mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-05-08 05:38:37 +00:00
fb41d24ef5
## Release Notes Thanks to: @cgillinger, @khassel, @KristjanESPERANTO, @sonnyb9 > ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change to previous release) [Compare to previous Release v2.35.0](https://github.com/MagicMirrorOrg/MagicMirror/compare/v2.35.0...v2.36.0) This release falls outside the quarterly schedule. We opted for an early release due to: - Security fix for the internal cors proxy - API change of the weather provider smi - Several bug fixes ### Breaking Changes The cors proxy is now disabled by default. If required, it must be explicitly enabled in the `config.js` file. See the [documentation](https://docs.magicmirror.builders/configuration/cors.html). ### ⚠️ Security You can find several publicly accessible MagicMirror² instances. This should never be done. Doing so makes your entire configuration, including secrets and API keys, publicly visible. Furthermore, it allows attackers to target the host; this is only prevented beginning with this release. Public MagicMirror² instances should always run behind a reverse proxy with authentication. ### [core] - Prepare Release 2.36.0 (#4126) - Allow HTTPFetcher to pass through 304 responses (#4120) - fix(http-fetcher): fall back to reloadInterval after retries exhausted (#4113) - config endpoint must handle functions in module configs (#4106) - fix replaceSecretPlaceholder (#4104) - restrict replaceSecretPlaceholder to cors with allowWhitelist (#4102) - fix: prevent crash when config is undefined in socket handler (#4096) - fix cors function for alpine linux (#4091) - fix(cors): prevent SSRF via DNS rebinding (#4090) - add option to disable or restrict cors endpoint (#4087) - fix: prevent SSRF via /cors endpoint by blocking private/reserved IPs (#4084) - chore: add permissions section to enforce pull-request rules workflow (#4079) - update version for develop ### [dependencies] - update dependencies (#4124) - chore: update dependencies (#4088) - refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080) ### [modules/newsfeed] - fix(newsfeed): prevent duplicate parse error callback when using pipeline (#4083) ### [modules/updatenotification] - fix(updatenotification): harden git command execution + simplify checkUpdates (#4115) - fix(tests): correct import path for git_helper module in updatenotification tests (#4078) ### [modules/weather] - fix(weather): use nearest openmeteo hourly data (#4123) - fix(weather): avoid loading state after reconnect (#4121) - weather: fix UV index display and add WeatherFlow precipitation (#4108) - fix(weather): restore OpenWeatherMap v2.5 support (#4101) - fix(weather): use stable instanceId to prevent duplicate fetchers (#4092) - SMHI: migrate to SNOW1gv1 API (replace deprecated PMP3gv2) (#4082) ### [testing] - ci(actions): set explicit token permissions (#4114) - fix(http_fetcher): use undici.fetch when dispatcher is present (#4097) - ci(codeql): also scan develop branch on push and PR (#4086) - refactor: replace implicit global config with explicit global.config (#4085) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: sam detweiler <sdetweil@gmail.com> Co-authored-by: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com> Co-authored-by: Veeck <github@veeck.de> Co-authored-by: veeck <gitkraken@veeck.de> Co-authored-by: Magnus <34011212+MagMar94@users.noreply.github.