Commit Graph

2780 Commits

Author SHA1 Message Date
kolaente 432c5f2817 fix: include type in checkAuth's same-user skip check
Users and link shares share the same numeric id space in JWTs. When a
logged-in user opened a link share whose id happened to match their own
user id, checkAuth() would see `info.value.id === jwtUser.id` and skip
`setUser()`, leaving `info.value.type` as USER even though the new token
was a LINK_SHARE. As a result, `authLinkShare` never flipped to true and
the router guard bounced between /share/:hash/auth and the project view,
stranding the user on an empty NoAuthWrapper shell.

Compare on type as well so USER→LINK_SHARE transitions always replace
the user object.

Refs #2546
2026-04-09 10:20:46 +00:00
kolaente 2000732e35 fix: skip refreshUserInfo for link share tokens to prevent logout loop 2026-04-09 10:20:46 +00:00
kolaente 1d3a234b05 fix: reset checkAuth debounce in linkShareAuth to prevent redirect loop
When a logged-in user opens a public link share, the 1-minute debounce
on checkAuth() caused it to skip re-parsing the new link share JWT.
This left authLinkShare as false, triggering an infinite redirect loop
in the router guard.

Fixes #2546
2026-04-09 10:20:46 +00:00
kolaente 91728c0273 test: wire up API URL for anonymous link share e2e tests
The anonymous link share tests don't use the authenticatedPage fixture
(which implicitly calls setupApiUrl via login()), so the browser was
falling back to the default `window.API_URL = '/api/v1'` baked into
index.html. That relative path resolved against the preview server port
and never reached the API, causing the tests to hang on the NoAuth
"Welcome Back" page waiting for elements that never rendered.

Adding a beforeEach that calls setupApiUrl() restores these tests.
2026-04-09 10:20:46 +00:00
renovate[bot] 4415485675 chore(deps): update dependency vitest to v4.1.4 2026-04-09 08:59:51 +00:00
kolaente e7bc5a31e4 docs(shortcuts): show platform-aware delete key in keyboard shortcuts panel 2026-04-09 08:07:48 +00:00
kolaente cee2babc58 feat(tasks): use platform-aware delete shortcut on task detail view 2026-04-09 08:07:48 +00:00
Frederick [Bot] 36cec5ccca chore(i18n): update translations via Crowdin 2026-04-09 01:16:09 +00:00
kolaente 10e7d2532e fix: derive workbox version from package.json at build time
Instead of hardcoding the workbox version string in the service worker,
read it from workbox-precaching/package.json via Vite's define option.
This ensures the service worker always references the correct workbox
version that is actually installed.

Resolves #2549
2026-04-08 08:42:11 +00:00
renovate[bot] e898c01e3d chore(deps): update dev-dependencies 2026-04-08 08:03:18 +00:00
Frederick [Bot] f528bcc276 chore(i18n): update translations via Crowdin 2026-04-08 01:25:14 +00:00
kolaente 3437f98dc3 feat(migration): add skip rows option to CSV import
Allow users to skip the first N data rows when importing CSV files.
This is useful when the CSV contains metadata rows before the actual
task data begins. Adds skip_rows to ImportConfig (backend) and a
number input in the parsing options UI (frontend).
2026-04-07 15:20:06 +00:00
Claude f555762def feat(migration): add generic CSV import with column mapping
Add a new CSV migration module that allows users to import tasks from
any CSV file with custom column mapping and parsing options.

Backend changes:
- New CSV migrator module with detection, preview, and import endpoints
- Auto-detection of delimiter, quote character, and date format
- Suggested column mappings based on column name patterns
- Transactional import using InsertFromStructure

Frontend changes:
- New CSV migration UI with two-step flow (upload -> mapping -> import)
- Column mapping selectors for all task attributes
- Live preview showing first 5 tasks with current mapping
- Parsing option controls for delimiter and date format

The CSV migrator creates a parent "Imported from CSV" project with
child projects based on the project column if provided, or a default
"Tasks" project for tasks without a specified project.
2026-04-07 15:20:06 +00:00
surfingbytes 84f4c16425
feat(user): add option to hide last viewed projects on overview page (#2429) 2026-04-07 16:56:13 +02:00
kolaente 8a8d187065 chore(frontend): deduplicate pnpm dependencies 2026-04-07 14:22:04 +00:00
renovate[bot] 11299d773f chore(deps): update dependency vitest to v4.1.3 2026-04-07 13:43:01 +00:00
kolaente 20249ee68c style(sort): position popup aligned to header right edge 2026-04-07 13:41:13 +00:00
kolaente 326427a242 feat(sort): persist sort selection to URL query parameter
Syncs the sort choice to a ?sort=field:order URL parameter so it
survives page refreshes and can be shared. The default position sort
is omitted from the URL to keep links clean.
2026-04-07 13:41:13 +00:00
kolaente 408e5b347c feat(sort): add sorting popup for list view 2026-04-07 13:41:13 +00:00
kolaente b20df2ef63
fix(deps): update brace-expansion to 5.0.5
Fixes zero-step sequence causing process hang and memory
exhaustion (Dependabot #168).
2026-04-07 15:39:33 +02:00
kolaente efc9b41349
fix(deps): update lodash to 4.18.1
Fixes code injection via _.template (Dependabot #176, #178) and
prototype pollution via _.unset/_.omit (Dependabot #175, #177).
2026-04-07 15:38:52 +02:00
kolaente f40eddd4e3
fix(deps): update defu to 6.1.7
Fixes prototype pollution via __proto__ key (Dependabot #180).
2026-04-07 15:38:17 +02:00
kolaente 34480ef513 fix(migration): center and style migrator logos on migration page
Use inline-flex layout to center logos with titles below. Constrain
logo size with max-block-size and use logical CSS properties.
2026-04-07 12:05:47 +00:00
kolaente 1a1fd780ec feat(migration): add WeKan to migration page with logo
Register WeKan in the AvailableMigrators list and add the frontend
migrator entry with the WeKan logo, referenced as "WeKan ®".
2026-04-07 12:05:47 +00:00
renovate[bot] 33886d2e3c chore(deps): update dev-dependencies 2026-04-06 16:23:31 +00:00
Frederick [Bot] 41a5087198 chore(i18n): update translations via Crowdin 2026-04-06 01:26:55 +00:00
kolaente 4b3b5bb87c docs(helpers): explain djb2 seed constant in stringHash 2026-04-05 12:24:45 +00:00
kolaente 65b6e55252 test(e2e): relax home greeting assertions for rotating pool 2026-04-05 12:24:45 +00:00
kolaente b9c41e0cbf feat(home): rotate greetings from a deterministic per-user daily pool 2026-04-05 12:24:45 +00:00
kolaente fad432a072 i18n: add rotating home greeting variants 2026-04-05 12:24:45 +00:00
kolaente b0bc41291e feat(helpers): add deterministic stringHash for stable daily selection 2026-04-05 12:24:45 +00:00
kolaente d45ae31d8c fix(gantt): preserve query parameters when closing task modal
When closing a task modal opened from the Gantt view, the date range
query parameters were lost because closeModal() reconstructed the
route with only projectId and viewId. Now preserves query parameters
from the backdrop view.
2026-04-05 11:31:37 +00:00
kolaente 642134d16f test(gantt): add e2e test for date range preservation after task modal close
Verifies that opening and closing a task modal on the Gantt view
does not lose the date range query parameters.
2026-04-05 11:31:37 +00:00
kolaente d152fa8475 fix(gantt): use reactive date range in Flatpickr config to prevent reset on task update
Replace static initialDateRange snapshot with reactive filters.value
references inside the computed flatPickerConfig. This ensures the
Flatpickr defaultDate always reflects the current user-selected range
instead of the mount-time values.

Ref #2462
2026-04-05 11:31:37 +00:00
kolaente 297c0c1d8b fix(e2e): seed project in empty-tasks overview test
With truncateAll wiping all tables, the test user has no projects,
so ShowTasks never renders and tasksLoaded stays false — meaning
ImportHint (which is gated on tasksLoaded) never appears. Seed a
project with default views so the empty-state hint is visible.
2026-04-05 09:48:09 +00:00
kolaente adcc74b056 fix: make apiContext auto-fixture and fix remaining view ID conflicts 2026-04-05 09:48:09 +00:00
kolaente 4888b1d8ca fix: move truncateAll to apiContext fixture and fix view ID conflicts 2026-04-05 09:48:09 +00:00
kolaente aa1202fea8 chore: remove redundant truncate calls now that all tables are wiped before each test 2026-04-05 09:48:09 +00:00
kolaente 2ee8ad4109 feat: truncate all tables before each e2e test for clean isolation 2026-04-05 09:48:09 +00:00
kolaente f477da48ec feat: add Factory.truncateAll() helper for e2e tests 2026-04-05 09:48:09 +00:00
kolaente 0834d19f9c
feat: remove flexsearch dependency and replace with simple string filtering (#2542) 2026-04-04 21:41:25 +02:00
kolaente f5752b97e9
feat: add inline PDF viewer for task attachments (#2541) 2026-04-04 21:25:54 +02:00
renovate[bot] 33d607714d chore(deps): update dependency caniuse-lite to v1.0.30001785 2026-04-04 18:38:07 +00:00
kolaente 841b458a5f fix: pass saved filter context to subtask visibility check
When viewing tasks through a saved filter, pass isFilteredView=true
to shouldShowTaskInListView so subtasks are not incorrectly hidden.

Ref: #2494
2026-04-03 19:25:46 +00:00
kolaente d895053d2e fix: show subtasks in saved filter views regardless of parent presence
Add isFilteredView parameter to shouldShowTaskInListView() that skips
the parent-hiding logic when viewing tasks through a saved filter.
This ensures all filter-matching tasks are shown.

Ref: #2494
2026-04-03 19:25:46 +00:00
kolaente 616ac8b95f test: add failing tests for subtask visibility in filtered views
Add test cases to verify that subtasks are shown in saved filter views
regardless of whether their parent task is also in the results.

Ref: #2494
2026-04-03 19:25:46 +00:00
kolaente 174c67cfd8 fix(gantt): isolate chart stacking context so date picker renders above it
Sets position: relative and z-index: 0 on .gantt-chart-container to
create a new stacking context. This ensures z-index values inside the
Gantt chart (e.g. the sticky timeline header) cannot compete with the
Flatpickr popup that renders at the body level.

Ref #2337
2026-04-03 19:07:49 +00:00
kolaente f25147d09c fix(gantt): ensure chart container fills viewport width for narrow date ranges
Adds min-inline-size: 100% to .gantt-container so the scrollable area
never appears narrower than the card width, even with short date ranges.

Ref #2337
2026-04-03 19:07:49 +00:00
kolaente 48a91ce32c fix(frontend): prevent drag handle from overlapping project color in sidebar
Moves the drag handle inside the color-bubble-wrapper so both elements
share the same positioned container, eliminating the absolute positioning
mismatch that caused the overlap. Fixes #2493.
2026-04-03 19:05:10 +00:00
kolaente a57cbd3e51 feat: add tooltip to readonly checkbox explaining why it's not clickable 2026-04-03 19:01:45 +00:00
kolaente c5bce07a25 test(e2e): add test for read-only checkbox on overview page
Verifies that tasks from read-only shared projects have disabled
checkboxes on the overview page, while tasks from owned projects
remain interactive.

Refs #2399
2026-04-03 19:01:45 +00:00
kolaente 063155a46b fix(overview): disable checkbox for read-only tasks on overview page
The Overview's ShowTasks component was not passing the canMarkAsDone prop
to SingleTaskInProject, which defaults to true. This caused read-only tasks
to show an interactive checkbox even though the user doesn't have write
permission.

Use the project's maxPermission from the project store to determine if the
user can mark the task as done. Also fix the disabled condition to use OR
logic so the checkbox is disabled when ANY condition applies: archived,
disabled, or when the user lacks write permission.

Fixes #2399
2026-04-03 19:01:45 +00:00
kolaente 4f232957c4 fix(auth): add retry and logging for token refresh failures
Add a single retry with a 1-second delay in the 401 interceptor's
doRefresh() before giving up on token renewal. This handles transient
failures like brief network blips or server restarts without immediately
logging the user out.

Also log refresh failures via console.warn so the reason is visible
in browser DevTools for easier diagnosis.

Ref: #2391
2026-04-03 18:45:59 +00:00
kolaente fd8a8ecba2 fix(auth): normalize API base URL to prevent refresh cookie path mismatch
When window.API_URL lacks a trailing slash, axios resolves relative URLs
by stripping path segments, causing the refresh request to hit a different
path than the cookie's Path attribute. The browser then omits the HttpOnly
refresh cookie, silently breaking token renewal and logging users out
after the short JWT TTL expires.

Extract a getApiBaseUrl() helper that ensures baseURL always ends with
'/' so relative URL resolution preserves the full path, matching the
cookie scope.

