypress/request"
dependency-version: 4.0.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-07-05 05:14:04 +00:00
Andy Scherzinger
4d3b85a629
Merge pull request #61824 from nextcloud/dependabot/npm_and_yarn/build/frontend-legacy/dompurify-3.4.11
...
chore(deps): bump dompurify from 3.4.2 to 3.4.11 in /build/frontend-legacy
2026-07-05 07:12:11 +02:00
Nextcloud bot
d17d367cca
fix(l10n): Update translations from Transifex
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Psalm static code analysis / changes (push) Waiting to run
Psalm static code analysis / static-code-analysis (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions
Signed-off-by: Nextcloud bot <bot@nextcloud.com>
2026-07-05 00:22:29 +00:00
nextcloud-command
e296d85158
chore(assets): Recompile assets
...
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
2026-07-04 22:30:54 +00:00
dependabot[bot]
4d8ab7bd31
chore(deps): bump dompurify in /build/frontend-legacy
...
Bumps [dompurify](https://github.com/cure53/DOMPurify ) from 3.4.2 to 3.4.11.
- [Release notes](https://github.com/cure53/DOMPurify/releases )
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.2...3.4.11 )
---
updated-dependencies:
- dependency-name: dompurify
dependency-version: 3.4.11
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-07-05 00:11:50 +02:00
Andy Scherzinger
74960a618d
Merge pull request #61821 from nextcloud/dependabot/github_actions/github-actions-578d43fb68
...
chore(deps): bump the github-actions group with 4 updates
2026-07-05 00:09:59 +02:00
dependabot[bot]
601c41dd06
chore(deps): bump the github-actions group with 4 updates
...
Bumps the github-actions group with 4 updates: [dorny/paths-filter](https://github.com/dorny/paths-filter ), [github/codeql-action/init](https://github.com/github/codeql-action ), [github/codeql-action/analyze](https://github.com/github/codeql-action ) and [github/codeql-action/upload-sarif](https://github.com/github/codeql-action ).
Updates `dorny/paths-filter` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/dorny/paths-filter/releases )
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md )
- [Commits](fbd0ab8f3e...7b450fff21 )
Updates `github/codeql-action/init` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8aad20d150...54f647b7e1 )
Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8aad20d150...54f647b7e1 )
Updates `github/codeql-action/upload-sarif` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](8aad20d150...54f647b7e1 )
---
updated-dependencies:
- dependency-name: dorny/paths-filter
dependency-version: 4.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action/init
dependency-version: 4.36.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
dependency-version: 4.36.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
- dependency-name: github/codeql-action/upload-sarif
dependency-version: 4.36.3
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: github-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-07-04 23:30:35 +02:00
Andy Scherzinger
bc1af78151
Merge pull request #61823 from nextcloud/chore/noid/depUpdate
...
chore(deps): Bump postcss from 8.5.6 to 8.5.16 in /build/frontend-legacy
2026-07-04 23:12:45 +02:00
Andy Scherzinger
3a521fb726
chore(deps): Bump postcss from 8.5.6 to 8.5.16 in /build/frontend-legacy
...
Lockfile-only change, all requiring ranges are caret ranges that already allow 8.5.16:
- bump the hoisted postcss from 8.5.6 to 8.5.16
- drop the nested copy under @nextcloud/password-confirmation
(8.5.8); its ^8.5.8 range now resolves to the hoisted 8.5.16
Assisted-by: Claude Code:claude-fable-5
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2026-07-04 22:49:15 +02:00
Andy Scherzinger
f42d8c07dd
Merge pull request #61806 from nextcloud/ci/noid/dependabot-stable33-frontend-dirs
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
ci(dependabot): restore build/frontend dirs for stable33 npm updates
2026-07-04 21:26:45 +02:00
Andy Scherzinger
6a7d6b4e58
Merge pull request #61760 from nextcloud/dependabot/npm_and_yarn/vue-3.5.39
...
chore(deps): bump vue from 3.5.38 to 3.5.39
2026-07-04 21:25:56 +02:00
Andy Scherzinger
8cc86fd60e
ci(dependabot): restore build/frontend dirs for stable33 npm updates
...
The stable34 config update (4c697c78 ) rewrote the stable33 npm entry from
the older-stable template, dropping /build/frontend and /build/frontend-legacy
which do exist on stable33. As a result Dependabot can no longer maintain or
recreate PRs in those directories (e.g. #60050 ).
Signed-off-by: Andy Scherzinger <andy.scherzinger@nextcloud.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-04 20:54:55 +02:00
nextcloud-command
c3299c208e
chore(assets): Recompile assets
...
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
2026-07-04 18:51:51 +00:00
dependabot[bot]
5d6413d60d
chore(deps): bump vue from 3.5.38 to 3.5.39
...
Bumps [vue](https://github.com/vuejs/core ) from 3.5.38 to 3.5.39.
- [Release notes](https://github.com/vuejs/core/releases )
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md )
- [Commits](https://github.com/vuejs/core/compare/v3.5.38...v3.5.39 )
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.39
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-07-04 20:43:20 +02:00
Andy Scherzinger
bf07255513
Merge pull request #61761 from nextcloud/dependabot/npm_and_yarn/cypress-15.18.0
...
chore(deps-dev): bump cypress from 15.17.0 to 15.18.0
2026-07-04 20:42:56 +02:00
Andy Scherzinger
ffb74881cd
Merge pull request #61763 from nextcloud/dependabot/npm_and_yarn/playwright/test-1.61.1
...
chore(deps-dev): bump @playwright/test from 1.61.0 to 1.61.1
2026-07-04 20:42:23 +02:00
Kent Delante
d28436b996
Merge pull request #60982 from nextcloud/leftybournes/fix/files_external_add_storage_dialog
...
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
fix(files_external): prevent dropdown entries from shrinking
2026-07-04 15:43:10 +08:00