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DevIncomin <56730075+Developer-Incoming@users.noreply.github.com> Co-authored-by: Nathan <n8nyoung@gmail.com> Co-authored-by: mixasgr <mixasgr@users.noreply.github.com> Co-authored-by: Savvas Adamtziloglou <savvas-gr@greeklug.gr> Co-authored-by: Konstantinos <geraki@gmail.com> Co-authored-by: OWL4C <124401812+OWL4C@users.noreply.github.com> Co-authored-by: BugHaver <43462320+bughaver@users.noreply.github.com> Co-authored-by: BugHaver <43462320+lsaadeh@users.noreply.github.com> Co-authored-by: Bugsounet - Cédric <github@bugsounet.fr> Co-authored-by: Koen Konst <koenspero@gmail.com> Co-authored-by: Koen Konst <c.h.konst@avisi.nl> Co-authored-by: dathbe <github@beffa.us> Co-authored-by: Marcel <m-idler@users.noreply.github.com> Co-authored-by: Kevin G. <crazylegstoo@gmail.com> Co-authored-by: Jboucly <33218155+jboucly@users.noreply.github.com> Co-authored-by: Jboucly <contact@jboucly.fr> Co-authored-by: Jarno <54169345+jarnoml@users.noreply.github.com> Co-authored-by: Jordan Welch <JordanHWelch@gmail.com> Co-authored-by: Blackspirits <blackspirits@gmail.com> Co-authored-by: Samed Ozdemir <samed@xsor.io> Co-authored-by: in-voker <58696565+in-voker@users.noreply.github.com> Co-authored-by: Andrés Vanegas Jiménez <142350+angeldeejay@users.noreply.github.com> Co-authored-by: cgillinger <christian.gillinger@gmail.com> Co-authored-by: Sonny B <43247590+sonnyb9@users.noreply.github.com> Co-authored-by: sonnyb9 <sonnyb9@users.noreply.github.com>
147 lines
4.3 KiB
JSON
147 lines
4.3 KiB
JSON
{
|
|
"name": "magicmirror",
|
|
"version": "2.36.0",
|
|
"description": "The open source modular smart mirror platform.",
|
|
"keywords": [
|
|
"magic mirror",
|
|
"magicmirror",
|
|
"smart mirror",
|
|
"mirror UI",
|
|
"modular"
|
|
],
|
|
"homepage": "https://magicmirror.builders",
|
|
"bugs": {
|
|
"url": "https://github.com/MagicMirrorOrg/MagicMirror/issues"
|
|
},
|
|
"repository": {
|
|
"type": "git",
|
|
"url": "https://github.com/MagicMirrorOrg/MagicMirror"
|
|
},
|
|
"license": "MIT",
|
|
"author": "Michael Teeuw",
|
|
"contributors": [
|
|
{
|
|
"name": "MagicMirror contributors",
|
|
"url": "https://github.com/MagicMirrorOrg/MagicMirror/graphs/contributors"
|
|
}
|
|
],
|
|
"type": "commonjs",
|
|
"imports": {
|
|
"#server_functions": {
|
|
"default": "./js/server_functions.js"
|
|
},
|
|
"#http_fetcher": {
|
|
"default": "./js/http_fetcher.js"
|
|
}
|
|
},
|
|
"main": "js/electron.js",
|
|
"exports": "./js/electron.js",
|
|
"files": [
|
|
"clientonly",
|
|
"css",
|
|
"defaultmodules",
|
|
"js",
|
|
"serveronly",
|
|
"translations",
|
|
"favicon.svg",
|
|
"index.html"
|
|
],
|
|
"sideEffects": true,
|
|
"scripts": {
|
|
"config:check": "node js/check_config.js",
|
|
"postinstall": "git clean -df fonts vendor modules/default",
|
|
"install-mm": "npm install --no-audit --no-fund --no-update-notifier --only=prod --omit=dev",
|
|
"install-mm:dev": "npm install --no-audit --no-fund --no-update-notifier && npx playwright install chromium",
|
|
"lint:css": "stylelint 'css/**/*.css' 'defaultmodules/**/*.css' --fix",
