Commit Graph

2780 Commits

Author SHA1 Message Date
kolaente c5bce07a25 test(e2e): add test for read-only checkbox on overview page
Verifies that tasks from read-only shared projects have disabled
checkboxes on the overview page, while tasks from owned projects
remain interactive.

Refs #2399
2026-04-03 19:01:45 +00:00
kolaente 063155a46b fix(overview): disable checkbox for read-only tasks on overview page
The Overview's ShowTasks component was not passing the canMarkAsDone prop
to SingleTaskInProject, which defaults to true. This caused read-only tasks
to show an interactive checkbox even though the user doesn't have write
permission.

Use the project's maxPermission from the project store to determine if the
user can mark the task as done. Also fix the disabled condition to use OR
logic so the checkbox is disabled when ANY condition applies: archived,
disabled, or when the user lacks write permission.

Fixes #2399
2026-04-03 19:01:45 +00:00
kolaente 4f232957c4 fix(auth): add retry and logging for token refresh failures
Add a single retry with a 1-second delay in the 401 interceptor's
doRefresh() before giving up on token renewal. This handles transient
failures like brief network blips or server restarts without immediately
logging the user out.

Also log refresh failures via console.warn so the reason is visible
in browser DevTools for easier diagnosis.

Ref: #2391
2026-04-03 18:45:59 +00:00
kolaente fd8a8ecba2 fix(auth): normalize API base URL to prevent refresh cookie path mismatch
When window.API_URL lacks a trailing slash, axios resolves relative URLs
by stripping path segments, causing the refresh request to hit a different
path than the cookie's Path attribute. The browser then omits the HttpOnly
refresh cookie, silently breaking token renewal and logging users out
after the short JWT TTL expires.

Extract a getApiBaseUrl() helper that ensures baseURL always ends with
'/' so relative URL resolution preserves the full path, matching the
cookie scope.

Ref: #2391
2026-04-03 18:45:59 +00:00
renovate[bot] 12ba9ff985 chore(deps): update dev-dependencies 2026-04-03 17:52:24 +00:00
renovate[bot] ea54f3eb85 chore(deps): update dependency ws to v8.20.0 2026-04-03 16:57:34 +00:00
renovate[bot] b69564a77c chore(deps): pin dependencies 2026-04-03 16:16:07 +00:00
Frederick [Bot] f87f3e36e9 chore(i18n): update translations via Crowdin 2026-04-03 01:23:06 +00:00
kolaente 132187e451 fix(e2e): truncate bucket data in bucket-select tests
Truncate buckets, task_buckets, and task_relations before seeding to
prevent leftover data from previous tests causing false positives
(e.g., bucket selector appearing when it shouldn't).
2026-04-02 16:30:23 +00:00
kolaente 4cd79088d1 test: add WebSocket e2e tests
Add comprehensive end-to-end tests for the WebSocket system:

- Protocol tests: auth (valid/invalid token, timeout, double auth),
  subscriptions (valid/invalid event, auth required, unsubscribe),
  message delivery (notification on team add, doer exclusion,
  multi-connection)
- Frontend integration tests: notification badge update, dropdown
  rendering, and logout cleanup via browser-level Playwright tests
- Comment notification test: full flow where user B mentions user A
  in a task comment and user A receives real-time WebSocket notification

Includes ws test dependency, shared test helper utilities, and
cascade-truncation of notifications when truncating users to prevent
test pollution.
2026-04-02 16:30:23 +00:00
kolaente 09232ed880 feat(websocket): add frontend WebSocket support
Add useWebSocket composable with:
- Auto-connect on login, disconnect on logout
- Exponential backoff with ±25% jitter for reconnects
- Auth failure detection to prevent reconnect loops
- Trailing slash stripping from API_URL
- Overlapping reconnect prevention
- visibilityState check for fallback polling

Replace notification polling with real-time WebSocket push in the
Notifications component. Initial state is still loaded via REST on
mount, with fallback polling when WebSocket is disconnected. Incoming
notifications are deduplicated against already-loaded REST data.
Notifications are reloaded via REST on WS disconnect to catch missed
events.
2026-04-02 16:30:23 +00:00
Lars de Ridder cb4f92980b
feat(task): allow changing bucket from task detail view (#2233) 2026-04-02 12:18:34 +02:00
renovate[bot] d73222e4a7 chore(deps): update dependency esbuild to v0.27.5 2026-04-02 08:23:19 +00:00
kolaente cef03cb2a0 refactor: replace Modal div-based implementation with native dialog element
Replace the custom div-based Modal with the native HTML <dialog> element
using showModal()/close() API. Uses CSS opacity transitions with a
data-closing attribute for Firefox-compatible close animations, Teleport
to body, and focus save/restore. Updates E2E test selectors and fixes
QuickAddOverlay selectors for the new dialog structure.
2026-04-01 22:27:13 +00:00
kolaente bc47826690 feat(frontend): add configurable quick entry shortcut setting
Add desktopQuickEntryShortcut to frontend settings with a Desktop
App section in General settings, only visible when running in the
Electron app. The setting syncs to the desktop main process via
IPC whenever settings are loaded or saved.
2026-04-01 21:38:38 +00:00
kolaente c8349df8b6 feat(desktop): open task in main window with Ctrl/Cmd+Enter
When creating a task via quick entry, pressing Ctrl+Enter (or
Cmd+Enter on macOS) creates the task and opens it in the main
Vikunja window. Adds show-main-window IPC to bring the main
window to focus.
2026-04-01 21:38:38 +00:00
kolaente 37389d6bdb feat(desktop): add quick entry window, global shortcut, and system tray 2026-04-01 21:38:38 +00:00
kolaente 92cc070b1e feat(frontend): listen for cross-window task creation via BroadcastChannel 2026-04-01 21:38:38 +00:00
kolaente 8dc96d61bd feat(frontend): adapt QuickActions for quick-add mode behavior 2026-04-01 21:38:38 +00:00
kolaente 9072ca84d5 feat(frontend): route quick-add mode to QuickAddOverlay in App.vue 2026-04-01 21:38:38 +00:00
kolaente ff4e84a800 feat(frontend): add QuickAddOverlay component for quick-entry window 2026-04-01 21:38:38 +00:00
kolaente d72a3a8c0d feat(frontend): add useQuickAddMode composable for quick-add detection 2026-04-01 21:38:38 +00:00
kolaente af7eaa9aea
fix(desktop): use stored URL instead of window.API_URL in template
window is not accessible as a global in Vue templates, causing
"Cannot read properties of undefined (reading 'API_URL')" when
clicking sign in on the desktop app.
2026-04-01 20:53:29 +02:00
renovate[bot] 59ebfa3b2c chore(deps): update dependency caniuse-lite to v1.0.30001784 2026-04-01 09:17:36 +00:00
Frederick [Bot] 88c8d7a73d chore(i18n): update translations via Crowdin 2026-04-01 01:44:10 +00:00
kolaente cdd46c0d6c fix: add proper autocomplete and name attributes to email update form
Adds name="email" to the email field and fixes the password field's
autocomplete from the invalid "password" to "current-password", also
adding name="current-password". This helps password managers correctly
identify the form as a settings change rather than a login form,
preventing them from autofilling the username into the email field.

Closes go-vikunja/vikunja#2512
2026-03-31 21:57:12 +00:00
renovate[bot] 020aa899f8 chore(deps): update dependency browserslist to v4.28.2 2026-03-31 21:21:12 +00:00
renovate[bot] 167380a01e chore(deps): update dependency @typescript-eslint/parser to v8.58.0 2026-03-30 20:13:08 +00:00
kolaente 495f34f60e feat: show close-tab message after OAuth redirect
Show a "You can close this tab now" message after the OAuth
authorize page redirects to the desktop app, instead of leaving
a stale "Authenticating..." message in the browser tab.
2026-03-30 20:12:25 +00:00
kolaente a12002de6d feat: add server selection UI for desktop OAuth login
Add a server selection screen matching the mobile app UX with
Vikunja Cloud, Try the Demo, and Custom Server URL options.
Extract all desktop login logic into a dedicated DesktopLogin
component. Use the existing ApiConfig component for custom server
URL input. Skip loading server config on startup to avoid showing
motd/demo popups on the login screen.
2026-03-30 20:12:25 +00:00
kolaente dd7532a57a feat: add OAuth PKCE authentication flow to desktop app
Add a complete OAuth 2.0 PKCE flow for the Electron desktop app:

- Implement PKCE code generation and token exchange in Electron
- Register custom protocol handler (vikunja-desktop://) for deep links
- Handle deep link race conditions (buffered URLs, process.argv fallback)
- Prevent duplicate IPC listener accumulation on re-mount
- Preserve sub-paths in OAuth authorize URL for non-root deployments
- Add token refresh support using Electron's net module
2026-03-30 20:12:25 +00:00
renovate[bot] 1a3a18e42b chore(deps): update dependency @typescript-eslint/eslint-plugin to v8.58.0 2026-03-30 19:12:16 +00:00
kolaente c2cfcb4684 feat: add API token hint to CalDAV settings page 2026-03-30 12:09:53 +00:00
renovate[bot] 1c0513de10 chore(deps): update dev-dependencies 2026-03-30 10:24:04 +00:00
Frederick [Bot] fb8c937d77 chore(i18n): update translations via Crowdin 2026-03-29 01:25:40 +00:00
dependabot[bot] 21a450b21f chore(deps): bump serialize-javascript from 7.0.3 to 7.0.5 in /frontend
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.5)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version: 7.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-28 23:35:34 +00:00
Frederick [Bot] ffb291c966 chore(i18n): update translations via Crowdin 2026-03-28 01:16:36 +00:00
renovate[bot] 8d958aef62 chore(deps): update dev-dependencies 2026-03-27 23:06:28 +00:00
kolaente 649043aceb test: add tests for OAuth 2.0 authorization flow
Add web tests covering the authorize endpoint, token exchange, PKCE
verification, single-use codes, and refresh token rotation. Add unit
tests for redirect URI validation and PKCE. Add E2E test for the full
browser-based authorization code flow with login redirect.

Extract setupApiUrl helper for E2E tests to avoid duplication.
2026-03-27 23:05:04 +00:00
kolaente 0471f8a729 feat: add frontend OAuth authorize route and component
Add /oauth/authorize frontend route with OAuthAuthorize.vue that
handles the OAuth authorization flow: validates required query params,
calls the API to generate an authorization code, and redirects to the
callback URI. Authentication is handled by the standard router guard.
2026-03-27 23:05:04 +00:00
Frederick [Bot] a2e19f8d38 chore(i18n): update translations via Crowdin 2026-03-27 01:22:35 +00:00
renovate[bot] 9d8c6a0a72 chore(deps): update dev-dependencies 2026-03-26 09:02:42 +00:00
Miikka Kulmala b89b402bc2
feat: improve wording and UX around CalDAV tokens (#2476) 2026-03-26 10:02:04 +01:00
Frederick [Bot] 39238333dd chore(i18n): update translations via Crowdin 2026-03-26 01:22:26 +00:00
kolaente 98ac119f44
fix(deps): update yaml to fix stack overflow vulnerability
Updates yaml from 2.5.0 to 2.8.3 in the frontend workspace to
address stack overflow via deeply nested YAML collections.
2026-03-25 23:33:56 +01:00
kolaente d60e2f6685
fix(deps): update picomatch to fix ReDoS and method injection vulnerabilities
Updates picomatch to 2.3.2 and 4.0.4 in the frontend workspace to
address CVE for ReDoS via extglob quantifiers and method injection
in POSIX character classes.
2026-03-25 23:31:28 +01:00
kolaente 44d01a0f82 refactor: rename parseTaskText module to quickAddMagic
Rename the frontend parsing module from `parseTaskText` to `quickAddMagic`
for clarity. The module handles much more than text parsing — it's the
core of the quick add magic feature. This rename makes its purpose
immediately obvious and aligns with how the feature is referenced
throughout the UI and documentation.

No logic changes — only directory/file renames and import updates.
2026-03-25 09:38:41 +00:00
kolaente dca041459f feat: show info when saved homepage filter is ignored for label browsing 2026-03-24 21:55:26 +00:00
kolaente fd4f7accc3 fix: ignore saved homepage filter when browsing by label 2026-03-24 21:55:26 +00:00
kolaente 7208c11556 feat: add translation for saved filter ignored message 2026-03-24 21:55:26 +00:00
kolaente 6d2bf1f084 fix: resolve TDZ error on password update settings page
Move the watchEffect call after the validate function declaration
to fix "Cannot access 'c' before initialization" error that occurred
when visiting the password update page with validateInitially=true.

Fixes #2463
2026-03-24 15:17:32 +00:00
renovate[bot] 4b16d72e28 chore(deps): update dev-dependencies 2026-03-24 15:14:31 +00:00
Frederick [Bot] 74ecc6fffd chore(i18n): update translations via Crowdin 2026-03-24 01:11:44 +00:00
kolaente 772316b47f
chore: v2.2.2 release preparations 2026-03-23 21:49:15 +01:00
kolaente 74d1bddb3a fix: hide link sharing section in UI for non-admin users 2026-03-23 20:39:31 +00:00
kolaente 6d5d3e051f
chore: v2.2.1 release preparations 2026-03-23 19:50:19 +01:00
renovate[bot] 2c1104ca86 chore(deps): update dev-dependencies to v8.57.2 2026-03-23 18:30:13 +00:00
kolaente 07b9742d98 fix: skip quick add magic parsing when text is wrapped in quotes
Closes go-vikunja/vikunja#2392
2026-03-23 17:34:56 +00:00
kolaente 8538b4c885 test: add failing tests for quote-escaped task text parsing 2026-03-23 17:34:56 +00:00
renovate[bot] 36bd716e04 chore(deps): update dev-dependencies 2026-03-23 16:33:59 +00:00
MidoriKurage 4dd18e379e fix(frontend): origUrlToCheck references the same object as urlToCheck
When later `urlToCheck` is restored in catch blocks, `origUrlToCheck`
will already be mutated.

Fixed by storing the original pathname as a string copy instead of
keeping a reference to the same URL object.
2026-03-23 15:43:23 +00:00
kolaente 1d45b385a5
fix(deps): update flatted to 3.4.2 to fix prototype pollution vulnerability 2026-03-23 12:53:13 +01:00
renovate[bot] 8bf450b98f chore(deps): update dependency caniuse-lite to v1.0.30001781 2026-03-23 10:28:55 +00:00
Frederick [Bot] 1ebe913181 chore(i18n): update translations via Crowdin 2026-03-23 01:19:01 +00:00
Claude cb81cf1aa8 refactor: reorganize quick add magic into focused modules
Split the monolithic parseTaskText.ts into a parseTaskText/ directory with
separate files for types, prefixes, prefix parsing, priority parsing, repeat
parsing, date parsing, and text cleanup. Moved parseDate.ts from helpers/time/
into the module since it's only consumed by the task text parser. Barrel export
in index.ts maintains backward compatibility — no consumer import changes needed.

https://claude.ai/code/session_01Aeo1ZunQUGKbWx2watMFdW
2026-03-22 20:47:10 +00:00
MidoriKurage c760a9bf72 fix(caldav): Replace href with pathname from parseURL for api base
`parseURL` only return `href` for special protocols. CalDAV api base
will always be root path. Use `pathname` which will not be undefined.
2026-03-22 14:30:38 +00:00
Claude 0085772b63 fix: include kanban bucket move permission in tasks preset
The kanban task move endpoint (POST /projects/:project/views/:view/
buckets/:bucket/tasks) is registered under the projects group as
views_buckets_tasks. Without this permission, the tasks preset cannot
move tasks between kanban buckets.

https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
Claude 652eb9bba3 fix: remove small class from preset label
https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
Claude 68097cf700 feat: add quick presets for API token permission selection
Add preset buttons (Read Only, Task Management, Project Management, Full
Access) to the API token creation form so users don't have to manually
select every individual permission.

https://claude.ai/code/session_01QDWqXJmjriYoAcvMD43vmx
2026-03-22 14:24:23 +00:00
renovate[bot] 79f807f4c2 chore(deps): update dependency rollup to v4.60.0 2026-03-22 14:23:41 +00:00
Frederick [Bot] 1b246a0ff7 chore(i18n): update translations via Crowdin 2026-03-21 01:09:32 +00:00
kolaente b365be1881
chore: v2.2.0 release preparations 2026-03-20 13:40:18 +01:00
kolaente c81b0eb463 fix(attachments): sync kanban store and task ref on attachment changes
When attachments are uploaded (either via file picker or pasting into
the description editor), update both the local task ref and the kanban
store so that the attachment list and kanban card icons stay in sync.
2026-03-20 10:38:47 +01:00
kolaente ade91c92db refactor(attachments): remove global attachment store
The attachment store was a global singleton shared between concurrent
TaskDetailView instances, causing a race condition when navigating
between tasks via related tasks from the Kanban view. Attachments
now live on the task ref like every other task field.
2026-03-20 10:38:47 +01:00
kolaente 2675bcb56c refactor(attachments): use local state instead of global attachment store
TaskDetailView now computes hasAttachments from the task ref and
handles the update:attachments emit from the Attachments component.
2026-03-20 10:38:47 +01:00
kolaente eaec206301 refactor(attachments): return uploaded attachments instead of writing to store
uploadFiles now returns the array of uploaded IAttachment objects
so callers can handle state updates themselves.
2026-03-20 10:38:47 +01:00
kolaente 5dbc906d47 refactor(attachments): read from task prop instead of global store
The Attachments component now reads attachments from its task prop
and emits update:attachments events instead of using the global
attachment store singleton.
2026-03-20 10:38:47 +01:00
renovate[bot] 9c3fa8e91b chore(deps): update dependency stylelint to v17.5.0 2026-03-20 10:17:24 +01:00
Frederick [Bot] de1d5d1241 chore(i18n): update translations via Crowdin 2026-03-20 01:14:18 +00:00
kolaente 3bc0093686 fix: invalidate all sessions when enabling TOTP
When a user enables two factor authentication, all existing sessions are
now invalidated, requiring re-authentication. This prevents pre-existing
sessions from bypassing 2FA. The frontend now shows a notice explaining
the logout before the user confirms, and properly logs out after enabling.

