Just making it easier to test and merge
https://github.com/chatwoot/chatwoot/pull/10796.
This PR does the following:
- Removes the change on br + br condition.
- Support 1x, 1.5x, 2x playbacks
- Add a hover on the agent avatar
# Pull Request Template
## Description
Fixes
https://linear.app/chatwoot/issue/CW-4064/convert-average-metric-tooltips-from-seconds-to-readable-time-format
#### **Cause**
Chart tooltip configuration was using outdated Chart.js structure,
causing the time formatting function to not be applied correctly to
tooltip values in time-based metrics.
#### **Solution**
Updated tooltip configuration to use correct Chart.js Vue 3 plugin
structure
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
### **Screenshots**
#### **Before**
<img width="496" alt="image"
src="https://github.com/user-attachments/assets/a70cbfe6-f179-43dc-a8f4-93951b257e81"
/>
#### **After**
<img width="496" alt="image"
src="https://github.com/user-attachments/assets/ed5d0c6c-2404-43ae-82fa-bbe5c42cecca"
/>
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to
3.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases">dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.2.4</h2>
<ul>
<li>Fixed a conditional and config dependent mXSS-style <a
href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a>
reported by <a
href="https://github.com/nsysean"><code>@nsysean</code></a></li>
<li>Added a new feature to allow specific hook removal, thanks <a
href="https://github.com/davecardwell"><code>@davecardwell</code></a></li>
<li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports,
thanks <a
href="https://github.com/Aetherinox"><code>@Aetherinox</code></a></li>
<li>Added better logic in case no window object is president, thanks <a
href="https://github.com/yehuya"><code>@yehuya</code></a></li>
<li>Updated some dependencies called out by dependabot</li>
<li>Updated license files etc to show the correct year</li>
</ul>
<h2>DOMPurify 3.2.3</h2>
<ul>
<li>Fixed two conditional sanitizer bypasses discovered by <a
href="https://github.com/parrot409"><code>@parrot409</code></a> and <a
href="https://x.com/slonser_"><code>@Slonser</code></a></li>
<li>Updated the attribute clobbering checks to prevent future bypasses,
thanks <a
href="https://github.com/parrot409"><code>@parrot409</code></a></li>
</ul>
<h2>DOMPurify 3.2.2</h2>
<ul>
<li>Fixed a possible bypass in case a rather specific config for custom
elements is set, thanks <a
href="https://github.com/yaniv-git"><code>@yaniv-git</code></a></li>
<li>Fixed several minor issues with the type definitions, thanks again
<a href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Fixed a minor issue with the types reference for trusted types,
thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Fixed a minor problem with the template detection regex on some
systems, thanks <a
href="https://github.com/svdb99"><code>@svdb99</code></a></li>
</ul>
<h2>DOMPurify 3.2.1</h2>
<ul>
<li>Fixed several minor issues with the type definitions, thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a> <a
href="https://github.com/ghiscoding"><code>@ghiscoding</code></a> <a
href="https://github.com/asamuzaK"><code>@asamuzaK</code></a> <a
href="https://github.com/MiniDigger"><code>@MiniDigger</code></a></li>
<li>Fixed an issue with non-minified dist files and order of imports,
thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
</ul>
<h2>DOMPurify 3.2.0</h2>
<ul>
<li>Added type declarations, thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a> , <a
href="https://github.com/philmayfield"><code>@philmayfield</code></a>,
<a href="https://github.com/aloisklink"><code>@aloisklink</code></a>,
<a href="https://github.com/ssi02014"><code>@ssi02014</code></a> and
others</li>
<li>Fixed a minor issue with the handling of hooks, thanks <a
href="https://github.com/kevin-mizu"><code>@kevin-mizu</code></a></li>
</ul>
<h2>DOMPurify 3.1.7</h2>
<ul>
<li>Fixed an issue with comment detection and possible bypasses with