Ref: #2391
2026-04-03 18:45:59 +00:00
renovate[bot] 12ba9ff985 chore(deps): update dev-dependencies 2026-04-03 17:52:24 +00:00
renovate[bot] ea54f3eb85 chore(deps): update dependency ws to v8.20.0 2026-04-03 16:57:34 +00:00
renovate[bot] b69564a77c chore(deps): pin dependencies 2026-04-03 16:16:07 +00:00
Frederick [Bot] f87f3e36e9 chore(i18n): update translations via Crowdin 2026-04-03 01:23:06 +00:00
kolaente 132187e451 fix(e2e): truncate bucket data in bucket-select tests
Truncate buckets, task_buckets, and task_relations before seeding to
prevent leftover data from previous tests causing false positives
(e.g., bucket selector appearing when it shouldn't).
2026-04-02 16:30:23 +00:00
kolaente 4cd79088d1 test: add WebSocket e2e tests
Add comprehensive end-to-end tests for the WebSocket system:

- Protocol tests: auth (valid/invalid token, timeout, double auth),
  subscriptions (valid/invalid event, auth required, unsubscribe),
  message delivery (notification on team add, doer exclusion,
  multi-connection)
- Frontend integration tests: notification badge update, dropdown
  rendering, and logout cleanup via browser-level Playwright tests
- Comment notification test: full flow where user B mentions user A
  in a task comment and user A receives real-time WebSocket notification

Includes ws test dependency, shared test helper utilities, and
cascade-truncation of notifications when truncating users to prevent
test pollution.
2026-04-02 16:30:23 +00:00
kolaente 09232ed880 feat(websocket): add frontend WebSocket support
Add useWebSocket composable with:
- Auto-connect on login, disconnect on logout
- Exponential backoff with ±25% jitter for reconnects
- Auth failure detection to prevent reconnect loops
- Trailing slash stripping from API_URL
- Overlapping reconnect prevention
- visibilityState check for fallback polling

Replace notification polling with real-time WebSocket push in the
Notifications component. Initial state is still loaded via REST on
mount, with fallback polling when WebSocket is disconnected. Incoming
notifications are deduplicated against already-loaded REST data.
Notifications are reloaded via REST on WS disconnect to catch missed
events.
2026-04-02 16:30:23 +00:00
Lars de Ridder cb4f92980b
feat(task): allow changing bucket from task detail view (#2233) 2026-04-02 12:18:34 +02:00
renovate[bot] d73222e4a7 chore(deps): update dependency esbuild to v0.27.5 2026-04-02 08:23:19 +00:00
kolaente cef03cb2a0 refactor: replace Modal div-based implementation with native dialog element
Replace the custom div-based Modal with the native HTML <dialog> element
using showModal()/close() API. Uses CSS opacity transitions with a
data-closing attribute for Firefox-compatible close animations, Teleport
to body, and focus save/restore. Updates E2E test selectors and fixes
QuickAddOverlay selectors for the new dialog structure.
2026-04-01 22:27:13 +00:00
kolaente bc47826690 feat(frontend): add configurable quick entry shortcut setting
Add desktopQuickEntryShortcut to frontend settings with a Desktop
App section in General settings, only visible when running in the
Electron app. The setting syncs to the desktop main process via
IPC whenever settings are loaded or saved.
2026-04-01 21:38:38 +00:00
kolaente c8349df8b6 feat(desktop): open task in main window with Ctrl/Cmd+Enter
When creating a task via quick entry, pressing Ctrl+Enter (or
Cmd+Enter on macOS) creates the task and opens it in the main
Vikunja window. Adds show-main-window IPC to bring the main
window to focus.
2026-04-01 21:38:38 +00:00
kolaente 37389d6bdb feat(desktop): add quick entry window, global shortcut, and system tray 2026-04-01 21:38:38 +00:00
kolaente 92cc070b1e feat(frontend): listen for cross-window task creation via BroadcastChannel 2026-04-01 21:38:38 +00:00
kolaente 8dc96d61bd feat(frontend): adapt QuickActions for quick-add mode behavior 2026-04-01 21:38:38 +00:00
kolaente 9072ca84d5 feat(frontend): route quick-add mode to QuickAddOverlay in App.vue 2026-04-01 21:38:38 +00:00
kolaente ff4e84a800 feat(frontend): add QuickAddOverlay component for quick-entry window 2026-04-01 21:38:38 +00:00
kolaente d72a3a8c0d feat(frontend): add useQuickAddMode composable for quick-add detection 2026-04-01 21:38:38 +00:00
kolaente af7eaa9aea
fix(desktop): use stored URL instead of window.API_URL in template
window is not accessible as a global in Vue templates, causing
"Cannot read properties of undefined (reading 'API_URL')" when
clicking sign in on the desktop app.
2026-04-01 20:53:29 +02:00
renovate[bot] 59ebfa3b2c chore(deps): update dependency caniuse-lite to v1.0.30001784 2026-04-01 09:17:36 +00:00
Frederick [Bot] 88c8d7a73d chore(i18n): update translations via Crowdin 2026-04-01 01:44:10 +00:00
kolaente cdd46c0d6c fix: add proper autocomplete and name attributes to email update form
Adds name="email" to the email field and fixes the password field's
autocomplete from the invalid "password" to "current-password", also
adding name="current-password". This helps password managers correctly
identify the form as a settings change rather than a login form,
preventing them from autofilling the username into the email field.

Closes go-vikunja/vikunja#2512
2026-03-31 21:57:12 +00:00
renovate[bot] 020aa899f8 chore(deps): update dependency browserslist to v4.28.2 2026-03-31 21:21:12 +00:00
renovate[bot] 167380a01e chore(deps): update dependency @typescript-eslint/parser to v8.58.0 2026-03-30 20:13:08 +00:00
kolaente 495f34f60e feat: show close-tab message after OAuth redirect
Show a "You can close this tab now" message after the OAuth
authorize page redirects to the desktop app, instead of leaving
a stale "Authenticating..." message in the browser tab.
2026-03-30 20:12:25 +00:00
kolaente a12002de6d feat: add server selection UI for desktop OAuth login
Add a server selection screen matching the mobile app UX with
Vikunja Cloud, Try the Demo, and Custom Server URL options.
Extract all desktop login logic into a dedicated DesktopLogin
component. Use the existing ApiConfig component for custom server
URL input. Skip loading server config on startup to avoid showing
motd/demo popups on the login screen.
2026-03-30 20:12:25 +00:00
kolaente dd7532a57a feat: add OAuth PKCE authentication flow to desktop app
Add a complete OAuth 2.0 PKCE flow for the Electron desktop app:

- Implement PKCE code generation and token exchange in Electron
- Register custom protocol handler (vikunja-desktop://) for deep links
- Handle deep link race conditions (buffered URLs, process.argv fallback)
- Prevent duplicate IPC listener accumulation on re-mount
- Preserve sub-paths in OAuth authorize URL for non-root deployments
- Add token refresh support using Electron's net module
2026-03-30 20:12:25 +00:00
renovate[bot] 1a3a18e42b chore(deps): update dependency @typescript-eslint/eslint-plugin to v8.58.0 2026-03-30 19:12:16 +00:00
kolaente c2cfcb4684 feat: add API token hint to CalDAV settings page 2026-03-30 12:09:53 +00:00
renovate[bot] 1c0513de10 chore(deps): update dev-dependencies 2026-03-30 10:24:04 +00:00
Frederick [Bot] fb8c937d77 chore(i18n): update translations via Crowdin 2026-03-29 01:25:40 +00:00
dependabot[bot] 21a450b21f chore(deps): bump serialize-javascript from 7.0.3 to 7.0.5 in /frontend
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.5)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version: 7.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-28 23:35:34 +00:00
Frederick [Bot] ffb291c966 chore(i18n): update translations via Crowdin 2026-03-28 01:16:36 +00:00
renovate[bot] 8d958aef62 chore(deps): update dev-dependencies 2026-03-27 23:06:28 +00:00
kolaente 649043aceb test: add tests for OAuth 2.0 authorization flow
Add web tests covering the authorize endpoint, token exchange, PKCE
verification, single-use codes, and refresh token rotation. Add unit
tests for redirect URI validation and PKCE. Add E2E test for the full
browser-based authorization code flow with login redirect.

Extract setupApiUrl helper for E2E tests to avoid duplication.
2026-03-27 23:05:04 +00:00
kolaente 0471f8a729 feat: add frontend OAuth authorize route and component
Add /oauth/authorize frontend route with OAuthAuthorize.vue that
handles the OAuth authorization flow: validates required query params,
calls the API to generate an authorization code, and redirects to the
callback URI. Authentication is handled by the standard router guard.
2026-03-27 23:05:04 +00:00
Frederick [Bot] a2e19f8d38 chore(i18n): update translations via Crowdin 2026-03-27 01:22:35 +00:00
renovate[bot] 9d8c6a0a72 chore(deps): update dev-dependencies 2026-03-26 09:02:42 +00:00
Miikka Kulmala b89b402bc2
feat: improve wording and UX around CalDAV tokens (#2476) 2026-03-26 10:02:04 +01:00
Frederick [Bot] 39238333dd chore(i18n): update translations via Crowdin 2026-03-26 01:22:26 +00:00
kolaente 98ac119f44
fix(deps): update yaml to fix stack overflow vulnerability
Updates yaml from 2.5.0 to 2.8.3 in the frontend workspace to
address stack overflow via deeply nested YAML collections.
2026-03-25 23:33:56 +01:00
kolaente d60e2f6685
fix(deps): update picomatch to fix ReDoS and method injection vulnerabilities
Updates picomatch to 2.3.2 and 4.0.4 in the frontend workspace to
address CVE for ReDoS via extglob quantifiers and method injection
in POSIX character classes.
2026-03-25 23:31:28 +01:00
kolaente 44d01a0f82 refactor: rename parseTaskText module to quickAddMagic
Rename the frontend parsing module from `parseTaskText` to `quickAddMagic`
for clarity. The module handles much more than text parsing — it's the
core of the quick add magic feature. This rename makes its purpose
immediately obvious and aligns with how the feature is referenced
throughout the UI and documentation.

No logic changes — only directory/file renames and import updates.
2026-03-25 09:38:41 +00:00
kolaente dca041459f feat: show info when saved homepage filter is ignored for label browsing 2026-03-24 21:55:26 +00:00
kolaente fd4f7accc3 fix: ignore saved homepage filter when browsing by label 2026-03-24 21:55:26 +00:00
kolaente 7208c11556 feat: add translation for saved filter ignored message 2026-03-24 21:55:26 +00:00
kolaente 6d2bf1f084 fix: resolve TDZ error on password update settings page
Move the watchEffect call after the validate function declaration
to fix "Cannot access 'c' before initialization" error that occurred
when visiting the password update page with validateInitially=true.

Fixes #2463
2026-03-24 15:17:32 +00:00
renovate[bot] 4b16d72e28 chore(deps): update dev-dependencies 2026-03-24 15:14:31 +00:00
Frederick [Bot] 74ecc6fffd chore(i18n): update translations via Crowdin 2026-03-24 01:11:44 +00:00
kolaente 772316b47f
chore: v2.2.2 release preparations 2026-03-23 21:49:15 +01:00
kolaente 74d1bddb3a fix: hide link sharing section in UI for non-admin users 2026-03-23 20:39:31 +00:00
kolaente 6d5d3e051f
chore: v2.2.1 release preparations 2026-03-23 19:50:19 +01:00
renovate[bot] 2c1104ca86 chore(deps): update dev-dependencies to v8.57.2 2026-03-23 18:30:13 +00:00
kolaente 07b9742d98 fix: skip quick add magic parsing when text is wrapped in quotes
Closes go-vikunja/vikunja#2392
2026-03-23 17:34:56 +00:00
kolaente 8538b4c885 test: add failing tests for quote-escaped task text parsing 2026-03-23 17:34:56 +00:00
renovate[bot] 36bd716e04 chore(deps): update dev-dependencies 2026-03-23 16:33:59 +00:00
MidoriKurage 4dd18e379e fix(frontend): origUrlToCheck references the same object as urlToCheck
When later `urlToCheck` is restored in catch blocks, `origUrlToCheck`
will already be mutated.

Fixed by storing the original pathname as a string copy instead of
keeping a reference to the same URL object.
2026-03-23 15:43:23 +00:00
kolaente 1d45b385a5
fix(deps): update flatted to 3.4.2 to fix prototype pollution vulnerability 2026-03-23 12:53:13 +01:00
renovate[bot] 8bf450b98f chore(deps): update dependency caniuse-lite to v1.0.30001781 2026-03-23 10:28:55 +00:00
Frederick [Bot] 1ebe913181 chore(i18n): update translations via Crowdin 2026-03-23 01:19:01 +00:00
Claude cb81cf1aa8 refactor: reorganize quick add magic into focused modules
Split the monolithic parseTaskText.ts into a parseTaskText/ directory with
separate files for types, prefixes, prefix parsing, priority parsing, repeat
parsing, date parsing, and text cleanup. Moved parseDate.ts from helpers/time/
into the module since it's only consumed by the task text parser. Barrel export
in index.ts maintains backward compatibility — no consumer import changes needed.

https://claude.ai/code/session_01Aeo1ZunQUGKbWx2watMFdW
2026-03-22 20:47:10 +00:00
MidoriKurage c760a9bf72 fix(caldav): Replace href with pathname from parseURL for api base
`parseURL` only return `href` for special protocols. CalDAV api base
will always be root path. Use `pathname` which will not be undefined.
2026-03-22 14:30:38 +00:00
Claude 0085772b63 fix: include kanban bucket move permission in tasks preset
The kanban task move endpoint (POST /projects/:project/views/:view/
buckets/:bucket/tasks) is registered under the projects group as
views_buckets_tasks. Without this permission, the tasks preset cannot
move tasks between kanban buckets.

https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
Claude 652eb9bba3 fix: remove small class from preset label
https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
Claude 68097cf700 feat: add quick presets for API token permission selection
Add preset buttons (Read Only, Task Management, Project Management, Full
Access) to the API token creation form so users don't have to manually
select every individual permission.

https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
renovate[bot] 79f807f4c2 chore(deps): update dependency rollup to v4.60.0 2026-03-22 14:23:41 +00:00
Frederick [Bot] 1b246a0ff7 chore(i18n): update translations via Crowdin 2026-03-21 01:09:32 +00:00
kolaente b365be1881
chore: v2.2.0 release preparations 2026-03-20 13:40:18 +01:00
kolaente c81b0eb463 fix(attachments): sync kanban store and task ref on attachment changes
When attachments are uploaded (either via file picker or pasting into
the description editor), update both the local task ref and the kanban
store so that the attachment list and kanban card icons stay in sync.
2026-03-20 10:38:47 +01:00
kolaente ade91c92db refactor(attachments): remove global attachment store
The attachment store was a global singleton shared between concurrent
TaskDetailView instances, causing a race condition when navigating
between tasks via related tasks from the Kanban view. Attachments
now live on the task ref like every other task field.
2026-03-20 10:38:47 +01:00
kolaente 2675bcb56c refactor(attachments): use local state instead of global attachment store
TaskDetailView now computes hasAttachments from the task ref and
handles the update:attachments emit from the Attachments component.
2026-03-20 10:38:47 +01:00
kolaente eaec206301 refactor(attachments): return uploaded attachments instead of writing to store
uploadFiles now returns the array of uploaded IAttachment objects
so callers can handle state updates themselves.
2026-03-20 10:38:47 +01:00
kolaente 5dbc906d47 refactor(attachments): read from task prop instead of global store
The Attachments component now reads attachments from its task prop
and emits update:attachments events instead of using the global
attachment store singleton.
2026-03-20 10:38:47 +01:00
renovate[bot] 9c3fa8e91b chore(deps): update dependency stylelint to v17.5.0 2026-03-20 10:17:24 +01:00
Frederick [Bot] de1d5d1241 chore(i18n): update translations via Crowdin 2026-03-20 01:14:18 +00:00
kolaente 3bc0093686 fix: invalidate all sessions when enabling TOTP
When a user enables two factor authentication, all existing sessions are
now invalidated, requiring re-authentication. This prevents pre-existing
sessions from bypassing 2FA. The frontend now shows a notice explaining
the logout before the user confirms, and properly logs out after enabling.