Ref: GHSA-pgc7-cmvg-mvp4
2026-03-19 12:27:44 +01:00
Weijie Zhao 7b6b432301
fix: collapse view buttons into dropdown when overflowing (#2306) 2026-03-19 00:09:29 +01:00
renovate[bot] aed93b9389 chore(deps): update dev-dependencies to v4.2.2 2026-03-18 17:57:57 +01:00
kolaente 50eb68fb2b fix(menu): show all project menu items in sidebar dropdown
The `simple` prop was introduced to hide some menu items (Views, Set
Background, Archive) in the sidebar to prevent overflow. Since the
Dropdown component now uses @floating-ui/dom with autoPlacement and
shift middleware, overflow is handled automatically, making the prop
unnecessary.
2026-03-17 19:19:36 +01:00
renovate[bot] 650ceabd3c chore(deps): update dependency vue-tsc to v3.2.6 2026-03-17 19:01:11 +01:00
renovate[bot] 176588bf1d chore(deps): update dev-dependencies 2026-03-17 10:12:15 +01:00
kolaente e20af6df40 fix(deps): override flatted to 3.4.1 to fix unbounded recursion DoS
Adds pnpm override for flatted to resolve GHSA-25h7-pfq9-p65f.
2026-03-17 09:52:49 +01:00
renovate[bot] 88a011aadc chore(deps): update dependency caniuse-lite to v1.0.30001779 2026-03-16 08:59:31 +01:00
renovate[bot] 9bcdbb6433
chore(deps): update dev-dependencies (#2395)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@vitejs/plugin-vue](https://redirect.github.com/vitejs/vite-plugin-vue/tree/main/packages/plugin-vue#readme)
([source](https://redirect.github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue))
| [`6.0.4` →
`6.0.5`](https://renovatebot.com/diffs/npm/@vitejs%2fplugin-vue/6.0.4/6.0.5)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@vitejs%2fplugin-vue/6.0.5?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitejs%2fplugin-vue/6.0.4/6.0.5?slim=true)
|
| [caniuse-lite](https://redirect.github.com/browserslist/caniuse-lite)
| [`1.0.30001777` →
`1.0.30001778`](https://renovatebot.com/diffs/npm/caniuse-lite/1.0.30001777/1.0.30001778)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/caniuse-lite/1.0.30001778?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/caniuse-lite/1.0.30001777/1.0.30001778?slim=true)
|
| [electron](https://redirect.github.com/electron/electron) | [`40.8.0`
→ `40.8.2`](https://renovatebot.com/diffs/npm/electron/40.8.0/40.8.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/electron/40.8.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron/40.8.0/40.8.2?slim=true)
|
| [esbuild](https://redirect.github.com/evanw/esbuild) | [`0.27.3` →
`0.27.4`](https://renovatebot.com/diffs/npm/esbuild/0.27.3/0.27.4) |
![age](https://developer.mend.io/api/mc/badges/age/npm/esbuild/0.27.4?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/esbuild/0.27.3/0.27.4?slim=true)
|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`20.8.3` →
`20.8.4`](https://renovatebot.com/diffs/npm/happy-dom/20.8.3/20.8.4) |
![age](https://developer.mend.io/api/mc/badges/age/npm/happy-dom/20.8.4?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/happy-dom/20.8.3/20.8.4?slim=true)
|
| [vite-plugin-vue-devtools](https://redirect.github.com/vuejs/devtools)
([source](https://redirect.github.com/vuejs/devtools/tree/HEAD/packages/vite))
| [`8.0.7` →
`8.1.0`](https://renovatebot.com/diffs/npm/vite-plugin-vue-devtools/8.0.7/8.1.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/vite-plugin-vue-devtools/8.1.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite-plugin-vue-devtools/8.0.7/8.1.0?slim=true)
|
| [vitest](https://vitest.dev)
([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest))
| [`4.0.18` →
`4.1.0`](https://renovatebot.com/diffs/npm/vitest/4.0.18/4.1.0) |
![age](https://developer.mend.io/api/mc/badges/age/npm/vitest/4.1.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest/4.0.18/4.1.0?slim=true)
|

---

### Release Notes

<details>
<summary>vitejs/vite-plugin-vue (@&#8203;vitejs/plugin-vue)</summary>

###
[`v6.0.5`](https://redirect.github.com/vitejs/vite-plugin-vue/blob/HEAD/packages/plugin-vue/CHANGELOG.md#small-605-2026-03-12-small)

##### Miscellaneous Chores

- remove Vite 8 beta from supported range
([#&#8203;746](https://redirect.github.com/vitejs/vite-plugin-vue/issues/746))
([b3f23e4](b3f23e4d08))

</details>

<details>
<summary>browserslist/caniuse-lite (caniuse-lite)</summary>

###
[`v1.0.30001778`](https://redirect.github.com/browserslist/caniuse-lite/compare/1.0.30001777...1.0.30001778)

[Compare
Source](https://redirect.github.com/browserslist/caniuse-lite/compare/1.0.30001777...1.0.30001778)

</details>

<details>
<summary>electron/electron (electron)</summary>

###
[`v40.8.2`](https://redirect.github.com/electron/electron/releases/tag/v40.8.2):
electron v40.8.2

[Compare
Source](https://redirect.github.com/electron/electron/compare/v40.8.1...v40.8.2)

### Release Notes for v40.8.2

#### Other Changes

- Backported fix for b/491421267.
[#&#8203;50229](https://redirect.github.com/electron/electron/pull/50229)
- Fixed an issue where running app icons were not correctly retrieved on
macOS Tahoe.
[#&#8203;50188](https://redirect.github.com/electron/electron/pull/50188)

###
[`v40.8.1`](https://redirect.github.com/electron/electron/releases/tag/v40.8.1):
electron v40.8.1

[Compare
Source](https://redirect.github.com/electron/electron/compare/v40.8.0...v40.8.1)

### Release Notes for v40.8.1

#### Fixes

- Added validation to protocol client methods to reject protocol names
that do not conform to the RFC 3986 URI scheme grammar.
[#&#8203;50158](https://redirect.github.com/electron/electron/pull/50158)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50157),
[39](https://redirect.github.com/electron/electron/pull/50156),
[41](https://redirect.github.com/electron/electron/pull/50155))</sup>
- Fixed an issue on macOS where calling `autoUpdater.quitAndInstall()`
could fail if `checkForUpdates()` was called again after an update was
already downloaded.
[#&#8203;50216](https://redirect.github.com/electron/electron/pull/50216)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50215),
[41](https://redirect.github.com/electron/electron/pull/50217))</sup>
- Fixed an issue where Chrome Devtools menus may not appear in certain
embedded windows.
[#&#8203;50138](https://redirect.github.com/electron/electron/pull/50138)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50136),
[41](https://redirect.github.com/electron/electron/pull/50137))</sup>
- Fixed an issue where `additionalData` passed to
`app.requestSingleInstanceLock` on Windows could be truncated or fail to
deserialize in the primary instance's `second-instance` event.
[#&#8203;50162](https://redirect.github.com/electron/electron/pull/50162)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50177),
[39](https://redirect.github.com/electron/electron/pull/50174),
[41](https://redirect.github.com/electron/electron/pull/50154))</sup>
- Fixed an issue where `screen.getCursorScreenPoint()` crashed on
Wayland when it was called before a `BrowserWindow` had been created.
[#&#8203;50104](https://redirect.github.com/electron/electron/pull/50104)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50106),
[41](https://redirect.github.com/electron/electron/pull/50105))</sup>
- Fixed an issue where calling `setBounds` on a `WebContentsView` could
trigger redundant `page-favicon-updated` events even when the favicon
had not changed.
[#&#8203;50084](https://redirect.github.com/electron/electron/pull/50084)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50086),
[41](https://redirect.github.com/electron/electron/pull/50085))</sup>
- Fixed an issue where invalid characters in custom protocol or
webRequest response header values were not rejected.
[#&#8203;50131](https://redirect.github.com/electron/electron/pull/50131)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50130),
[39](https://redirect.github.com/electron/electron/pull/50129),
[41](https://redirect.github.com/electron/electron/pull/50132))</sup>
- Fixed an issue where permission and device-chooser handlers received
the top-level page origin instead of the requesting subframe's origin.
[#&#8203;50149](https://redirect.github.com/electron/electron/pull/50149)
<sup>(Also in
[38](https://redirect.github.com/electron/electron/pull/50151),
[39](https://redirect.github.com/electron/electron/pull/50147),
[41](https://redirect.github.com/electron/electron/pull/50148))</sup>
- Fixed an issue where traffic light buttons would flash at position
(0,0) when restoring a window with a custom `trafficLightPosition` from
minimization on macOS.
[#&#8203;50207](https://redirect.github.com/electron/electron/pull/50207)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50208),
[41](https://redirect.github.com/electron/electron/pull/50209))</sup>
- Fixed bug where opening a message box immediately upon closing a child
window may cause the parent window to freeze on Windows.
[#&#8203;50189](https://redirect.github.com/electron/electron/pull/50189)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50190),
[41](https://redirect.github.com/electron/electron/pull/50191))</sup>
- Reverted AltGr key fix that caused menu bar to no longer show on
Windows.
[#&#8203;50110](https://redirect.github.com/electron/electron/pull/50110)
<sup>(Also in
[39](https://redirect.github.com/electron/electron/pull/50109),
[41](https://redirect.github.com/electron/electron/pull/50111))</sup>

#### Other Changes

- Backported fix for chromium:485622239.
[#&#8203;50168](https://redirect.github.com/electron/electron/pull/50168)

</details>

<details>
<summary>evanw/esbuild (esbuild)</summary>

###
[`v0.27.4`](https://redirect.github.com/evanw/esbuild/blob/HEAD/CHANGELOG.md#0274)

[Compare
Source](https://redirect.github.com/evanw/esbuild/compare/v0.27.3...v0.27.4)

- Fix a regression with CSS media queries
([#&#8203;4395](https://redirect.github.com/evanw/esbuild/issues/4395),
[#&#8203;4405](https://redirect.github.com/evanw/esbuild/issues/4405),
[#&#8203;4406](https://redirect.github.com/evanw/esbuild/issues/4406))

Version 0.25.11 of esbuild introduced support for parsing media queries.
This unintentionally introduced a regression with printing media queries
that use the `<media-type> and <media-condition-without-or>` grammar.
Specifically, esbuild was failing to wrap an `or` clause with
parentheses when inside `<media-condition-without-or>`. This release
fixes the regression.

  Here is an example:

  ```css
  /* Original code */
@&#8203;media only screen and ((min-width: 10px) or (min-height: 10px))
{
    a { color: red }
  }

  /* Old output (incorrect) */
@&#8203;media only screen and (min-width: 10px) or (min-height: 10px) {
    a {
      color: red;
    }
  }

  /* New output (correct) */
@&#8203;media only screen and ((min-width: 10px) or (min-height: 10px))
{
    a {
      color: red;
    }
  }
  ```

- Fix an edge case with the `inject` feature
([#&#8203;4407](https://redirect.github.com/evanw/esbuild/issues/4407))

This release fixes an edge case where esbuild's `inject` feature could
not be used with arbitrary module namespace names exported using an
`export {} from` statement with bundling disabled and a target
environment where arbitrary module namespace names is unsupported.

  With the fix, the following `inject` file:

  ```js
  import jquery from 'jquery';
  export { jquery as 'window.jQuery' };
  ```

Can now always be rewritten as this without esbuild sometimes
incorrectly generating an error:

  ```js
  export { default as 'window.jQuery' } from 'jquery';
  ```

- Attempt to improve API handling of huge metafiles
([#&#8203;4329](https://redirect.github.com/evanw/esbuild/issues/4329),
[#&#8203;4415](https://redirect.github.com/evanw/esbuild/issues/4415))

This release contains a few changes that attempt to improve the behavior
of esbuild's JavaScript API with huge metafiles (esbuild's name for the
build metadata, formatted as a JSON object). The JavaScript API is
designed to return the metafile JSON as a JavaScript object in memory,
which makes it easy to access from within a JavaScript-based plugin.
Multiple people have encountered issues where this API breaks down with
a pathologically-large metafile.

The primary issue is that V8 has an implementation-specific maximum
string length, so using the `JSON.parse` API with large enough strings
is impossible. This release will now attempt to use a fallback
JavaScript-based JSON parser that operates directly on the UTF8-encoded
JSON bytes instead of using `JSON.parse` when the JSON metafile is too
big to fit in a JavaScript string. The new fallback path has not yet
been heavily-tested. The metafile will also now be generated with
whitespace removed if the bundle is significantly large, which will
reduce the size of the metafile JSON slightly.

However, hitting this case is potentially a sign that something else is
wrong. Ideally you wouldn't be building something so enormous that the
build metadata can't even fit inside a JavaScript string. You may want
to consider optimizing your project, or breaking up your project into
multiple parts that are built independently. Another option could
potentially be to use esbuild's command-line API instead of its
JavaScript API, which is more efficient (although of course then you
can't use JavaScript plugins, so it may not be an option).

</details>

<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>

###
[`v20.8.4`](https://redirect.github.com/capricorn86/happy-dom/compare/v20.8.3...82a0888cb2c87a6123e05424b528f8e8c9b3e426)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.8.3...v20.8.4)

</details>

<details>
<summary>vuejs/devtools (vite-plugin-vue-devtools)</summary>

###
[`v8.1.0`](https://redirect.github.com/vuejs/devtools/releases/tag/v8.1.0)

[Compare
Source](https://redirect.github.com/vuejs/devtools/compare/v8.0.7...v8.1.0)

*No significant changes*

#####     [View changes on
GitHub](https://redirect.github.com/vuejs/devtools/compare/v8.0.8...v8.1.0)

</details>

<details>
<summary>vitest-dev/vitest (vitest)</summary>

###
[`v4.1.0`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v4.1.0)

[Compare
Source](https://redirect.github.com/vitest-dev/vitest/compare/v4.0.18...v4.1.0)

Vitest 4.1 is out!

This release page lists all changes made to the project during the 4.1
beta. To get a review of all the new features, read our [blog
post](https://vitest.dev/blog/vitest-4).