specific config settings, thanks <a
href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li>
<li>Fixed several smaller typos in documentation and test & build
files, thanks <a
href="https://github.com/christianhg"><code>@christianhg</code></a></li>
<li>Added better support for Angular compiler, thanks <a
href="https://github.com/jeroen1602"><code>@jeroen1602</code></a></li>
<li>Added several new attributes to HTML and SVG allow-list, thanks <a
href="https://github.com/Gigabyte5671"><code>@Gigabyte5671</code></a>
and <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li>
<li>Removed the <code>foreignObject</code> element from the list of HTML
entry-points, thanks <a
href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li>
<li>Bumped several dependencies to be more up to date</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec29e65f36"><code>ec29e65</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1062">#1062</a>
from cure53/main</li>
<li><a
href="1c1b183862"><code>1c1b183</code></a>
chore: Preparing 3.2.4 release</li>
<li><a
href="d18ffcb554"><code>d18ffcb</code></a>
fix: Changed the template literal regex to avoid a config-dependent
bypass</li>
<li><a
href="0d64d2b12f"><code>0d64d2b</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1060">#1060</a>
from yehuya/initializeTestImprovements</li>
<li><a
href="9ad7933156"><code>9ad7933</code></a>
tests: DOMPurify custom window tests improvements</li>
<li><a
href="72760ca8ee"><code>72760ca</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1059">#1059</a>
from yehuya/fixMissingWindowElement</li>
<li><a
href="bc72d44b2e"><code>bc72d44</code></a>
Fix tests</li>
<li><a
href="363a89dd3a"><code>363a89d</code></a>
fix: handle undefined Element in DOMPurify initialization</li>
<li><a
href="f41b45df18"><code>f41b45d</code></a>
Update LICENSE</li>
<li><a
href="b25bf26d67"><code>b25bf26</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.1.6...3.2.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Pull Request Template
## Description
Dyte V1 API's are soon going to be deprecated, hence making sure we
update Chatwoot before that happens
Fixes#10704
## Type of change
Please delete options that are not relevant.
- [x] New feature (non-breaking change which adds functionality)
## How Has This Been Tested?
1. Open a new or existing conversation from the inbox
2. Press the video call icon on the message composer
3. Verify that the message dialog shows up with the join video call
button
4. Verify that clicking on join call does join the call
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] My changes generate no new warnings
- [ ] New and existing unit tests pass locally with my changes (Unable
to run this locally)
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.18.2
to 1.18.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sparklemotion/nokogiri/releases">nokogiri's
releases</a>.</em></p>
<blockquote>
<h2>v1.18.3 / 2025-02-18</h2>
<h3>Security</h3>
<ul>
<li>[CRuby] Vendored libxml2 is updated to <a
href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6">v2.13.6</a>
to address CVE-2025-24928 and CVE-2024-56171. See <a
href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m">GHSA-vvfq-8hwr-qm4m</a>
for more information.</li>
</ul>
<!-- raw HTML omitted -->
<pre><code>cab20305133078a8f6b60cf96311b48319175038cc7772e5ec586ff624cb7838
nokogiri-1.18.3-aarch64-linux-gnu.gem
acb256bb3213a180b1ed84a49c06d5d4c6c1da26f33bc9681f1fece4dab09a79
nokogiri-1.18.3-aarch64-linux-musl.gem
ce088965cd424b8e752d82087dcf017069d55791f157098ed1f671d966857610
nokogiri-1.18.3-arm64-darwin.gem
37b73a55e0d1e8a058a24abb16868903e81cb4773049739c532b864f87236b1b
nokogiri-1.18.3-arm-linux-gnu.gem
09407970cd13736cf87e975fae69c13e1178bab0313d07b35580ee4dd3650793
nokogiri-1.18.3-arm-linux-musl.gem
6b9fc3b14fd0cedd21f6cad8cf565123ba7401e56b5d0aec180c23cdca28fd5a
nokogiri-1.18.3.gem
236078c5f80ffc3d49c223fa98933d970543455403f9d672ca0aa5a6178a84fe
nokogiri-1.18.3-java.gem