Ref: GHSA-pgc7-cmvg-mvp4
2026-03-19 12:27:44 +01:00
Weijie Zhao 7b6b432301
fix: collapse view buttons into dropdown when overflowing (#2306) 2026-03-19 00:09:29 +01:00
renovate[bot] aed93b9389 chore(deps): update dev-dependencies to v4.2.2 2026-03-18 17:57:57 +01:00
kolaente 50eb68fb2b fix(menu): show all project menu items in sidebar dropdown
The `simple` prop was introduced to hide some menu items (Views, Set
Background, Archive) in the sidebar to prevent overflow. Since the
Dropdown component now uses @floating-ui/dom with autoPlacement and
shift middleware, overflow is handled automatically, making the prop
unnecessary.
2026-03-17 19:19:36 +01:00
renovate[bot] 650ceabd3c chore(deps): update dependency vue-tsc to v3.2.6 2026-03-17 19:01:11 +01:00
renovate[bot] 176588bf1d chore(deps): update dev-dependencies 2026-03-17 10:12:15 +01:00
kolaente e20af6df40 fix(deps): override flatted to 3.4.1 to fix unbounded recursion DoS
Adds pnpm override for flatted to resolve GHSA-25h7-pfq9-p65f.
2026-03-17 09:52:49 +01:00
renovate[bot] 88a011aadc chore(deps): update dependency caniuse-lite to v1.0.30001779 2026-03-16 08:59:31 +01:00
renovate[bot] 9bcdbb6433
chore(deps): update dev-dependencies (#2395)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@vitejs/plugin-vue](https://redirect.github.com/vitejs/vite-plugin-vue/tree/main/packages/plugin-vue#readme)
([source](https://redirect.github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue))
| [`6.0.4` →
`6.0.5`](https://renovatebot.com/diffs/npm/@vitejs%2fplugin-vue/6.0.4/6.0.5)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@vitejs%2fplugin-vue/6.0.5?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitejs%2fplugin-vue/6.0.4/6.0.5?slim=true)
|
| [caniuse-lite](https://redirect.github.com/browserslist/caniuse-lite)
| [`1.0.30001777` →
`1.0.30001778`](https://renovatebot.com/diffs/npm/caniuse-lite/1.0.30001777/1.0.30001778)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/caniuse-lite/1.0.30001778?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/caniuse-lite/1.0.30001777/1.0.30001778?slim=true)
|
| [electron](https://redirect.github.com/electron/electron) | [`40.8.0`
→ `40.8.2`](https://renovatebot.com/diffs/npm/electron/40.8.0/40.8.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/electron/40.8.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/40.8.0/40.8.2?slim=true)
|
| [esbuild](https://redirect.github.com/evanw/esbuild) | [`0.27.3` →
`0.27.4`](https://renovatebot.com/diffs/npm/esbuild/0.27.3/0.27.4) |
![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.27.4?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.27.3/0.27.4?slim=true)
|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`20.8.3` →
`20.8.4`](https://renovatebot.com/diffs/npm/happy-dom/20.8.3/20.8.4) |
![age](https://developer.mend.io/api/mc/badges/age/npm/happy-dom/20.8.4?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/happy-dom/20.8.3/20.8.4?slim=true)
|
| [vite-plugin-vue-devtools](https://redirect.github.com/vuejs/devtools)
([source](https://redirect.github.com/vuejs/devtools/tree/HEAD/packages/vite))
| [`8.0.7` →
`8.1.0`](https://renovatebot.com/diffs/npm/vite-plugin-vue-devtools/8.0.7/8.1.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-vue-devtools/8.1.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-vue-devtools/8.0.7/8.1.0?slim=true)
|
| [vitest](https://vitest.dev)
([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest))
| [`4.0.18` →
`4.1.0`](https://renovatebot.com/diffs/npm/vitest/4.0.18/4.1.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/vitest/4.1.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest/4.0.18/4.1.0?slim=true)
|

---

### Release Notes

<details>
<summary>vitejs/vite-plugin-vue (@&#8203;vitejs/plugin-vue)</summary>

###
[`v6.0.5`](https://redirect.github.com/vitejs/vite-plugin-vue/blob/HEAD/packages/plugin-vue/CHANGELOG.md#small-605-2026-03-12-small)

##### Miscellaneous Chores

- remove Vite 8 beta from supported range
([#&#8203;746](https://redirect.github.com/vitejs/vite-plugin-vue/issues/746))
([b3f23e4](b3f23e4d08))

</details>

<details>
<summary>browserslist/caniuse-lite (caniuse-lite)</summary>

###
[`v1.0.30001778`](https://redirect.github.com/browserslist/caniuse-lite/compare/1.0.30001777...1.0.30001778)

[Compare
Source](https://redirect.github.com/browserslist/caniuse-lite/compare/1.0.30001777...1.0.30001778)

</details>

<details>
<summary>electron/electron (electron)</summary>

###
[`v40.8.2`](https://redirect.github.com/electron/electron/releases/tag/v40.8.2):
electron v40.8.2

[Compare
Source](https://redirect.github.com/electron/electron/compare/v40.8.1...v40.8.2)

### Release Notes for v40.8.2

#### Other Changes

- Backported fix for b/491421267.
[#&#8203;50229](https://redirect.github.com/electron/electron/pull/50229)
- Fixed an issue where running app icons were not correctly retrieved on
macOS Tahoe.
[#&#8203;50188](https://redirect.github.com/electron/electron/pull/50188)

###
[`v40.8.1`](https://redirect.github.com/electron/electron/releases/tag/v40.8.1):
electron v40.8.1

[Compare
Source](https://redirect.github.com/electron/electron/compare/v40.8.0...v40.8.1)

### Release Notes for v40.8.1

#### Fixes

- Added validation to protocol client methods to reject protocol names
that do not conform to the RFC 3986 URI scheme grammar.
[#&#8203;50158](https://redirect.github.com/electron/electron/pull/50158)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50157),
[39](https://redirect.github.com/electron/electron/pull/50156),
[41](https://redirect.github.com/electron/electron/pull/50155))</sup>
- Fixed an issue on macOS where calling `autoUpdater.quitAndInstall()`
could fail if `checkForUpdates()` was called again after an update was
already downloaded.
[#&#8203;50216](https://redirect.github.com/electron/electron/pull/50216)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50215),
[41](https://redirect.github.com/electron/electron/pull/50217))</sup>
- Fixed an issue where Chrome Devtools menus may not appear in certain
embedded windows.
[#&#8203;50138](https://redirect.github.com/electron/electron/pull/50138)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50136),
[41](https://redirect.github.com/electron/electron/pull/50137))</sup>
- Fixed an issue where `additionalData` passed to
`app.requestSingleInstanceLock` on Windows could be truncated or fail to
deserialize in the primary instance's `second-instance` event.
[#&#8203;50162](https://redirect.github.com/electron/electron/pull/50162)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50177),
[39](https://redirect.github.com/electron/electron/pull/50174),
[41](https://redirect.github.com/electron/electron/pull/50154))</sup>
- Fixed an issue where `screen.getCursorScreenPoint()` crashed on
Wayland when it was called before a `BrowserWindow` had been created.
[#&#8203;50104](https://redirect.github.com/electron/electron/pull/50104)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50106),
[41](https://redirect.github.com/electron/electron/pull/50105))</sup>
- Fixed an issue where calling `setBounds` on a `WebContentsView` could
trigger redundant `page-favicon-updated` events even when the favicon
had not changed.
[#&#8203;50084](https://redirect.github.com/electron/electron/pull/50084)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50086),
[41](https://redirect.github.com/electron/electron/pull/50085))</sup>
- Fixed an issue where invalid characters in custom protocol or
webRequest response header values were not rejected.
[#&#8203;50131](https://redirect.github.com/electron/electron/pull/50131)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50130),
[39](https://redirect.github.com/electron/electron/pull/50129),
[41](https://redirect.github.com/electron/electron/pull/50132))</sup>
- Fixed an issue where permission and device-chooser handlers received
the top-level page origin instead of the requesting subframe's origin.
[#&#8203;50149](https://redirect.github.com/electron/electron/pull/50149)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50151),
[39](https://redirect.github.com/electron/electron/pull/50147),
[41](https://redirect.github.com/electron/electron/pull/50148))</sup>
- Fixed an issue where traffic light buttons would flash at position
(0,0) when restoring a window with a custom `trafficLightPosition` from
minimization on macOS.
[#&#8203;50207](https://redirect.github.com/electron/electron/pull/50207)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50208),
[41](https://redirect.github.com/electron/electron/pull/50209))</sup>
- Fixed bug where opening a message box immediately upon closing a child
window may cause the parent window to freeze on Windows.
[#&#8203;50189](https://redirect.github.com/electron/electron/pull/50189)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50190),
[41](https://redirect.github.com/electron/electron/pull/50191))</sup>
- Reverted AltGr key fix that caused menu bar to no longer show on
Windows.
[#&#8203;50110](https://redirect.github.com/electron/electron/pull/50110)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50109),
[41](https://redirect.github.com/electron/electron/pull/50111))</sup>

#### Other Changes

- Backported fix for chromium:485622239.
[#&#8203;50168](https://redirect.github.com/electron/electron/pull/50168)

</details>

<details>
<summary>evanw/esbuild (esbuild)</summary>

###
[`v0.27.4`](https://redirect.github.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0274)

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.3...v0.27.4)

- Fix a regression with CSS media queries
([#&#8203;4395](https://redirect.github.com/evanw/esbuild/issues/4395),
[#&#8203;4405](https://redirect.github.com/evanw/esbuild/issues/4405),
[#&#8203;4406](https://redirect.github.com/evanw/esbuild/issues/4406))

Version 0.25.11 of esbuild introduced support for parsing media queries.
This unintentionally introduced a regression with printing media queries
that use the `<media-type> and <media-condition-without-or>` grammar.
Specifically, esbuild was failing to wrap an `or` clause with
parentheses when inside `<media-condition-without-or>`. This release
fixes the regression.

  Here is an example:

  ```css
  /* Original code */
@&#8203;media only screen and ((min-width: 10px) or (min-height: 10px))
{
    a { color: red }
  }

  /* Old output (incorrect) */
@&#8203;media only screen and (min-width: 10px) or (min-height: 10px) {
    a {
      color: red;
    }
  }

  /* New output (correct) */
@&#8203;media only screen and ((min-width: 10px) or (min-height: 10px))
{
    a {
      color: red;
    }
  }
  ```

- Fix an edge case with the `inject` feature
([#&#8203;4407](https://redirect.github.com/evanw/esbuild/issues/4407))

This release fixes an edge case where esbuild's `inject` feature could
not be used with arbitrary module namespace names exported using an
`export {} from` statement with bundling disabled and a target
environment where arbitrary module namespace names is unsupported.

  With the fix, the following `inject` file:

  ```js
  import jquery from 'jquery';
  export { jquery as 'window.jQuery' };
  ```

Can now always be rewritten as this without esbuild sometimes
incorrectly generating an error:

  ```js
  export { default as 'window.jQuery' } from 'jquery';
  ```

- Attempt to improve API handling of huge metafiles
([#&#8203;4329](https://redirect.github.com/evanw/esbuild/issues/4329),
[#&#8203;4415](https://redirect.github.com/evanw/esbuild/issues/4415))

This release contains a few changes that attempt to improve the behavior
of esbuild's JavaScript API with huge metafiles (esbuild's name for the
build metadata, formatted as a JSON object). The JavaScript API is
designed to return the metafile JSON as a JavaScript object in memory,
which makes it easy to access from within a JavaScript-based plugin.
Multiple people have encountered issues where this API breaks down with
a pathologically-large metafile.

The primary issue is that V8 has an implementation-specific maximum
string length, so using the `JSON.parse` API with large enough strings
is impossible. This release will now attempt to use a fallback
JavaScript-based JSON parser that operates directly on the UTF8-encoded
JSON bytes instead of using `JSON.parse` when the JSON metafile is too
big to fit in a JavaScript string. The new fallback path has not yet
been heavily-tested. The metafile will also now be generated with
whitespace removed if the bundle is significantly large, which will
reduce the size of the metafile JSON slightly.