#####    🚀 Features

- Return a disposable from doMock()  -  by
[@&#8203;kirkwaiblinger](https://redirect.github.com/kirkwaiblinger) in
[#&#8203;9332](https://redirect.github.com/vitest-dev/vitest/issues/9332)
[<samp>(e3e65)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e3e659a96)
- Added chai style assertions  -  by
[@&#8203;ronnakamoto](https://redirect.github.com/ronnakamoto) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;8842](https://redirect.github.com/vitest-dev/vitest/issues/8842)
[<samp>(841df)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/841df9ac5)
- Update to sinon/fake-timers v15 and add `setTickMode` to timer
controls  -  by [@&#8203;atscott](https://redirect.github.com/atscott)
and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;8726](https://redirect.github.com/vitest-dev/vitest/issues/8726)
[<samp>(4b480)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4b480aaed)
- Expose matcher types  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9448](https://redirect.github.com/vitest-dev/vitest/issues/9448)
[<samp>(3e4b9)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3e4b913b1)
- Add `toTestSpecification` to reported tasks  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9464](https://redirect.github.com/vitest-dev/vitest/issues/9464)
[<samp>(1a470)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1a4705da9)
- Show a warning if `vi.mock` or `vi.hoisted` are declared outside of
top level of the module  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9387](https://redirect.github.com/vitest-dev/vitest/issues/9387)
[<samp>(5db54)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/5db54a468)
- Track and display expectedly failed tests (.fails) in UI and CLI  - 
by [@&#8203;Copilot](https://redirect.github.com/Copilot),
**sheremet-va** and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9476](https://redirect.github.com/vitest-dev/vitest/issues/9476)
[<samp>(77d75)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/77d75fd34)
- Support tags  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9478](https://redirect.github.com/vitest-dev/vitest/issues/9478)
[<samp>(de7c8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/de7c8a521)
- Implement `aroundEach` and `aroundAll` hooks  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9450](https://redirect.github.com/vitest-dev/vitest/issues/9450)
[<samp>(2a8cb)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/2a8cb9dc2)
- Stabilize experimental features  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9529](https://redirect.github.com/vitest-dev/vitest/issues/9529)
[<samp>(b5fd2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b5fd2a16a)
- Accept `new` or `all` in `--update` flag  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9543](https://redirect.github.com/vitest-dev/vitest/issues/9543)
[<samp>(a5acf)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/a5acf28a5)
- Support `meta` in test options  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9535](https://redirect.github.com/vitest-dev/vitest/issues/9535)
[<samp>(7d622)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7d622e3d1)
- Support type inference with a new `test.extend` syntax  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9550](https://redirect.github.com/vitest-dev/vitest/issues/9550)
[<samp>(e5385)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e53854fcc)
- Support vite 8 beta, fix type issues in the config with different vite
versions  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9587](https://redirect.github.com/vitest-dev/vitest/issues/9587)
[<samp>(99028)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/990281dfd)
- Add assertion helper to hide internal stack traces  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9594](https://redirect.github.com/vitest-dev/vitest/issues/9594)
[<samp>(eeb0a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/eeb0ae2f8)
- Store failure screenshots using artifacts API  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9588](https://redirect.github.com/vitest-dev/vitest/issues/9588)
[<samp>(24603)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/24603e3c4)
- Allow `vitest list` to statically collect tests instead of running
files to collect them  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9630](https://redirect.github.com/vitest-dev/vitest/issues/9630)
[<samp>(7a8e7)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7a8e7fc20)
- Add `--detect-async-leaks`  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9528](https://redirect.github.com/vitest-dev/vitest/issues/9528)
[<samp>(c594d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c594d4af3)
- Implement `mockThrow` and `mockThrowOnce`  -  by
[@&#8203;thor-juhasz](https://redirect.github.com/thor-juhasz) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9512](https://redirect.github.com/vitest-dev/vitest/issues/9512)
[<samp>(61917)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/619179fb7)
- Support `update: "none"` and add docs about snapshots behavior on CI
 -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9700](https://redirect.github.com/vitest-dev/vitest/issues/9700)
[<samp>(05f18)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/05f1854e2)
- Support playwright `launchOptions` with `connectOptions`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9702](https://redirect.github.com/vitest-dev/vitest/issues/9702)
[<samp>(f0ff1)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f0ff1b2a0)
- Add `page/locator.mark` API to enhance playwright trace  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9652](https://redirect.github.com/vitest-dev/vitest/issues/9652)
[<samp>(d0ee5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d0ee546fe)
- **api**:
- Support tests starting or ending with `test` in
`experimental_parseSpecification`  -  by
[@&#8203;jgillick](https://redirect.github.com/jgillick) and **Jeremy
Gillick** in
[#&#8203;9235](https://redirect.github.com/vitest-dev/vitest/issues/9235)
[<samp>(2f367)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/2f367fad3)
- Add filters to `createSpecification`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9336](https://redirect.github.com/vitest-dev/vitest/issues/9336)
[<samp>(c8e6c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c8e6c7fbf)
- Expose `runTestFiles` as alternative to `runTestSpecifications`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9443](https://redirect.github.com/vitest-dev/vitest/issues/9443)
[<samp>(43d76)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/43d761821)
- Add `allowWrite` and `allowExec` options to `api`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9350](https://redirect.github.com/vitest-dev/vitest/issues/9350)
[<samp>(20e00)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/20e00ef78)
- Allow passing down test cases to `toTestSpecification`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9627](https://redirect.github.com/vitest-dev/vitest/issues/9627)
[<samp>(6f17d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/6f17d5ddf)
- **browser**:
- Add `userEvent.wheel` API  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9188](https://redirect.github.com/vitest-dev/vitest/issues/9188)
[<samp>(66080)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/660801979)
- Add `filterNode` option to prettyDOM for filtering browser assertion
error output  -  by
[@&#8203;Copilot](https://redirect.github.com/Copilot), **sheremet-va**
and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9475](https://redirect.github.com/vitest-dev/vitest/issues/9475)
[<samp>(d3220)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d3220fcd8)
- Support playwright persistent context  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **Claude Opus
4.6** and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va)
in
[#&#8203;9229](https://redirect.github.com/vitest-dev/vitest/issues/9229)
[<samp>(f865d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f865d2ba4)
- Added `detailsPanelPosition` option and button  -  by
[@&#8203;shairez](https://redirect.github.com/shairez) in
[#&#8203;9525](https://redirect.github.com/vitest-dev/vitest/issues/9525)
[<samp>(c8a31)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c8a31147c)
- Use BlazeDiff instead of pixelmatch  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9514](https://redirect.github.com/vitest-dev/vitest/issues/9514)
[<samp>(30936)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/309362089)
- Add `findElement` and enable strict mode in webdriverio and preview
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9677](https://redirect.github.com/vitest-dev/vitest/issues/9677)
[<samp>(c3f37)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c3f37721c)
- **cli**:
- Add [@&#8203;bomb](https://redirect.github.com/bomb).sh/tab
completions  -  by
[@&#8203;AmirSa12](https://redirect.github.com/AmirSa12) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;8639](https://redirect.github.com/vitest-dev/vitest/issues/8639)
[<samp>(200f3)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/200f31704)
- **coverage**:
- Support `ignore start/stop` ignore hints  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9204](https://redirect.github.com/vitest-dev/vitest/issues/9204)
[<samp>(e59c9)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e59c94ba6)
- Add `coverage.changed` option to report only changed files  -  by
[@&#8203;kykim00](https://redirect.github.com/kykim00) and
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9521](https://redirect.github.com/vitest-dev/vitest/issues/9521)
[<samp>(1d939)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1d9392c67)
- **experimental**:
- Add `onModuleRunner` hook to `worker.init`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9286](https://redirect.github.com/vitest-dev/vitest/issues/9286)
[<samp>(e977f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e977f3deb)
- Option to disable the module runner  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) and
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9210](https://redirect.github.com/vitest-dev/vitest/issues/9210)
[<samp>(9be61)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9be6121ee)
- Add `importDurations: { limit, print }` options  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **Claude Opus
4.6** and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va)
in
[#&#8203;9401](https://redirect.github.com/vitest-dev/vitest/issues/9401)
[<samp>(7e10f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7e10fb356)
- Add print and fail thresholds for `importDurations`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9533](https://redirect.github.com/vitest-dev/vitest/issues/9533)
[<samp>(3f7a5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3f7a5f8f8)
- **fixtures**:
- Pass down file context to `beforeAll`/`afterAll`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9572](https://redirect.github.com/vitest-dev/vitest/issues/9572)
[<samp>(c8339)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c83395f2c)
- **reporters**:
- Add `agent` reporter to reduce ai agent token usage  -  by
[@&#8203;cpojer](https://redirect.github.com/cpojer) in
[#&#8203;9779](https://redirect.github.com/vitest-dev/vitest/issues/9779)
[<samp>(3e9e0)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3e9e096a2)
- **runner**:
- Enhance `retry` options  -  by
[@&#8203;MazenSamehR](https://redirect.github.com/MazenSamehR), **Matan
Shavit**, [@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio)
and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9370](https://redirect.github.com/vitest-dev/vitest/issues/9370)
[<samp>(9e4cf)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9e4cfd295)
- **ui**:
- Allow run individual test/suites  -  by
[@&#8203;userquin](https://redirect.github.com/userquin) in
[#&#8203;9465](https://redirect.github.com/vitest-dev/vitest/issues/9465)
[<samp>(73b10)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/73b10f1b9)
- Add project filter/sort support  -  by
[@&#8203;userquin](https://redirect.github.com/userquin) in
[#&#8203;8689](https://redirect.github.com/vitest-dev/vitest/issues/8689)
[<samp>(0c7ea)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0c7eaac16)
- Add duration sorting to explorer  -  by
[@&#8203;julianhahn](https://redirect.github.com/julianhahn) and
[@&#8203;cursoragent](https://redirect.github.com/cursoragent) in
[#&#8203;9603](https://redirect.github.com/vitest-dev/vitest/issues/9603)
[<samp>(209b1)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/209b1b0e1)
- Implement filter for slow tests  -  by
[@&#8203;DerYeger](https://redirect.github.com/DerYeger) and
[@&#8203;userquin](https://redirect.github.com/userquin) in
[#&#8203;9705](https://redirect.github.com/vitest-dev/vitest/issues/9705)
[<samp>(8880c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/8880c907a)
- **vitest**:
- Add run summary in GitHub Actions Reporter  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) and **jhnance**
in
[#&#8203;9579](https://redirect.github.com/vitest-dev/vitest/issues/9579)
[<samp>(96bfc)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/96bfc8345)

