* fix: add WEBHOOK_ALLOWED_HOSTS allowlist for internal webhook targets
The IP-based allowlist alone isn't practical for containerised deployments
where service IPs are dynamic. Adds a hostname-based bypass for trusted
internal services (e.g. Silo via docker-compose / k8s service DNS) and
makes the previously hardcoded ["plane.so"] domain blocklist configurable
via WEBHOOK_DISALLOWED_DOMAINS.
- validate_url accepts allowed_hosts (exact, case-insensitive match;
skips DNS lookup for trusted names)
- WebhookSerializer wires both settings through and lets allowlisted
hosts bypass the disallowed-domain check
- Exposes WEBHOOK_ALLOWED_HOSTS in aio/cli deployment env files
* fix: default WEBHOOK_DISALLOWED_DOMAINS to empty for self-hosted
* fix: pass WEBHOOK_ALLOWED_HOSTS to send-time webhook re-validation
* chore(deps): bump axios, uuid and add security overrides
Bump axios 1.15.0 → 1.15.2 and uuid 13.0.0 → 14.0.0 in the catalog,
and add pnpm overrides pinning postcss >=8.5.10, follow-redirects
>=1.16.0, and routing axios/uuid through the catalog.
* fix: overrides
* chore: add Claude Code skills for PR descriptions and release notes
* chore(skills): update release-notes branches to canary->master and example version to v1.3.0
* chore(skills): address PR review comments
- pr-description: infer base branch from PR metadata, fix Improvement wording, reference template's screenshot placeholder verbatim
- release-notes: add `text` language to unlabeled fenced code block
* chore: update CODEOWNERS for apps and deployments
Assign owners per app/area so reviews are routed to the right
maintainers.
* chore: update the codeowners
* fix: sanitize filenames in upload paths to prevent path traversal (GHSA-v57h-5999-w7xp)
Add server-side filename sanitization across all file upload endpoints
to prevent path traversal sequences (../) in user-supplied filenames
from being incorporated into S3 object keys. While S3 keys are flat
strings and not vulnerable to filesystem traversal, this adds
defense-in-depth and prevents S3 key pollution.
Changes:
- Add sanitize_filename() utility in path_validator.py
- Sanitize filenames in get_upload_path() for FileAsset and IssueAttachment models
- Sanitize name parameter in all upload view endpoints
* fix: address PR review feedback on filename sanitization
- Remove unused `import re`
- Normalize backslashes to forward slashes before os.path.basename()
so Windows-style paths (e.g. ..\..\..\evil.txt) are handled on POSIX
- Strip whitespace before removing leading dots so " .env" is caught
- Return None instead of "unnamed" for empty input so existing
`if not name` validation guards remain effective
- Add `or "unnamed"` fallback at call sites that lack a name guard
* fix: use random hex name as fallback in get_upload_path instead of "unnamed"
* fix: resolve ruff E501 line too long in DuplicateAssetEndpoint
* fix: replace IS_SELF_MANAGED toggle with explicit WEBHOOK_ALLOWED_IPS allowlist
Instead of blanket-allowing all private IPs on self-managed deployments,
webhook URL validation now blocks all private/internal IPs by default and
only permits specific networks listed in the WEBHOOK_ALLOWED_IPS env
variable (comma-separated IPs/CIDRs).
* fix: address PR review comments for webhook SSRF protection
- Sanitize error messages to avoid leaking internal details to clients
- Guard against TypeError with mixed IPv4/IPv6 allowlist networks
- Re-validate webhook URL at send time to prevent DNS-rebinding
- Add unit tests for mixed-version IP network allowlists
WorkspaceFileAssetEndpoint had no authorization checks beyond
authentication, allowing any logged-in user to create, read, patch,
and delete assets in any workspace by slug. DuplicateAssetEndpoint
only authorized the destination workspace, letting users copy assets
from workspaces they don't belong to.
Add @allow_permission decorators to all WorkspaceFileAssetEndpoint
methods and scope DuplicateAssetEndpoint's source asset lookup to
workspaces where the caller is an active member.
