diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..8c95da9d07 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,19 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 10 + groups: + dev-dependencies: + dependency-type: "development" + production-dependencies: + dependency-type: "production" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..7709b1350a --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,41 @@ +name: CodeQL Security Analysis + +on: + push: + branches: [master, feature/**] + pull_request: + branches: [master] + schedule: + - cron: '0 8 * * 1' # Weekly on Monday at 8 AM UTC + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ubuntu-latest + permissions: + security-events: write + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + language: [javascript-typescript] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: security-extended,security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: /language:${{ matrix.language }} diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 69059b6a8d..5b75a2aed0 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -16,14 +16,15 @@ jobs: strategy: matrix: - node-version: [12.x] + node-version: [18.x, 20.x] # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} + cache: 'npm' - run: npm ci - run: npm test diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 0000000000..0154a13dd9 --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,38 @@ +name: Security Audit + +on: + push: + branches: [master] + pull_request: + branches: [master] + schedule: + - cron: '0 6 * * 1' # Weekly on Monday at 6 AM UTC + +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: '18.x' + cache: 'npm' + + - name: Install dependencies + run: npm ci + + - name: Run npm audit + run: npm audit --audit-level=high + continue-on-error: true + + - name: Run npm audit (report) + run: npm audit --json > npm-audit.json || true + + - name: Upload audit report + uses: actions/upload-artifact@v4 + with: + name: npm-audit-report + path: npm-audit.json + retention-days: 30 diff --git a/src/cloud/components/Editor/index.tsx b/src/cloud/components/Editor/index.tsx index 639530cb0a..cdec06f97f 100644 --- a/src/cloud/components/Editor/index.tsx +++ b/src/cloud/components/Editor/index.tsx @@ -269,6 +269,14 @@ const Editor = ({ Enter: 'newlineAndIndentContinueMarkdownList', Tab: 'indentMore', 'Ctrl-Space': 'autocomplete', + 'Shift-Ctrl-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleDateString()), + 'Shift-Cmd-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleDateString()), + 'Ctrl-Alt-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleString()), + 'Shift-Alt-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleString()), }, scrollPastEnd: true, // fixes IME being on top of current line, Codemirror issue: https://github.com/codemirror/CodeMirror/issues/3137