SGS Last Punch - SGS 2021 Dev Camp 2nd Team Last Punch

Jihyo Kim

Last update: Oct 20, 2022

Related tags

Miscellaneous SGS_Last_Punch

Overview

Snack

여러 협업 툴을 사용하면서 새 창을 키거나 알트탭은 그만!

Slack과 Notion의 기능을 합친 Snack으로 쾌적한 협업을 경험해보세요!

워크스페이스와 채널을 생성하고 팀원을 초대하여 채팅하고 노트를 만들어 공동 편집을 할 수 있습니다!

Let's Snack! (url)

Snack의 특징

기본 구조

workspace: 팀원들이 모이는 공간으로 채널을 만들거나 DM을 보낼 수 있습니다.
channel: 워크스페이스 내의 그룹으로 채팅을 이용할 수 있습니다.
note: 채널에 종속되어 있으며 같은 노트에 들어와 있는 사람들 간에 공동 편집을 할 수 있습니다.

노트(공동 편집) 기능

편집은 선점권을 지닌 단 한 명만 할 수 있습니다!

팀원들이 같은 문서를 편집할 때 좀 더 안전하고 편집 내용에 집중할 수 있는 경험을 제공합니다.

🛠 기술 스택

iOS

Web Front

Backend

badges

💡 기능

스크린샷

기능 목록

회원가입/로그인 화면: 이메일 기반의 회원가입, 로그인
웰컴 화면: 워크스페이스 관련 기능 수행
- 목록 조회
- 선택
- 생성
메인 화면: 특정 워크스페이스의 화면
- 워크스페이스: 멤버 초대/조회, 나가기
- 채널: 목록 조회, 생성, 선택, 나가기, 멤버 초대/조회
- 채팅: 특정 채널에서의 채팅
- 노트: 특정 채널에 속한 노트 목록 조회, 생성, 선택, 공동 편집
- 유저: 워크스페이스/채널에 초대, 검색, 로그아웃, 프로필

🔍 아키텍처

서버별 역할

API Gateway: 라우팅, 토큰 유효성 검증, CORS 설정, 로드밸런싱
워크스페이스: 워크스페이스, 채널, 멤버에 대한 REST API 제공
채팅: WebSocket, STOMP, RabbitMQ를 사용한 Scale-out 가능한 채팅 기능
실시간 노트 편집: WebSocket, STOMP, Redis를 사용한 노트 공동 편집 기능
프리젠스: WebSocket, STOMP, RabbitMQ를 사용한 사용자 접속 상태 확인 및 접속 기록 관리
인증: 회원가입, 로그인, 토큰 생성
알림: FCM을 이용한 알림

채팅은 웹소켓으로 직접 메세지를 전달하기 때문에 안정적으로 메세지를 전달할 수 있는 RabbitMQ를 사용했고, 노트 편집 서버에서는 웹소켓으로 업데이트 여부 등 간단한 정보만을 전달하기 때문에 빠르고, 간편한 Redis를 사용했습니다.

역할 분담

Frontend

🐮 김건형: iOS App

🐶 차효준: Web App, 노트 기획

Backend

🦉 김지수: 인증 서버, 노트 서버, 게이트웨이, Eureka 서버

🐻 김지효: 워크스페이스 서버, 채팅 서버, 프리젠스 서버

디렉토리 구조

├── config (코딩 컨벤션 xml)
├── docs (API Reference, 에러코드, DB 스키마 이미지 등)
├── scripts (DB 스키마 및 테스트 데이터 스크립트)
└── src
    ├── frontend
    │   ├── ios (iOS App)
    │   └── web (Web App)
    └── backend
        ├── authServer (인증 서버)
        ├── workspace (워크스페이스 서버)
        ├── chat (채팅 서버)
        ├── note-server (노트 서버)
        ├── presence (프리젠스 서버)
        ├── gateway (게이트웨이)
        └── eureka-server (Eureka 서버)