However, hitting this case is potentially a sign that something else is
wrong. Ideally you wouldn't be building something so enormous that the
build metadata can't even fit inside a JavaScript string. You may want
to consider optimizing your project, or breaking up your project into
multiple parts that are built independently. Another option could
potentially be to use esbuild's command-line API instead of its
JavaScript API, which is more efficient (although of course then you
can't use JavaScript plugins, so it may not be an option).

</details>

<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>

###
[`v20.8.4`](https://redirect.github.com/capricorn86/happy-dom/compare/v20.8.3...82a0888cb2c87a6123e05424b528f8e8c9b3e426)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.8.3...v20.8.4)

</details>

<details>
<summary>vuejs/devtools (vite-plugin-vue-devtools)</summary>

###
[`v8.1.0`](https://redirect.github.com/vuejs/devtools/releases/tag/v8.1.0)

[Compare
Source](https://redirect.github.com/vuejs/devtools/compare/v8.0.7...v8.1.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/vuejs/devtools/compare/v8.0.8...v8.1.0)

</details>

<details>
<summary>vitest-dev/vitest (vitest)</summary>

###
[`v4.1.0`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v4.1.0)

[Compare
Source](https://redirect.github.com/vitest-dev/vitest/compare/v4.0.18...v4.1.0)

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1
beta. To get a review of all the new features, read our [blog
post](https://vitest.dev/blog/vitest-4).

#####    🚀 Features

- Return a disposable from doMock()  -  by
[@&#8203;kirkwaiblinger](https://redirect.github.com/kirkwaiblinger) in
[#&#8203;9332](https://redirect.github.com/vitest-dev/vitest/issues/9332)
[<samp>(e3e65)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e3e659a96)
- Added chai style assertions  -  by
[@&#8203;ronnakamoto](https://redirect.github.com/ronnakamoto) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;8842](https://redirect.github.com/vitest-dev/vitest/issues/8842)
[<samp>(841df)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/841df9ac5)
- Update to sinon/fake-timers v15 and add `setTickMode` to timer
controls  -  by [@&#8203;atscott](https://redirect.github.com/atscott)
and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;8726](https://redirect.github.com/vitest-dev/vitest/issues/8726)
[<samp>(4b480)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4b480aaed)
- Expose matcher types  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9448](https://redirect.github.com/vitest-dev/vitest/issues/9448)
[<samp>(3e4b9)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3e4b913b1)
- Add `toTestSpecification` to reported tasks  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9464](https://redirect.github.com/vitest-dev/vitest/issues/9464)
[<samp>(1a470)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1a4705da9)
- Show a warning if `vi.mock` or `vi.hoisted` are declared outside of
top level of the module  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9387](https://redirect.github.com/vitest-dev/vitest/issues/9387)
[<samp>(5db54)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/5db54a468)
- Track and display expectedly failed tests (.fails) in UI and CLI  - 
by [@&#8203;Copilot](https://redirect.github.com/Copilot),
**sheremet-va** and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9476](https://redirect.github.com/vitest-dev/vitest/issues/9476)
[<samp>(77d75)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/77d75fd34)
- Support tags  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9478](https://redirect.github.com/vitest-dev/vitest/issues/9478)
[<samp>(de7c8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/de7c8a521)
- Implement `aroundEach` and `aroundAll` hooks  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9450](https://redirect.github.com/vitest-dev/vitest/issues/9450)
[<samp>(2a8cb)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/2a8cb9dc2)
- Stabilize experimental features  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9529](https://redirect.github.com/vitest-dev/vitest/issues/9529)
[<samp>(b5fd2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b5fd2a16a)
- Accept `new` or `all` in `--update` flag  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9543](https://redirect.github.com/vitest-dev/vitest/issues/9543)
[<samp>(a5acf)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/a5acf28a5)
- Support `meta` in test options  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9535](https://redirect.github.com/vitest-dev/vitest/issues/9535)
[<samp>(7d622)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7d622e3d1)
- Support type inference with a new `test.extend` syntax  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9550](https://redirect.github.com/vitest-dev/vitest/issues/9550)
[<samp>(e5385)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e53854fcc)
- Support vite 8 beta, fix type issues in the config with different vite
versions  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9587](https://redirect.github.com/vitest-dev/vitest/issues/9587)
[<samp>(99028)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/990281dfd)
- Add assertion helper to hide internal stack traces  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9594](https://redirect.github.com/vitest-dev/vitest/issues/9594)
[<samp>(eeb0a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/eeb0ae2f8)
- Store failure screenshots using artifacts API  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9588](https://redirect.github.com/vitest-dev/vitest/issues/9588)
[<samp>(24603)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/24603e3c4)
- Allow `vitest list` to statically collect tests instead of running
files to collect them  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9630](https://redirect.github.com/vitest-dev/vitest/issues/9630)
[<samp>(7a8e7)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7a8e7fc20)
- Add `--detect-async-leaks`  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9528](https://redirect.github.com/vitest-dev/vitest/issues/9528)
[<samp>(c594d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c594d4af3)
- Implement `mockThrow` and `mockThrowOnce`  -  by
[@&#8203;thor-juhasz](https://redirect.github.com/thor-juhasz) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9512](https://redirect.github.com/vitest-dev/vitest/issues/9512)
[<samp>(61917)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/619179fb7)
- Support `update: "none"` and add docs about snapshots behavior on CI
 -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9700](https://redirect.github.com/vitest-dev/vitest/issues/9700)
[<samp>(05f18)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/05f1854e2)
- Support playwright `launchOptions` with `connectOptions`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9702](https://redirect.github.com/vitest-dev/vitest/issues/9702)
[<samp>(f0ff1)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f0ff1b2a0)
- Add `page/locator.mark` API to enhance playwright trace  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9652](https://redirect.github.com/vitest-dev/vitest/issues/9652)
[<samp>(d0ee5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d0ee546fe)
- **api**:
- Support tests starting or ending with `test` in
`experimental_parseSpecification`  -  by
[@&#8203;jgillick](https://redirect.github.com/jgillick) and **Jeremy
Gillick** in
[#&#8203;9235](https://redirect.github.com/vitest-dev/vitest/issues/9235)
[<samp>(2f367)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/2f367fad3)
- Add filters to `createSpecification`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9336](https://redirect.github.com/vitest-dev/vitest/issues/9336)
[<samp>(c8e6c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c8e6c7fbf)
- Expose `runTestFiles` as alternative to `runTestSpecifications`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9443](https://redirect.github.com/vitest-dev/vitest/issues/9443)
[<samp>(43d76)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/43d761821)
- Add `allowWrite` and `allowExec` options to `api`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9350](https://redirect.github.com/vitest-dev/vitest/issues/9350)
[<samp>(20e00)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/20e00ef78)
- Allow passing down test cases to `toTestSpecification`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9627](https://redirect.github.com/vitest-dev/vitest/issues/9627)
[<samp>(6f17d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/6f17d5ddf)
- **browser**:
- Add `userEvent.wheel` API  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9188](https://redirect.github.com/vitest-dev/vitest/issues/9188)
[<samp>(66080)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/660801979)
- Add `filterNode` option to prettyDOM for filtering browser assertion
error output  -  by
[@&#8203;Copilot](https://redirect.github.com/Copilot), **sheremet-va**
and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9475](https://redirect.github.com/vitest-dev/vitest/issues/9475)
[<samp>(d3220)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d3220fcd8)
- Support playwright persistent context  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **Claude Opus
4.6** and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va)
in
[#&#8203;9229](https://redirect.github.com/vitest-dev/vitest/issues/9229)
[<samp>(f865d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f865d2ba4)
- Added `detailsPanelPosition` option and button  -  by
[@&#8203;shairez](https://redirect.github.com/shairez) in
[#&#8203;9525](https://redirect.github.com/vitest-dev/vitest/issues/9525)
[<samp>(c8a31)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c8a31147c)
- Use BlazeDiff instead of pixelmatch  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9514](https://redirect.github.com/vitest-dev/vitest/issues/9514)
[<samp>(30936)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/309362089)
- Add `findElement` and enable strict mode in webdriverio and preview
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9677](https://redirect.github.com/vitest-dev/vitest/issues/9677)
[<samp>(c3f37)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c3f37721c)
- **cli**:
- Add [@&#8203;bomb](https://redirect.github.com/bomb).sh/tab
completions  -  by
[@&#8203;AmirSa12](https://redirect.github.com/AmirSa12) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;8639](https://redirect.github.com/vitest-dev/vitest/issues/8639)
[<samp>(200f3)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/200f31704)
- **coverage**:
- Support `ignore start/stop` ignore hints  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9204](https://redirect.github.com/vitest-dev/vitest/issues/9204)
[<samp>(e59c9)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e59c94ba6)
- Add `coverage.changed` option to report only changed files  -  by
[@&#8203;kykim00](https://redirect.github.com/kykim00) and
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9521](https://redirect.github.com/vitest-dev/vitest/issues/9521)
[<samp>(1d939)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1d9392c67)
- **experimental**:
- Add `onModuleRunner` hook to `worker.init`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9286](https://redirect.github.com/vitest-dev/vitest/issues/9286)
[<samp>(e977f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e977f3deb)
- Option to disable the module runner  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) and
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9210](https://redirect.github.com/vitest-dev/vitest/issues/9210)
[<samp>(9be61)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9be6121ee)
- Add `importDurations: { limit, print }` options  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **Claude Opus
4.6** and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va)
in
[#&#8203;9401](https://redirect.github.com/vitest-dev/vitest/issues/9401)
[<samp>(7e10f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7e10fb356)
- Add print and fail thresholds for `importDurations`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9533](https://redirect.github.com/vitest-dev/vitest/issues/9533)
[<samp>(3f7a5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3f7a5f8f8)
- **fixtures**:
- Pass down file context to `beforeAll`/`afterAll`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9572](https://redirect.github.com/vitest-dev/vitest/issues/9572)
[<samp>(c8339)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c83395f2c)
- **reporters**:
- Add `agent` reporter to reduce ai agent token usage  -  by
[@&#8203;cpojer](https://redirect.github.com/cpojer) in
[#&#8203;9779](https://redirect.github.com/vitest-dev/vitest/issues/9779)
[<samp>(3e9e0)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3e9e096a2)
- **runner**:
- Enhance `retry` options  -  by
[@&#8203;MazenSamehR](https://redirect.github.com/MazenSamehR), **Matan
Shavit**, [@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio)
and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9370](https://redirect.github.com/vitest-dev/vitest/issues/9370)
[<samp>(9e4cf)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9e4cfd295)
- **ui**:
- Allow run individual test/suites  -  by
[@&#8203;userquin](https://redirect.github.com/userquin) in
[#&#8203;9465](https://redirect.github.com/vitest-dev/vitest/issues/9465)
[<samp>(73b10)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/73b10f1b9)
- Add project filter/sort support  -  by
[@&#8203;userquin](https://redirect.github.com/userquin) in
[#&#8203;8689](https://redirect.github.com/vitest-dev/vitest/issues/8689)
[<samp>(0c7ea)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0c7eaac16)
- Add duration sorting to explorer  -  by
[@&#8203;julianhahn](https://redirect.github.com/julianhahn) and
[@&#8203;cursoragent](https://redirect.github.com/cursoragent) in
[#&#8203;9603](https://redirect.github.com/vitest-dev/vitest/issues/9603)
[<samp>(209b1)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/209b1b0e1)
- Implement filter for slow tests  -  by
[@&#8203;DerYeger](https://redirect.github.com/DerYeger) and
[@&#8203;userquin](https://redirect.github.com/userquin) in
[#&#8203;9705](https://redirect.github.com/vitest-dev/vitest/issues/9705)
[<samp>(8880c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/8880c907a)
- **vitest**:
- Add run summary in GitHub Actions Reporter  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) and **jhnance**
in
[#&#8203;9579](https://redirect.github.com/vitest-dev/vitest/issues/9579)
[<samp>(96bfc)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/96bfc8345)