|
|
"lint:js": "eslint --fix",
|
|
"lint:markdown": "markdownlint-cli2 . --fix",
|
|
"lint:prettier": "prettier . --write",
|
|
"prepare": "[ -f node_modules/.bin/husky ] && husky || echo no husky installed.",
|
|
"server": "node ./serveronly",
|
|
"server:watch": "node ./serveronly/watcher.js",
|
|
"start": "node --run start:wayland",
|
|
"start:dev": "node --run start:wayland -- dev",
|
|
"start:wayland": "WAYLAND_DISPLAY=\"${WAYLAND_DISPLAY:=wayland-1}\" ./node_modules/.bin/electron js/electron.js --ozone-platform=wayland",
|
|
"start:wayland:dev": "node --run start:wayland -- dev",
|
|
"start:windows": ".\\node_modules\\.bin\\electron js\\electron.js",
|
|
"start:windows:dev": "node --run start:windows -- dev",
|
|
"start:x11": "DISPLAY=\"${DISPLAY:=:0}\" ./node_modules/.bin/electron js/electron.js",
|
|
"start:x11:dev": "node --run start:x11 -- dev",
|
|
"test": "vitest run",
|
|
"test:calendar": "node ./defaultmodules/calendar/debug.js",
|
|
"test:coverage": "vitest run --coverage",
|
|
"test:css": "stylelint 'css/**/*.css' 'defaultmodules/**/*.css'",
|
|
"test:e2e": "vitest run tests/e2e",
|
|
"test:electron": "vitest run tests/electron",
|
|
"test:js": "eslint",
|
|
"test:markdown": "markdownlint-cli2 .",
|
|
"test:prettier": "prettier . --check",
|
|
"test:spelling": "cspell . --gitignore",
|
|
"test:ui": "vitest --ui",
|
|
"test:unit": "vitest run tests/unit",
|
|
"test:watch": "vitest"
|
|
},
|
|
"lint-staged": {
|
|
"*": "prettier --ignore-unknown --write",
|
|
"*.js": "eslint --fix",
|
|
"*.css": "stylelint --fix"
|
|
},
|
|
"dependencies": {
|
|
"@fontsource/roboto": "^5.2.10",
|
|
"@fontsource/roboto-condensed": "^5.2.8",
|
|
"@fortawesome/fontawesome-free": "^7.2.0",
|
|
"ajv": "^8.20.0",
|
|
"animate.css": "^4.1.1",
|
|
"croner": "^10.0.1",
|
|
"eslint": "^10.2.1",
|
|
"express": "^5.2.1",
|
|
"feedme": "^2.0.2",
|
|
"globals": "^17.5.0",
|
|
"helmet": "^8.1.0",
|
|
"html-to-text": "^9.0.5",
|
|
"iconv-lite": "^0.7.2",
|
|
"ipaddr.js": "^2.3.0",
|
|
"moment": "^2.30.1",
|
|
"moment-timezone": "^0.6.2",
|
|
"node-ical": "^0.26.0",
|
|
"nunjucks": "^3.2.4",
|
|
"pm2": "^6.0.14",
|
|
"socket.io": "^4.8.3",
|
|
"suncalc": "^1.9.0",
|
|
"systeminformation": "^5.31.5",
|
|
"undici": "^8.1.0",
|
|
"weathericons": "^2.1.0"
|
|
},
|
|
"devDependencies": {
|
|
"@eslint/js": "^10.0.1",
|
|
"@stylistic/eslint-plugin": "^5.10.0",
|
|
"@vitest/coverage-v8": "^4.1.5",
|
|
"@vitest/eslint-plugin": "^1.6.16",
|
|
"@vitest/ui": "^4.1.5",
|
|
"cspell": "^10.0.0",
|
|
"eslint-plugin-import-x": "^4.16.2",
|
|
"eslint-plugin-jsdoc": "^62.9.0",
|
|
"eslint-plugin-package-json": "^0.91.2",
|
|
"eslint-plugin-playwright": "^2.10.2",
|
|
"express-basic-auth": "^1.2.1",
|
|
"husky": "^9.1.7",
|
|
"jsdom": "^29.1.0",
|
|
"lint-staged": "^16.4.0",
|
|
"markdownlint-cli2": "^0.22.1",
|
|
"msw": "^2.13.6",
|
|
"playwright": "^1.59.1",
|
|
"prettier": "^3.8.3",
|
|
"prettier-plugin-jinja-template": "^2.1.0",
|
|
"stylelint": "^17.9.1",
|
|
"stylelint-config-standard": "^40.0.0",
|
|
"stylelint-prettier": "^5.0.3",
|
|
"vitest": "^4.1.5"
|
|
},
|
|
"optionalDependencies": {
|
|
"electron": "^41.3.0"
|
|
},
|
|
"engines": {
|
|
"node": ">=22.21.1 <23 || >=24"
|
|
}
|
|
}
|