Comments

인가 에러
발생 상황

최신 docker를 받아 실행

로그인 성공해서 access, refresh token 받음

이를 헤더에 넣어 요청을 보냄

요청 형태

endpoint = /workspace/page=0&size=5

에러 메시지

일정시간이 지나 토큰이 만료되면 에러 형태도 바뀜

시도해본 것들

header에 Content-Type 추가 (json, text 각각 해봄)

header에 Access-Control-Allow-Headers: 'X-AUTH-TOKEN' 넣어봄 -> 클라이언트가 이걸 보내면 안될것같긴함 (기존 에러에서 cors error로 바뀜)

refactor/fe 브랜치에 올려뒀습니다,,,
help BE WEB bug
opened by chahtk 10
백엔드 서버 개선 요청사항 처리
[x] account/workspace 이미지 표시를 위한 워크스페이스 서버 소스코드 & DB 변경

[x] ~~워크스페이스/채널 수정 API 테스트~~

[x] 워크스페이스/채널 멤버 목록 API가 출력하는 element에 email 추가

[x] 프리젠스 서버 동시접속 처리: 다른 세션에서 접속 중인 사용자가 새로운 세션에서 접속했을 때 상태 표시를 ONLINE으로 변경하는 문제 수정

fix feat BE
opened by njsh4261 5
docker-compose 이슈
에러 1

에러 메시지입니다. 어제와 같은 문구네요

dev, auth/authentication 브랜치 모두 compose.ytml에 build 문구가 아직 있는걸 확인했습니다..!

에러 2

auth-server, gateway의 build 문구를 지우고 실행했습니다.

compose up 하고 잠시 뒤 멈춰버리는 모습입니다... ㅠ

분석

mysql workbench 이용 결과 Mysql 컨테이너는 문제 없습니다

결국 jar파일이 없는게 문제 되는 것 같습니다

시도1

이를 해결하고자 authServer 폴더 내의 dockerfile을 수정하고 실행해보았습니다

openjdk:11 VOLUME /tmp RUN mkdir -p /spring WORKDIR /spring ADD . /spring RUN ./gradlew build EXPOSE 8081

docker build -t spring:test .

결과: 도커 내에 jar 파일은 만들어졌습니다

시도 2

authServer 폴더의 도커파일 마지막 줄에 ENTRYPOINT ["java","-jar","build/libs/authServer-0.0.1-SNAPSHOT.jar"] 을 추가

컨테이너 멈춤

마지막줄에 추가한 것을 주석처리하고, 시도1의 컨테이너에서 명령어 입력해도 에러가뜸 -> 코드 상 문제인듯

예상원인: mysql server의 부재 -> 해당 코드를 주석처리하고 성공한다면 authServer 자체는 앞으로 git pull과 도커 빌드만으로 정상 동작하는 것이 보장됨

or mysql 컨테이너 실행 -> 시도3

시도 3

mysql과 authServer 동시 실행을 위해 docker-compose.yml 수정

authServer의 도커파일은 ENTRYPOINT ["java","-jar","build/libs/authServer-0.0.1-SNAPSHOT.jar"] 가 있는 상태

version: '3' services: mysql: image: mysql:8.0 # volumes: # - ./db/conf.d:/etc/mysql/conf.d # - ./db/data:/var/lib/mysql # - ./db/initdb.d:/docker-entrypoint-initdb.d # env_file: .env environment: MYSQL_DATABASE: lastpunch MYSQL_ROOT_PASSWORD: 1234 MYSQL_ROOT_HOST: '%' TZ: Asia/Seoul volumes: - ./db/initdb.d:/docker-entrypoint-initdb.d ports: - "3306:3306" expose: - "3306" networks: - spring-boot-mysql-network auth-server: build: ./authServer ports: - "8081:8081" environment: spring.datasource.url: jdbc:mysql://mysql:3306/lastpunch? depends_on: - mysql networks: - spring-boot-mysql-network gateway: image: sookim1110/gateway ports: - "8080:8080" depends_on: - auth-server # eureka-server: # build: ./eureka-server # image: sookim1110/eureka-server # ports: # - "8761:8761" networks: spring-boot-mysql-network: driver: bridge

시도3 결과

docker desktop으로 본 log log.txt

내가 찾은 문제: docker에 띄울때 mysql server의 ip가 고정되지 않는다. 내 mysql ip는 172.18.0.2인데, 로그를 보니 172.18.0.3으로 설정되어있는 것 같다