#####    🐞 Bug Fixes

- Deprecate several vitest/\* entry points  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9347](https://redirect.github.com/vitest-dev/vitest/issues/9347)
[<samp>(fd459)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/fd45928be)
- Use `meta.url` in `createRequire`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9441](https://redirect.github.com/vitest-dev/vitest/issues/9441)
[<samp>(e3422)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e34225563)
- Preact browser mode init example of render function not async  -  by
[@&#8203;WuMingDao](https://redirect.github.com/WuMingDao) in
[#&#8203;9375](https://redirect.github.com/vitest-dev/vitest/issues/9375)
[<samp>(2bea5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/2bea549c7)
- Deprecate unused types in matcher context  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9449](https://redirect.github.com/vitest-dev/vitest/issues/9449)
[<samp>(20f87)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/20f8753a2)
- Handle `external/noExternal` during `configEnvironment` hook  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9508](https://redirect.github.com/vitest-dev/vitest/issues/9508)
[<samp>(59ea2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/59ea27c1c)
- Replace default ssr environment runner with Vitest server module
runner  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
and **Claude Opus 4.6** in
[#&#8203;9506](https://redirect.github.com/vitest-dev/vitest/issues/9506)
[<samp>(cd5db)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/cd5db660c)
- Propagate experimental CLI options to child projects  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9531](https://redirect.github.com/vitest-dev/vitest/issues/9531)
[<samp>(b624f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b624fae53)
- Show a warning when `browser.isolate` is used  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9410](https://redirect.github.com/vitest-dev/vitest/issues/9410)
[<samp>(3d48e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3d48ebcb9)
- Fix `vi.mock({ spy: true })` node v8 coverage  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **hi-ogawa**
and **Claude Opus 4.6** in
[#&#8203;9541](https://redirect.github.com/vitest-dev/vitest/issues/9541)
[<samp>(687b6)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/687b633c1)
- Don't show internal ssr handler in errors  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9547](https://redirect.github.com/vitest-dev/vitest/issues/9547)
[<samp>(76c43)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/76c4397b5)
- Close vitest if it failed to start  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9573](https://redirect.github.com/vitest-dev/vitest/issues/9573)
[<samp>(728ba)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/728ba617f)
- Fix ssr environment runner in project  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9584](https://redirect.github.com/vitest-dev/vitest/issues/9584)
[<samp>(09006)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/090064f97)
- Trim trailing white spaces in code block  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9591](https://redirect.github.com/vitest-dev/vitest/issues/9591)
[<samp>(f78be)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f78bea992)
- Support inline snapshot inside test.for/each  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9590](https://redirect.github.com/vitest-dev/vitest/issues/9590)
[<samp>(615fd)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/615fd521e)
- Apply source maps for external module stack trace  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9152](https://redirect.github.com/vitest-dev/vitest/issues/9152)
[<samp>(79e20)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/79e20d5a3)
- Remove the `.name` from statically collected test  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9596](https://redirect.github.com/vitest-dev/vitest/issues/9596)
[<samp>(b66ff)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b66ff691a)
- Don't suppress warnings on pnp  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9602](https://redirect.github.com/vitest-dev/vitest/issues/9602)
[<samp>(89cbd)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/89cbdaea3)
- Support snapshot with `expect.soft`  -  by
[@&#8203;iumehara](https://redirect.github.com/iumehara),
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9231](https://redirect.github.com/vitest-dev/vitest/issues/9231)
[<samp>(3eb2c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3eb2cd541)
- Log seed when only `sequence.shuffle.tests` is enabled  -  by
[@&#8203;kaigritun](https://redirect.github.com/kaigritun), **Kai
Gritun** and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9576](https://redirect.github.com/vitest-dev/vitest/issues/9576)
[<samp>(8182b)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/8182b77ad)
- Externalize `expect/src/utils` from `vitest`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9616](https://redirect.github.com/vitest-dev/vitest/issues/9616)
[<samp>(48739)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/487398422)
- Ignore test.override during static collection  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9620](https://redirect.github.com/vitest-dev/vitest/issues/9620)
[<samp>(09174)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0917470ce)
- Increase stacktrace limit for `--detect-async-leaks`  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9638](https://redirect.github.com/vitest-dev/vitest/issues/9638)
[<samp>(9fd4c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9fd4ce533)
- Hanging-reporter link in cli  -  by
[@&#8203;flx-sta](https://redirect.github.com/flx-sta) in
[#&#8203;9649](https://redirect.github.com/vitest-dev/vitest/issues/9649)
[<samp>(7c103)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7c103055c)
- Fix teardown timeout of `aroundEach/All` when inner `aroundEach/All`
throws  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
in
[#&#8203;9657](https://redirect.github.com/vitest-dev/vitest/issues/9657)
[<samp>(4ec6c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4ec6cb305)
- Fix ui mode / html reporter and coverage integration  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9626](https://redirect.github.com/vitest-dev/vitest/issues/9626)
[<samp>(86fad)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/86fad4b42)
- Don't continue when `aroundEach/All` setup timed out  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9670](https://redirect.github.com/vitest-dev/vitest/issues/9670)
[<samp>(bb013)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/bb013d54b)
- Align `VitestRunnerConfig` optional fields with `SerializedConfig`  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9661](https://redirect.github.com/vitest-dev/vitest/issues/9661)
[<samp>(79520)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/79520d82d)
- Handle Symbol values in format utility  -  by
[@&#8203;nami8824](https://redirect.github.com/nami8824) in
[#&#8203;9658](https://redirect.github.com/vitest-dev/vitest/issues/9658)
[<samp>(0583f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0583f067e)
- Deprecate `toBe*` spy assertions in favor of `toHaveBeen*` (and
`toThrowError`)  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9665](https://redirect.github.com/vitest-dev/vitest/issues/9665)
[<samp>(4d390)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4d390dfe9)
- Don't propagate nested `aroundEach/All` errors but aggregate them on
runner  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
in
[#&#8203;9673](https://redirect.github.com/vitest-dev/vitest/issues/9673)
[<samp>(b6365)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b63653f5a)
- Show a better error if there is a pending dynamic import  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9676](https://redirect.github.com/vitest-dev/vitest/issues/9676)
[<samp>(7ef5c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7ef5cf4b7)
- Preserve stack trace of `resolves/rejects` chained assertion error  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9679](https://redirect.github.com/vitest-dev/vitest/issues/9679)
[<samp>(c6151)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c61511d4a)
- Handle module-sync condition in vmThreads/vmForks require  -  by
[@&#8203;lesleh](https://redirect.github.com/lesleh) in
[#&#8203;9650](https://redirect.github.com/vitest-dev/vitest/issues/9650)
and
[#&#8203;9651](https://redirect.github.com/vitest-dev/vitest/issues/9651)
[<samp>(bb203)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/bb20389f4)
- Hooks should respect `maxConcurrency`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9653](https://redirect.github.com/vitest-dev/vitest/issues/9653)
[<samp>(16d13)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/16d13d981)
- Recursively autospy module object  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9687](https://redirect.github.com/vitest-dev/vitest/issues/9687)
[<samp>(695a8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/695a86b41)
- Remove trailing spaces from diff error log  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9680](https://redirect.github.com/vitest-dev/vitest/issues/9680)
[<samp>(395d1)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/395d1a29e)
- Respect project `resolve.conditions` for externals  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9717](https://redirect.github.com/vitest-dev/vitest/issues/9717)
[<samp>(1d498)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1d4987498)
- Use object for WeakMap instead of a symbol to support webcontainers
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9731](https://redirect.github.com/vitest-dev/vitest/issues/9731)
[<samp>(c5225)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c52259330)
- Fix re-mocking virtual module  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9748](https://redirect.github.com/vitest-dev/vitest/issues/9748)
[<samp>(3cbbb)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3cbbb17f1)
- Cancelling should stop current test immediately  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9729](https://redirect.github.com/vitest-dev/vitest/issues/9729)
[<samp>(0cb2f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0cb2f7239)
- Make `mockObject` change backwards compatible  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9744](https://redirect.github.com/vitest-dev/vitest/issues/9744)
[<samp>(84c69)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/84c69497f)
- Fix `URL.name` on jsdom  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9767](https://redirect.github.com/vitest-dev/vitest/issues/9767)
[<samp>(031f3)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/031f3a374)
- Save and restore module graph in blob reporter  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9740](https://redirect.github.com/vitest-dev/vitest/issues/9740)
[<samp>(84355)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/843554bf0)
- Don't silence reporter errors from test runtime events handler in
normal run and --merge-reports  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9727](https://redirect.github.com/vitest-dev/vitest/issues/9727)
[<samp>(4072d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4072d0132)
- Fix `vi.importActual()` for virtual modules  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9772](https://redirect.github.com/vitest-dev/vitest/issues/9772)
[<samp>(1e89e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1e89ec020)
- Throw `FixtureAccessError` if suite hook accesses undefined fixture
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9786](https://redirect.github.com/vitest-dev/vitest/issues/9786)
[<samp>(fc2ce)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/fc2cea2b7)
- Allow hyphens in project config file name pattern  -  by
[@&#8203;Koutaro-Hanabusa](https://redirect.github.com/Koutaro-Hanabusa)
and [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9760](https://redirect.github.com/vitest-dev/vitest/issues/9760)
[<samp>(33e96)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/33e96311a)
- Manual and redirect mock shouldn't `load` or `transform` original
module  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
and **Claude Opus 4.6** in
[#&#8203;9774](https://redirect.github.com/vitest-dev/vitest/issues/9774)
[<samp>(a8216)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/a8216b001)
- `hideSkippedTests` should not hide `test.todo`  -  by
[@&#8203;oilater](https://redirect.github.com/oilater) in
[#&#8203;9562](https://redirect.github.com/vitest-dev/vitest/issues/9562)
and
[#&#8203;9781](https://redirect.github.com/vitest-dev/vitest/issues/9781)
[<samp>(8181e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/8181e06e7)
- Allow catch/finally for async assertion  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9827](https://redirect.github.com/vitest-dev/vitest/issues/9827)
[<samp>(031f0)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/031f02a89)
- Resolve fixture overrides from test's suite in `beforeEach` hooks  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9826](https://redirect.github.com/vitest-dev/vitest/issues/9826)
[<samp>(99e52)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/99e52fe58)
- Use isAgent check, not just TTY, for watch mode  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9841](https://redirect.github.com/vitest-dev/vitest/issues/9841)
[<samp>(c3cac)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c3cac1c1b)
- Use `performance.now` to measure test timeout duration  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9795](https://redirect.github.com/vitest-dev/vitest/issues/9795)
[<samp>(f48a6)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f48a60114)
- Correctly identify concurrent test during static analysis  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9846](https://redirect.github.com/vitest-dev/vitest/issues/9846)
[<samp>(1de0a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1de0aa22d)
- **browser**:
- Avoid updating screenshots when `toMatchScreenshot` passes  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9289](https://redirect.github.com/vitest-dev/vitest/issues/9289)
[<samp>(46aab)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/46aabaa44)
- Hide injected data-testid attributes  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9503](https://redirect.github.com/vitest-dev/vitest/issues/9503)
[<samp>(c8d2c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c8d2c411c)
- Throw an error if iframe was reloaded  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9516](https://redirect.github.com/vitest-dev/vitest/issues/9516)
[<samp>(73a81)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/73a81f880)
- Encode projectName in browser client URL  -  by
[@&#8203;dkkim0122](https://redirect.github.com/dkkim0122) in
[#&#8203;9523](https://redirect.github.com/vitest-dev/vitest/issues/9523)
[<samp>(5b164)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/5b16483c3)
- Don't take failure screenshot if tests have artifacts created by
`toMatchScreenshot`  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9552](https://redirect.github.com/vitest-dev/vitest/issues/9552)
[<samp>(83ca0)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/83ca02547)
- Remove `--remote-debugging-address` from chrome args  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9712](https://redirect.github.com/vitest-dev/vitest/issues/9712)
[<samp>(f09bb)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f09bb5c32)
- Make sure userEvent actions support `ensureAwaited`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9732](https://redirect.github.com/vitest-dev/vitest/issues/9732)
[<samp>(97685)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9768517b8)
- Types of `getCDPSession` and `cdp()`  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9716](https://redirect.github.com/vitest-dev/vitest/issues/9716)
[<samp>(689a2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/689a22a1b)
- Skip esbuild.legalComments when using rolldown-vite  -  by
[@&#8203;Copilot](https://redirect.github.com/Copilot), **hi-ogawa** and
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9803](https://redirect.github.com/vitest-dev/vitest/issues/9803)
[<samp>(3505f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3505fa5a3)
- **chai**:
- Don't allow `deepEqual` in the config because it's not serializable
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9666](https://redirect.github.com/vitest-dev/vitest/issues/9666)
[<samp>(9ee99)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9ee999d73)
- **coverage**:
- Infer transform mode for uncovered files  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9435](https://redirect.github.com/vitest-dev/vitest/issues/9435)
[<samp>(f3967)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f396792d6)
- `thresholds.autoUpdate` to preserve ending whitespace  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9436](https://redirect.github.com/vitest-dev/vitest/issues/9436)
[<samp>(7e534)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7e534a0b6)
- **deps**:
- Update all non-major dependencies  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9192](https://redirect.github.com/vitest-dev/vitest/issues/9192)
[<samp>(90c30)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/90c302f3b)
- Update all non-major dependencies  -  in
[#&#8203;9485](https://redirect.github.com/vitest-dev/vitest/issues/9485)
[<samp>(c0118)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c01186022)
- Update all non-major dependencies  -  in
[#&#8203;9567](https://redirect.github.com/vitest-dev/vitest/issues/9567)
[<samp>(13c9e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/13c9e022b)
- **docs**:
- Fix old `/config/#option` hash links causing hydration errors  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **Claude Opus
4.6** and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va)
in
[#&#8203;9610](https://redirect.github.com/vitest-dev/vitest/issues/9610)
[<samp>(a603c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/a603c3a30)
- **expect**:
- `toMatchObject(Map/Set)` should expect `Map/Set` on left hand side  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9532](https://redirect.github.com/vitest-dev/vitest/issues/9532)
[<samp>(381da)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/381da4a9d)
- Fix objectContaining with proxy  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9554](https://redirect.github.com/vitest-dev/vitest/issues/9554)
[<samp>(7ce34)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7ce3417b1)
- Support arbitrary value equality for `toThrow` and make Error
detection robust  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9570](https://redirect.github.com/vitest-dev/vitest/issues/9570)
[<samp>(de215)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/de215c19c)
- **mock**:
- Inject helpers after hashbang if present  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9545](https://redirect.github.com/vitest-dev/vitest/issues/9545)
[<samp>(65432)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/65432a74b)
- **mocker**:
- Update vite's peer dependency range  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9808](https://redirect.github.com/vitest-dev/vitest/issues/9808)
[<samp>(36f9a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/36f9a81a2)
- **reporter**:
- `dot` reporter leaves pending tests  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9684](https://redirect.github.com/vitest-dev/vitest/issues/9684)
[<samp>(4d793)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4d7938a56)
- **runner**:
- Mark repeated tests as finished on last run  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9707](https://redirect.github.com/vitest-dev/vitest/issues/9707)
[<samp>(cc735)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/cc735970a)
- **spy**:
- Support deep partial in vi.mocked  -  by
[@&#8203;j2h30728](https://redirect.github.com/j2h30728) in
[#&#8203;8152](https://redirect.github.com/vitest-dev/vitest/issues/8152)
and
[#&#8203;9493](https://redirect.github.com/vitest-dev/vitest/issues/9493)
[<samp>(71cb5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/71cb51ffc)
- Fallback to object accessor if descriptor's value is `undefined`  - 
by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9511](https://redirect.github.com/vitest-dev/vitest/issues/9511)
[<samp>(6f181)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/6f18103fa)
- Throw correct errors when shorthand methods are used on a class  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9513](https://redirect.github.com/vitest-dev/vitest/issues/9513)
[<samp>(5d0fd)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/5d0fd3b62)
- **types**:
- `bench.reporters` no longer gives type errors when passing file name
string paths  -  by
[@&#8203;Bertie690](https://redirect.github.com/Bertie690) in
[#&#8203;9695](https://redirect.github.com/vitest-dev/vitest/issues/9695)
[<samp>(093c8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/093c8f6b5)
- **ui**:
- Process artifact attachments when generating HTML reporter  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9472](https://redirect.github.com/vitest-dev/vitest/issues/9472)
[<samp>(96eb9)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/96eb92826)
- Don't fail if --ui and --root are specified together  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9536](https://redirect.github.com/vitest-dev/vitest/issues/9536)
[<samp>(d9305)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d93055fc7)

#####    🏎 Performance

- **pretty-format**: Combine DOMElement plugins  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9581](https://redirect.github.com/vitest-dev/vitest/issues/9581)
[<samp>(da85a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/da85a3267)

#####     [View changes on
GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v4.0.17...v4.1.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3
* * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-14 22:49:09 +00:00
Tink 28cc9e0571
fix: prevent authenticated UI flash when server rejects JWT session (#2387) 2026-03-11 09:37:46 +01:00
renovate[bot] c57c884fd4 chore(deps): update dependency sass-embedded to v1.98.0 2026-03-11 08:53:39 +01:00
kolaente d196af0503 fix: remove debounce from color picker to prevent stale color on save
The color picker had a 500ms debounce before propagating the selected
color to the parent component. Since all usages save via an explicit
button click (not automatically), the debounce only caused a race
condition where the model value could be stale when the user clicked
Save within 500ms of picking a color.

