From a0d0c8a8a0dbf88a1611ad62491f2b50ec7e5fa6 Mon Sep 17 00:00:00 2001 From: pannous Date: Wed, 18 Mar 2026 16:47:39 +0100 Subject: [PATCH 1/3] feat: add keyboard shortcuts to insert current date/time - Shift+Ctrl+/ (Shift+Cmd+/ on macOS): inserts locale date (e.g. 3/18/2026) - Ctrl+Alt+/ (Shift+Alt+/ on macOS): inserts locale date and time Closes #515 --- src/cloud/components/Editor/index.tsx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/cloud/components/Editor/index.tsx b/src/cloud/components/Editor/index.tsx index 639530cb0..cdec06f97 100644 --- a/src/cloud/components/Editor/index.tsx +++ b/src/cloud/components/Editor/index.tsx @@ -269,6 +269,14 @@ const Editor = ({ Enter: 'newlineAndIndentContinueMarkdownList', Tab: 'indentMore', 'Ctrl-Space': 'autocomplete', + 'Shift-Ctrl-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleDateString()), + 'Shift-Cmd-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleDateString()), + 'Ctrl-Alt-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleString()), + 'Shift-Alt-/': (cm: CodeMirror.Editor) => + cm.replaceSelection(new Date().toLocaleString()), }, scrollPastEnd: true, // fixes IME being on top of current line, Codemirror issue: https://github.com/codemirror/CodeMirror/issues/3137 From 314c72f496c55991f9e9e7541f1077664d45bf74 Mon Sep 17 00:00:00 2001 From: pannous Date: Wed, 18 Mar 2026 16:50:39 +0100 Subject: [PATCH 2/3] chore: enable Dependabot and security mechanisms - Add dependabot.yml: weekly npm and GitHub Actions updates with grouped PRs - Add security.yml workflow: weekly npm audit with artifact upload - Update node.js.yml: upgrade actions to v4, test on Node 18+20, add npm cache - Enable Dependabot vulnerability alerts and automated security fixes via GitHub API --- .github/dependabot.yml | 19 +++++++++++++++++ .github/workflows/node.js.yml | 7 ++++--- .github/workflows/security.yml | 38 ++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/security.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..8c95da9d0 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,19 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + open-pull-requests-limit: 10 + groups: + dev-dependencies: + dependency-type: "development" + production-dependencies: + dependency-type: "production" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml index 69059b6a8..5b75a2aed 100644 --- a/.github/workflows/node.js.yml +++ b/.github/workflows/node.js.yml @@ -16,14 +16,15 @@ jobs: strategy: matrix: - node-version: [12.x] + node-version: [18.x, 20.x] # See supported Node.js release schedule at https://nodejs.org/en/about/releases/ steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Use Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v1 + uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} + cache: 'npm' - run: npm ci - run: npm test diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 000000000..0154a13dd --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,38 @@ +name: Security Audit + +on: + push: + branches: [master] + pull_request: + branches: [master] + schedule: + - cron: '0 6 * * 1' # Weekly on Monday at 6 AM UTC + +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: '18.x' + cache: 'npm' + + - name: Install dependencies + run: npm ci + + - name: Run npm audit + run: npm audit --audit-level=high + continue-on-error: true + + - name: Run npm audit (report) + run: npm audit --json > npm-audit.json || true + + - name: Upload audit report + uses: actions/upload-artifact@v4 + with: + name: npm-audit-report + path: npm-audit.json + retention-days: 30 From b32bfd2e907b02c0b94651d708b5659ab8bd6633 Mon Sep 17 00:00:00 2001 From: pannous Date: Wed, 18 Mar 2026 16:51:42 +0100 Subject: [PATCH 3/3] chore: add CodeQL security scanning workflow Enables GitHub CodeQL analysis for JavaScript/TypeScript with security-extended and security-and-quality query suites. Results surface in GitHub Security tab / Copilot code scanning. --- .github/workflows/codeql.yml | 41 ++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000..7709b1350 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,41 @@ +name: CodeQL Security Analysis + +on: + push: + branches: [master, feature/**] + pull_request: + branches: [master] + schedule: + - cron: '0 8 * * 1' # Weekly on Monday at 8 AM UTC + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ubuntu-latest + permissions: + security-events: write + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + language: [javascript-typescript] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: security-extended,security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: /language:${{ matrix.language }}