kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2026-06-09 03:44:57 +00:00
Code Issues Projects Releases Wiki Activity
23,166 Commits 9 Branches 1,051 Tags
develop-20260521
Commit Graph

7576 Commits

Author SHA1 Message Date
James Cole
c002cb795d Fix date fns 2026-05-21 06:23:17 +02:00
James Cole
3e26f21bc4 Fix patch and lock version. 2026-05-21 06:22:15 +02:00
James Cole
b70ed32952 Merge pull request #12271 from alanturing881/fix/stored-xss-ale-piggy-name 
Fix stored XSS in audit log view via piggy bank name (ale.twig)
 2026-05-20 20:16:16 +02:00
iaohkut
fa6c123595 Fix stored XSS in ALE view by HTML-escaping piggy bank name 
The Twig template ale.twig rendered the piggy bank name from
AuditLogEntry.after.piggy using |raw, bypassing auto-escaping.
A user-controlled name containing HTML (e.g. <img onerror=...>)
would execute as JavaScript in any browser viewing the transaction
audit log (CWE-79).

Apply |e filter to escape only the user-controlled `name` parameter
before substitution into the trans() string. The |raw filter is
preserved because the `amount` parameter legitimately contains
<span> tags for currency styling.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-20 11:07:57 -04:00
dependabot[bot]
0226673a01 Bump vite from 8.0.11 to 8.0.13 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.11 to 8.0.13.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-18 04:27:29 +00:00
James Cole
0bac0aaaee Add some debug logging. 2026-05-16 20:38:50 +02:00
James Cole
134c232f45 Merge branch 'develop' of github.com:firefly-iii/firefly-iii into develop 2026-05-12 18:47:48 +02:00
James Cole
ce603f50d8 Fix https://github.com/firefly-iii/firefly-iii/issues/12243 2026-05-12 18:45:33 +02:00
dependabot[bot]
28f2de0df7 Bump vite from 8.0.10 to 8.0.11 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.10 to 8.0.11.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.11/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-11 03:54:53 +00:00
James Cole
5eb52812f0 Merge branch 'main' into develop 
# Conflicts:
#	package-lock.json
 2026-05-09 08:32:08 +02:00
dependabot[bot]
6baca9510f Bump @babel/plugin-transform-modules-systemjs 
Bumps the npm_and_yarn group with 1 update in the / directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs).


Updates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-09 05:54:10 +00:00
dependabot[bot]
0f9a2f010c Bump fast-uri in the npm_and_yarn group across 1 directory 
Bumps the npm_and_yarn group with 1 update in the / directory: [fast-uri](https://github.com/fastify/fast-uri).