216be1cb454c4657fc64747e5ae32b2ab4015843183766f238e4f4a62fb1f6be
nokogiri-1.18.3-x64-mingw-ucrt.gem
d729406bb5a7b1bbe7ed3c0922336dd2c46085ed444d6de2a0a4c33950a4edea
nokogiri-1.18.3-x86_64-darwin.gem
3c7ad5cee39855ed9c746065f39b584b9fd2aaff61df02d0f85ba8d671bbe497
nokogiri-1.18.3-x86_64-linux-gnu.gem
8aaecc22c0e5f12dac613e15f9a04059c3ec859d6f98f493cc831bd88fe8e731
nokogiri-1.18.3-x86_64-linux-musl.gem
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sparklemotion/nokogiri/blob/v1.18.3/CHANGELOG.md">nokogiri's
changelog</a>.</em></p>
<blockquote>
<h2>v1.18.3 / 2025-02-18</h2>
<h3>Security</h3>
<ul>
<li>[CRuby] Vendored libxml2 is updated <a
href="https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6">v2.13.6</a>
to address CVE-2025-24928 and CVE-2024-56171. Nokogiri's maintainers
believe these vulnerabilities do not affect users of Nokogiri, but we
advise upgrading at your earliest convenience anyway.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fd3ca2e22d"><code>fd3ca2e</code></a>
version bump to v1.18.3</li>
<li><a
href="a8c526adf1"><code>a8c526a</code></a>
dep: update libxml2 to v2.13.6 (<a
href="https://redirect.github.com/sparklemotion/nokogiri/issues/3437">#3437</a>)</li>
<li><a
href="0847cf8688"><code>0847cf8</code></a>
ci: tired of waiting for gnome mirrors</li>
<li><a
href="11945c82df"><code>11945c8</code></a>
dep: update libxml2 to v2.13.6</li>
<li>See full diff in <a
href="https://github.com/sparklemotion/nokogiri/compare/v1.18.2...v1.18.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sojan Jose <sojan@pepalo.com>
The Slack `files.upload` API endpoint is deprecated and will stop
functioning on March 11, 2025. In this PR, we have implemented the
changes for the [new file
upload](https://api.slack.com/messaging/files#uploading_files) method.
## Description
Hi! I've recently started helping maintain this gem as we use it heavily
in our app as well. It's been updated to work with newer versions of
nokogiri and has a few important fixes too.
## How Has This Been Tested?
Assuming you already have test coverage that would cover this.
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream
modules
Co-authored-by: Sojan Jose <sojan@pepalo.com>
This PR introduces internal feature flags for testing purposes. These
flags will not be displayed on regular instances to prevent customer
confusion.
Additionally, a new feature flag, `contact_chatwoot_support_team`, has
been added for Chatwoot Cloud. This flag disables contact support for
third-party onboarded accounts, as support will be handled by the
original affiliate team.
Co-authored-by: Pranav <pranav@chatwoot.com>
This is the error that is triggering a P0 incident in Chatwoot.
```
DashboardController#index is missing a template for this request format and variant. request.formats: ["application/json"] request.variant: []
```
The user is calling `/app/accounts/api/v1/accounts/<account-id>/inboxes`. The URL is wrong, the requests are routed to dashboard controller as it starts with `/app/accounts`. The dashboard controller is not handling JSON requests and it creates errors. There are 312k errors over the last 2 years. Close to 50k during last 3 days.
This fix would return not_acceptable response to the attempts.
Some emails contain HTML content within the text part, but our content
parser currently strips HTML automatically, which needs a proper fix. In
the new UI, the fallback for HTML content was set to the parsed content,
which may omit HTML tags, leading to issues like missing inline
attachments.
This PR updates the fallback mechanism to use the text content instead
of the parsed content, ensuring HTML elements are preserved.
Fixes
https://linear.app/chatwoot/issue/CW-4046/text-content-is-not-respected-in-emails
Bumps [rack](https://github.com/rack/rack) from 2.2.10 to 2.2.11.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rack/rack/blob/main/CHANGELOG.md">rack's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this file.