Ref: GHSA-qw87-v5w3-6vxx
When patching instance configuration values, the raw values from
request.data were used directly without sanitization. This adds:
- Whitespace stripping via str().strip() to prevent leading/trailing
spaces from being stored
- Explicit None handling so that null values become empty strings
instead of the literal string "None"
* fix: prevent ORM field injection via segment parameter in analytics (GHSA-93x3-ghh7-72j3)
Centralize analytics field allowlists into VALID_ANALYTICS_FIELDS and
VALID_YAXIS constants in analytics_plot.py. Add defense-in-depth
validation in build_graph_plot() and extract_axis() so no caller can
pass arbitrary field references to Django F() expressions. Add missing
segment validation to SavedAnalyticEndpoint. Also fixes ExportAnalytics
using "estimate_point" instead of "estimate_point__value".
* fix: address PR review - remove unused imports and validate stored query params
Remove unused VALID_ANALYTICS_FIELDS and VALID_YAXIS imports from
analytic_plot_export.py. Add x_axis/y_axis allowlist validation in
SavedAnalyticEndpoint for stored query_dict values to prevent 500
errors from malformed saved analytics.
* fix: validate redirects in favicon fetching to prevent SSRF
The previous SSRF fix (GHSA-jcc6-f9v6-f7jw) only validated redirects for
the main page URL but not for the favicon fetch path. An attacker could
craft an HTML page with a favicon link that redirects to a private IP,
bypassing the IP validation and leaking internal network data as base64.
Extract a reusable `safe_get()` function that validates every redirect hop
against private/internal IPs and use it for both page and favicon fetches.
Resolves: GHSA-9fr2-pprw-pp9j
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address PR review feedback for SSRF favicon fix
- Fix off-by-one in redirect limit: only raise RuntimeError when the
response is still a redirect after MAX_REDIRECTS hops, not when the
final response is a successful 200
- Return final URL from safe_get() so favicon href resolution uses the
correct origin after redirects instead of the original URL
- Add unit tests for validate_url_ip and safe_get covering private IP
blocking, redirect-following, and redirect limit enforcement
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Restrict role modification in ProjectMemberViewSet.partial_update to
Admins only and enforce that requesters cannot modify or assign roles
equal to or higher than their own. Previously, Guests could demote
Admins by exploiting a missing lower-bound check on role changes.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The bulk update date endpoint fetched issues by ID without filtering
by workspace or project, allowing any authenticated project member to
modify start_date and target_date of issues in any workspace/project
across the entire instance (IDOR - CWE-639).
Scoped the query to include workspace__slug and project_id filters,
consistent with other issue endpoints in the codebase.
Ref: GHSA-4q54-h4x9-m329
* chore(deps): replace dotenvx with dotenv and update dependency overrides
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: sort devDependencies in package.json files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Update brace-expansion override from 2.0.2 to 5.0.5 and add picomatch,
yaml@1, and yaml@2 overrides to pin transitive dependency versions.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#6746
API-driven issue updates (PUT update, PUT create-via-upsert, PATCH) were
missing `model_activity.delay()` calls, so webhooks were never dispatched
for changes made through the API. The web UI paths already include these
calls (e.g. in `post()` at L475), but the `put()` and `partial_update()`
methods only called `issue_activity.delay()`.
This adds `model_activity.delay()` immediately after each existing
`issue_activity.delay()` in these three code paths, using the same
signature as the existing call in `post()`.
Tested on Plane CE v1.2.1 self-hosted: API PATCH triggers
`webhook_send_task` in the Celery worker, confirming webhook delivery.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
After #8677 replaced ESLint with OxLint, the react-in-jsx-scope rule
was not disabled. This causes all commits touching JSX files to fail
the pre-commit hook (oxlint --deny-warnings).
React 17+ uses automatic JSX runtime so explicit React imports are
not required.
Fixes#8681
* chore: replace Discord references with Forum links
* chore: migrate help and community CTAs from Discord to Forum
* refactor: replace Discord icons with lucide MessageSquare
* chore: rename Discord labels and keys to Forum
* chore: remove obsolete Discord icon component
* chore: update Discord references to Forum in templates
* chore: code refactoring
* feat: enhance authentication logging with detailed error and info messages
- Added logging for various authentication events in the Adapter and its subclasses, including email validation, user existence checks, and password strength validation.
- Implemented error handling for GitHub OAuth email retrieval, ensuring proper logging of unexpected responses and missing primary emails.