Closes go-vikunja/vikunja#2312
2026-03-10 23:26:24 +01:00
Frederick [Bot] 30fccfb058 chore(i18n): update translations via Crowdin 2026-03-10 01:08:39 +00:00
renovate[bot] 271da6a2ec chore(deps): update dev-dependencies to v8.57.0 2026-03-09 21:06:23 +01:00
kolaente 2e1648ef4c feat: add user-level webhooks settings page
Add a new settings page for managing user-level webhooks. Extract
webhook form into shared WebhookManager component used by both
project and user webhook settings. Add routing, translations,
and navigation entry.
2026-03-08 19:45:53 +01:00
renovate[bot] 52e47c732f chore(deps): update dependency eslint to v9.39.4 2026-03-08 12:09:25 +01:00
Frederick [Bot] bc583b2efb chore(i18n): update translations via Crowdin 2026-03-07 01:09:03 +00:00
renovate[bot] c49d8e129a chore(deps): update dev-dependencies 2026-03-06 10:02:55 +01:00
dependabot[bot] b85ad9c298 chore(deps): bump dompurify from 3.3.1 to 3.3.2 in /frontend
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.1...3.3.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-06 10:02:38 +01:00
renovate[bot] e5701fc0e3 chore(deps): update dev-dependencies 2026-03-06 08:47:55 +01:00
Frederick [Bot] 4b5b7e69cc chore(i18n): update translations via Crowdin 2026-03-06 01:17:05 +00:00
renovate[bot] 2dd4421fb5 chore(deps): update dependency vite-svg-loader to v5.1.1 2026-03-05 19:43:50 +01:00
Noah Neukam d7722d0193
fix(menu): prevent dropdown from closing when cursor crosses offset gap (#2367) 2026-03-05 12:50:04 +01:00
kolaente b5d8576c2a chore(deps): update svgo to 3.3.3 2026-03-05 11:05:32 +01:00
kolaente 5f0f3cc820 chore(deps): update immutable to 5.1.5 2026-03-05 11:05:32 +01:00
Frederick [Bot] 74aec78701 chore(i18n): update translations via Crowdin 2026-03-05 01:13:59 +00:00
kolaente 6c9407c58f feat: add duplicate button to task detail view 2026-03-04 17:20:26 +01:00
kolaente 2014d50b95 feat: add duplicateTask action to task store 2026-03-04 17:20:26 +01:00
kolaente 52bee379d4 feat: add task duplicate frontend model and service 2026-03-04 17:20:26 +01:00
renovate[bot] 3fad03d40f chore(deps): update dependency rollup-plugin-visualizer to v6.0.11 2026-03-04 11:03:35 +01:00
kolaente 79ac50b99b fix(test): update mobile kanban test to use close button instead of back button
The back button was removed from modal mode in the previous commit.
On mobile kanban, tasks open as modals, so the test now uses the
close button from the Heading component instead.
2026-03-03 16:04:37 +01:00
Claude 8a4f3a916f fix: remove duplicate close button on mobile task detail view
When viewing a task in modal mode on mobile, both a back button and a close button were displayed, causing confusion. The back button condition `!isModal || isMobile` meant it would show on mobile even in modal mode.

This fix changes the back button to only display when not in modal mode (`!isModal`), ensuring only the close button appears when viewing tasks in a modal on mobile devices.

Also removed the now-unused `isMobile` variable and its import.
2026-03-03 16:04:37 +01:00
Copilot c6f0d8babe
feat: surface API validation errors to registration form fields (#1902)
This PR surfaces API validation errors from the registration endpoint
directly onto the corresponding form fields, instead of only showing a
generic "invalid data" message. A new `parseValidationErrors` helper
extracts field names and messages from the API's `invalid_fields` array
(e.g. `["email: email is not a valid email address"]`) and maps them to
the appropriate form fields. The Register component integrates this
parser into its error handling, prioritizing client-side validation but
falling back to server-side field errors when present. Errors are
cleared as the user types.

A follow-up commit addressed PR review feedback: the `ValidationError`
interface is now exported from the parser module and reused in
`Register.vue` (eliminating a duplicate `ApiValidationError` interface),
the type guard was tightened to check specifically for `invalid_fields`
rather than broadly matching any object with a `message` property, the
fallback error message always uses the localized translation key instead
of potentially surfacing raw backend messages, and the
`serverValidationErrors` ref uses `Partial<Record>` to accurately
reflect that keys are optional.

🐰 A parser hops through error fields,
Catching field names as each one yields,
Client and server now both agree,
Validation flows harmoniously free!
Whitespace trimmed, no colon? It hops along,
Register form now validated strong! 

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2026-03-03 14:27:24 +01:00
kolaente da9cb87448 fix(shortcuts): track active sequences explicitly to prevent misfires
Replace the global sequenceBuffer (which only tracked key count) with
per-candidate ActiveSequence tracking. This fixes two bugs:

- Sequences with different prefixes could misfire once any sequence
  started, since only buffer length was checked, not which sequence
  was being matched.
- Single-key shortcuts could fire during an in-progress sequence,
  preempting sequence completion depending on binding iteration order.
2026-03-03 14:00:25 +01:00
kolaente f8763d812e fix: correct package.json indentation after dependency removal 2026-03-03 14:00:25 +01:00
kolaente 8bf0d581ce test(shortcuts): add unit tests for shortcut parsing logic
Add 46 tests covering:
- parseKey: single keys, modifiers, multi-modifier combos, special keys
- matchesKey: code matching, modifier matching, Mod platform-adaptive behavior
- eventToShortcutString: plain keys, modifiers, modifier-only filtering, non-Latin layouts
- isFormField: input/textarea/select/contentEditable detection

Export parseKey, matchesKey, and isFormField for testability.
2026-03-03 14:00:25 +01:00
kolaente c5703acedf fix(shortcuts): resolve lint errors in shortcut module
Replace `any` type assertions with proper types:
- Use WeakMap for element-to-binding mapping instead of expando properties
- Use typed intersection for Firefox's explicitOriginalTarget property
2026-03-03 14:00:25 +01:00
kolaente 18969e61be chore(deps): remove @github/hotkey dependency
Remove @github/hotkey package, its patch file, and the
patchedDependencies entry since all shortcut handling is now done by
the custom @/helpers/shortcut module.
2026-03-03 14:00:25 +01:00
kolaente 79cd3433f5 refactor(shortcuts): use event.code for raw keyboard handlers
Change e.key to e.code in global keyboard shortcut handlers for
consistency with the new event.code-based shortcut system:
- ProjectList.vue: 'j'/'k'/'Enter' -> 'KeyJ'/'KeyK'/'Enter'
- useGanttBar.ts: 'ArrowLeft'/'ArrowRight' (identical values, for consistency)
- Modal.vue: 'Escape' (identical value, for consistency)
2026-03-03 14:00:25 +01:00
kolaente e3fdaed94a refactor(shortcuts): replace eventToHotkeyString with eventToShortcutString
Migrate all imperative shortcut matching from @github/hotkey's
eventToHotkeyString to the new event.code-based eventToShortcutString.

Updated comparison strings:
- 'Meta+k'/'Control+k' -> 'Meta+KeyK'/'Control+KeyK'
- 'Control+s'/'Meta+s' -> 'Control+KeyS'/'Meta+KeyS'
- 'Control+.' -> 'Control+Period'
- '.' -> 'Period'
- 'Enter' stays 'Enter' (identical in event.code)
2026-03-03 14:00:25 +01:00
kolaente f2901deb00 refactor(shortcuts): update v-shortcut values to event.code format
Change all shortcut strings from character-based format to event.code
format:
- Single letters: 't' -> 'KeyT', 's' -> 'KeyS', etc.
- Sequences: 'g o' -> 'KeyG KeyO', etc.
- Modifiers: 'Mod+e' -> 'Mod+KeyE', 'Shift+?' -> 'Shift+Slash'
- edit-shortcut prop: 'e' -> 'KeyE'

Shortcuts like 'Escape' and 'Shift+Delete' remain unchanged as their
event.code values are identical.
2026-03-03 14:00:25 +01:00
kolaente 8dc6e77ba0 refactor(shortcuts): update directive to use new shortcut module
Change import in the v-shortcut directive from @github/hotkey to the
new @/helpers/shortcut module. The install/uninstall API is identical.
2026-03-03 14:00:25 +01:00
kolaente 61c1d9332d feat(shortcuts): add event.code-based shortcut module
Replace the character-based @github/hotkey matching with a custom module
that matches against event.code (physical key position). This makes
shortcuts layout-independent so they work on non-Latin keyboard layouts
(Russian, Greek, Arabic, etc.).

The module provides:
- install/uninstall for declarative element shortcuts (v-shortcut)
- eventToShortcutString for imperative event matching
- Sequence support with 1500ms timeout
- Form field, IME, shadow DOM, and event.repeat guards
2026-03-03 14:00:25 +01:00
kolaente 1d02e76914 fix(deps): remove obsolete flexsearch 0.7.43 patch
The patch fixed missing module/types fields in flexsearch 0.7's
package.json. Version 0.8.212 ships with proper exports, making
the patch unnecessary.
2026-03-03 13:17:24 +01:00
renovate[bot] 4f1830768a fix(deps): update dependency flexsearch to v0.8.212 2026-03-03 13:17:24 +01:00
kolaente 4e79fde17d fix(gantt): render collapse chevron after bars for correct SVG paint order 2026-03-03 13:11:43 +01:00
kolaente 092e8fe45a fix(gantt): remove unreachable hover rule on relation arrows 2026-03-03 13:11:43 +01:00
kolaente aa6c3d85a7 fix(gantt): clamp collapse chevron x position to prevent negative offset 2026-03-03 13:11:43 +01:00
kolaente ca808c7a4f fix(gantt): only set hasDerivedDates when children have actual dates 2026-03-03 13:11:43 +01:00
kolaente f1ab9edf29 fix(gantt): move parent diamonds outward with stroke and remove hover effect 2026-03-03 13:11:43 +01:00
kolaente f6cac275e2 fix(gantt): make collapse/expand triangle smaller 2026-03-03 13:11:43 +01:00
kolaente 62bb4c33cf fix(gantt): improve parent task bar styling and visual grouping
- Make parent task bars full height (32px) matching regular bars,
  instead of the thin 8px summary bar
- Move collapse/expand chevron to sit right before the bar start
  position so it moves with the task during drag/resize
- Remove fixed-position indent indicator lines
- Add light background band with rounded border to visually group
  parent tasks with their children, sized to fit the bars
2026-03-03 13:11:43 +01:00
kolaente 19d77157e2 fix(gantt): spread overlapping relation arrows at shared endpoints 2026-03-03 13:11:43 +01:00
kolaente bb5d6dee3f fix(gantt): make relation arrows smaller and dash precedes lines 2026-03-03 13:11:43 +01:00
kolaente 71a2cdbb28 fix(gantt): update relation arrows in real-time during drag and resize 2026-03-03 13:11:43 +01:00
kolaente df766a0636 fix(gantt): always show relation arrows and fix arrow Y positioning
Remove the toggle checkbox and always render relation arrows.
Wrap rows and arrow overlay in a position:relative container so
arrows anchor to the row area instead of the chart wrapper which
includes the timeline header.
2026-03-03 13:11:43 +01:00
kolaente 5731ce9c76 feat(gantt): wire relation arrows into GanttChart with toggle 2026-03-03 13:11:43 +01:00
kolaente cd42406850 feat(gantt): create arrow SVG overlay component for relations 2026-03-03 13:11:43 +01:00
kolaente 7fca56a927 feat(gantt): render parent summary bars with diamond endpoints 2026-03-03 13:11:43 +01:00
kolaente 8361c9f301 feat(gantt): add collapse/expand chevron and indent indicators 2026-03-03 13:11:43 +01:00
kolaente 07446dc4e1 feat(gantt): integrate task tree into Gantt rendering with collapse 2026-03-03 13:11:43 +01:00
kolaente 73ced5b7d2 feat(gantt): add dependency arrow data builder 2026-03-03 13:11:43 +01:00
kolaente 1358c87e98 feat(gantt): add task tree builder utility for hierarchy 2026-03-03 13:11:43 +01:00
kolaente 8005a2fb92 feat(gantt): add expand=subtasks to Gantt API params 2026-03-03 13:11:43 +01:00
renovate[bot] 8b5ab62af9 chore(deps): update dev-dependencies 2026-03-03 13:05:59 +01:00
Dominik Pschenitschni b92735b0e9 feat: mini tiptap improvements
The TipTap editor now uses Vue’s defineModel for its reactive value, simplifies editability control with watchEffect, and correctly types DOM image elements.