#####    🐞 Bug Fixes

- Deprecate several vitest/\* entry points  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9347](https://redirect.github.com/vitest-dev/vitest/issues/9347)
[<samp>(fd459)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/fd45928be)
- Use `meta.url` in `createRequire`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9441](https://redirect.github.com/vitest-dev/vitest/issues/9441)
[<samp>(e3422)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e34225563)
- Preact browser mode init example of render function not async  -  by
[@&#8203;WuMingDao](https://redirect.github.com/WuMingDao) in
[#&#8203;9375](https://redirect.github.com/vitest-dev/vitest/issues/9375)
[<samp>(2bea5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/2bea549c7)
- Deprecate unused types in matcher context  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9449](https://redirect.github.com/vitest-dev/vitest/issues/9449)
[<samp>(20f87)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/20f8753a2)
- Handle `external/noExternal` during `configEnvironment` hook  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9508](https://redirect.github.com/vitest-dev/vitest/issues/9508)
[<samp>(59ea2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/59ea27c1c)
- Replace default ssr environment runner with Vitest server module
runner  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
and **Claude Opus 4.6** in
[#&#8203;9506](https://redirect.github.com/vitest-dev/vitest/issues/9506)
[<samp>(cd5db)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/cd5db660c)
- Propagate experimental CLI options to child projects  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9531](https://redirect.github.com/vitest-dev/vitest/issues/9531)
[<samp>(b624f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b624fae53)
- Show a warning when `browser.isolate` is used  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9410](https://redirect.github.com/vitest-dev/vitest/issues/9410)
[<samp>(3d48e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3d48ebcb9)
- Fix `vi.mock({ spy: true })` node v8 coverage  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **hi-ogawa**
and **Claude Opus 4.6** in
[#&#8203;9541](https://redirect.github.com/vitest-dev/vitest/issues/9541)
[<samp>(687b6)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/687b633c1)
- Don't show internal ssr handler in errors  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9547](https://redirect.github.com/vitest-dev/vitest/issues/9547)
[<samp>(76c43)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/76c4397b5)
- Close vitest if it failed to start  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9573](https://redirect.github.com/vitest-dev/vitest/issues/9573)
[<samp>(728ba)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/728ba617f)
- Fix ssr environment runner in project  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9584](https://redirect.github.com/vitest-dev/vitest/issues/9584)
[<samp>(09006)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/090064f97)
- Trim trailing white spaces in code block  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9591](https://redirect.github.com/vitest-dev/vitest/issues/9591)
[<samp>(f78be)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f78bea992)
- Support inline snapshot inside test.for/each  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9590](https://redirect.github.com/vitest-dev/vitest/issues/9590)
[<samp>(615fd)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/615fd521e)
- Apply source maps for external module stack trace  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9152](https://redirect.github.com/vitest-dev/vitest/issues/9152)
[<samp>(79e20)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/79e20d5a3)
- Remove the `.name` from statically collected test  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9596](https://redirect.github.com/vitest-dev/vitest/issues/9596)
[<samp>(b66ff)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b66ff691a)
- Don't suppress warnings on pnp  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9602](https://redirect.github.com/vitest-dev/vitest/issues/9602)
[<samp>(89cbd)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/89cbdaea3)
- Support snapshot with `expect.soft`  -  by
[@&#8203;iumehara](https://redirect.github.com/iumehara),
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9231](https://redirect.github.com/vitest-dev/vitest/issues/9231)
[<samp>(3eb2c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3eb2cd541)
- Log seed when only `sequence.shuffle.tests` is enabled  -  by
[@&#8203;kaigritun](https://redirect.github.com/kaigritun), **Kai
Gritun** and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9576](https://redirect.github.com/vitest-dev/vitest/issues/9576)
[<samp>(8182b)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/8182b77ad)
- Externalize `expect/src/utils` from `vitest`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9616](https://redirect.github.com/vitest-dev/vitest/issues/9616)
[<samp>(48739)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/487398422)
- Ignore test.override during static collection  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9620](https://redirect.github.com/vitest-dev/vitest/issues/9620)
[<samp>(09174)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0917470ce)
- Increase stacktrace limit for `--detect-async-leaks`  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9638](https://redirect.github.com/vitest-dev/vitest/issues/9638)
[<samp>(9fd4c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9fd4ce533)
- Hanging-reporter link in cli  -  by
[@&#8203;flx-sta](https://redirect.github.com/flx-sta) in
[#&#8203;9649](https://redirect.github.com/vitest-dev/vitest/issues/9649)
[<samp>(7c103)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7c103055c)
- Fix teardown timeout of `aroundEach/All` when inner `aroundEach/All`
throws  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
in
[#&#8203;9657](https://redirect.github.com/vitest-dev/vitest/issues/9657)
[<samp>(4ec6c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4ec6cb305)
- Fix ui mode / html reporter and coverage integration  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9626](https://redirect.github.com/vitest-dev/vitest/issues/9626)
[<samp>(86fad)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/86fad4b42)
- Don't continue when `aroundEach/All` setup timed out  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9670](https://redirect.github.com/vitest-dev/vitest/issues/9670)
[<samp>(bb013)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/bb013d54b)
- Align `VitestRunnerConfig` optional fields with `SerializedConfig`  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9661](https://redirect.github.com/vitest-dev/vitest/issues/9661)
[<samp>(79520)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/79520d82d)
- Handle Symbol values in format utility  -  by
[@&#8203;nami8824](https://redirect.github.com/nami8824) in
[#&#8203;9658](https://redirect.github.com/vitest-dev/vitest/issues/9658)
[<samp>(0583f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0583f067e)
- Deprecate `toBe*` spy assertions in favor of `toHaveBeen*` (and
`toThrowError`)  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9665](https://redirect.github.com/vitest-dev/vitest/issues/9665)
[<samp>(4d390)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4d390dfe9)
- Don't propagate nested `aroundEach/All` errors but aggregate them on
runner  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
in
[#&#8203;9673](https://redirect.github.com/vitest-dev/vitest/issues/9673)
[<samp>(b6365)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/b63653f5a)
- Show a better error if there is a pending dynamic import  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9676](https://redirect.github.com/vitest-dev/vitest/issues/9676)
[<samp>(7ef5c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7ef5cf4b7)
- Preserve stack trace of `resolves/rejects` chained assertion error  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9679](https://redirect.github.com/vitest-dev/vitest/issues/9679)
[<samp>(c6151)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c61511d4a)
- Handle module-sync condition in vmThreads/vmForks require  -  by
[@&#8203;lesleh](https://redirect.github.com/lesleh) in
[#&#8203;9650](https://redirect.github.com/vitest-dev/vitest/issues/9650)
and
[#&#8203;9651](https://redirect.github.com/vitest-dev/vitest/issues/9651)
[<samp>(bb203)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/bb20389f4)
- Hooks should respect `maxConcurrency`  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9653](https://redirect.github.com/vitest-dev/vitest/issues/9653)
[<samp>(16d13)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/16d13d981)
- Recursively autospy module object  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9687](https://redirect.github.com/vitest-dev/vitest/issues/9687)
[<samp>(695a8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/695a86b41)
- Remove trailing spaces from diff error log  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9680](https://redirect.github.com/vitest-dev/vitest/issues/9680)
[<samp>(395d1)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/395d1a29e)
- Respect project `resolve.conditions` for externals  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9717](https://redirect.github.com/vitest-dev/vitest/issues/9717)
[<samp>(1d498)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1d4987498)
- Use object for WeakMap instead of a symbol to support webcontainers
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9731](https://redirect.github.com/vitest-dev/vitest/issues/9731)
[<samp>(c5225)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c52259330)
- Fix re-mocking virtual module  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9748](https://redirect.github.com/vitest-dev/vitest/issues/9748)
[<samp>(3cbbb)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3cbbb17f1)
- Cancelling should stop current test immediately  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9729](https://redirect.github.com/vitest-dev/vitest/issues/9729)
[<samp>(0cb2f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0cb2f7239)
- Make `mockObject` change backwards compatible  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9744](https://redirect.github.com/vitest-dev/vitest/issues/9744)
[<samp>(84c69)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/84c69497f)
- Fix `URL.name` on jsdom  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9767](https://redirect.github.com/vitest-dev/vitest/issues/9767)
[<samp>(031f3)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/031f3a374)
- Save and restore module graph in blob reporter  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9740](https://redirect.github.com/vitest-dev/vitest/issues/9740)
[<samp>(84355)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/843554bf0)
- Don't silence reporter errors from test runtime events handler in
normal run and --merge-reports  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9727](https://redirect.github.com/vitest-dev/vitest/issues/9727)
[<samp>(4072d)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4072d0132)
- Fix `vi.importActual()` for virtual modules  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9772](https://redirect.github.com/vitest-dev/vitest/issues/9772)
[<samp>(1e89e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1e89ec020)
- Throw `FixtureAccessError` if suite hook accesses undefined fixture
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9786](https://redirect.github.com/vitest-dev/vitest/issues/9786)
[<samp>(fc2ce)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/fc2cea2b7)
- Allow hyphens in project config file name pattern  -  by
[@&#8203;Koutaro-Hanabusa](https://redirect.github.com/Koutaro-Hanabusa)
and [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9760](https://redirect.github.com/vitest-dev/vitest/issues/9760)
[<samp>(33e96)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/33e96311a)
- Manual and redirect mock shouldn't `load` or `transform` original
module  -  by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa)
and **Claude Opus 4.6** in
[#&#8203;9774](https://redirect.github.com/vitest-dev/vitest/issues/9774)
[<samp>(a8216)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/a8216b001)
- `hideSkippedTests` should not hide `test.todo`  -  by
[@&#8203;oilater](https://redirect.github.com/oilater) in
[#&#8203;9562](https://redirect.github.com/vitest-dev/vitest/issues/9562)
and
[#&#8203;9781](https://redirect.github.com/vitest-dev/vitest/issues/9781)
[<samp>(8181e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/8181e06e7)
- Allow catch/finally for async assertion  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9827](https://redirect.github.com/vitest-dev/vitest/issues/9827)
[<samp>(031f0)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/031f02a89)
- Resolve fixture overrides from test's suite in `beforeEach` hooks  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9826](https://redirect.github.com/vitest-dev/vitest/issues/9826)
[<samp>(99e52)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/99e52fe58)
- Use isAgent check, not just TTY, for watch mode  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9841](https://redirect.github.com/vitest-dev/vitest/issues/9841)
[<samp>(c3cac)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c3cac1c1b)
- Use `performance.now` to measure test timeout duration  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9795](https://redirect.github.com/vitest-dev/vitest/issues/9795)
[<samp>(f48a6)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f48a60114)
- Correctly identify concurrent test during static analysis  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9846](https://redirect.github.com/vitest-dev/vitest/issues/9846)
[<samp>(1de0a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1de0aa22d)
- **browser**:
- Avoid updating screenshots when `toMatchScreenshot` passes  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9289](https://redirect.github.com/vitest-dev/vitest/issues/9289)
[<samp>(46aab)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/46aabaa44)
- Hide injected data-testid attributes  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9503](https://redirect.github.com/vitest-dev/vitest/issues/9503)
[<samp>(c8d2c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c8d2c411c)
- Throw an error if iframe was reloaded  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9516](https://redirect.github.com/vitest-dev/vitest/issues/9516)
[<samp>(73a81)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/73a81f880)
- Encode projectName in browser client URL  -  by
[@&#8203;dkkim0122](https://redirect.github.com/dkkim0122) in
[#&#8203;9523](https://redirect.github.com/vitest-dev/vitest/issues/9523)
[<samp>(5b164)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/5b16483c3)
- Don't take failure screenshot if tests have artifacts created by
`toMatchScreenshot`  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9552](https://redirect.github.com/vitest-dev/vitest/issues/9552)
[<samp>(83ca0)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/83ca02547)
- Remove `--remote-debugging-address` from chrome args  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9712](https://redirect.github.com/vitest-dev/vitest/issues/9712)
[<samp>(f09bb)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f09bb5c32)
- Make sure userEvent actions support `ensureAwaited`  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9732](https://redirect.github.com/vitest-dev/vitest/issues/9732)
[<samp>(97685)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9768517b8)
- Types of `getCDPSession` and `cdp()`  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9716](https://redirect.github.com/vitest-dev/vitest/issues/9716)
[<samp>(689a2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/689a22a1b)
- Skip esbuild.legalComments when using rolldown-vite  -  by
[@&#8203;Copilot](https://redirect.github.com/Copilot), **hi-ogawa** and
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9803](https://redirect.github.com/vitest-dev/vitest/issues/9803)
[<samp>(3505f)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/3505fa5a3)
- **chai**:
- Don't allow `deepEqual` in the config because it's not serializable
 -  by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9666](https://redirect.github.com/vitest-dev/vitest/issues/9666)
[<samp>(9ee99)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/9ee999d73)
- **coverage**:
- Infer transform mode for uncovered files  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9435](https://redirect.github.com/vitest-dev/vitest/issues/9435)
[<samp>(f3967)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/f396792d6)
- `thresholds.autoUpdate` to preserve ending whitespace  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9436](https://redirect.github.com/vitest-dev/vitest/issues/9436)
[<samp>(7e534)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7e534a0b6)
- **deps**:
- Update all non-major dependencies  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) in
[#&#8203;9192](https://redirect.github.com/vitest-dev/vitest/issues/9192)
[<samp>(90c30)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/90c302f3b)
- Update all non-major dependencies  -  in
[#&#8203;9485](https://redirect.github.com/vitest-dev/vitest/issues/9485)
[<samp>(c0118)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c01186022)
- Update all non-major dependencies  -  in
[#&#8203;9567](https://redirect.github.com/vitest-dev/vitest/issues/9567)
[<samp>(13c9e)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/13c9e022b)
- **docs**:
- Fix old `/config/#option` hash links causing hydration errors  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa), **Claude Opus
4.6** and [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va)
in
[#&#8203;9610](https://redirect.github.com/vitest-dev/vitest/issues/9610)
[<samp>(a603c)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/a603c3a30)
- **expect**:
- `toMatchObject(Map/Set)` should expect `Map/Set` on left hand side  - 
by [@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9532](https://redirect.github.com/vitest-dev/vitest/issues/9532)
[<samp>(381da)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/381da4a9d)
- Fix objectContaining with proxy  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9554](https://redirect.github.com/vitest-dev/vitest/issues/9554)
[<samp>(7ce34)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7ce3417b1)
- Support arbitrary value equality for `toThrow` and make Error
detection robust  -  by
[@&#8203;hi-ogawa](https://redirect.github.com/hi-ogawa) and **Claude
Opus 4.6** in
[#&#8203;9570](https://redirect.github.com/vitest-dev/vitest/issues/9570)
[<samp>(de215)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/de215c19c)
- **mock**:
- Inject helpers after hashbang if present  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9545](https://redirect.github.com/vitest-dev/vitest/issues/9545)
[<samp>(65432)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/65432a74b)
- **mocker**:
- Update vite's peer dependency range  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9808](https://redirect.github.com/vitest-dev/vitest/issues/9808)
[<samp>(36f9a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/36f9a81a2)
- **reporter**:
- `dot` reporter leaves pending tests  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9684](https://redirect.github.com/vitest-dev/vitest/issues/9684)
[<samp>(4d793)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4d7938a56)
- **runner**:
- Mark repeated tests as finished on last run  -  by
[@&#8203;AriPerkkio](https://redirect.github.com/AriPerkkio) in
[#&#8203;9707](https://redirect.github.com/vitest-dev/vitest/issues/9707)
[<samp>(cc735)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/cc735970a)
- **spy**:
- Support deep partial in vi.mocked  -  by
[@&#8203;j2h30728](https://redirect.github.com/j2h30728) in
[#&#8203;8152](https://redirect.github.com/vitest-dev/vitest/issues/8152)
and
[#&#8203;9493](https://redirect.github.com/vitest-dev/vitest/issues/9493)
[<samp>(71cb5)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/71cb51ffc)
- Fallback to object accessor if descriptor's value is `undefined`  - 
by [@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9511](https://redirect.github.com/vitest-dev/vitest/issues/9511)
[<samp>(6f181)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/6f18103fa)
- Throw correct errors when shorthand methods are used on a class  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9513](https://redirect.github.com/vitest-dev/vitest/issues/9513)
[<samp>(5d0fd)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/5d0fd3b62)
- **types**:
- `bench.reporters` no longer gives type errors when passing file name
string paths  -  by
[@&#8203;Bertie690](https://redirect.github.com/Bertie690) in
[#&#8203;9695](https://redirect.github.com/vitest-dev/vitest/issues/9695)
[<samp>(093c8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/093c8f6b5)
- **ui**:
- Process artifact attachments when generating HTML reporter  -  by
[@&#8203;macarie](https://redirect.github.com/macarie) in
[#&#8203;9472](https://redirect.github.com/vitest-dev/vitest/issues/9472)
[<samp>(96eb9)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/96eb92826)
- Don't fail if --ui and --root are specified together  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9536](https://redirect.github.com/vitest-dev/vitest/issues/9536)
[<samp>(d9305)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d93055fc7)

#####    🏎 Performance

- **pretty-format**: Combine DOMElement plugins  -  by
[@&#8203;sheremet-va](https://redirect.github.com/sheremet-va) in
[#&#8203;9581](https://redirect.github.com/vitest-dev/vitest/issues/9581)
[<samp>(da85a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/da85a3267)

#####     [View changes on
GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v4.0.17...v4.1.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3
* * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuNjYuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-03-14 22:49:09 +00:00
Tink 28cc9e0571
fix: prevent authenticated UI flash when server rejects JWT session (#2387) 2026-03-11 09:37:46 +01:00
renovate[bot] c57c884fd4 chore(deps): update dependency sass-embedded to v1.98.0 2026-03-11 08:53:39 +01:00
kolaente d196af0503 fix: remove debounce from color picker to prevent stale color on save
The color picker had a 500ms debounce before propagating the selected
color to the parent component. Since all usages save via an explicit
button click (not automatically), the debounce only caused a race
condition where the model value could be stale when the user clicked
Save within 500ms of picking a color.

Closes go-vikunja/vikunja#2312
2026-03-10 23:26:24 +01:00
Frederick [Bot] 30fccfb058 chore(i18n): update translations via Crowdin 2026-03-10 01:08:39 +00:00
renovate[bot] 271da6a2ec chore(deps): update dev-dependencies to v8.57.0 2026-03-09 21:06:23 +01:00
kolaente 2e1648ef4c feat: add user-level webhooks settings page
Add a new settings page for managing user-level webhooks. Extract
webhook form into shared WebhookManager component used by both
project and user webhook settings. Add routing, translations,
and navigation entry.
2026-03-08 19:45:53 +01:00
renovate[bot] 52e47c732f chore(deps): update dependency eslint to v9.39.4 2026-03-08 12:09:25 +01:00
Frederick [Bot] bc583b2efb chore(i18n): update translations via Crowdin 2026-03-07 01:09:03 +00:00
renovate[bot] c49d8e129a chore(deps): update dev-dependencies 2026-03-06 10:02:55 +01:00
dependabot[bot] b85ad9c298 chore(deps): bump dompurify from 3.3.1 to 3.3.2 in /frontend
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.1...3.3.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-03-06 10:02:38 +01:00
renovate[bot] e5701fc0e3 chore(deps): update dev-dependencies 2026-03-06 08:47:55 +01:00
Frederick [Bot] 4b5b7e69cc chore(i18n): update translations via Crowdin 2026-03-06 01:17:05 +00:00
renovate[bot] 2dd4421fb5 chore(deps): update dependency vite-svg-loader to v5.1.1 2026-03-05 19:43:50 +01:00
Noah Neukam d7722d0193
fix(menu): prevent dropdown from closing when cursor crosses offset gap (#2367) 2026-03-05 12:50:04 +01:00
kolaente b5d8576c2a chore(deps): update svgo to 3.3.3 2026-03-05 11:05:32 +01:00
kolaente 5f0f3cc820 chore(deps): update immutable to 5.1.5 2026-03-05 11:05:32 +01:00
Frederick [Bot] 74aec78701 chore(i18n): update translations via Crowdin 2026-03-05 01:13:59 +00:00
kolaente 6c9407c58f feat: add duplicate button to task detail view 2026-03-04 17:20:26 +01:00
kolaente 2014d50b95 feat: add duplicateTask action to task store 2026-03-04 17:20:26 +01:00
kolaente 52bee379d4 feat: add task duplicate frontend model and service 2026-03-04 17:20:26 +01:00
renovate[bot] 3fad03d40f chore(deps): update dependency rollup-plugin-visualizer to v6.0.11 2026-03-04 11:03:35 +01:00
kolaente 79ac50b99b fix(test): update mobile kanban test to use close button instead of back button
The back button was removed from modal mode in the previous commit.
On mobile kanban, tasks open as modals, so the test now uses the
close button from the Heading component instead.
2026-03-03 16:04:37 +01:00
Claude 8a4f3a916f fix: remove duplicate close button on mobile task detail view
When viewing a task in modal mode on mobile, both a back button and a close button were displayed, causing confusion. The back button condition `!isModal || isMobile` meant it would show on mobile even in modal mode.

This fix changes the back button to only display when not in modal mode (`!isModal`), ensuring only the close button appears when viewing tasks in a modal on mobile devices.

Also removed the now-unused `isMobile` variable and its import.
2026-03-03 16:04:37 +01:00
Copilot c6f0d8babe
feat: surface API validation errors to registration form fields (#1902)
This PR surfaces API validation errors from the registration endpoint
directly onto the corresponding form fields, instead of only showing a
generic "invalid data" message. A new `parseValidationErrors` helper
extracts field names and messages from the API's `invalid_fields` array
(e.g. `["email: email is not a valid email address"]`) and maps them to
the appropriate form fields. The Register component integrates this
parser into its error handling, prioritizing client-side validation but
falling back to server-side field errors when present. Errors are
cleared as the user types.

A follow-up commit addressed PR review feedback: the `ValidationError`
interface is now exported from the parser module and reused in
`Register.vue` (eliminating a duplicate `ApiValidationError` interface),
the type guard was tightened to check specifically for `invalid_fields`
rather than broadly matching any object with a `message` property, the
fallback error message always uses the localized translation key instead
of potentially surfacing raw backend messages, and the
`serverValidationErrors` ref uses `Partial<Record>` to accurately
reflect that keys are optional.

🐰 A parser hops through error fields,
Catching field names as each one yields,
Client and server now both agree,
Validation flows harmoniously free!
Whitespace trimmed, no colon? It hops along,
Register form now validated strong! 