- Updated logging configuration in local and production settings to include a dedicated logger for authentication events.
* chore: address copilot comments
* chore: addressed some additional comments
* chore: update log
* fix: lint
* chore: updated the logic for page version task
* chore: updated the html variable
* chore: handled the exception
* chore: changed the function name
* chore: added a custom variable
* chore: update ProjectSerializer to raise validation for special characters in name and identifier
* chore: update external endpoints
* fix: external api serializer validation
* update serializer to send error code
* fix: move the regex expression to Project model
Disable autocomplete on authentication and security-related forms to prevent
browsers from storing sensitive credentials. This affects sign-in, password
reset, account security, and onboarding forms across admin, web, and space apps.
Modified components:
- Auth forms (email, password, unique code, forgot/reset/set password)
- Account security pages
- Instance setup and profile onboarding
- Shared UI components (auth-input, password-input)
* chore(security): implement input validation across authentication and workspace forms
- Add OWASP-compliant autocomplete attributes to all auth input fields
- Create centralized validation utilities blocking injection-risk characters
- Apply validation to names, display names, workspace names, and slugs
- Block special characters: < > ' " % # { } [ ] * ^ !
- Secure sensitive input fields across admin, web, and space apps
* chore: add missing workspace name validation to settings and admin forms
* feat: enhance validation regex for international names and usernames
- Updated regex patterns to support Unicode characters for person names, display names, company names, and slugs.
- Improved validation functions to block injection-risk characters in names and slugs.
- Modified the invite link to include a token for enhanced security.
- Updated the WorkspaceJoinEndpoint to validate the token instead of the email.
- Adjusted the workspace invitation task to generate links with the token.
- Refactored the frontend to handle token in the invitation process.
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
* fix: allow markdown file attachments
- Add text/markdown to ATTACHMENT_MIME_TYPES
- Fixes issue where .md files were rejected with 'Invalid file type' error
* added the support for frontend mime type too
* refactor: rename IssueUserProperty to ProjectUserProperty and update related references across the codebase
* migrate: move issue user properties to project user properties and update related fields and constraints
* refactor: rename IssueUserPropertySerializer and IssueUserDisplayPropertyEndpoint to ProjectUserPropertySerializer and ProjectUserDisplayPropertyEndpoint, updating all related references
* fix: enhance ProjectUserDisplayPropertyEndpoint to handle missing properties by creating new entries and improve response handling
* fix: correct formatting in migration for ProjectUserProperty model options
* migrate: add migration to update existing non-service API tokens to remove workspace association
* migrate: refine migration to update existing non-service API tokens by excluding bot users from workspace removal
* chore: changed the project sort order in project user property
* chore: remove allowed_rate_limit from APIToken
* chore: updated user-properties endpoint for frontend
* chore: removed the extra projectuserproperty
* chore: updated the migration file
* chore: code refactor
* fix: type error
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
Co-authored-by: sangeethailango <sangeethailango21@gmail.com>
Co-authored-by: vamsikrishnamathala <matalav55@gmail.com>
Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
* migration: added version field in webhook
* chore: add max_length
* chore: added product tour fields
* chore: updated the migration file
* chore: removed the duplicated migration file
* chore: added allowed_rate_limit for api_tokens
* chore: changed key feature tour to product tour
* chore: added is_subscribed_to_changelog field
---------
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
- Replace custom tab implementation with Propel Tabs
- Dynamically render only enabled tabs based on configuration
- Filter tabs by isEnabled property for cleaner conditional rendering
- Improve tab navigation and accessibility with Propel components
* [WEB-5804] refactor: decouple filter value types from filter configurations
Remove value type constraints from filter configurations to support
operator-specific value types. Different operators can accept different
value types for the same filter property, so value types should be
determined at the operator level rather than the filter level.
- Remove generic value type parameter from TFilterConfig
- Update TOperatorConfigMap to accept union of all value types
- Simplify filter config factory signatures across all filter types
- Add forceUpdate parameter to updateConditionValue method
* refactor: remove filter value type constraints from filter configurations
Eliminate the generic value type parameter from filter configurations to allow for operator-specific value types. This change enhances flexibility by enabling different operators to accept various value types for the same filter property.