이는 mysql 뿐 아니라 앞으로 사용될 모든 api 서버들 역시 문제될 수 있음

ㅠㅠ

지수님의 feat/auth/authentication 브랜치를 기반으로 수정하여, fix/auth/docker 브랜치를 생성해 뒀습니다

log에 뭐가 막 뜨는데 spring 알 못이라 잘 모르겠네용 ㅠㅠ

BE bug
opened by chahtk 4
Feat: 채팅 작성 중 표시
기능: 채팅 메시지를 작성 중일 때 다른 유저가 상태를 알 수 있음

Todo

작성 중 상태를 알 수 있도록 메시지 타입 세분화

채팅 서버의 Message 엔티티에 type 필드 추가

프론트엔드에서 채팅 작성 중 상태 메시지를 활용하는 시나리오 작성

프론트엔드에서 변경사항 적용

feat BE WEB iOS
opened by njsh4261 2
*** !!! {{{ FE분들 읽어주세요! }}} !!! *** (채팅 관련 내용)
채팅 서버 연동할 때 신경 쓰셔야 할 부분을 정리해서 이슈로 올려드립니다!

Subscirbe

STOMP connect 함수로 소켓 연결을 하는 시점은 워크스페이스의 main page에 처음 접근한 시점이 적합합니다.

워크스페이스를 나가기 전까지 채팅 서버와의 connection이 유지되어야 지속적으로 메시지 수신이 가능합니다. 그러므로 connection을 담당하는 component는 해당 워크스페이스를 나기기 전까지 어떤 페이지에 방문하든 상태를 유지할 수 있는 것이어야 하합니다.

Connect 함수로 connection established 이후, 바로 이어서 현재 워크스페이스의 모든 채널 및 멤버에 대해 subscribe 함수를 호출해 주세요(JS/TS의 경우 callback 혹은 promise 통해서 처리 권장).

Connect 함수는 단 한 번, subscribe를 여러 번 호출합니다!

Subscribe 함수를 사용할 때 대상 endpoint는 채널의 경우 /topic/channel.{channelId} (e.g. /topic/channel.123), DM의 경우 /topic/channel.{userId1}-{userId2}가 됩니다 (e.g. /topic/channel.12-34). #142 이슈를 참고하셔도 좋습니다.

채널 / 멤버 목록

앞서 말씀드린 subscribe 동작을 수행하기에 현재 워크스페이스 서버 API는 부적합한 면이 있는데, pagination을 고려하여 부분적인 리스트만을 반환하고 있기 때문입니다.

현재 API를 사용해서는 워크스페이스에 진입한 시점에서 모든 채널과 모든 멤버의 DM에 대해 subscribe가 불가능합니다.

이에 따라 워크스페이스 API를 수정할 예정입니다.

기존: 워크스페이스의 채널 & 멤버 목록 API가 paging된 목록을 반환, 각 목록의 element는 해당 채널/멤버에 대한 모든 메타데이터를 포함하고 있음

수정안: 워크스페이스의 채널 & 멤버 목록 API가 전체 목록을 반환, 각 목록의 element는 subscribe 함수 및 채널/멤버 목록 표시에 필요한 정보만을 포함하고 있음 (e.g. id, name 정도만 포함)

API 수정이 완료되면 현재 이슈는 close 처리할 예정입니다.

이슈 관련한 질문 사항은 구두로 주셔도 되고, 밑에 comment로 달아 주셔도 좋습니다!
BE WEB iOS
opened by njsh4261 2
Fix/workspace/dto
Workspace Export DTO에서 datetime 관련된 필드 네이밍 수정 (Resolves #181)

기획 단계에서 필요할 것으로 예상했으나 개발 단계에서 불필요하여 혼선을 주고 있는 일부 entity 필드 삭제

해당 수정 내용 DB 및 문서에 반영

워크스페이스 서버 소스코드 수정: 해당 PR merge 이후 docker compose pull 명령어 실행 바랍니다.

누락된 워크스페이스 API를 Postman collection JSON 파일에 반영

fix BE
opened by njsh4261 2
web UI
헤더 삭제

사이드바 토글(with animation)

home으로 이동시켜주는 로고 채팅의 헤더로 이동

모달 css 깨진 것 fix

워크스페이스 입장시 아무 채널로 이동

웰컴페이지 버튼 반응형으로 수정

사이드바 색상 변경(밑에 있는 코멘트 이미지)

토글로 사이드바 감춤

fix WEB
opened by chahtk 2
채널 생성에 대한 로직 고민
API를 어떤 순서로 불러야할까요?