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: kolaente <k@knt.li>
2026-03-03 14:27:24 +01:00
kolaente da9cb87448 fix(shortcuts): track active sequences explicitly to prevent misfires
Replace the global sequenceBuffer (which only tracked key count) with
per-candidate ActiveSequence tracking. This fixes two bugs:

- Sequences with different prefixes could misfire once any sequence
  started, since only buffer length was checked, not which sequence
  was being matched.
- Single-key shortcuts could fire during an in-progress sequence,
  preempting sequence completion depending on binding iteration order.
2026-03-03 14:00:25 +01:00
kolaente f8763d812e fix: correct package.json indentation after dependency removal 2026-03-03 14:00:25 +01:00
kolaente 8bf0d581ce test(shortcuts): add unit tests for shortcut parsing logic
Add 46 tests covering:
- parseKey: single keys, modifiers, multi-modifier combos, special keys
- matchesKey: code matching, modifier matching, Mod platform-adaptive behavior
- eventToShortcutString: plain keys, modifiers, modifier-only filtering, non-Latin layouts
- isFormField: input/textarea/select/contentEditable detection

Export parseKey, matchesKey, and isFormField for testability.
2026-03-03 14:00:25 +01:00
kolaente c5703acedf fix(shortcuts): resolve lint errors in shortcut module
Replace `any` type assertions with proper types:
- Use WeakMap for element-to-binding mapping instead of expando properties
- Use typed intersection for Firefox's explicitOriginalTarget property
2026-03-03 14:00:25 +01:00
kolaente 18969e61be chore(deps): remove @github/hotkey dependency
Remove @github/hotkey package, its patch file, and the
patchedDependencies entry since all shortcut handling is now done by
the custom @/helpers/shortcut module.
2026-03-03 14:00:25 +01:00
kolaente 79cd3433f5 refactor(shortcuts): use event.code for raw keyboard handlers
Change e.key to e.code in global keyboard shortcut handlers for
consistency with the new event.code-based shortcut system:
- ProjectList.vue: 'j'/'k'/'Enter' -> 'KeyJ'/'KeyK'/'Enter'
- useGanttBar.ts: 'ArrowLeft'/'ArrowRight' (identical values, for consistency)
- Modal.vue: 'Escape' (identical value, for consistency)
2026-03-03 14:00:25 +01:00
kolaente e3fdaed94a refactor(shortcuts): replace eventToHotkeyString with eventToShortcutString
Migrate all imperative shortcut matching from @github/hotkey's
eventToHotkeyString to the new event.code-based eventToShortcutString.

Updated comparison strings:
- 'Meta+k'/'Control+k' -> 'Meta+KeyK'/'Control+KeyK'
- 'Control+s'/'Meta+s' -> 'Control+KeyS'/'Meta+KeyS'
- 'Control+.' -> 'Control+Period'
- '.' -> 'Period'
- 'Enter' stays 'Enter' (identical in event.code)
2026-03-03 14:00:25 +01:00
kolaente f2901deb00 refactor(shortcuts): update v-shortcut values to event.code format
Change all shortcut strings from character-based format to event.code
format:
- Single letters: 't' -> 'KeyT', 's' -> 'KeyS', etc.
- Sequences: 'g o' -> 'KeyG KeyO', etc.
- Modifiers: 'Mod+e' -> 'Mod+KeyE', 'Shift+?' -> 'Shift+Slash'
- edit-shortcut prop: 'e' -> 'KeyE'

Shortcuts like 'Escape' and 'Shift+Delete' remain unchanged as their
event.code values are identical.
2026-03-03 14:00:25 +01:00
kolaente 8dc6e77ba0 refactor(shortcuts): update directive to use new shortcut module
Change import in the v-shortcut directive from @github/hotkey to the
new @/helpers/shortcut module. The install/uninstall API is identical.
2026-03-03 14:00:25 +01:00
kolaente 61c1d9332d feat(shortcuts): add event.code-based shortcut module
Replace the character-based @github/hotkey matching with a custom module
that matches against event.code (physical key position). This makes
shortcuts layout-independent so they work on non-Latin keyboard layouts
(Russian, Greek, Arabic, etc.).

The module provides:
- install/uninstall for declarative element shortcuts (v-shortcut)
- eventToShortcutString for imperative event matching
- Sequence support with 1500ms timeout
- Form field, IME, shadow DOM, and event.repeat guards
2026-03-03 14:00:25 +01:00
kolaente 1d02e76914 fix(deps): remove obsolete flexsearch 0.7.43 patch
The patch fixed missing module/types fields in flexsearch 0.7's
package.json. Version 0.8.212 ships with proper exports, making
the patch unnecessary.
2026-03-03 13:17:24 +01:00
renovate[bot] 4f1830768a fix(deps): update dependency flexsearch to v0.8.212 2026-03-03 13:17:24 +01:00
kolaente 4e79fde17d fix(gantt): render collapse chevron after bars for correct SVG paint order 2026-03-03 13:11:43 +01:00
kolaente 092e8fe45a fix(gantt): remove unreachable hover rule on relation arrows 2026-03-03 13:11:43 +01:00
kolaente aa6c3d85a7 fix(gantt): clamp collapse chevron x position to prevent negative offset 2026-03-03 13:11:43 +01:00
kolaente ca808c7a4f fix(gantt): only set hasDerivedDates when children have actual dates 2026-03-03 13:11:43 +01:00
kolaente f1ab9edf29 fix(gantt): move parent diamonds outward with stroke and remove hover effect 2026-03-03 13:11:43 +01:00
kolaente f6cac275e2 fix(gantt): make collapse/expand triangle smaller 2026-03-03 13:11:43 +01:00
kolaente 62bb4c33cf fix(gantt): improve parent task bar styling and visual grouping
- Make parent task bars full height (32px) matching regular bars,
  instead of the thin 8px summary bar
- Move collapse/expand chevron to sit right before the bar start
  position so it moves with the task during drag/resize
- Remove fixed-position indent indicator lines
- Add light background band with rounded border to visually group
  parent tasks with their children, sized to fit the bars
2026-03-03 13:11:43 +01:00
kolaente 19d77157e2 fix(gantt): spread overlapping relation arrows at shared endpoints 2026-03-03 13:11:43 +01:00
kolaente bb5d6dee3f fix(gantt): make relation arrows smaller and dash precedes lines 2026-03-03 13:11:43 +01:00
kolaente 71a2cdbb28 fix(gantt): update relation arrows in real-time during drag and resize 2026-03-03 13:11:43 +01:00
kolaente df766a0636 fix(gantt): always show relation arrows and fix arrow Y positioning
Remove the toggle checkbox and always render relation arrows.
Wrap rows and arrow overlay in a position:relative container so
arrows anchor to the row area instead of the chart wrapper which
includes the timeline header.
2026-03-03 13:11:43 +01:00
kolaente 5731ce9c76 feat(gantt): wire relation arrows into GanttChart with toggle 2026-03-03 13:11:43 +01:00
kolaente cd42406850 feat(gantt): create arrow SVG overlay component for relations 2026-03-03 13:11:43 +01:00
kolaente 7fca56a927 feat(gantt): render parent summary bars with diamond endpoints 2026-03-03 13:11:43 +01:00
kolaente 8361c9f301 feat(gantt): add collapse/expand chevron and indent indicators 2026-03-03 13:11:43 +01:00
kolaente 07446dc4e1 feat(gantt): integrate task tree into Gantt rendering with collapse 2026-03-03 13:11:43 +01:00
kolaente 73ced5b7d2 feat(gantt): add dependency arrow data builder 2026-03-03 13:11:43 +01:00
kolaente 1358c87e98 feat(gantt): add task tree builder utility for hierarchy 2026-03-03 13:11:43 +01:00
kolaente 8005a2fb92 feat(gantt): add expand=subtasks to Gantt API params 2026-03-03 13:11:43 +01:00
renovate[bot] 8b5ab62af9 chore(deps): update dev-dependencies 2026-03-03 13:05:59 +01:00
Dominik Pschenitschni b92735b0e9 feat: mini tiptap improvements
The TipTap editor now uses Vue’s defineModel for its reactive value, simplifies editability control with watchEffect, and correctly types DOM image elements.

Summary

Imported watchEffect and switched to defineModel for the editor’s v-model, removing the old update:modelValue emit

Typed the retrieved image element as HTMLImageElement and removed debugging output from the paste handler

Replaced the watcher controlling editability with a simpler watchEffect and updated model handling to use the new model ref
2026-03-03 13:00:35 +01:00
renovate[bot] 9a4a2eb184 chore(deps): update dev-dependencies 2026-03-03 12:45:12 +01:00
Dominik Pschenitschni e8a5631ffe
feat(frontend): highlight overdue tasks consistently (#958) 2026-03-03 12:37:21 +01:00
Dominik Pschenitschni 0a9586e8d4
feat: use offical vite plugin for sentry (#873) 2026-03-03 12:30:49 +01:00
Dominik Pschenitschni e1d1e7c848
feat: ensure forms submit on Enter (#959) 2026-03-03 12:28:45 +01:00
kolaente 958bd133fd fix(frontend): use mbs-2 utility class instead of scoped CSS
Replace the scoped .notification-actions rule with the project's
mbs-2 utility class for margin-block-start spacing.
2026-03-03 11:46:18 +01:00
kolaente 59b3dd32ac fix(frontend): use semantic class instead of targeting Tailwind utility
Replace .tw\:flex CSS selector with a .notification-actions class
in Notification.vue, as suggested in review.
2026-03-03 11:46:18 +01:00
kolaente a08667b669 feat(frontend): upgrade Tailwind CSS from v3 to v4
- Replace tailwindcss v3 with tailwindcss v4 + @tailwindcss/vite plugin
- Create dedicated tailwind.css entry with granular imports (skip preflight)
- Use CSS-first config with prefix(tw) instead of JS config
- Switch from PostCSS plugin to Vite plugin for better performance
- Update class prefix from tw- (dash) to tw: (colon) in all Vue files
- Remove @tailwind directives from global.scss
- Delete tailwind.config.js (replaced by CSS directives)
- Update stylelint at-rules for v4 directives
2026-03-03 11:46:18 +01:00
kolaente 51f789bf5c fix(e2e): drain event handlers and stop browser between tests
Async event handlers (via Watermill) from the previous test can hold
SQLite connections, starving the next test's fixture setup PATCH request.

Three changes fix this:

1. Track in-flight event handler goroutines with a WaitGroup.
2. Call WaitForPendingHandlers() in the test endpoint before
   truncating/inserting data.
3. Navigate the browser to about:blank in fixture teardown to stop
   notification polling and other frontend requests between tests.
2026-03-03 10:41:19 +01:00
kolaente 1ba6a74383
fix(nav): project drag handle position
Resolves https://community.vikunja.io/t/color-ordering-menu-overlapping/4289
2026-03-02 11:38:45 +01:00
Weijie Zhao 7297682cad
fix: remove invalidateAvatarCache call that broke request deduplication (#2317)
When multiple avatar components mount with alternating sizes (e.g. 48
and 20), invalidateAvatarCache clears pending requests for ALL sizes of
the same user, causing each call to create a new HTTP request instead of
reusing the pending one.

I noticed this issue when I open a task with 20 comments, the avatar
requests make the service OOM.

<img width="733" height="551" alt="image"
src="https://github.com/user-attachments/assets/db45db31-294c-4363-ad27-38d454b5a6a2"
/>

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-02 09:18:20 +01:00
renovate[bot] 648605c066 chore(deps): update dependency @vue/tsconfig to v0.9.0 2026-03-02 09:06:20 +01:00
kolaente 8690332652
chore(deps): upgrade serialize-javascript to 7.0.3 2026-03-02 08:56:08 +01:00
kolaente 15aa773212
fix(frontend): add horizontal overflow handling to tables on mobile
Wraps all tables that were missing overflow handling in a
`has-horizontal-overflow` div to prevent horizontal overflow on mobile
viewports.

Affected components:
- Sessions.vue
- ApiTokens.vue
- ProjectSettingsWebhooks.vue
- LinkSharing.vue
- UserTeam.vue
- EditTeam.vue
- ProjectSettingsViews.vue

Fixes https://github.com/go-vikunja/vikunja/issues/2331
2026-03-02 08:35:35 +01:00
renovate[bot] cb2647abbe chore(deps): update dev-dependencies 2026-03-02 08:26:16 +01:00
Frederick [Bot] 6076384b1f chore(i18n): update translations via Crowdin 2026-03-01 01:21:13 +00:00
Frederick [Bot] 059958b839 chore(i18n): update translations via Crowdin 2026-02-27 01:10:46 +00:00
kolaente 4cce6ed34c
chore(deps): upgrade transitive minimatch from 10.2.1 to 10.2.3+ 2026-02-26 23:33:39 +01:00
kolaente 04590d959c
chore(deps): upgrade transitive basic-ftp from 5.0.5 to 5.2.0
Add pnpm override to bump basic-ftp (transitive dependency via
puppeteer/get-uri) from 5.0.5 to 5.2.0.
2026-02-26 23:16:01 +01:00
kolaente f2a4a40e28
chore(deps): override transitive rollup 2.x to use direct dependency version
Add pnpm override to force all transitive rollup dependencies to use
the direct dependency version (4.59.0), eliminating the old 2.79.2
pulled in by workbox-build.
2026-02-26 23:16:00 +01:00
renovate[bot] a76ba87939 chore(deps): update dev-dependencies 2026-02-26 22:54:58 +01:00
kolaente 838254bb51
feat(multiselect): add green plus icon and always-visible hint to create option
Make the "create new" option in multiselect dropdowns visually distinct
from regular search results by adding a green plus icon and making the
hint text always visible instead of only on hover.
2026-02-26 17:37:11 +01:00
kolaente c4ec7f032f
feat(checklist): show green progress circle when all checkboxes are done 2026-02-26 17:07:03 +01:00
kolaente 80759831ec
fix(editor): use overflow-wrap instead of word-break for text wrapping
word-break: break-all breaks text at any character, causing mid-word
breaks even when the word could fit on the next line. overflow-wrap:
break-word wraps at word boundaries first and only breaks mid-word
when a single word exceeds the container width.
2026-02-26 16:30:55 +01:00
renovate[bot] b6205bb809 chore(deps): update dependency autoprefixer to v10.4.26 2026-02-25 20:30:07 +01:00
renovate[bot] 89c9209de4 chore(deps): update dependency stylelint to v17.4.0 2026-02-25 15:23:20 +01:00
kolaente a11d705571 feat(frontend): use Password component in password update settings
Replace FormField with Password component for new password input:
- Provides real-time validation feedback (8-72 char requirement)
- Remove redundant password confirmation field
- Disable save button when form is invalid (validation errors or empty fields)
2026-02-25 13:44:56 +01:00
kolaente 111ac9c726 fix: prevent XSS via innerHTML injection in link edit prompt
Replace innerHTML with DOM API calls in inputPrompt.ts. The oldValue
parameter (sourced from a link's href attribute in the TipTap editor)
was interpolated directly into an HTML string, allowing stored XSS if
an attacker crafted a malicious href. Using document.createElement and
setting .value as a property ensures the value is never parsed as HTML.
2026-02-25 12:01:57 +01:00
kolaente a42b4f37bd fix: prevent reflected HTML injection via filter URL parameter
TipTap's setContent() parses strings as HTML via DOMParser, allowing
crafted ?filter= URL parameters to inject SVG phishing buttons, anchor
tags, and formatted content into the trusted UI.

Use ProseMirror JSON document format instead of raw strings so the
filter value is always set as a text node, bypassing HTML parsing
entirely.
2026-02-25 12:01:57 +01:00
kolaente cb091f981d test: add e2e tests for session refresh and retry interceptor
- Verifies transparent retry and JWT rotation on 401 with code 11
- Verifies no retry for 401 with non-JWT error code
- Verifies current session appears on sessions settings page
- Increases rate limit for e2e test API to prevent 429 errors
2026-02-25 10:30:25 +01:00
kolaente be1db018fe feat: add frontend session management with refresh tokens
- Session model, type interface, and API service
- Sessions settings page showing active sessions with device info,
  IP address, last active time, and current session indicator
- Auth store updated to use cookie-based refresh tokens for user
  sessions and JWT-based renewal for link shares
- refreshToken() uses Web Locks API to coordinate across browser
  tabs — only one tab performs the refresh, others adopt the result
- 401 response interceptor with automatic retry: detects expired JWT
  (error code 11), refreshes the token, and replays the request
- Interceptor gated to user JWTs only (link shares skip refresh)
- checkAuth() attempts cookie refresh when JWT is expired, allowing
  seamless session resumption after short TTL expiry
- Proactive token refresh on page focus/visibility via composable
- renewToken() tolerates refresh failures when JWT is still valid
2026-02-25 10:30:25 +01:00
kolaente 94edaefced
chore(deps): update ajv to 6.14.0 2026-02-24 21:52:28 +01:00
kolaente 4325eae4d4
fix(tasks): show drag handle icon on mobile devices (#2286)
Resolves https://github.com/go-vikunja/vikunja/issues/2228
2026-02-24 14:37:33 +01:00
kolaente 7c04d44e2e
fix: wait for router before dismissing loading screen
The loading screen was dismissed as soon as auth check completed, but
before Vue Router's initial navigation finished. This caused route.name
to be undefined momentarily, making showAuthLayout evaluate to false
and briefly flashing the NoAuthWrapper (login shell) before the
authenticated layout appeared.