For info on how to format all future additions to this file please
reference <a href="https://keepachangelog.com/en/1.0.0/">Keep A
Changelog</a>.</p>
<h2>Unreleased</h2>
<h3>Added</h3>
<ul>
<li>Introduce <code>Rack::VERSION</code> constant. (<a
href="https://redirect.github.com/rack/rack/pull/2199">#2199</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>ISO-2022-JP encoded parts within MIME Multipart sections of an HTTP
request body will now be converted to UTF-8. (<a
href="https://redirect.github.com/rack/rack/pull/2245">#2245</a>, [<a
href="https://github.com/nappa"><code>@nappa</code></a>])</li>
</ul>
<h3>Changed</h3>
<ul>
<li>Invalid cookie keys will now raise an error. (<a
href="https://redirect.github.com/rack/rack/pull/2193">#2193</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li><code>Rack::MediaType#params</code> now handles empty strings. (<a
href="https://redirect.github.com/rack/rack/pull/2229">#2229</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h3>Deprecated</h3>
<ul>
<li><code>Rack::Auth::AbstractRequest#request</code> is deprecated
without replacement. (<a
href="https://redirect.github.com/rack/rack/pull/2229">#2229</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
<li><code>Rack::Request#parse_multipart</code> (private method designed
to be overridden in subclasses) is deprecated without replacement. (<a
href="https://redirect.github.com/rack/rack/pull/2229">#2229</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h3>Removed</h3>
<ul>
<li><code>Rack::Request#values_at</code> is removed. (<a
href="https://redirect.github.com/rack/rack/pull/2200">#2200</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li><code>Rack::Logger</code> is removed with no replacement. (<a
href="https://redirect.github.com/rack/rack/pull/2196">#2196</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
<li>Automatic cache invalidation in
<code>Rack::Request#{GET,POST}</code> has been removed. (<a
href="https://redirect.github.com/rack/rack/pull/2230">#2230</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
</ul>
<h3>Fixed</h3>
<ul>
<li><code>Rack::RewindableInput::Middleware</code> no longer wraps a nil
input. (<a
href="https://redirect.github.com/rack/rack/pull/2259">#2259</a>, <a
href="https://github.com/tt"><code>@tt</code></a>)</li>
</ul>
<h2>[3.1.9] - 2025-01-31</h2>
<h3>Fixed</h3>
<ul>
<li><code>Rack::MediaType#params</code> now handles parameters without
values. (<a
href="https://redirect.github.com/rack/rack/pull/2263">#2263</a>, <a
href="https://github.com/AllyMarthaJ"><code>@AllyMarthaJ</code></a>)</li>
</ul>
<h2>[3.1.8] - 2024-10-14</h2>
<h3>Fixed</h3>
<ul>
<li>Resolve deprecation warnings about uri <code>DEFAULT_PARSER</code>.
(<a href="https://redirect.github.com/rack/rack/pull/2249">#2249</a>,
[<a
href="https://github.com/earlopain"><code>@earlopain</code></a>])</li>
</ul>
<h2>[3.1.7] - 2024-07-11</h2>
<h3>Fixed</h3>
<ul>
<li>Do not remove escaped opening/closing quotes for content-disposition
filenames. (<a
href="https://redirect.github.com/rack/rack/pull/2229">#2229</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
<li>Fix encoding setting for non-binary IO-like objects in
MockRequest#env_for. (<a
href="https://redirect.github.com/rack/rack/pull/2227">#2227</a>, [<a
href="https://github.com/jeremyevans"><code>@jeremyevans</code></a>])</li>
<li><code>Rack::Response</code> should not generate invalid
<code>content-length</code> header. (<a
href="https://redirect.github.com/rack/rack/pull/2219">#2219</a>, [<a
href="https://github.com/ioquatix"><code>@ioquatix</code></a>])</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="aa5a0f532a"><code>aa5a0f5</code></a>
Bump patch version.</li>
<li><a
href="f8b41c1dba"><code>f8b41c1</code></a>
Escape non-printable characters when logging.</li>
<li>See full diff in <a
href="https://github.com/rack/rack/compare/v2.2.10...v2.2.11">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Added a command to sync files in the locale/*/ folder. Run `pnpm
sync:i18n` would copy index.js in `dashboard/locale/en` to every other
folder `dashboard/locale/*/`
---------
Co-authored-by: Pranav <pranavrajs@gmail.com>
- Add GitHub action to test docker builds for internal/external PR's
- This PR builds the image on both amd64 and arm64 runners for every PR
- This also reduces the build time by 70% (50mins to 15mins)
- Publish arm64 docker images for chatwoot ee edition
- Switch to Github actions for `docker` build/publish from docker hub
due to lack of arm64 support
**Note: CE edition arm64 images are already available via
https://github.com/chatwoot/chatwoot/pull/10789**
# Pull Request Template
## Description
This PR adds the ability to see the shared contact name in Telegram
channels.
## Type of change
- [x] New feature (non-breaking change which adds functionality)
## How Has This Been Tested?
**Loom video**
https://www.loom.com/share/cd318056ad4d44d4a1fc4b5d4ad38d60?sid=26d833ae-ded9-4cf0-9af7-81eecfa37f19
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
---------
Co-authored-by: Shivam Mishra <scm.mymail@gmail.com>
This PR target two issues
### CC & BCC not updated correctly
When moving from one conversation to another, the store may not have the
list of all the messages. A fetch is subsequently made to get the
messages. However, this update does not trigger the `currentChat`
watcher. This PR fixes it by adding a new watcher on
`currentChat.messages`.