[개인 1:1 채널 - DM]

get one channel을 통해 자신이 만든(자신의 token을 넣음) 채널을 검색한다.

있을경우, 없을경우 2-1. 있을경우 -> 문제 없이 채널 아이디를 통해 입장 질문) 상대방이 만들어 놓았다면...? get member of on channel을 호출해서 확인해야하나? 2-2. 없을경우 -> 상대방이 없는지도 확인해본뒤, create channel을 통해 채널을 생성

[3명 이상의 그룹 채널일 경우..?] 위에 과정을 어떻게 정리해야할까요?
help BE
opened by GeonHyeongKim 2
websocket 서버 CORS 이슈
현재 gateway에서 global CORS 설정을 해두었는데

websocket 서버에서 CORS 설정을 하면 -> 헤더가 gateway, websocket 서버에서 두번 들어가기 때문에 'Access-Control-Allow-Origin' header contains multiple values 에러 발생

websocket 서버에서 CORS 설정을 하지 않으면 -> SockJS에서 403 forbidden 에러 발생

이를 해결하기 위해 gateway에서 header가 두 개일 때를 처리해주거나, SockJS 403 에러를 해결할 수 있는 방법이 있는지 찾을 예정
fix BE
opened by SooKim1110 2
인증 - JWT 인증 추가
gateway에 JWT 유효성 검증 추가

authServer에 Refresh 토큰이 유효할 경우 Access 토큰을 주는 /login/issue API 추가

질문 * 현재 인증은 다음 경우에 통과됩니다. 1) accessToken만 유효 2) refreshToken만 유효 3) 둘 다 유효 혹시 accessToken은 유효하지만 refreshToken은 유효하지 않은 경우(refreshToken이 없거나 valid하지 않은 경우)나 그 반대로 refreshToken은 유효하지만 accessToken이 valid하지 않은 경우에 통과시키지 않는 것으로 로직을 바꾸는 것이 나을까요?

feat BE
opened by SooKim1110 2
파일 서버 기술 스택 확정 및 DB 스키마 수정
파일 서버에 사용할 기술 스택에 따라 DB 스키마에 변동이 필요함

작은 사이즈의 파일만(문서, 이미지 등) 서비스하는 경우 MySQL에 binary 필드로 저장하여 서비스하는 방법도 있음 (이미지 참조, PMP ppt에 첨부된 이미지와 동일)

Amazon S3 혹은 자체 SFTP 서버 운용 시 MySQL의 파일 관련 테이블에서는 해당 파일의 링크를 관리하게 됨

MongoDB의 GridFS를 파일 서버로 사용하는 경우 스키마에서 다른 테이블과의 foreign key 관계를 삭제해야 함

그 외 기술을 사용하는 경우 별도의 스키마 수정 필요

참조 이미지
BE
opened by njsh4261 2
chore(deps): bump express from 4.17.2 to 4.18.2 in /src/frontend/web
Bumps express from 4.17.2 to 4.18.2.

Release notes

Sourced from express's releases.

4.18.2

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

4.18.1

Fix hanging on large stack of sync routes

4.18.0

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

Invoke default with same arguments as types in res.format

Support proper 205 responses using res.send

Use http-errors for res.format error

deps: [email protected]

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

Add priority option

Fix expires option to reject invalid dates

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

Remove set content headers that break response

deps: [email protected]

deps: [email protected]

deps: [email protected]

Prevent loss of async hooks context

deps: [email protected]

deps: [email protected]

Fix emitted 416 error missing headers property

Limit the headers removed for 304 response

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

... (truncated)

Changelog

Sourced from express's changelog.

4.18.2 / 2022-10-08

Fix regression routing a large stack in a single route

deps: [email protected]

deps: [email protected]

perf: remove unnecessary object clone

deps: [email protected]

4.18.1 / 2022-04-29

Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

Add "root" option to res.download

Allow options without filename in res.download

Deprecate string and non-integer arguments to res.status

Fix behavior of null/undefined as maxAge in res.cookie

Fix handling very large stacks of sync middleware

Ignore Object.prototype values in settings through app.set/app.get

Invoke default with same arguments as types in res.format

Support proper 205 responses using res.send

Use http-errors for res.format error

deps: [email protected]

Fix error message for json parse whitespace in strict

Fix internal error when inflated body exceeds limit

Prevent loss of async hooks context

Prevent hanging when request already read

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

deps: [email protected]