Wait for router.isReady() before setting ready = true so the loading
screen stays visible until the route is fully resolved.
2026-02-24 13:13:30 +01:00
kolaente f7a93e4ca3
fix: prevent cursor reset when typing in filter input (#2287)
Fixes #2268
2026-02-24 11:50:45 +00:00
kolaente 9e633b3e82 fix(task): disable Confirm button when no date is selected in absolute reminder picker
Prevents emitting a reminder with reminder=null/relativeTo=null when
the user clicks Confirm without selecting a date first.

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente 5dcea199d2 fix(test): update existing reminder tests to click Confirm after date selection
The DatepickerInline quick-select buttons (Tomorrow, etc.) inside the
reminder popup no longer auto-save. Update existing tests to click
Confirm after selecting a date.

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente f6a35416e5 test(task): add e2e tests for reminder confirm-before-save behavior
- Test that clicking a date in the absolute reminder picker does not
  auto-save, only saves when Confirm is clicked
- Test that the Confirm button is visible when task has no due date
  (defaultRelativeTo is null)

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente b65773eb8f fix(task): require explicit confirmation before saving reminders
Prevent reminders from being saved to the API until the user clicks
Confirm, matching the behavior of the due/start/end date pickers.

- Remove @update:modelValue handler on DatepickerInline so date/time
  changes only update local state
- Change Confirm button condition from showFormSwitch to activeForm so
  it renders even when defaultRelativeTo is null
- Add confirmAndClose function that handles both absolute and relative
  reminder forms
- Remove debounce (useDebounceFn) since saves are now user-initiated

Refs #2208
2026-02-24 11:57:39 +01:00
kolaente 56eb5d3740
fix: show tasks spanning entire gantt date range
Tasks whose start date is before and end date is after the visible
gantt range were not shown because the API filter only checked whether
individual date fields fell within the range. Add a fourth filter
clause to match tasks that fully encompass the visible date range.

Fixes go-vikunja/vikunja#2269
2026-02-24 11:51:13 +01:00
kolaente a13ecbd3cc
fix: prevent browser from caching API responses
Without explicit Cache-Control headers, browsers may heuristically cache
API JSON responses. This causes stale data to be served on normal page
refresh (F5) — for example, projects newly shared with a team not
appearing until the user performs a hard refresh (Ctrl+Shift+R).

Add Cache-Control: no-store to all API responses via middleware and
configure the service worker's NetworkOnly strategy to explicitly bypass
the browser HTTP cache for API requests.

Ref: https://community.vikunja.io/t/team-members-cannot-see-project/1876
2026-02-24 10:37:49 +01:00
Frederick [Bot] 19ccc3cb8e chore(i18n): update translations via Crowdin 2026-02-24 01:13:27 +00:00
renovate[bot] f362738e33 chore(deps): update dev-dependencies to v8.56.1 2026-02-23 20:50:07 +01:00
renovate[bot] 524d8f522d chore(deps): update dependency caniuse-lite to v1.0.30001774 2026-02-23 10:24:42 +01:00
renovate[bot] 5ff1596314 chore(deps): update dev-dependencies 2026-02-23 10:14:21 +01:00
renovate[bot] 4babc477ef chore(deps): update dev-dependencies 2026-02-21 23:12:36 +01:00
kolaente 4cee2cf128 fix: reset throttle on logout so checkAuth clears auth state
logout() calls checkAuth() to clear the authenticated flag and user
info. But since checkAuth() likely ran within the last minute (on the
navigation that triggered logout), the now-working throttle would
return early, leaving authenticated=true in the store despite the
token being removed. This could cause Login.vue to redirect back
to home.

Resetting lastUserInfoRefresh to null before checkAuth() ensures
the logout flow always runs fully.
2026-02-21 23:08:24 +01:00
kolaente 65806df605 fix: keep token expiry in sync when skipping setUser from JWT
When the setUser call is skipped for an already-loaded user,
info.value.exp was never updated with the renewed token's expiry.
This caused useRenewTokenOnFocus to compute a stale expiresIn,
eventually forcing a logout even though the token was still valid.

Now we always update exp from the JWT, even when skipping the
full setUser call.
2026-02-21 23:08:24 +01:00
kolaente 1d420dd1dc fix: don't overwrite user info with incomplete JWT data on navigation
The JWT token only contains id, username, type, and exp — not the
display name. Previously, every route navigation called setUser() with
this incomplete data, causing the display name to flash to the username
before the API call completed and restored the full name.

Now we skip setUser() if a complete user object with the same ID is
already loaded.

Fixes https://github.com/go-vikunja/vikunja/issues/2270
2026-02-21 23:08:24 +01:00
kolaente a11cde1afc fix: correct broken throttle in checkAuth that never triggered
The throttle checked `lastUserInfoRefresh > now + 1 minute` which is
never true since lastUserInfoRefresh is set to the current time.
Changed to `now - 1 minute` so the check actually prevents redundant
API calls within a one-minute window.
2026-02-21 23:08:24 +01:00
kolaente 1dc625f9e8 test: add unit tests for getDisplayName 2026-02-21 23:08:24 +01:00
kolaente 6a4401eb7c feat(frontend): make dev server port configurable via VIKUNJA_FRONTEND_PORT env var 2026-02-21 22:32:09 +01:00
Frederick [Bot] 05ff67b681 chore(i18n): update translations via Crowdin 2026-02-21 01:09:54 +00:00
Massimo Nadalin 8fd256a5d9
feat: clickable task notifications (#2258)
Make task-related notifications clickable, allowing users to directly
open the corresponding task.
2026-02-20 22:34:53 +00:00
renovate[bot] d00bb999b5 chore(deps): update dev-dependencies 2026-02-20 22:44:24 +01:00
renovate[bot] 1c8b9e8810 chore(deps): update dependency rollup-plugin-visualizer to v6.0.8 2026-02-20 11:32:32 +01:00
Frederick [Bot] a8d3594ceb chore(i18n): update translations via Crowdin 2026-02-20 01:12:20 +00:00
kolaente bc2f7e5840
fix: break long continuous strings in editor to prevent overflow
Fixes https://github.com/go-vikunja/vikunja/issues/2266
2026-02-19 16:11:43 +01:00
kolaente df05c51457
fix: clamp gantt bar title position when task starts before visible range
Resolves go-vikunja/vikunja#149
2026-02-19 16:08:52 +01:00
kolaente 7862651b12
fix: don't show export ready message when no export exists
The API returns an empty object {} with 200 status when no export
exists. This truthy value was being set as exportInfo, causing the
"ready for download" message and button to render with a blank date.
2026-02-19 16:01:32 +01:00
William Guinaudie bf8138ec3c
feat: add discard and reload confirmation modal (#2154) 2026-02-19 14:27:27 +01:00
kolaente 8144560dd7 test(comments): add e2e tests for comment sort order
Cover default order, toggle to newest-first, new comment insertion
position, scroll-into-view behaviour, pagination with sort order,
initial-load shortcut, setting persistence across reloads, and
pre-saved setting on page load.
2026-02-19 14:20:52 +01:00
kolaente 6555595a5c feat(comments): add sort order toggle for task comments
Allow users to switch between oldest-first and newest-first comment
ordering via a toggle button in the comments heading. The preference is
persisted as a frontend setting (commentSortOrder) and passed to the API
as the order_by query parameter so pagination works correctly.

When all comments fit on a single page, toggling reverses them
client-side to avoid an extra API call. New comments are inserted at the
correct position based on the active sort order, and in newest-first
mode the view scrolls to the top after adding a comment.

Link-share users fall back to a local (non-persisted) sort order since
they cannot save user settings.
2026-02-19 14:20:52 +01:00
kolaente b64926be73
chore(deps): update minimatch to ^10.2.1 via pnpm overrides
Add pnpm overrides in frontend and desktop to consolidate all
transitive minimatch versions (3.1.2, 5.1.6, 9.0.1, 9.0.5, 10.1.1)
to 10.2.1, resolving the known ReDoS vulnerability in older versions.
2026-02-19 14:20:29 +01:00
renovate[bot] 37a013c472 chore(deps): update dev-dependencies 2026-02-19 13:08:14 +01:00
kolaente 50d7458519 feat(attachments): open file picker directly from sidebar button
Clicking the sidebar "Attachments" button (or pressing `f`) now opens
the browser file picker directly, eliminating the redundant two-step
flow of first revealing the section and then clicking upload.
2026-02-19 12:56:46 +01:00
kolaente 362962e81e fix(gantt): only persist dates that actually exist on partial-date tasks
Previously drag/resize always set both startDate and endDate, which
would persist the synthetic 7-day span and convert an open-ended task
into a fully-dated one. Now only the date fields that originally exist
on the task are updated.
2026-02-18 23:04:21 +01:00
kolaente ceb62c63d3 refactor(gantt): extract GanttBarDateType as reusable type 2026-02-18 23:04:21 +01:00
kolaente 6f8be0905f fix(gantt): sync task updates from detail view back to gantt chart
The Gantt chart maintains its own local task map, separate from the
Pinia task store. When a task is edited in the detail modal, the
update was not propagated to the Gantt's map. Add a lastUpdatedTask
signal to the task store and watch it in useGanttTaskList.
2026-02-18 23:04:21 +01:00
kolaente 6d6a1deba4 feat(gantt): right-align text for endOnly partial-date bars 2026-02-18 23:04:21 +01:00
kolaente 2bf99cf2d0 chore: fix lint issue from gantt partial dates feature 2026-02-18 23:04:21 +01:00
kolaente 65f92ac8d3 feat(gantt): update drag/resize to handle partial-date task updates 2026-02-18 23:04:21 +01:00
kolaente 29e77b44e1 feat(gantt): add i18n strings for partial-date accessibility 2026-02-18 23:04:21 +01:00
kolaente 5e69ee43fd feat(gantt): update API filter to fetch tasks with due_date or end_date 2026-02-18 23:04:21 +01:00
kolaente 941c4f10d7 feat(gantt): render partial-date bars with gradient fade effect 2026-02-18 23:04:21 +01:00
kolaente 6b5ab85d40 feat(gantt): handle tasks with partial dates in transformation and filtering 2026-02-18 23:04:21 +01:00
kolaente eefa48052b feat(gantt): add dateType field to GanttBarModel meta 2026-02-18 23:04:21 +01:00
renovate[bot] 31eda396e2
chore(deps): update dev-dependencies (#2257)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[electron-builder](https://redirect.github.com/electron-userland/electron-builder)
([source](https://redirect.github.com/electron-userland/electron-builder/tree/HEAD/packages/electron-builder))
| [`26.8.0` →
`26.8.1`](https://renovatebot.com/diffs/npm/electron-builder/26.8.0/26.8.1)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/electron-builder/26.8.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/electron-builder/26.8.0/26.8.1?slim=true)
|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom) |
[`20.6.1` →
`20.6.2`](https://renovatebot.com/diffs/npm/happy-dom/20.6.1/20.6.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/happy-dom/20.6.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/happy-dom/20.6.1/20.6.2?slim=true)
|

---

### Release Notes

<details>
<summary>electron-userland/electron-builder (electron-builder)</summary>

###
[`v26.8.1`](https://redirect.github.com/electron-userland/electron-builder/blob/HEAD/packages/electron-builder/CHANGELOG.md#2681)

[Compare
Source](https://redirect.github.com/electron-userland/electron-builder/compare/electron-builder@26.8.0...electron-builder@26.8.1)

##### Patch Changes

<details><summary>Updated 3 dependencies</summary>

<small>


[`4edd695`](4edd695045)
[`8940ec6`](8940ec63ba)
[`4edd695`](4edd695045)
[`dde4309`](dde4309b91)

</small>

- `app-builder-lib@26.8.1`
- `builder-util@26.8.1`
- `dmg-builder@26.8.1`

</details>

</details>

<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>

###
[`v20.6.2`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.6.2)

[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.6.1...v20.6.2)

##### :construction\_worker\_man: Patch fixes

- Update entities package version to resolve missing export for vue and
vue-compat v3.5 - By
**[@&#8203;acollins1991](https://redirect.github.com/acollins1991)** in
task
[#&#8203;2066](https://redirect.github.com/capricorn86/happy-dom/issues/2066)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3
* * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMi4wIiwidXBkYXRlZEluVmVyIjoiNDMuMjIuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-02-18 15:44:19 +00:00
Ian Driver 48074d2358
feat: add optional project column to table view (#2182)
Adds a Project column to the table view, useful when viewing tasks
across multiple projects (e.g. in saved filters).

Disabled by default to keep the current behavior.

Co-authored-by: 2ZZ <ian@driv3r.uk>
2026-02-18 15:29:51 +00:00
kolaente 2cf69c7503
chore(deps): upgrade markdown-it to 14.1.1 2026-02-18 10:22:46 +01:00
kolaente 14628ca182
chore(deps): upgrade qs to 6.15.0 2026-02-18 10:21:32 +01:00
renovate[bot] f67802721a chore(deps): update dependency @vue/eslint-config-typescript to v14.7.0 2026-02-17 15:38:34 +01:00
Martin Lindvik e3695c17c6
feat: add Swedish for language selection (#2248)
The Swedish translations were finished on crowdin recently but I noticed
that the language selection was still missing so I went ahead and added
it.
2026-02-17 14:32:01 +00:00
renovate[bot] 7b7b883139 chore(deps): pin dependency eslint-plugin-depend to 1.4.0 2026-02-17 15:19:07 +01:00
kolaente e6ae87d703 chore: downgrade depend/ban-dependencies to warning 2026-02-17 12:00:31 +01:00
kolaente 2fe66c8944 feat: add eslint-plugin-depend to frontend 2026-02-17 12:00:31 +01:00
renovate[bot] c3b760ec04 chore(deps): update dev-dependencies to v8.56.0 2026-02-16 21:09:53 +01:00
kolaente 17360a820c
fix: correct indentation in API tokens table after thead/tbody wrap 2026-02-16 11:45:45 +01:00
kolaente b66b75f5be
fix: wrap API tokens table rows in thead and tbody elements 2026-02-16 10:52:51 +01:00
kolaente 30e53dbd9f
fix: reset group permission checkboxes when creating a new API token
The group-level "select all" checkboxes (e.g. "Labels", "Backgrounds")
were not reset after creating a token, causing them to appear visually
checked when opening the form again even though the individual
permissions were unchecked.

Ref: https://community.vikunja.io/t/token-creation-malfunction-in-ticking-system/4318
2026-02-16 10:02:50 +01:00
renovate[bot] ad1d769f5b chore(deps): update dependency caniuse-lite to v1.0.30001770 2026-02-15 19:53:52 +01:00
renovate[bot] e8d8f9cbec chore(deps): update dependency eslint-plugin-vue to v10.8.0 2026-02-14 20:16:39 +01:00
renovate[bot] 5a3c17aed1 chore(deps): update dev-dependencies 2026-02-13 19:02:57 +01:00
kolaente 0e4d3ef663 test(e2e): add Playwright test for avatar cache invalidation
Uploads two different avatars in sequence and verifies the header
avatar src changes after the second upload. This confirms both the
backend cache (via DelPrefix) and the frontend cache are properly
invalidated when a new avatar is uploaded.
2026-02-13 09:31:28 +01:00
Frederick [Bot] 1e2b861ea5 chore(i18n): update translations via Crowdin 2026-02-12 01:15:53 +00:00
renovate[bot] 016229faad chore(deps): update dev-dependencies 2026-02-11 22:37:26 +01:00
rhclayto b196c986cd
feat: use credentials when accessing PWA manifest (#2218) 2026-02-11 22:28:52 +01:00
renovate[bot] b25243ef62 chore(deps): update dependency happy-dom to v20.5.1 2026-02-11 22:24:47 +01:00
dependabot[bot] ba84ac2f70 chore(deps): bump axios from 1.13.2 to 1.13.5 in /frontend
Bumps [axios](https://github.com/axios/axios) from 1.13.2 to 1.13.5.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.2...v1.13.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.13.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-02-11 12:36:11 +01:00
renovate[bot] aec05b12eb chore(deps): update dev-dependencies 2026-02-11 09:56:20 +01:00
Frederick [Bot] be4fb77981 chore(i18n): update translations via Crowdin 2026-02-10 01:25:29 +00:00
kolaente ed5dfa1ad4 fix(gantt): render done tasks with strikethrough and reduced opacity
The gantt chart rebuild lost the visual distinction for completed tasks.
Restore strikethrough on task labels and add reduced opacity on bars
for done tasks.