We also update the `setCCAndToEmailsFromLastChat` method to reset the
`cc`, `bcc` and `to` fields if the last email is not found. This ensures
that the data is not carried forward from a previous email
Fixes: https://github.com/chatwoot/chatwoot/issues/10477
### To address are not added correctly to the `CC`
If the `to` address of a previous email has multiple recipient, there
was no case to add them to the CC.
Fixes: https://github.com/chatwoot/chatwoot/issues/8925
---
Depends on: https://github.com/chatwoot/utils/pull/41
During high-traffic periods, events may appear out of order, causing the
conversation job to queue outdated data, which can lead to issues in the
UI. This update ensures that only the latest available data is sent to the UI.
The conversation object is refreshed before sending it to the UI.
Bumps [net-imap](https://github.com/ruby/net-imap) from 0.4.17 to
0.4.19.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/net-imap/releases">net-imap's
releases</a>.</em></p>
<blockquote>
<h2>v0.4.19</h2>
<h2>What's Changed</h2>
<h3>🔒 Security Fix</h3>
<p>Fixes CVE-2025-25186 (GHSA-7fc5-f82f-cx69): A malicious server can
exhaust client memory by sending <code>APPENDUID</code> or
<code>COPYUID</code> responses with very large <code>uid-set</code>
ranges. <code>Net::IMAP::UIDPlusData</code> expands these ranges into
arrays of integers.</p>
<h4>Fix with minor API changes</h4>
<p>Set <code>config.parser_use_deprecated_uidplus_data</code> to
<code>false</code> to replace <code>UIDPlusData</code> with
<code>AppendUIDData</code> and <code>CopyUIDData</code>. These classes
store their UIDs as <code>Net::IMAP::SequenceSet</code> objects
(<em>not</em> expanded into arrays of integers). Code that does not
handle <code>APPENDUID</code> or <code>COPYUID</code> responses should
not see any difference. Code that does handle these responses
<em>may</em> need to be updated.</p>
<p>For v0.3.8, this option is not available
For v0.4.19, the default value is <code>true</code>.
For v0.5.6, the default value is <code>:up_to_max_size</code>.
For v0.6.0, the only allowed value will be <code>false</code>
<em>(<code>UIDPlusData</code> will be removed from v0.6)</em>.</p>
<h4>Mitigate with backward compatible API</h4>
<p>Adjust <code>config.parser_max_deprecated_uidplus_data_size</code> to
limit the maximum <code>UIDPlusData</code> UID set size.
When <code>config.parser_use_deprecated_uidplus_data == true</code>,
larger sets will crash.
When <code>config.parser_use_deprecated_uidplus_data ==
:up_to_max_size</code>, larger sets will use <code>AppendUIDData</code>
or <code>CopyUIDData</code>.</p>
<p>For v0.3,8, this limit is <em>hard-coded</em> to 10,000.
For v0.4.19, this limit defaults to 1000.
For v0.5.6, this limit defaults to 100.
