Conversation
… validation (#1115) * Upgrade bcrypt to 5.0.0, pin marshmallow 4.3.0, add password byte-length validation - Upgrade bcrypt 4.3.0 → 5.0.0 (raises ValueError for passwords >72 bytes instead of silently truncating; aligns with upstream security improvement) - Pin marshmallow >=4.3.0,<5 to ensure 4.3.0 is resolved rather than staying on 4.0.x - Remove unused datetime==4.9 (Zope backport, never imported anywhere) - Upgrade setuptools 80.10.2 → 82.0.1 (minor bump, no breaking changes) - Add max 72-byte password validation in PasswordService.validate_password_strength() - Add maxPasswordByteLength client-side validator (TextEncoder) to both Vue 2 and Vue 3 frontends, wired into all password creation/change forms - Update password field descriptions and error messages to reflect 6–72 character range Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix ruff formatting in test_password_service.py Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* Diagnose and fix Electron CI build failure after electron 40.10.2 bump The Build Electron App job started failing after Dependabot bumped electron from 40.10.1 to 40.10.2. Symptoms: electron-forge make exits 0 but never creates out/make/, and maker names appear blank in forge logs. Changes: - Remove redundant "Package Electron app" step — forge make re-runs packaging internally, so the separate npm run package was causing a double packaging pass that may conflict with the make step - Add explicit platforms arrays to maker-squirrel (win32), maker-deb (linux), and maker-rpm (linux), eliminating reliance on defaultPlatforms resolution which may be broken in electron-forge 7.11.2 with electron 40.10.2 - Switch Make installers to npx electron-forge make --verbose for better diagnostic output in CI logs - Update List output files debug step: broaden to electron/out/ (not just out/make/), add if: always() so it runs even on failure, and use || echo fallback so the step itself never fails Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix Prettier formatting in electron/package.json Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add TypeScript compilation step before electron-forge make The switch from 'npm run make' (tsc && electron-forge make) to 'npx electron-forge make --verbose' silently dropped the tsc step. Without dist/main.js, electron-packager exits in under 0.5 seconds with no output and no error — creating no out/ directory. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add DEBUG env and diagnostics to Electron CI for packaging failure Still no installer artifacts produced — adding verbose forge/packager debug output and directory listings to find the actual root cause. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Pin electron to 40.10.1 and make upload-artifact fail on no files electron 40.10.2 causes electron-forge make to exit 0 silently with no output — the packager starts extraction and the Node process exits within 50ms. Root cause unclear (likely a packager/Node 24 interaction with the new binary). Pinning back to the last known-good version restores builds. Also change upload-artifact from if-no-files-found: warn to error so future packaging regressions cause an immediate CI failure rather than a silent pass with no artifacts. Remove the --verbose flag (it was parsed as a positional dir arg by Commander.js, not a real forge flag) and the now-unnecessary debug listing step. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Split electron-forge package and make into separate steps Use npx electron-forge package followed by npx electron-forge make --skip-package to separate the packaging and distribution steps. Adds debug output after each step to confirm artifacts are produced. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Set ELECTRON_CACHE and use npm run package for consistent binary cache Set ELECTRON_CACHE to a workspace path in both npm ci and packaging steps so @electron/get uses the same cache location when downloading the electron binary during install and when packaging. Switch from npx electron-forge package to npm run package to match the approach used in v0.30.2. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Pin electron build job to Node.js 24.15.0 Node.js 24.16.0 changed async microtask scheduling in a way that triggers a race condition in electron-forge's signal-based orchestration: packager failure arrives before signal promises are set up, so the error is silently swallowed and the process exits 0 with no output. Node.js 24.15.0 was used in the last known-working release (v0.30.2). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Remove diagnostic scaffolding from Electron CI workflow The ELECTRON_CACHE env vars, separate package step, --skip-package flag, and debug ls steps were added during investigation. Now that the root cause (Node.js 24.16.0 regression) is confirmed and fixed by pinning to 24.15.0, restore the workflow to the clean form: npm ci → npm run make → upload. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
github-actions
Bot
added
github
Client V3 Test Results23 tests 23 ✅ 0s ⏱️ Results for commit 3056772. ♻️ This comment has been updated with latest results. |
|
Client Test Results128 tests 128 ✅ 0s ⏱️ Results for commit 3056772. |
Python Test Results 1 files 1 suites 1m 26s ⏱️ Results for commit 3056772. |
Playwright E2E Results (chromium)151 tests 151 ✅ 1m 30s ⏱️ Results for commit 3056772. |
Playwright E2E Results (firefox)151 tests 151 ✅ 1m 33s ⏱️ Results for commit 3056772. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.