- Updated TFilterConfig and related interfaces to remove value type constraints
- Adjusted filter configuration methods and types accordingly
- Refactored date operator support to align with the new structure
* refactor: add Unified OAuth Configuration and Missing Gitea Options
- Replaced the AuthenticationModes component with a more streamlined implementation using AuthenticationMethodCard.
- Removed obsolete authentication modes files from the codebase.
- Enhanced the AuthRoot component to utilize the new OAuth configuration hook for better management of authentication options.
- Updated type definitions for instance authentication modes to reflect the new structure.
* refactor: update OAuth type imports and remove obsolete types
- Replaced local type imports with centralized imports from @plane/types in core, extended, and index OAuth hooks.
- Removed the now redundant types.ts file as its definitions have been migrated.
- Enhanced type definitions for OAuth options to improve consistency across the application.
* feat: add new Gitea logo and update OAuth icon imports to use standard HTML img tags
* chore: remove unused authentication logos and upgrade button component
* fix: using base url of a redirect url
* chore: internal networks check for the final_url
* fix: none final_url
* fix: exception handling
* fix: exception handling
* chore: remove unused imports
* refactor: moved ip address check logic into separate function
* fix: ValueError logic
* feat: add sync functionality for OAuth providers
- Implemented `check_sync_enabled` method to verify if sync is enabled for Google, GitHub, GitLab, and Gitea.
- Added `sync_user_data` method to update user details, including first name, last name, display name, and avatar.
- Updated configuration variables to include sync options for each provider.
- Integrated sync check into the login/signup process.
* feat: add sync toggle for OAuth providers in configuration forms
* fix: remove default value for sync options in OAuth configuration forms
* chore: delete old avatar and upload a new one
* chore: update class method
* chore: add email nullable
* refactor: streamline sync check for multiple providers and improve avatar deletion logic
* fix: ensure ENABLE_SYNC configurations default to "0" for Gitea, Github, Gitlab, and Google forms
* fix: simplify toggle switch value handling in ControllerSwitch component
---------
Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com>
* refactor: update build scripts and supervisor configuration
* Changed Caddyfile source in build.sh to use Caddyfile.aio.ce
* Updated Dockerfile to copy web assets from the correct directory
* Modified supervisor.conf to remove web and admin program configurations, and updated space program command to use react-router-serve
* chore: remove obsolete Caddyfile.aio.ce configuration
* chore: clean up Dockerfile by removing redundant cache removal command
* fix: update live program command to use .mjs extension in supervisor configuration
* fix: update live program command in supervisor configuration to remove .mjs extension
* fix: update reverse proxy ports in Caddyfile.aio.ce configuration
* fix: correct reverse proxy addresses in Caddyfile.aio.ce configuration
* refactor: remove outdated reverse proxy address updates from build script
* refactor: replace isomorphic-dompurify with sanitize-html
* dompurify fixes
* more fixes with fallback and title
* build
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
- Replace advisory lock with transaction-level lock in Issue model save method
- Updated the save method in the Issue model to use a transaction-level advisory lock for better concurrency control.
- Simplified the locking mechanism by removing the explicit unlock step, as the lock is automatically released at the end of the transaction.
- Maintained existing functionality for sequence and sort order management while improving code clarity.
* fix: robust way to handle socket connection and read from indexeddb cache when reqd
* fix: realtime sync working with failure handling
* fix: title editor added
* merge preview into fix/realtime-sync
* check
* page renderer props
* lint errors
* lint errors
* lint errors
* sanitize html
* sanitize html
* format fix
* fix lint
* feat: enhance APITokenLogMiddleware to support logging to MongoDB
- Added functionality to log external API requests to MongoDB, with a fallback to PostgreSQL if MongoDB is unavailable.
- Implemented error handling for MongoDB connection and logging operations.
- Introduced additional fields for MongoDB logs, including timestamps and user identifiers.
- Refactored request logging logic to streamline the process and improve maintainability.
* fix: improve MongoDB availability checks in APITokenLogMiddleware
- Enhanced the logic for determining MongoDB availability by checking if the collection is not None.
- Added a check for MongoDB configuration before attempting to retrieve the collection.
- Updated error handling to ensure the middleware correctly reflects the state of MongoDB connectivity.