Add priority option

Fix expires option to reject invalid dates

deps: [email protected]

Replace internal eval usage with Function constructor

Use instance methods on process to check for listeners

deps: [email protected]

Remove set content headers that break response

deps: [email protected]

deps: [email protected]

deps: [email protected]

Prevent loss of async hooks context

deps: [email protected]

deps: [email protected]

... (truncated)

Commits

8368dc1 4.18.2

61f4049 docs: replace Freenode with Libera Chat

bb7907b build: [email protected]

f56ce73 build: [email protected]

24b3dc5 deps: [email protected]

689d175 deps: [email protected]

340be0f build: [email protected]

33e8dc3 docs: use Node.js name style

644f646 build: [email protected]

ecd7572 build: [email protected]

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 in /src/frontend/web
Bumps decode-uri-component from 0.2.0 to 0.2.2.

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

a0eea46 0.2.2

980e0bf Prevent overwriting previously decoded tokens

3c8a373 0.2.1

76abc93 Switch to GitHub workflows

746ca5d Fix issue where decode throws - fixes #6

486d7e2 Update license (#1)

a650457 Tidelift tasks

66e1c28 Meta tweaks

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
chore(deps): bump loader-utils from 1.4.0 to 1.4.2 in /src/frontend/web
Bumps loader-utils from 1.4.0 to 1.4.2.

Release notes

Sourced from loader-utils's releases.

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

Changelog

Sourced from loader-utils's changelog.

1.4.2 (2022-11-11)

Bug Fixes

ReDoS problem (#226) (17cbf8f)

1.4.1 (2022-11-07)

Bug Fixes

security problem (#220) (4504e34)

Commits

331ad50 chore(release): 1.4.2

17cbf8f fix: ReDoS problem (#226)

8f082b3 chore(release): 1.4.1

4504e34 fix: security problem (#220)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
chore(deps): bump terser from 5.10.0 to 5.14.2 in /src/frontend/web
Bumps terser from 5.10.0 to 5.14.2.

Changelog

Sourced from terser's changelog.

v5.14.2

Security fix for RegExps that should not be evaluated (regexp DDOS)

Source maps improvements (#1211)

Performance improvements in long property access evaluation (#1213)

v5.14.1

keep_numbers option added to TypeScript defs (#1208)

Fixed parsing of nested template strings (#1204)

v5.14.0

Switched to @jridgewell/source-map for sourcemap generation (#1190, #1181)

Fixed source maps with non-terminated segments (#1106)

Enabled typescript types to be imported from the package (#1194)

Extra DOM props have been added (#1191)

Delete the AST while generating code, as a means to save RAM

v5.13.1

Removed self-assignments (varname=varname) (closes #1081)

Separated inlining code (for inlining things into references, or removing IIFEs)

Allow multiple identifiers with the same name in var destructuring (eg var { a, a } = x) (#1176)

v5.13.0

All calls to eval() were removed (#1171, #1184)

source-map was updated to 0.8.0-beta.0 (#1164)

NavigatorUAData was added to domprops to avoid property mangling (#1166)

v5.12.1

Fixed an issue with function definitions inside blocks (#1155)

Fixed parens of new in some situations (closes #1159)

v5.12.0

TERSER_DEBUG_DIR environment variable

@copyright comments are now preserved with the comments="some" option (#1153)

v5.11.0

Unicode code point escapes (\u{abcde}) are not emitted inside RegExp literals anymore (#1147)

acorn is now a regular dependency

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
chore(deps): bump eventsource from 1.1.0 to 1.1.1 in /src/frontend/web
Bumps eventsource from 1.1.0 to 1.1.1.

Changelog

Sourced from eventsource's changelog.

1.1.1

Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

Commits

aa7a408 1.1.1

56d489e chore: rebuild polyfill

4a951e5 docs: update history for 1.1.1

f9f6416 fix: strip sensitive headers on redirect to different origin

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0
chore(deps): bump minimist from 1.2.5 to 1.2.6 in /src/frontend/web
Bumps minimist from 1.2.5 to 1.2.6.

Commits

7efb22a 1.2.6

ef88b93 security notice for additional prototype pollution issue

c2b9819 isConstructorOrProto adapted from PR

bc8ecee test from prototype pollution PR

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 0