Regression introduced in the gantt chart rebuild in 5fc255cb3.

Resolves #2211
2026-02-09 15:28:48 +01:00
kolaente dd0b82f00a fix(task): use DOMParser in task glance tooltip description preview
Replace innerHTML on a detached element with DOMParser for extracting
plain text from task descriptions.
2026-02-09 11:01:38 +01:00
Frederick [Bot] 3c2977b126 chore(i18n): update translations via Crowdin 2026-02-09 01:16:51 +00:00
kolaente e90cb2631d fix(auth): remove unnecessary fields from JWT token payloads
Remove email, name, emailRemindersEnabled, and isLocalUser from user JWT
claims, and isLocalUser from link share JWT claims. These fields are never
used from the token - the backend always fetches the full user from the
database by ID, and the frontend fetches user data from the /user API
endpoint immediately after login.

Also simplify GetUserFromClaims to only extract id and username, and
remove the now-unnecessary email override in the frontend's
refreshUserInfo.
2026-02-08 21:30:07 +01:00
kolaente eb369cf3ee fix: handle attachment upload errors with user-visible notifications 2026-02-08 15:48:04 +01:00
kolaente 7256a14194 fix: format attachment upload error messages as readable strings 2026-02-08 15:48:04 +01:00
kolaente 8830dc56ad chore(deps): update lodash to 4.17.23 2026-02-08 11:35:27 +01:00
kolaente 5cb1787dd6 chore(deps): update @isaacs/brace-expansion to 5.0.1 2026-02-08 11:31:22 +01:00
kolaente cdca790325 fix: guard against undefined route.name in auth layout check
route.name can be undefined during initial route resolution or for
unnamed routes. Without this guard, AUTH_ROUTE_NAMES.has() would
return false and the authenticated layout could flash briefly.
2026-02-06 10:58:50 +01:00
kolaente e9a6abfe44 refactor: extract auth route names into shared constant
Move the list of authentication route names (login, register, password
reset, openid, link-share) into a shared constant in
src/constants/authRouteNames.ts. Use it in both App.vue (layout gate)
and router/index.ts (auth redirect guard) to keep them in sync.
2026-02-06 10:58:50 +01:00
kolaente 5d9f62cc93 fix: prevent auth layout swap while still on login/register route
The v-if in App.vue switches to the authenticated layout (navbar +
sidebar) as soon as authStore.authUser becomes truthy. But Vue's
reactivity flush runs before the await continuation in submit(), so
the layout swaps while the route is still /login, causing the login
form to flash inside the authenticated shell for ~250ms.

Fix by adding a route check: don't show the authenticated layout while
the current route is an auth page (login, register, password reset,
openid). The NoAuthWrapper stays visible until redirectIfSaved()
navigates away, then the authenticated layout renders cleanly.
2026-02-06 10:58:50 +01:00
kolaente 0e2ea5c42a fix: avoid clearing saved redirect in onBeforeMount to prevent race with submit
When Login.vue re-mounts inside the authenticated layout after a
successful login, its onBeforeMount hook fires again. If it calls
redirectIfSaved(), it clears the saved route from localStorage before
the submit() handler's redirectIfSaved() can use it, causing a redirect
to home instead of the saved route. Use router.push({name: 'home'})
directly since the only purpose here is to redirect already-authenticated
users away from the login page.
2026-02-06 10:58:50 +01:00
kolaente b3e95e9f4e test: add E2E test for login form flash regression 2026-02-06 10:58:50 +01:00
kolaente dcff454755 fix: redirect immediately after registration to prevent form flash in app shell 2026-02-06 10:58:50 +01:00
kolaente 8bccf21a81 fix: redirect immediately after login to prevent form flash in app shell 2026-02-06 10:58:50 +01:00
kolaente 77b8403c24 fix: iterate past rejected middle matches in matchDateAtBoundary()
When the first regex match is a rejected middle-of-text date, continue
searching for subsequent matches instead of returning null. This fixes
cases like "The 9/11 Report due 10/12" where 9/11 is rejected but
10/12 at the end should still be parsed.
2026-02-06 10:57:50 +01:00
kolaente 3f0bf71d30 fix: allow middle-of-text dates when followed by time expressions (#2195)
Reworked matchDateAtBoundary() to use a single regex pass instead of
two-pass start/end anchoring. Middle-of-text matches are now accepted
when followed by a time expression (at/@ prefix), so inputs like
"meeting 9/11 at 10:00" still parse correctly while "The 9/11 Report"
is rejected.
2026-02-06 10:57:50 +01:00
kolaente cee258edc3 refactor: remove unnecessary comment from getDateFromText() 2026-02-06 10:57:50 +01:00
kolaente 61448bb028 refactor: remove unnecessary flags parameter from matchDateAtBoundary() 2026-02-06 10:57:50 +01:00
kolaente c544886524 test: add positive boundary tests for date parsing (#2195) 2026-02-06 10:57:50 +01:00
kolaente 829b10bfd2 test: add dot-separated middle-of-text date false positive test (#2195) 2026-02-06 10:57:50 +01:00
kolaente a82efa01b5 fix: restrict numeric date regex matching to text boundaries (#2195) 2026-02-06 10:57:50 +01:00
kolaente 1013305fc6 feat: add matchDateAtBoundary() helper for position-aware date matching (#2195) 2026-02-06 10:57:50 +01:00
kolaente e9b10e67f3 test: add failing tests for middle-of-text date false positives (#2195) 2026-02-06 10:57:50 +01:00
kolaente b741c2d891 fix: add touch CSS properties to list view for mobile drag-and-drop
Adds user-select, touch-action, and webkit-touch-callout CSS to the list
view's draggable task items, matching what KanbanCard.vue already has.

Without these properties, the browser's native long-press text selection
fires before SortableJS's 1-second touch delay expires, preventing drag
from ever starting on mobile devices.

Ref: https://community.vikunja.io/t/missing-positioning-option-in-list-view/4278
2026-02-05 23:51:38 +01:00
Frederick [Bot] 1ddb4f1438 chore(i18n): update translations via Crowdin 2026-02-03 01:15:10 +00:00
Frederick [Bot] 2becfcc597 chore(i18n): update translations via Crowdin 2026-01-31 01:08:04 +00:00
rhclayto cf029cef0c
feat: add option to send Basic Auth header with webhook requests (#2137)
Resolves https://github.com/go-vikunja/vikunja/issues/2136
Docs PR: https://github.com/go-vikunja/website/pull/284
2026-01-30 15:07:31 +01:00
Frederick [Bot] f7503c0bfe chore(i18n): update translations via Crowdin 2026-01-29 01:11:11 +00:00
kolaente e4b99dd31f
fix(nav): show shared sub-projects in sidebar when the parent is inaccessible (#2176)
Fixes #2175
2026-01-28 16:09:46 +00:00
kolaente e5da54e58a fix(editor): prevent crash when exiting edit mode in tiptap
Use v-show instead of v-if for EditorToolbar and BubbleMenu to avoid
a race condition between Vue's DOM reconciliation and tiptap's internal
DOM manipulation during unmount. This fixes the "Cannot read properties
of null (reading 'insertBefore')" error that occurred when saving a
task description.

Adds regression test to verify the fix.

Upstream issue: https://github.com/ueberdosis/tiptap/issues/7342
Fixes: https://github.com/go-vikunja/vikunja/issues/1770
2026-01-27 14:03:02 +01:00
renovate[bot] f216fea2b3 fix(deps): update tiptap to v3.17.0 2026-01-27 14:03:02 +01:00
kolaente 72a928dcce chore: use correct repo and issue url 2026-01-26 12:21:24 +01:00
renovate[bot] 662f3a1ea8
chore(deps): update dev-dependencies (major) (#1375) 2026-01-25 21:54:47 +01:00
renovate[bot] 233908b30b
chore(deps): update dependency sass-embedded to v1.97.3 (#2150)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [sass-embedded](https://redirect.github.com/sass/embedded-host-node) |
[`1.97.2` →
`1.97.3`](https://renovatebot.com/diffs/npm/sass-embedded/1.97.2/1.97.3)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/sass-embedded/1.97.3?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/sass-embedded/1.97.2/1.97.3?slim=true)
|

---

### Release Notes

<details>
<summary>sass/embedded-host-node (sass-embedded)</summary>

###
[`v1.97.3`](https://redirect.github.com/sass/embedded-host-node/blob/HEAD/CHANGELOG.md#1973)

[Compare
Source](https://redirect.github.com/sass/embedded-host-node/compare/1.97.2...1.97.3)

- Fix a bug where nesting an at-rule within multiple style rules in
plain CSS
  could cause outer style rules to be omitted.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3
* * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-25 08:59:41 +01:00
renovate[bot] 83474b76d3
fix(deps): update dependency @sentry/vue to v10.36.0 (#2147)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@sentry/vue](https://redirect.github.com/getsentry/sentry-javascript/tree/master/packages/vue)
([source](https://redirect.github.com/getsentry/sentry-javascript)) |
[`10.35.0` →
`10.36.0`](https://renovatebot.com/diffs/npm/@sentry%2fvue/10.35.0/10.36.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@sentry%2fvue/10.36.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@sentry%2fvue/10.35.0/10.36.0?slim=true)
|

---

### Release Notes

<details>
<summary>getsentry/sentry-javascript (@&#8203;sentry/vue)</summary>

###
[`v10.36.0`](https://redirect.github.com/getsentry/sentry-javascript/compare/10.35.0...10.36.0)

[Compare
Source](https://redirect.github.com/getsentry/sentry-javascript/compare/10.35.0...10.36.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45Mi4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTIuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-24 19:30:26 +01:00
kolaente ff01f8e859
feat(api-tokens): support title and scopes query parameters (#2143)
This allows external integrations to link directly to the API token creation page with pre-selected title and permission scopes. URLs can now use `?title=Name&scopes=group:perm,group:perm` format to pre-populate the form.

Example URL:
```
/user/settings/api-tokens?title=My%20Integration&scopes=tasks:create,tasks:delete,projects:read_all
```
2026-01-24 18:08:23 +00:00
kolaente 1731b03c22
fix(editor): prevent file upload overlay when dragging text from editor (#2148)
Fixes the file upload overlay incorrectly appearing when dragging text from within the TipTap description editor to outside of it.

Fixes #1663
2026-01-24 18:41:42 +01:00
kolaente acbb06e337
feat(frontend): preserve Gantt date range when switching views (#2141)
Adds a `viewFilters` Pinia store that stores query params per view ID to sync Gantt filters to the store whenever they change. This persists the custom date ranges when switching between views.

Fixes #2124
2026-01-24 13:12:35 +01:00
renovate[bot] 47bfb6a424 chore(deps): update dev-dependencies 2026-01-24 13:01:45 +01:00
renovate[bot] 8e3ed45c85 chore(deps): update pnpm to v10.28.1 2026-01-24 00:01:17 +01:00
kolaente 131f78277d feat(quick add magic): add more test cases 2026-01-24 00:00:46 +01:00
kolaente 8419794b65
fix(quick-add-magic): prevent parsing partial keywords in words (#2140)
- Fixed date parser incorrectly extracting date components from within
words
- "Renovation - 2nd Floor Bath" no longer becomes "Reation - Floor Bath"
with a due date of November 2nd

## Changes
- `getMonthFromText` now requires word boundaries, preventing "nov" from
matching inside "Renovation" or "mar" inside "Remark"
- `getDayFromText` now only matches ordinals when followed by
end-of-string, time expressions, or month names, preventing "2nd Floor"
from being parsed as a date

Resolves
https://community.vikunja.io/t/quick-add-magic-unintended-date-parsing/4259
2026-01-23 22:23:42 +00:00
renovate[bot] 663e7ba3d4 fix(deps): update dependency @sentry/vue to v10.35.0 2026-01-23 17:21:45 +01:00
kolaente c11ea4c87f fix(unsplash): add utm parameters to author links
Resolves https://github.com/go-vikunja/vikunja/issues/2127
2026-01-23 11:58:34 +01:00
renovate[bot] 06e90bc9c2 chore(deps): update dev-dependencies 2026-01-22 11:43:42 +01:00
renovate[bot] fa142308d2 fix(deps): update dependency vue to v3.5.27 2026-01-22 11:01:11 +01:00
renovate[bot] 34472d1358 fix(deps): update dependency ufo to v1.6.3 2026-01-18 17:37:50 +01:00
renovate[bot] c09e63d7d8 chore(deps): update dependency happy-dom to v20.3.0 2026-01-18 17:37:43 +01:00
renovate[bot] 2a74633e4f chore(deps): update dependency @types/node to v22.19.6 2026-01-17 21:59:09 +01:00
renovate[bot] 740ea79837 fix(deps): update dependency @sentry/vue to v10.34.0 2026-01-17 21:58:58 +01:00
renovate[bot] 81076e5309 chore(deps): update dev-dependencies to v8.53.0 2026-01-16 10:18:10 +01:00
renovate[bot] f85e30fcb1 fix(deps): update dependency @sentry/vue to v10.33.0 2026-01-15 15:08:19 +01:00
renovate[bot] 1d660ce4f3 chore(deps): update node.js to v24.13.0 2026-01-15 09:43:02 +01:00
renovate[bot] 05e01b4212 chore(deps): update dev-dependencies 2026-01-15 09:42:53 +01:00
kolaente e96c20def9 fix(project): error `can't access property "isArchived", V.value is null` when opening list view of some projects 2026-01-14 22:05:35 +01:00
kolaente 948a73f3b9 fix(task): done button styling 2026-01-14 21:56:24 +01:00
renovate[bot] bdd3db68fb chore(deps): update dependency @types/node to v22.19.5 2026-01-13 12:36:01 +01:00
renovate[bot] 05adfd513f chore(deps): update pnpm to v10.28.0 2026-01-13 12:35:11 +01:00
renovate[bot] d3639af7bc chore(deps): update dev-dependencies 2026-01-11 09:11:30 +01:00
renovate[bot] e97798574c
fix(deps): update dependency @fortawesome/vue-fontawesome to v3.1.3 (#2079)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@fortawesome/vue-fontawesome](https://redirect.github.com/FortAwesome/vue-fontawesome)
| [`3.1.2` →
`3.1.3`](https://renovatebot.com/diffs/npm/@fortawesome%2fvue-fontawesome/3.1.2/3.1.3)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@fortawesome%2fvue-fontawesome/3.1.3?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@fortawesome%2fvue-fontawesome/3.1.2/3.1.3?slim=true)
|

---

### Release Notes

<details>
<summary>FortAwesome/vue-fontawesome
(@&#8203;fortawesome/vue-fontawesome)</summary>

###
[`v3.1.3`](https://redirect.github.com/FortAwesome/vue-fontawesome/blob/HEAD/CHANGELOG.md#313---2026-01-07)

[Compare
Source](https://redirect.github.com/FortAwesome/vue-fontawesome/compare/3.1.2...3.1.3)

##### Changed

- ci.yml update for node-versions
- a markdown lint fixup in CONTRIUBUTING.md
- update vitest version to 4.0.16 in `package.json`

***

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-10 22:42:20 +01:00
kolaente e702785cf8
fix(filter): correct filter autocomplete for project names with spaces (#2012)
Filter expressions with multi-word values (such as project names with
spaces) are now automatically quoted to preserve them correctly as
single tokens in the filter syntax.