* feat: implement logging functionality in logger_task for API activity
- Added a new logger_task module to handle logging of API activity to MongoDB and PostgreSQL.
- Introduced functions for safely decoding request/response bodies and processing logs based on MongoDB availability.
- Refactored APITokenLogMiddleware to utilize the new logging functions, improving code organization and maintainability.
* refactor: simplify MongoDB logging in logger_task and middleware
- Removed direct dependency on MongoDB collection in log_to_mongo function, now retrieving it internally.
- Updated process_logs to check MongoDB configuration before logging, enhancing error handling.
- Cleaned up logger.py by removing unused imports related to MongoDB.
* feat: add Celery task decorator to process_logs function in logger_task
- Introduced the @shared_task decorator to the process_logs function, enabling asynchronous processing of log data.
- Updated function signature to include a return type of None for clarity.
- Added an override for the save method in ChangeTrackerMixin to store changed fields before resetting tracking.
- Implemented a new method, _reset_tracked_fields, to ensure subsequent saves detect changes relative to the last saved state.
- Updated IssueComment to utilize _changes_on_save for determining changed fields, improving accuracy in tracking modifications.
* feat: add timezone selection to workspace onboarding, creation and settings
* refactor: remove timezone selection from workspace creation and onboarding forms
* feat: enhance clipboard functionality for markdown and HTML content
* fix: improve error handling and state management in CustomImageNodeView component
* fix: correct asset retrieval query by removing workspace filter in DuplicateAssetEndpoint
* fix: update meta tag creation in PasteAssetPlugin for clipboard HTML content
* feat: implement copyMarkdownToClipboard utility for enhanced clipboard functionality
* refactor: replace copyMarkdownToClipboard utility with copyTextToClipboard for simplified clipboard operations
* refactor: streamline clipboard operations by replacing copyTextToClipboard with copyMarkdownToClipboard in editor components
* refactor: simplify PasteAssetPlugin by removing unnecessary meta tag handling and streamlining HTML processing
* feat: implement asset duplication processing on paste for enhanced clipboard functionality
* chore:remove async from copy markdown method
* chore: add paste html
* remove:prevent default
* refactor: remove hasChanges from processAssetDuplication return type for simplified asset processing
* fix: format options-dropdown.tsx
* chore: add static files collection and update settings for static files support
* chore: add WhiteNoise middleware for static file handling
* chore(deps): upgrade WhiteNoise to version 6.11.0 and add static file reverse proxy in Caddyfile
* feat: enhance workspace settings layout and members page with new components
* refactor: update workspace settings layout and members page to use default exports
* refactor: settings layout import changes
* refactor: simplify workspaceSlug usage in settings layout
* feat: add avatar download and upload functionality in authentication adapter
- Implemented `download_and_upload_avatar` method to fetch and store user avatars from OAuth providers.
- Enhanced user data saving process to include avatar handling.
- Updated `S3Storage` class with a new `upload_file` method for direct file uploads to S3.
* feat: enhance avatar download functionality with size limit checks
- Added checks for content length before downloading avatar images to ensure they do not exceed the maximum allowed size.
- Implemented chunked downloading of avatar images to handle large files efficiently.
- Updated the upload process to return None if the upload fails, improving error handling.
* feat: improve avatar filename generation with content type handling
- Refactored avatar download logic to determine file extension based on the content type from the response headers.
- Removed redundant code for extension mapping, ensuring a cleaner implementation.
- Enhanced error handling by returning None for unsupported content types.
* fix: remove authorization header for avatar download
- Updated the avatar download logic to remove the Authorization header when token data is not present, ensuring compatibility with scenarios where authentication is not required.
* feat: add method for avatar download headers
- Introduced `get_avatar_download_headers` method to centralize header management for avatar downloads.
- Updated `download_and_upload_avatar` method to utilize the new header method, improving code clarity and maintainability.