Summary

Imported watchEffect and switched to defineModel for the editor’s v-model, removing the old update:modelValue emit

Typed the retrieved image element as HTMLImageElement and removed debugging output from the paste handler

Replaced the watcher controlling editability with a simpler watchEffect and updated model handling to use the new model ref
2026-03-03 13:00:35 +01:00
renovate[bot] 9a4a2eb184 chore(deps): update dev-dependencies 2026-03-03 12:45:12 +01:00
Dominik Pschenitschni e8a5631ffe
feat(frontend): highlight overdue tasks consistently (#958) 2026-03-03 12:37:21 +01:00
Dominik Pschenitschni 0a9586e8d4
feat: use offical vite plugin for sentry (#873) 2026-03-03 12:30:49 +01:00
Dominik Pschenitschni e1d1e7c848
feat: ensure forms submit on Enter (#959) 2026-03-03 12:28:45 +01:00
kolaente 958bd133fd fix(frontend): use mbs-2 utility class instead of scoped CSS
Replace the scoped .notification-actions rule with the project's
mbs-2 utility class for margin-block-start spacing.
2026-03-03 11:46:18 +01:00
kolaente 59b3dd32ac fix(frontend): use semantic class instead of targeting Tailwind utility
Replace .tw\:flex CSS selector with a .notification-actions class
in Notification.vue, as suggested in review.
2026-03-03 11:46:18 +01:00
kolaente a08667b669 feat(frontend): upgrade Tailwind CSS from v3 to v4
- Replace tailwindcss v3 with tailwindcss v4 + @tailwindcss/vite plugin
- Create dedicated tailwind.css entry with granular imports (skip preflight)
- Use CSS-first config with prefix(tw) instead of JS config
- Switch from PostCSS plugin to Vite plugin for better performance
- Update class prefix from tw- (dash) to tw: (colon) in all Vue files
- Remove @tailwind directives from global.scss
- Delete tailwind.config.js (replaced by CSS directives)
- Update stylelint at-rules for v4 directives
2026-03-03 11:46:18 +01:00
kolaente 51f789bf5c fix(e2e): drain event handlers and stop browser between tests
Async event handlers (via Watermill) from the previous test can hold
SQLite connections, starving the next test's fixture setup PATCH request.

Three changes fix this:

1. Track in-flight event handler goroutines with a WaitGroup.
2. Call WaitForPendingHandlers() in the test endpoint before
   truncating/inserting data.
3. Navigate the browser to about:blank in fixture teardown to stop
   notification polling and other frontend requests between tests.
2026-03-03 10:41:19 +01:00
kolaente 1ba6a74383
fix(nav): project drag handle position
Resolves https://community.vikunja.io/t/color-ordering-menu-overlapping/4289
2026-03-02 11:38:45 +01:00
Weijie Zhao 7297682cad
fix: remove invalidateAvatarCache call that broke request deduplication (#2317)
When multiple avatar components mount with alternating sizes (e.g. 48
and 20), invalidateAvatarCache clears pending requests for ALL sizes of
the same user, causing each call to create a new HTTP request instead of
reusing the pending one.

I noticed this issue when I open a task with 20 comments, the avatar
requests make the service OOM.

<img width="733" height="551" alt="image"
src="https://github.com/user-attachments/assets/db45db31-294c-4363-ad27-38d454b5a6a2"
/>

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-02 09:18:20 +01:00
renovate[bot] 648605c066 chore(deps): update dependency @vue/tsconfig to v0.9.0 2026-03-02 09:06:20 +01:00
kolaente 8690332652
chore(deps): upgrade serialize-javascript to 7.0.3 2026-03-02 08:56:08 +01:00
kolaente 15aa773212
fix(frontend): add horizontal overflow handling to tables on mobile
Wraps all tables that were missing overflow handling in a
`has-horizontal-overflow` div to prevent horizontal overflow on mobile
viewports.

Affected components:
- Sessions.vue
- ApiTokens.vue
- ProjectSettingsWebhooks.vue
- LinkSharing.vue
- UserTeam.vue
- EditTeam.vue
- ProjectSettingsViews.vue

Fixes https://github.com/go-vikunja/vikunja/issues/2331
2026-03-02 08:35:35 +01:00
renovate[bot] cb2647abbe chore(deps): update dev-dependencies 2026-03-02 08:26:16 +01:00
Frederick [Bot] 6076384b1f chore(i18n): update translations via Crowdin 2026-03-01 01:21:13 +00:00
Frederick [Bot] 059958b839 chore(i18n): update translations via Crowdin 2026-02-27 01:10:46 +00:00
kolaente 4cce6ed34c
chore(deps): upgrade transitive minimatch from 10.2.1 to 10.2.3+ 2026-02-26 23:33:39 +01:00
kolaente 04590d959c
chore(deps): upgrade transitive basic-ftp from 5.0.5 to 5.2.0
Add pnpm override to bump basic-ftp (transitive dependency via
puppeteer/get-uri) from 5.0.5 to 5.2.0.
2026-02-26 23:16:01 +01:00
kolaente f2a4a40e28
chore(deps): override transitive rollup 2.x to use direct dependency version
Add pnpm override to force all transitive rollup dependencies to use
the direct dependency version (4.59.0), eliminating the old 2.79.2
pulled in by workbox-build.
2026-02-26 23:16:00 +01:00
renovate[bot] a76ba87939 chore(deps): update dev-dependencies 2026-02-26 22:54:58 +01:00
kolaente 838254bb51
feat(multiselect): add green plus icon and always-visible hint to create option
Make the "create new" option in multiselect dropdowns visually distinct
from regular search results by adding a green plus icon and making the
hint text always visible instead of only on hover.
2026-02-26 17:37:11 +01:00
kolaente c4ec7f032f
feat(checklist): show green progress circle when all checkboxes are done 2026-02-26 17:07:03 +01:00
kolaente 80759831ec
fix(editor): use overflow-wrap instead of word-break for text wrapping
word-break: break-all breaks text at any character, causing mid-word
breaks even when the word could fit on the next line. overflow-wrap:
break-word wraps at word boundaries first and only breaks mid-word
when a single word exceeds the container width.
2026-02-26 16:30:55 +01:00
renovate[bot] b6205bb809 chore(deps): update dependency autoprefixer to v10.4.26 2026-02-25 20:30:07 +01:00
renovate[bot] 89c9209de4 chore(deps): update dependency stylelint to v17.4.0 2026-02-25 15:23:20 +01:00
kolaente a11d705571 feat(frontend): use Password component in password update settings
Replace FormField with Password component for new password input:
- Provides real-time validation feedback (8-72 char requirement)
- Remove redundant password confirmation field
- Disable save button when form is invalid (validation errors or empty fields)
2026-02-25 13:44:56 +01:00
kolaente 111ac9c726 fix: prevent XSS via innerHTML injection in link edit prompt
Replace innerHTML with DOM API calls in inputPrompt.ts. The oldValue
parameter (sourced from a link's href attribute in the TipTap editor)
was interpolated directly into an HTML string, allowing stored XSS if
an attacker crafted a malicious href. Using document.createElement and
setting .value as a property ensures the value is never parsed as HTML.
2026-02-25 12:01:57 +01:00
kolaente a42b4f37bd fix: prevent reflected HTML injection via filter URL parameter
TipTap's setContent() parses strings as HTML via DOMParser, allowing
crafted ?filter= URL parameters to inject SVG phishing buttons, anchor
tags, and formatted content into the trusted UI.

Use ProseMirror JSON document format instead of raw strings so the
filter value is always set as a text node, bypassing HTML parsing
entirely.
2026-02-25 12:01:57 +01:00
kolaente cb091f981d test: add e2e tests for session refresh and retry interceptor
- Verifies transparent retry and JWT rotation on 401 with code 11
- Verifies no retry for 401 with non-JWT error code
- Verifies current session appears on sessions settings page
- Increases rate limit for e2e test API to prevent 429 errors
2026-02-25 10:30:25 +01:00
kolaente be1db018fe feat: add frontend session management with refresh tokens
- Session model, type interface, and API service
- Sessions settings page showing active sessions with device info,
  IP address, last active time, and current session indicator
- Auth store updated to use cookie-based refresh tokens for user
  sessions and JWT-based renewal for link shares
- refreshToken() uses Web Locks API to coordinate across browser
  tabs — only one tab performs the refresh, others adopt the result
- 401 response interceptor with automatic retry: detects expired JWT
  (error code 11), refreshes the token, and replays the request
- Interceptor gated to user JWTs only (link shares skip refresh)
- checkAuth() attempts cookie refresh when JWT is expired, allowing
  seamless session resumption after short TTL expiry
- Proactive token refresh on page focus/visibility via composable
- renewToken() tolerates refresh failures when JWT is still valid
2026-02-25 10:30:25 +01:00
kolaente 94edaefced
chore(deps): update ajv to 6.14.0 2026-02-24 21:52:28 +01:00
kolaente 4325eae4d4
fix(tasks): show drag handle icon on mobile devices (#2286)
Resolves https://github.com/go-vikunja/vikunja/issues/2228
2026-02-24 14:37:33 +01:00
kolaente 7c04d44e2e
fix: wait for router before dismissing loading screen
The loading screen was dismissed as soon as auth check completed, but
before Vue Router's initial navigation finished. This caused route.name
to be undefined momentarily, making showAuthLayout evaluate to false
and briefly flashing the NoAuthWrapper (login shell) before the
authenticated layout appeared.

Wait for router.isReady() before setting ready = true so the loading
screen stays visible until the route is fully resolved.
2026-02-24 13:13:30 +01:00
kolaente f7a93e4ca3
fix: prevent cursor reset when typing in filter input (#2287)
Fixes #2268
2026-02-24 11:50:45 +00:00
kolaente 9e633b3e82 fix(task): disable Confirm button when no date is selected in absolute reminder picker
Prevents emitting a reminder with reminder=null/relativeTo=null when
the user clicks Confirm without selecting a date first.

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente 5dcea199d2 fix(test): update existing reminder tests to click Confirm after date selection
The DatepickerInline quick-select buttons (Tomorrow, etc.) inside the
reminder popup no longer auto-save. Update existing tests to click
Confirm after selecting a date.

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente f6a35416e5 test(task): add e2e tests for reminder confirm-before-save behavior
- Test that clicking a date in the absolute reminder picker does not
  auto-save, only saves when Confirm is clicked
- Test that the Confirm button is visible when task has no due date
  (defaultRelativeTo is null)

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente b65773eb8f fix(task): require explicit confirmation before saving reminders
Prevent reminders from being saved to the API until the user clicks
Confirm, matching the behavior of the due/start/end date pickers.

- Remove @update:modelValue handler on DatepickerInline so date/time
  changes only update local state
- Change Confirm button condition from showFormSwitch to activeForm so
  it renders even when defaultRelativeTo is null
- Add confirmAndClose function that handles both absolute and relative
  reminder forms
- Remove debounce (useDebounceFn) since saves are now user-initiated

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente 56eb5d3740
fix: show tasks spanning entire gantt date range
Tasks whose start date is before and end date is after the visible
gantt range were not shown because the API filter only checked whether
individual date fields fell within the range. Add a fourth filter
clause to match tasks that fully encompass the visible date range.

Fixes go-vikunja/vikunja#2269
2026-02-24 11:51:13 +01:00
kolaente a13ecbd3cc
fix: prevent browser from caching API responses
Without explicit Cache-Control headers, browsers may heuristically cache
API JSON responses. This causes stale data to be served on normal page
refresh (F5) — for example, projects newly shared with a team not
appearing until the user performs a hard refresh (Ctrl+Shift+R).

Add Cache-Control: no-store to all API responses via middleware and
configure the service worker's NetworkOnly strategy to explicitly bypass
the browser HTTP cache for API requests.

Ref: https://community.vikunja.io/t/team-members-cannot-see-project/1876
2026-02-24 10:37:49 +01:00
Frederick [Bot] 19ccc3cb8e chore(i18n): update translations via Crowdin 2026-02-24 01:13:27 +00:00
renovate[bot] f362738e33 chore(deps): update dev-dependencies to v8.56.1 2026-02-23 20:50:07 +01:00
renovate[bot] 524d8f522d chore(deps): update dependency caniuse-lite to v1.0.30001774 2026-02-23 10:24:42 +01:00
renovate[bot] 5ff1596314 chore(deps): update dev-dependencies 2026-02-23 10:14:21 +01:00
renovate[bot] 4babc477ef chore(deps): update dev-dependencies 2026-02-21 23:12:36 +01:00
kolaente 4cee2cf128 fix: reset throttle on logout so checkAuth clears auth state
logout() calls checkAuth() to clear the authenticated flag and user
info. But since checkAuth() likely ran within the last minute (on the
navigation that triggered logout), the now-working throttle would
return early, leaving authenticated=true in the store despite the
token being removed. This could cause Login.vue to redirect back
to home.