Updates `fast-uri` from 3.1.0 to 3.1.2
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-05-08 23:26:04 +00:00
JC5
0202f4abd9 🤖 Auto commit for release 'develop' on 2026-05-03 2026-05-03 10:06:18 +02:00
James Cole
615d568479 Change sentence 2026-05-03 10:00:29 +02:00
JC5
42204f8dc1 🤖 Auto commit for release 'develop' on 2026-05-03 2026-05-03 09:46:10 +02:00
James Cole
cfac8fa569 Merge branch 'develop' of github.com:firefly-iii/firefly-iii into develop 2026-05-03 09:24:38 +02:00
James Cole
04704392f3 Fix amount display in budget overview. 2026-05-03 09:24:03 +02:00
James Cole
3a9ac03358 Add entry in preferences. 2026-05-02 15:04:23 +02:00
JC5
b6759c3fa0 🤖 Auto commit for release 'develop' on 2026-05-02 2026-05-02 06:48:29 +02:00
James Cole
525f0c752a Fix https://github.com/orgs/firefly-iii/discussions/11408 2026-04-30 07:55:43 +02:00
Sander Dorigo
dae4f6f351 Add clarity on password validation api 2026-04-28 08:38:04 +02:00
James Cole
60e2645e54 Merge pull request #12194 from firefly-iii/dependabot/npm_and_yarn/develop/vite-8.0.10 
Bump vite from 8.0.8 to 8.0.10
 2026-04-27 16:18:03 +02:00
JC5
cd0290475b 🤖 Auto commit for release 'develop' on 2026-04-27 2026-04-27 06:18:57 +02:00
dependabot[bot]
45528cf7d3 Bump vite from 8.0.8 to 8.0.10 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.8 to 8.0.10.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.10/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-27 03:52:35 +00:00
James Cole
39be5075eb Clean up JS scripts. 2026-04-25 08:54:28 +02:00
James Cole
714133dad5 Merge pull request #12182 from tasnim0tantawi/bug/fix-sidebar-expanding-when-navigating 
fix shrinked sidebar expanding when navigating by clicking on icons
 2026-04-25 08:45:47 +02:00
JC5
dca1d962af 🤖 Auto commit for release 'develop' on 2026-04-25 2026-04-25 05:45:16 +02:00
tasnim0tantawi
1ebff22785 fix delay 2026-04-24 22:42:22 +03:00
tasnim0tantawi
8b14a11969 lines 2026-04-24 22:28:06 +03:00
tasnim0tantawi
ea57a0a8c8 remove code from default twig 2026-04-24 21:49:37 +03:00
tasnim0tantawi
c96cc8d941 fix shrinked sidebar expanding when navigating by clicking on icons 2026-04-24 21:01:03 +03:00
James Cole
0e97b4a6b8 Add script and add exception. 2026-04-24 10:26:48 +02:00
JC5
a6fd805202 🤖 Auto commit for release 'develop' on 2026-04-24 2026-04-24 05:57:09 +02:00
James Cole
30cce327e8 Add helpers and fix missing string. 2026-04-24 05:34:40 +02:00
James Cole
994e3dae18 Merge pull request #12179 from tasnim0tantawi/feature/client-side-password-verification-on-register 
implement password validation JS script
 2026-04-24 05:09:19 +02:00
tasnim0tantawi
b065150968 implement password validation JS script 2026-04-23 22:08:24 +03:00
JC5
0a4d401f57 🤖 Auto commit for release 'develop' on 2026-04-22 2026-04-22 18:51:05 +02:00
James Cole
e81af7e051 Fix #12169 2026-04-22 18:34:16 +02:00
James Cole
32250ddc1a Fix https://github.com/firefly-iii/firefly-iii/issues/12169 2026-04-22 07:54:53 +02:00
JC5
fade8cc41e 🤖 Auto commit for release 'v6.6.0' on 2026-04-19 2026-04-19 09:59:40 +02:00
JC5
5af66155f8 🤖 Auto commit for release 'develop' on 2026-04-18 2026-04-18 14:02:22 +02:00
JC5
91ca3f38eb 🤖 Auto commit for release 'develop' on 2026-04-18 2026-04-18 06:29:46 +02:00
James Cole
b4b67b0759 Fix button and translations. 2026-04-18 06:24:13 +02:00
JC5
9db7bfb797 🤖 Auto commit for release 'develop' on 2026-04-18 2026-04-18 06:18:17 +02:00
JC5
f2fc4dd2ed 🤖 Auto commit for release 'develop' on 2026-04-18 2026-04-18 05:53:42 +02:00
James Cole
d42012afdd Push new oAuth features. 2026-04-18 05:17:03 +02:00
James Cole
3235e1c867 Expand and rebuild Passport 13 views. 2026-04-16 17:30:25 +02:00
James Cole
8f469eb456 Force webpack version 2026-04-16 04:33:29 +02:00
James Cole
d900a22926 Upgrade to laravel 13 and passport 13. 2026-04-15 08:31:06 +02:00
dependabot[bot]
5752358069 Bump vite from 8.0.3 to 8.0.8 
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.3 to 8.0.8.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 8.0.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-04-13 03:52:43 +00:00