* feat: add no_activity flag to control issue activity tracking during partial updates
* refactor: rename no_activity flag to skip_activity for clarity in issue activity tracking
* enhance description input handling with migration update support
* feat: implement skip_activity flag to conditionally log issue updates during partial updates
* refactor: skip-activity
* feat: add migration description update check to conditionally log issue updates
---------
Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>
* chore: update use_case type from string to array
* chore: convert use_case field to JSONField with array support
* feat: implement multi-select UI for use case in onboarding
* chore: code refactor
* chore: revert backend changes
* chore: code refactor
* chore: code refactor
* chore: code refactor
* chore: add bot user to workspace seed task
* refactor: use BotTypeEnum for bot type in workspace seed task
* refactor: update bot user display name and last name in workspace seed task
* fix: return empty dictionary for missing cycle and module seeds in workspace seed task
* chore(deps): upgrade psycopg packages to version 3.3.0
* chore: update Python version to 3.12.x in CI workflow
* refactor: clean up imports and improve code formatting across multiple files
* feat: implement cover image handling and static image selection
- Added functionality to handle cover image uploads and selections in project and profile forms.
- Introduced a new helper for managing cover images, including static images and uploaded assets.
- Updated components to utilize the new cover image helper for displaying and processing cover images.
- Added a set of static cover images for selection in the image picker.
- Enhanced error handling for image uploads and processing.
This update improves the user experience by providing a more robust cover image management system.
* refactor: rename STATIC_COVER_IMAGES_ARRAY to STATIC_COVER_IMAGES for consistency
- Updated the cover image helper to export STATIC_COVER_IMAGES instead of STATIC_COVER_IMAGES_ARRAY.
- Adjusted the ImagePickerPopover component to utilize the renamed export for rendering static cover images.
* feat: enhance project creation and image handling
- Introduced default project form values with a random emoji for logo props.
- Updated cover image handling in various components, ensuring consistent usage of the new cover image helper.
- Refactored image picker to improve search functionality and loading states.
- Removed unused constants and streamlined cover image type checks for better clarity and performance.
This update enhances the user experience in project creation and image selection processes.
* refactor: simplify cover image type definition and clean up code
- Removed duplicate type from TCoverImageType, streamlining the definition.
- Cleaned up whitespace in the cover image helper for improved readability.
This update enhances code clarity and maintains consistency in cover image handling.
* refactor: update cover image type definitions and simplify logic
- Changed ICoverImageResult and ICoverImagePayload interfaces to type aliases for better clarity.
- Simplified the logic in getCoverImageDisplayURL function to enhance readability and maintainability.
This update improves the structure and clarity of the cover image helper code.
* refactor: remove unused project cover image endpoint and update cover image handling
- Removed the ProjectPublicCoverImagesEndpoint and its associated URL from the project.
- Updated the cover image handling in the cover-image helper to utilize imported assets instead of static paths.
- Cleaned up the ProjectFavoritesViewSet and FileService by removing the now obsolete getProjectCoverImages method.
This update streamlines the cover image management and eliminates unnecessary code, enhancing overall maintainability.
* refactor: update cover image imports to new asset structure
- Replaced static path imports for cover images with updated paths to the new asset structure.
- This change improves organization and maintainability of cover image assets in the project.
This update aligns with recent refactoring efforts to streamline cover image handling.
* feat: add additional cover images to the helper
- Imported new cover images (24 to 29) into the cover-image helper.
- This update expands the available cover image options for use in the project, enhancing visual variety.
* refactor: remove ProjectPublicCoverImagesEndpoint from project URLs and views
* refactor: update cover image imports to include URL query parameter
- Modified cover image imports in the cover-image helper to append a URL query parameter for better asset handling.
- This change enhances the way cover images are processed and utilized within the project.
* refactor: extract default project form values into a utility function
- Created a new utility function `getProjectFormValues` to encapsulate the default project form values.
- Updated the `CreateProjectForm` component to use this utility function for setting default form values, improving code organization and maintainability.
* feat: integrate project update functionality in CreateProjectForm
- Added `updateProject` method to the `CreateProjectForm` component for updating project cover images after creation.
- Enhanced cover image handling by ensuring the correct URL is set for both uploaded and existing cover images.
This update improves the project creation workflow and ensures cover images are accurately updated.
* fix: update documentation for cover image handling
- Corrected the comment regarding local static images to reflect that they are served from the assets folder instead of the public folder.
- This change ensures accurate documentation for the `getCoverImageType` and `getCoverImageDisplayURL` functions, improving clarity for future developers.