Fixes #2010

🐰 A filter's journey, refined with care,
Multi-word values now wear quotes fair,
Offsets aligned by the rabbit's precision,
Autocomplete flows with mathematical vision,
From comma to space, each boundary divine! 
2026-01-10 22:18:34 +01:00
kolaente c0ba7210f3 chore: remove redundant is-danger class 2026-01-10 21:59:06 +01:00
kolaente 4f9681bde8 chore(form): add autocomplete attributes to a few fields 2026-01-10 21:59:06 +01:00
kolaente a8f10a6e15 fix(register): explicitely check for username valid === true 2026-01-10 21:59:06 +01:00
kolaente edebed151a chore(team): add disabled prop to NewTeam checkbox 2026-01-10 21:59:06 +01:00
kolaente f06e272225 test(frontend): add test for @keyup.enter forwarding in FormField
Verify that @keyup.enter modifier is properly forwarded to the inner
input element and only triggers for Enter key, not other keys.
2026-01-10 21:59:06 +01:00
kolaente e4e2bd33c3 refactor(frontend): simplify event handlers in Register.vue
Replace arrow function wrappers with direct expressions and ternary
no-ops with short-circuit evaluation for cleaner, more readable code.
2026-01-10 21:59:06 +01:00
kolaente 483ddc728d test(frontend): verify FormField generates unique IDs across instances
Mount multiple FormField components within the same Vue app to properly
test that useId() generates unique IDs for each instance. This validates
that labels correctly link to their respective inputs.
2026-01-10 21:59:06 +01:00
kolaente 8f0c7d504b test(frontend): add regression test for FormField $attrs event forwarding
Verify that FormField forwards $attrs event listeners (onKeyup, onFocusout)
to its inner input element. This ensures migrated templates using
@keyup.enter and @focusout continue to work correctly.
2026-01-10 21:59:06 +01:00
kolaente 182b0b63d1 fix(frontend): preserve numeric type in FormField v-model
When modelValue is a number, emit the value as a number instead of
coercing to string. This prevents subtle type bugs when using
FormField with numeric v-model bindings.
2026-01-10 21:59:06 +01:00
kolaente 4ee29f9972 refactor(frontend): use FormField scoped slot id for select elements
Update FormField usages with slotted select elements to use the
exposed id from the scoped slot, ensuring label-input association
works correctly.
2026-01-10 21:59:06 +01:00
kolaente ac2f14945b feat(frontend): expose id via scoped slot in FormField
When using FormField with custom slot content, the slotted element
needs access to the generated inputId to ensure the label's for
attribute matches the input's id. This exposes the id via the
default slot: <template #default="{ id }">
2026-01-10 21:59:06 +01:00
kolaente 5ca600506b fix(frontend): expose focus method on FormField component
Components using FormField with a ref need to call .focus() on it.
Without exposing the method, these calls would fail since the ref
points to the component instance, not the underlying input element.
2026-01-10 21:59:06 +01:00
kolaente fb8ee82b98 fix(frontend): restore loading state on FormField migrations
Add loading prop to FormField usages where is-loading class was
accidentally removed during migration.
2026-01-10 21:59:06 +01:00
kolaente bb16500cb5 feat(frontend): add loading prop to FormField component
When loading is true, adds 'is-loading' class to the input element.
2026-01-10 21:59:06 +01:00
kolaente 1ea8a3cdba refactor(frontend): use FormField disabled prop instead of class
Simplify FormField usages by using the new disabled prop instead of
manually setting both :class="{ disabled: ... }" and :disabled="...".
2026-01-10 21:59:06 +01:00
kolaente 3577ba5132 feat(frontend): add disabled prop to FormField component
When disabled is true, the component now automatically adds the
'disabled' CSS class and sets the native disabled attribute on the
input element.
2026-01-10 21:59:06 +01:00
kolaente e0235a6806 fix(project): don't focus project identifier 2026-01-10 21:59:06 +01:00
kolaente ddd5662d66 fix(frontend): make v-focus directive work with wrapper components
When v-focus is applied to a non-focusable element (like a component
wrapper div), it now searches for the first focusable child element
(input, select, textarea, or contenteditable) and focuses that instead.

This allows v-focus to work correctly with FormField and similar
wrapper components.
2026-01-10 21:59:06 +01:00
kolaente bad314b5e3 fix(frontend): make FormField value binding conditional
When FormField is used without v-model (modelValue undefined), the
component was clearing user input on re-render. This broke login forms
that access the input value directly via refs for browser autofill
compatibility.

Now the value attribute is only bound when modelValue is explicitly
provided, allowing native input behavior when v-model isn't used.
2026-01-10 21:59:06 +01:00
kolaente d86465cbd7 refactor(frontend): migrate view forms to FormField component
Migrate ViewEditForm and ProjectGantt components to use the new
FormField component for title, kind select, and date range fields.
2026-01-10 21:59:06 +01:00
kolaente 1391b42c07 refactor(frontend): migrate LinkSharing to FormField component
Migrate LinkSharing component to use the new FormField component
for permission select, name, password, and share URL fields.
2026-01-10 21:59:06 +01:00
kolaente 4e2db482cd refactor(frontend): migrate project settings to FormField component
Migrate ProjectSettingsEdit and ProjectSettingsWebhooks views
to use the new FormField component.
2026-01-10 21:59:06 +01:00
kolaente 73df9b257d refactor(frontend): migrate entity forms to FormField component
Migrate NewTeam, EditTeam, NewProject, NewLabel, ListLabels,
FilterNew, and FilterEdit views to use the new FormField component.
2026-01-10 21:59:06 +01:00
kolaente 908c241ec7 refactor(frontend): migrate user settings to FormField component
Migrate ApiTokens, Caldav, DataExport, Deletion, EmailUpdate,
PasswordUpdate, TOTP, and DataExportDownload views to use the
new FormField component.
2026-01-10 21:59:06 +01:00
kolaente 0c23714a79 refactor(frontend): migrate auth views to FormField component
Migrate Login, Register, RequestPasswordReset, and LinkSharingAuth
views to use the new FormField component instead of manual
field/control/input markup.
2026-01-10 21:59:06 +01:00
kolaente eb1f852927 feat(frontend): add FormField component for form field abstraction
Introduces a reusable FormField component that abstracts Bulma's
field/control/input pattern into a single component. This provides
a consistent API for form fields and prepares the codebase for
future CSS framework migrations.

Features:
- v-model binding for form values
- label prop with automatic for attribute linking
- error prop for validation messages
- Default slot for custom inputs (selects, editors)
- addon slot for button addons
- Attribute passthrough via v-bind="$attrs"
- Exposed value getter for browser autofill workarounds

Includes 14 unit tests covering all functionality.
2026-01-10 21:59:06 +01:00
kolaente e5cfe3aa13 fix(button): fix button text color to #ffffff
Fixes regression introduced in cac2690fd6
2026-01-10 18:47:50 +01:00
kolaente 61b4c1b87e fix(attachment): make sure long attachment names break the title 2026-01-10 18:46:55 +01:00
kolaente b9ccc81ec0 fix(button): white color text for is-danger variant 2026-01-10 18:36:33 +01:00
kolaente 5ab58e6bda fix(webhooks): make sure validation is re-triggered after selecting events when it was invalid the first time 2026-01-10 18:35:12 +01:00
kolaente cac2690fd6 fix(button): make sure button text color is always white 2026-01-10 18:31:18 +01:00
kolaente 84b733ec0c fix(webhooks): make sure events are initialized with false 2026-01-10 18:31:18 +01:00
kolaente 9a3e79af8e
feat(frontend): add danger prop to XButton component (#2078)
The is-danger class no longer worked on XButton because the component uses scoped CSS. This adds a proper danger boolean prop that applies danger styling (red background) as a color modifier that works alongside any variant (primary, secondary, tertiary).
2026-01-10 17:22:19 +00:00
renovate[bot] 6bcdfc50e2
fix(deps): update dependency ufo to v1.6.2 (#2074)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [ufo](https://redirect.github.com/unjs/ufo) | [`1.6.1` →
`1.6.2`](https://renovatebot.com/diffs/npm/ufo/1.6.1/1.6.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/ufo/1.6.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/ufo/1.6.1/1.6.2?slim=true)
|

---

### Release Notes

<details>
<summary>unjs/ufo (ufo)</summary>

###
[`v1.6.2`](https://redirect.github.com/unjs/ufo/blob/HEAD/CHANGELOG.md#v162)

[Compare
Source](https://redirect.github.com/unjs/ufo/compare/v1.6.1...v1.6.2)

[compare
changes](https://redirect.github.com/unjs/ufo/compare/v1.6.1...v1.6.2)

##### 🩹 Fixes

- Fix `parsePath` return type
([#&#8203;293](https://redirect.github.com/unjs/ufo/pull/293))

##### 📖 Documentation

- Add more examples in jsdoc
([#&#8203;291](https://redirect.github.com/unjs/ufo/pull/291))

##### 📦 Build

- Fix exports condition order to prefer esm with default fallback
([8457581](https://redirect.github.com/unjs/ufo/commit/8457581))

##### 🏡 Chore

- **release:** V1.6.1
([b83cbea](https://redirect.github.com/unjs/ufo/commit/b83cbea))
- Update deps
([9d1833b](https://redirect.github.com/unjs/ufo/commit/9d1833b))
- Lint ([0181677](https://redirect.github.com/unjs/ufo/commit/0181677))

##### ❤️ Contributors

- Daedalus
([@&#8203;ComfortablyCoding](https://redirect.github.com/ComfortablyCoding))
- Pooya Parsa ([@&#8203;pi0](https://redirect.github.com/pi0))
- Alex Liu
([@&#8203;Mini-ghost](https://redirect.github.com/Mini-ghost))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-09 14:54:44 +01:00
renovate[bot] 419c791e0c
chore(deps): update dev-dependencies (#2073)
This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@typescript-eslint/eslint-plugin](https://typescript-eslint.io/packages/eslint-plugin)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin))
| [`8.51.0` →
`8.52.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2feslint-plugin/8.51.0/8.52.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@typescript-eslint%2feslint-plugin/8.52.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@typescript-eslint%2feslint-plugin/8.51.0/8.52.0?slim=true)
|
|
[@typescript-eslint/parser](https://typescript-eslint.io/packages/parser)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser))
| [`8.51.0` →
`8.52.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.51.0/8.52.0)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/@typescript-eslint%2fparser/8.52.0?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@typescript-eslint%2fparser/8.51.0/8.52.0?slim=true)
|
| [rollup](https://rollupjs.org/)
([source](https://redirect.github.com/rollup/rollup)) | [`4.54.0` →
`4.55.1`](https://renovatebot.com/diffs/npm/rollup/4.54.0/4.55.1) |
![age](https://developer.mend.io/api/mc/badges/age/npm/rollup/4.55.1?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/rollup/4.54.0/4.55.1?slim=true)
|
| [sass-embedded](https://redirect.github.com/sass/embedded-host-node) |
[`1.97.1` →
`1.97.2`](https://renovatebot.com/diffs/npm/sass-embedded/1.97.1/1.97.2)
|
![age](https://developer.mend.io/api/mc/badges/age/npm/sass-embedded/1.97.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/sass-embedded/1.97.1/1.97.2?slim=true)
|
| [vue-tsc](https://redirect.github.com/vuejs/language-tools)
([source](https://redirect.github.com/vuejs/language-tools/tree/HEAD/packages/tsc))
| [`3.2.1` →
`3.2.2`](https://renovatebot.com/diffs/npm/vue-tsc/3.2.1/3.2.2) |
![age](https://developer.mend.io/api/mc/badges/age/npm/vue-tsc/3.2.2?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vue-tsc/3.2.1/3.2.2?slim=true)
|

---

### Release Notes

<details>
<summary>typescript-eslint/typescript-eslint
(@&#8203;typescript-eslint/eslint-plugin)</summary>

###
[`v8.52.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/eslint-plugin/CHANGELOG.md#8520-2026-01-05)

[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.51.0...v8.52.0)

##### 🚀 Features

- **eslint-plugin-internal:** \[no-multiple-lines-of-errors] add rule
([#&#8203;11899](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11899))

##### 🩹 Fixes

- **eslint-plugin:** \[no-base-to-string] detect
@&#8203;[@&#8203;toPrimitive](https://redirect.github.com/toPrimitive)
and valueOf
([#&#8203;11901](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11901))
- **eslint-plugin:** \[no-useless-default-assignment] handle conditional
initializer
([#&#8203;11908](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11908))

##### ❤️ Thank You

- Josh Goldberg 
- Ulrich Stark

You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning) and
[releases](https://typescript-eslint.io/users/releases) on our website.

</details>

<details>
<summary>typescript-eslint/typescript-eslint
(@&#8203;typescript-eslint/parser)</summary>

###
[`v8.52.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8520-2026-01-05)

[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.51.0...v8.52.0)

This was a version bump only for parser to align it with other projects,
there were no code changes.

You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning) and
[releases](https://typescript-eslint.io/users/releases) on our website.

</details>

<details>
<summary>rollup/rollup (rollup)</summary>

###
[`v4.55.1`](https://redirect.github.com/rollup/rollup/blob/HEAD/CHANGELOG.md#4551)

[Compare
Source](https://redirect.github.com/rollup/rollup/compare/v4.54.0...v4.55.1)

*2026-01-05*

##### Bug Fixes

- Fix artifact reference for OpenBSD
([#&#8203;6231](https://redirect.github.com/rollup/rollup/issues/6231))

##### Pull Requests

- [#&#8203;6231](https://redirect.github.com/rollup/rollup/pull/6231):
Fix OpenBSD artifacts and ensure OIDC is working
([@&#8203;lukastaegert](https://redirect.github.com/lukastaegert))

</details>

<details>
<summary>sass/embedded-host-node (sass-embedded)</summary>

###
[`v1.97.2`](https://redirect.github.com/sass/embedded-host-node/blob/HEAD/CHANGELOG.md#1972)

[Compare
Source](https://redirect.github.com/sass/embedded-host-node/compare/1.97.1...1.97.2)

- Additional fixes for implicit configuration when nested imports are
involved.

</details>

<details>
<summary>vuejs/language-tools (vue-tsc)</summary>

###
[`v3.2.2`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#322-2026-01-06)

[Compare
Source](https://redirect.github.com/vuejs/language-tools/compare/v3.2.1...v3.2.2)

##### language-core

- **fix:** correct code features on v-bind shorthands of special
attributes - Thanks to
[@&#8203;KazariEX](https://redirect.github.com/KazariEX)!

##### language-plugin-pug

- **feat:** accurate Pug shorthand mapping
([#&#8203;5906](https://redirect.github.com/vuejs/language-tools/issues/5906))
- **fix:** pre-map HTML to Pug offset attribute
([#&#8203;5905](https://redirect.github.com/vuejs/language-tools/issues/5905))

##### language-service

- **feat:** strip `=""` for boolean props completion edits
([#&#8203;5888](https://redirect.github.com/vuejs/language-tools/issues/5888))
- Thanks to [@&#8203;KazariEX](https://redirect.github.com/KazariEX)!
- **fix:** avoid duplicate directive modifiers in completion
([#&#8203;5920](https://redirect.github.com/vuejs/language-tools/issues/5920))
- Thanks to [@&#8203;KazariEX](https://redirect.github.com/KazariEX)!

##### typescript-plugin

- **fix:** only forward quick info and suggestion diagnostics for setup
bindings
([#&#8203;5892](https://redirect.github.com/vuejs/language-tools/issues/5892))
- Thanks to [@&#8203;KazariEX](https://redirect.github.com/KazariEX)!

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3
* * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43NC41IiwidXBkYXRlZEluVmVyIjoiNDIuNzQuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-01-09 09:05:16 +01:00
kolaente 0f9a04d5d5
fix(frontend): prevent parent project field from jumping back when cleared (#2071)
Fixes the parent project field in project settings "jumping back" to the previous value after clearing the value from the input.

Fixes #2046
2026-01-08 17:25:00 +01:00
kolaente 745fde41ca
fix: prevent timezone field from overflowing container on smaller viewports (#2066)
Closes #2044
2026-01-08 14:30:04 +00:00
kolaente 909b35ea76
fix: multiselect clear button now properly clears the value (#2067)
Fixes #2045
2026-01-08 14:16:03 +00:00
kolaente 1bb44b70bf
fix: prevent saved filter error when viewing Favorites (#2065)
Fixes the "The saved filter does not exist" error when clicking on Favorites in the sidebar. The issue occurred because the code assumed any negative projectId was a saved filter, but Favorites has ID -1 while saved filters start at ID -2

Fixes #2058
2026-01-08 13:17:23 +00:00
kolaente ed0c9a8006 fix: invisible spinner 2026-01-08 13:23:38 +01:00
kolaente 65980423c9 fix: remove usage of .buttons 2026-01-08 13:23:38 +01:00
kolaente 40287a1570 refactor: move bulma button styles to button component 2026-01-08 13:23:38 +01:00
kolaente 672d92a3e4 fix: remove redundant button class 2026-01-08 13:23:38 +01:00