Resetting lastUserInfoRefresh to null before checkAuth() ensures
the logout flow always runs fully.
2026-02-21 23:08:24 +01:00
kolaente 65806df605 fix: keep token expiry in sync when skipping setUser from JWT
When the setUser call is skipped for an already-loaded user,
info.value.exp was never updated with the renewed token's expiry.
This caused useRenewTokenOnFocus to compute a stale expiresIn,
eventually forcing a logout even though the token was still valid.

Now we always update exp from the JWT, even when skipping the
full setUser call.
2026-02-21 23:08:24 +01:00
kolaente 1d420dd1dc fix: don't overwrite user info with incomplete JWT data on navigation
The JWT token only contains id, username, type, and exp — not the
display name. Previously, every route navigation called setUser() with
this incomplete data, causing the display name to flash to the username
before the API call completed and restored the full name.

Now we skip setUser() if a complete user object with the same ID is
already loaded.

Fixes https://github.com/go-vikunja/vikunja/issues/2270
2026-02-21 23:08:24 +01:00
kolaente a11cde1afc fix: correct broken throttle in checkAuth that never triggered
The throttle checked `lastUserInfoRefresh > now + 1 minute` which is
never true since lastUserInfoRefresh is set to the current time.
Changed to `now - 1 minute` so the check actually prevents redundant
API calls within a one-minute window.
2026-02-21 23:08:24 +01:00
kolaente 1dc625f9e8 test: add unit tests for getDisplayName 2026-02-21 23:08:24 +01:00
kolaente 6a4401eb7c feat(frontend): make dev server port configurable via VIKUNJA_FRONTEND_PORT env var 2026-02-21 22:32:09 +01:00
Frederick [Bot] 05ff67b681 chore(i18n): update translations via Crowdin 2026-02-21 01:09:54 +00:00
Massimo Nadalin 8fd256a5d9
feat: clickable task notifications (#2258)
Make task-related notifications clickable, allowing users to directly
open the corresponding task.
2026-02-20 22:34:53 +00:00
renovate[bot] d00bb999b5 chore(deps): update dev-dependencies 2026-02-20 22:44:24 +01:00
renovate[bot] 1c8b9e8810 chore(deps): update dependency rollup-plugin-visualizer to v6.0.8 2026-02-20 11:32:32 +01:00
Frederick [Bot] a8d3594ceb chore(i18n): update translations via Crowdin 2026-02-20 01:12:20 +00:00
kolaente bc2f7e5840
fix: break long continuous strings in editor to prevent overflow
Fixes https://github.com/go-vikunja/vikunja/issues/2266
2026-02-19 16:11:43 +01:00
kolaente df05c51457
fix: clamp gantt bar title position when task starts before visible range
Resolves go-vikunja/vikunja#149
2026-02-19 16:08:52 +01:00
kolaente 7862651b12
fix: don't show export ready message when no export exists
The API returns an empty object {} with 200 status when no export
exists. This truthy value was being set as exportInfo, causing the
"ready for download" message and button to render with a blank date.
2026-02-19 16:01:32 +01:00
William Guinaudie bf8138ec3c
feat: add discard and reload confirmation modal (#2154) 2026-02-19 14:27:27 +01:00
kolaente 8144560dd7 test(comments): add e2e tests for comment sort order
Cover default order, toggle to newest-first, new comment insertion
position, scroll-into-view behaviour, pagination with sort order,
initial-load shortcut, setting persistence across reloads, and
pre-saved setting on page load.
2026-02-19 14:20:52 +01:00
kolaente 6555595a5c feat(comments): add sort order toggle for task comments
Allow users to switch between oldest-first and newest-first comment
ordering via a toggle button in the comments heading. The preference is
persisted as a frontend setting (commentSortOrder) and passed to the API
as the order_by query parameter so pagination works correctly.

When all comments fit on a single page, toggling reverses them
client-side to avoid an extra API call. New comments are inserted at the
correct position based on the active sort order, and in newest-first
mode the view scrolls to the top after adding a comment.

Link-share users fall back to a local (non-persisted) sort order since
they cannot save user settings.
2026-02-19 14:20:52 +01:00
kolaente b64926be73
chore(deps): update minimatch to ^10.2.1 via pnpm overrides
Add pnpm overrides in frontend and desktop to consolidate all
transitive minimatch versions (3.1.2, 5.1.6, 9.0.1, 9.0.5, 10.1.1)
to 10.2.1, resolving the known ReDoS vulnerability in older versions.
2026-02-19 14:20:29 +01:00
renovate[bot] 37a013c472 chore(deps): update dev-dependencies 2026-02-19 13:08:14 +01:00
kolaente 50d7458519 feat(attachments): open file picker directly from sidebar button
Clicking the sidebar "Attachments" button (or pressing `f`) now opens
the browser file picker directly, eliminating the redundant two-step
flow of first revealing the section and then clicking upload.
2026-02-19 12:56:46 +01:00
kolaente 362962e81e fix(gantt): only persist dates that actually exist on partial-date tasks
Previously drag/resize always set both startDate and endDate, which
would persist the synthetic 7-day span and convert an open-ended task
into a fully-dated one. Now only the date fields that originally exist
on the task are updated.
2026-02-18 23:04:21 +01:00
kolaente ceb62c63d3 refactor(gantt): extract GanttBarDateType as reusable type 2026-02-18 23:04:21 +01:00
kolaente 6f8be0905f fix(gantt): sync task updates from detail view back to gantt chart
The Gantt chart maintains its own local task map, separate from the
Pinia task store. When a task is edited in the detail modal, the
update was not propagated to the Gantt's map. Add a lastUpdatedTask
signal to the task store and watch it in useGanttTaskList.
2026-02-18 23:04:21 +01:00
kolaente 6d6a1deba4 feat(gantt): right-align text for endOnly partial-date bars 2026-02-18 23:04:21 +01:00
kolaente 2bf99cf2d0 chore: fix lint issue from gantt partial dates feature 2026-02-18 23:04:21 +01:00
kolaente 65f92ac8d3 feat(gantt): update drag/resize to handle partial-date task updates 2026-02-18 23:04:21 +01:00
kolaente 29e77b44e1 feat(gantt): add i18n strings for partial-date accessibility 2026-02-18 23:04:21 +01:00
kolaente 5e69ee43fd feat(gantt): update API filter to fetch tasks with due_date or end_date 2026-02-18 23:04:21 +01:00
kolaente 941c4f10d7 feat(gantt): render partial-date bars with gradient fade effect 2026-02-18 23:04:21 +01:00
kolaente 6b5ab85d40 feat(gantt): handle tasks with partial dates in transformation and filtering 2026-02-18 23:04:21 +01:00
kolaente eefa48052b feat(gantt): add dateType field to GanttBarModel meta 2026-02-18 23:04:21 +01:00
renovate[bot] 31eda396e2
chore(deps): update dev-dependencies (#2257)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[electron-builder](https://redirect.github.com/electron-userland/electron-builder)
([source](https://redirect.github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-builder))
| [`26.8.0` →
`26.8.1`](https://renovatebot.com/diffs/npm/electron-builder/26.8.0/26.8.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/electron-builder/26.8.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-builder/26.8.0/26.8.1?slim=true)
|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`20.6.1` →
`20.6.2`](https://renovatebot.com/diffs/npm/happy-dom/20.6.1/20.6.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/happy-dom/20.6.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/happy-dom/20.6.1/20.6.2?slim=true)
|

---

### Release Notes

<details>
<summary>electron-userland/electron-builder (electron-builder)</summary>

###
[`v26.8.1`](https://redirect.github.com/electron-userland/electron-builder/blob/HEAD/packages/electron-builder/CHANGELOG.md#2681)

[Compare
Source](https://redirect.github.com/electron-userland/electron-builder/compare/electron-builder@26.8.0...electron-builder@26.8.1)

##### Patch Changes

<details><summary>Updated 3 dependencies</summary>

<small>


[`4edd695`](4edd695045)
[`8940ec6`](8940ec63ba)
[`4edd695`](4edd695045)
[`dde4309`](dde4309b91)

</small>

- `app-builder-lib@26.8.1`
- `builder-util@26.8.1`
- `dmg-builder@26.8.1`

</details>

</details>

<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>

###
[`v20.6.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.6.2)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.6.1...v20.6.2)

##### :construction\_worker\_man: Patch fixes

- Update entities package version to resolve missing export for vue and
vue-compat v3.5 - By
**[@&#8203;acollins1991](https://redirect.github.com/acollins1991)** in
task
[#&#8203;2066](https://redirect.github.com/capricorn86/happy-dom/issues/2066)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3
* * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMi4wIiwidXBkYXRlZEluVmVyIjoiNDMuMjIuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-02-18 15:44:19 +00:00
Ian Driver 48074d2358
feat: add optional project column to table view (#2182)
Adds a Project column to the table view, useful when viewing tasks
across multiple projects (e.g. in saved filters).

Disabled by default to keep the current behavior.

Co-authored-by: 2ZZ <ian@driv3r.uk>
2026-02-18 15:29:51 +00:00
kolaente 2cf69c7503
chore(deps): upgrade markdown-it to 14.1.1 2026-02-18 10:22:46 +01:00
kolaente 14628ca182
chore(deps): upgrade qs to 6.15.0 2026-02-18 10:21:32 +01:00
renovate[bot] f67802721a chore(deps): update dependency @vue/eslint-config-typescript to v14.7.0 2026-02-17 15:38:34 +01:00
Martin Lindvik e3695c17c6
feat: add Swedish for language selection (#2248)
The Swedish translations were finished on crowdin recently but I noticed
that the language selection was still missing so I went ahead and added
it.
2026-02-17 14:32:01 +00:00
renovate[bot] 7b7b883139 chore(deps): pin dependency eslint-plugin-depend to 1.4.0 2026-02-17 15:19:07 +01:00
kolaente e6ae87d703 chore: downgrade depend/ban-dependencies to warning 2026-02-17 12:00:31 +01:00
kolaente 2fe66c8944 feat: add eslint-plugin-depend to frontend 2026-02-17 12:00:31 +01:00
renovate[bot] c3b760ec04 chore(deps): update dev-dependencies to v8.56.0 2026-02-16 21:09:53 +01:00
kolaente 17360a820c
fix: correct indentation in API tokens table after thead/tbody wrap 2026-02-16 11:45:45 +01:00
kolaente b66b75f5be
fix: wrap API tokens table rows in thead and tbody elements 2026-02-16 10:52:51 +01:00
kolaente 30e53dbd9f
fix: reset group permission checkboxes when creating a new API token
The group-level "select all" checkboxes (e.g. "Labels", "Backgrounds")
were not reset after creating a token, causing them to appear visually
checked when opening the form again even though the individual
permissions were unchecked.

Ref: https://community.vikunja.io/t/token-creation-malfunction-in-ticking-system/4318
2026-02-16 10:02:50 +01:00
renovate[bot] ad1d769f5b chore(deps): update dependency caniuse-lite to v1.0.30001770 2026-02-15 19:53:52 +01:00
renovate[bot] e8d8f9cbec chore(deps): update dependency eslint-plugin-vue to v10.8.0 2026-02-14 20:16:39 +01:00
renovate[bot] 5a3c17aed1 chore(deps): update dev-dependencies 2026-02-13 19:02:57 +01:00
kolaente 0e4d3ef663 test(e2e): add Playwright test for avatar cache invalidation
Uploads two different avatars in sequence and verifies the header
avatar src changes after the second upload. This confirms both the
backend cache (via DelPrefix) and the frontend cache are properly
invalidated when a new avatar is uploaded.
2026-02-13 09:31:28 +01:00
Frederick [Bot] 1e2b861ea5 chore(i18n): update translations via Crowdin 2026-02-12 01:15:53 +00:00
renovate[bot] 016229faad chore(deps): update dev-dependencies 2026-02-11 22:37:26 +01:00
rhclayto b196c986cd
feat: use credentials when accessing PWA manifest (#2218) 2026-02-11 22:28:52 +01:00
renovate[bot] b25243ef62 chore(deps): update dependency happy-dom to v20.5.1 2026-02-11 22:24:47 +01:00
dependabot[bot] ba84ac2f70 chore(deps): bump axios from 1.13.2 to 1.13.5 in /frontend
Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.13.5.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.2...v1.13.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-11 12:36:11 +01:00
renovate[bot] aec05b12eb chore(deps): update dev-dependencies 2026-02-11 09:56:20 +01:00
Frederick [Bot] be4fb77981 chore(i18n): update translations via Crowdin 2026-02-10 01:25:29 +00:00
kolaente ed5dfa1ad4 fix(gantt): render done tasks with strikethrough and reduced opacity
The gantt chart rebuild lost the visual distinction for completed tasks.
Restore strikethrough on task labels and add reduced opacity on bars
for done tasks.

Regression introduced in the gantt chart rebuild in 5fc255cb3.

Resolves #2211
2026-02-09 15:28:48 +01:00
kolaente dd0b82f00a fix(task): use DOMParser in task glance tooltip description preview
Replace innerHTML on a detached element with DOMParser for extracting
plain text from task descriptions.
2026-02-09 11:01:38 +01:00
Frederick [Bot] 3c2977b126 chore(i18n): update translations via Crowdin 2026-02-09 01:16:51 +00:00
kolaente e90cb2631d fix(auth): remove unnecessary fields from JWT token payloads
Remove email, name, emailRemindersEnabled, and isLocalUser from user JWT
claims, and isLocalUser from link share JWT claims. These fields are never
used from the token - the backend always fetches the full user from the
database by ID, and the frontend fetches user data from the /user API
endpoint immediately after login.

Also simplify GetUserFromClaims to only extract id and username, and
remove the now-unnecessary email override in the frontend's
refreshUserInfo.
2026-02-08 21:30:07 +01:00
kolaente eb369cf3ee fix: handle attachment upload errors with user-visible notifications 2026-02-08 15:48:04 +01:00