* feat: implement random cover image selection for project forms
- Replaced the default cover image URL with a new utility function `getRandomCoverImage` that selects a random cover image from the available options.
- Updated the `getProjectFormValues` function to utilize this new method, enhancing the project creation experience with varied cover images.
---------
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* fix: separate retrieve method in WorkspaceMemberViewSet
* fix: non project members accessing member detail:
* chore: error handle
* fix: role based response
* fix: use Enum
* feat: add in common py
* fix: update marketing consent screen based on is self managed flag
* improvement: enhance ImagePickerPopover with dynamic tab options based on Unsplash configuration
* refactor: product updates modal to include changelog
* [WEB-5290] feat: implement fallback for product updates changelog with loading state and error handling
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
- Update S3Storage to use configurable expiration time
- Default remains 3600 seconds (1 hour) for backward compatibility
- Add comprehensive unit tests with mocked S3 client
- Update .env.example with documentation and examples
* fix: enhance error handling for label creation and update operations
* fix: improve error handling for label creation and update operations
* refactor: change error codes from enum to object for label operations
* refactor: update error code references in label handling to use consistent naming
* fix: improve error handling for label creation and update
* [WEB-5559] improve: chat support functionality and remove Intercom provider
- Added ChatSupportModal component for chat support integration.
- Replaced IntercomProvider with ChatSupportModal in AppProvider.
- Introduced useChatSupport hook to manage chat support state and actions.
- Updated help commands to utilize chat support instead of Intercom.
- Removed obsolete Intercom-related components and hooks.
* refactor: lazy load ChatSupportModal in AppProvider
* refactor: simplify token generation in MagicCodeProvider by using a numeric approach
* fix: update placeholder text for unique code input across multiple languages
* refactor: replace token generation with a numeric approach for user email updates
* fix: update placeholder text for unique code input in multiple languages to a numeric format
* refactor: replace random token generation with secrets for enhanced security in user email updates and magic code provider
* fix: project error message and status code
* fix: incorrect member role check
* fix: project error message and status code
* fix: improve project permission checks and error handling in ProjectViewSet
* feat: enhance project settings layout with better loading strategy and fix all flicker
* fix: prevent rendering during project loading in ProjectAuthWrapper
* refactor: adjust layout structure in ProjectDetailSettingsLayout and enhance access restriction logic in ProjectAccessRestriction
* refactor: replace ProjectAccessRestriction component with updated version and enhance error handling
- Deleted the old ProjectAccessRestriction component.
- Introduced a new ProjectAccessRestriction component with improved error handling and user prompts for joining projects.
- Updated translations for new error states in multiple languages.
* fix: enhance error handling in IssueDetailsPage and remove JoinProject component
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
* chore: traige state in intake
* chore: triage state changes
* feat: implement intake state dropdown component and integrate into issue properties
* chore: added the triage state validation
* chore: added triage state filter
* chore: added workspace filter
* fix: migration file
* chore: added triage group state check
* chore: updated the filters
* chore: updated the filters
* chore: added variables for intake state
* fix: import error
* refactor: improve project intake state retrieval logic and update TriageGroupIcon component
* chore: changed the intake validation logic
* refactor: update intake state types and clean up unused interfaces
* chore: changed the state color
* chore: changed the update serializer
* chore: updated with current instance
* chore: update TriageGroupIcon color to match new intake state group color
* chore: stringified value
* chore: added validation in serializer
* chore: added logger instead of print
* fix: correct component closing syntax in ActiveProjectItem
* chore: updated the migration file
* chore: added noop in migation
---------
Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com>
* fix: ensure soft delete handling for pages in PageViewSet methods
* refactor: streamline query for project IDs in PageDuplicateEndpoint
* refactor: remove soft delete condition from ProjectPage queries in PageViewSet and PageDuplicateEndpoint
* refactor: simplify ProjectPage query in PageViewSet for improved readability
* refactor: replace filter with get for Page queries in PageViewSet and PageDuplicateEndpoint to enhance clarity
* refactor: replace filter with get for Page queries in PagesDescriptionViewSet to improve efficiency
* chore: update navigation_project_limit and navigation_control_preference
* chore: set default true for user specific widgets
* chore: use serializer in ProjectMemberPreferenceEndpoint
chore: use serializer in WorkspaceUserPropertiesEndpoint
"
* fix: validate preferences
* fix: status code
* fix: remove saving from validate
* fix: simply validate_preferences
* chore: create WorkspaceUserProperties if it doesn't exist
* fix: create WorksapceUserProperties it not exist
* fix: copy the instance
* Revert "fix: copy the instance"
This reverts commit ddb0384b6d.