For v0.6.0, the only allowed value will be <code>0</code>
<em>(<code>UIDPlusData</code> will be removed from v0.6)</em>.</p>
<h4>Please Note: unhandled responses</h4>
<p>If the client does not add response handlers to prune unhandled
responses, a malicious server can still eventually exhaust all client
memory, by repeatedly sending malicious responses. However,
<code>net-imap</code> has always retained unhandled responses, and it
has always been necessary for long-lived connections to prune these
responses. This is not significantly different from connecting to a
trusted server with a long-lived connection. To limit the maximum number
of retained responses, a simple handler might look something like the
following:</p>
<pre lang="ruby"><code>limit = 1000
imap.add_response_handler do |resp|
next unless resp.respond_to?(:name) && resp.respond_to?(:data)
name = resp.name
code = resp.data.code&.name if
resp.data.in?(Net::IMAP::ResponseText)
imap.responses(name) { _1.slice!(0...-limit) }
imap.responses(code) { _1.slice!(0...-limit) }
end
</code></pre>
<h3>Added</h3>
<ul>
<li>🔧 ResponseParser config is mutable and non-global (backports <a
href="https://redirect.github.com/ruby/net-imap/issues/381">#381</a>) by
<a href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/382">ruby/net-imap#382</a></li>
<li>✨ SequenceSet ordered entries methods (backports to v0.4-stable) by
<a href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/402">ruby/net-imap#402</a>
Backports the following:
<ul>
<li>✨ Add SequenceSet methods for querying about duplicates by <a
href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/384">ruby/net-imap#384</a></li>
<li>✨ Add <code>SequenceSet#each_ordered_number</code> by <a
href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/386">ruby/net-imap#386</a></li>
<li>✨ Add <code>SequenceSet#find_ordered_index</code> by <a
href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/396">ruby/net-imap#396</a></li>
<li>✨ Add <code>SequenceSet#ordered_at</code> by <a
href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/397">ruby/net-imap#397</a></li>
</ul>
</li>
<li>✨ Backport UIDPlusData, AppendUIDData, CopyUIDData to v0.4 by <a
href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/404">ruby/net-imap#404</a>
Backports the following:
<ul>
<li>✨ Add AppendUIDData and CopyUIDData classes by <a
href="https://github.com/nevans"><code>@nevans</code></a> in <a
href="https://redirect.github.com/ruby/net-imap/pull/400">ruby/net-imap#400</a></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4c4ed09997"><code>4c4ed09</code></a>
🔖 Bump version to 0.4.19</li>
<li><a
href="c8c5a64373"><code>c8c5a64</code></a>
Merge commit from fork</li>
<li><a
href="abff00fd70"><code>abff00f</code></a>
🔧 Add <code>:up_to_max_size</code> config for UIDPlusData</li>
<li><a
href="34a1f27a45"><code>34a1f27</code></a>
🔧 Add config option for max UIDPlusData size</li>
<li><a
href="6613d57e8e"><code>6613d57</code></a>
🔒 Limit exponential memory usage to parse uid-set</li>
<li><a
href="e4d57b1e00"><code>e4d57b1</code></a>
🔀 Merge pull request <a
href="https://redirect.github.com/ruby/net-imap/issues/404">#404</a>
from ruby/backport-0.4-uidplus-deprecation</li>
<li><a
href="d32320a749"><code>d32320a</code></a>
🐛 Fix missing <code>Data.define</code> for new classes</li>
<li><a
href="3c592fc98c"><code>3c592fc</code></a>
🔧🗑️ Deprecate UIDPlusData, with config to upgrade</li>
<li><a
href="7e58ef35fa"><code>7e58ef3</code></a>
✨ Add CopyUIDData (to replace UIDPlusData)</li>
<li><a
href="4c601c3a84"><code>4c601c3</code></a>
✨ Add AppendUIDData (to replace UIDPlusData)</li>
<li>Additional commits viewable in <a
href="https://github.com/ruby/net-imap/compare/v0.4.17...v0.4.19">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Pull Request Template
## Description
This PR adds support for displaying shared contacts in a Telegram
channel.
**NB:** Tested with both old and new bubbles.
Multiple numbers for a single contact are not supported at this time,
but multiple contacts are supported.
In the future, we can add support for displaying contact names as well.
## Type of change
- [x] New feature (non-breaking change which adds functionality)
## How Has This Been Tested?
**Loom video**
https://www.loom.com/share/95efadace3194887bc0663c53e7c08bc?sid=a5c27176-3dd8-456c-80b9-c63dbb89dca1
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
# Pull Request Template
## Description
This addresses #10842. It exposes `additional_attributes` in the
conversations search endpoint, uses it in
`SearchResultConversationsList` to pass
`conversation.additional_attributes?.mail_subject` down to
`SearchResultConversationItem`, which in turn displays it.
Fixes#10842
## Type of change
Please delete options that are not relevant.
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality not to work as expected)
- [ ] This change requires a documentation update
## How Has This Been Tested?
I have tested this locally by searching for conversations. See this
screenshot where I searched for "noreply":
I would love to add automated tests but I’m not sure how to do that.
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream
modules
---------
Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com>
Co-authored-by: iamsivin <iamsivin@gmail.com>
# Pull Request Template
## Description
This was not really an issue because HTML is permissive and auto-closes
these when the parent is closed, but it’s cleaner to do it.
It was also showing errors if you open the project in an IDE.
## Type of change
- Chore
## How Has This Been Tested?
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream
modules
Co-authored-by: Shivam Mishra <scm.mymail@gmail.com>