* chore: migrate WorkspaceUserPreference to set defaults
* fix: migration file name
* Revert "fix: migration file name"
This reverts commit 80a21dedf1.
* Revert "chore: migrate WorkspaceUserPreference to set defaults"
This reverts commit 25bc583a08.
* [WEB-5501] refactor: optimize component structures and improve hooks
- Updated type definitions in AppProvider to use React.ReactNode for children.
- Enhanced HomePeekOverviewsRoot by using MobX observer and integrating issue detail hook.
- Optimized ContentOverflowWrapper to prevent unnecessary re-renders by adjusting useEffect dependencies.
- Updated DashboardQuickLinks to include necessary dependencies in useCallback.
- Refactored GlobalShortcutsProvider to utilize refs for context and handler management, improving performance.
- Changed useCurrentTime to update every minute instead of every second.
- Refactored outside click hooks to use useCallback for better performance.
- Improved IntercomProvider and PostHogProvider to prevent multiple initializations using refs.
* refactor: simplify conditional rendering in HomePeekOverviewsRoot component
* refactor: improve outside click detection in sidebar and peek overview hooks
* refactor: enhance IntercomProvider and PostHogProvider with hydration state management
* refactor: enhance analytics page tab functionality and UI
- Introduced state management for selected tabs using useState and useEffect hooks.
- Updated tab handling to improve user experience with onValueChange for Tabs component.
- Refactored AnalyticsFilterActions to remove unused duration selection.
- Added Tooltip to project name in ActiveProjectItem for better visibility.
- Minor styling adjustments in Tabs component for improved layout consistency.
* refactor: improve tab layout in analytics page by adding w-fit
* fix: update styling for ActiveProjectItem component
* refactor: simplify analytics page and introduce useAnalyticsTabs hook
- Removed unused imports and optimized the analytics page component.
- Replaced getAnalyticsTabs with a new custom hook useAnalyticsTabs for better modularity.
- Added useAnalyticsTabs hook to manage analytics tab logic.
- Created new files for useAnalyticsTabs and analytics tabs in the 'ce' and 'ee' directories.
* fix: ensure consistent export in use-analytics-tabs file
* style: format code for better readability in AnalyticsPage component
* fix: add missing newline at end of file in use-analytics-tabs
* chore: remove unused analytics tab components
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* feat: change user email
* chore: optimised the logic
* feat: add email change functionality and related modals in profile form
* refactor: format checkEmail method for improved readability
* chore: added rate limit exceeded validation
* feat: implement change email modal with localization support
- Added translation support for the change email modal, including titles, descriptions, and error messages.
- Integrated the useTranslation hook for dynamic text rendering.
- Updated form validation messages to utilize localized strings.
- Enhanced user feedback with localized success and error toast messages.
- Updated button labels and placeholders to reflect localization changes.
* chore: added extra validation in cache key
* fix: format files
---------
Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com>
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* dev: updated the index constraints for notification
* dev: updated migration file with AddIndexConcurrently
* dev: handled indexing for file asset with asset
* bumped migration sequence number
---------
Co-authored-by: Dheeraj Kumar Ketireddy <dheeru0198@gmail.com>
- Add jscodeshift-based codemod to convert arrow function components to function declarations
- Support React.FC, observer-wrapped, and forwardRef components
- Include comprehensive test suite covering edge cases
- Add npm script to run transformer across codebase
- Target only .tsx files in source directories, excluding node_modules and declaration files
* [WEB-5459] chore: updates after running codemod
---------
Co-authored-by: sriramveeraghanta <veeraghanta.sriram@gmail.com>
* chore: add dotenv dependency and configure environment variables in admin, space, and web apps
* chore: allowed multiple hosts in dev mode
* chore: move dotenv to dev deps
* chore: update Vite configuration to set server host to 127.0.0.1 for admin, space, and web apps
---------
Co-authored-by: gakshita <akshitagoyal1516@gmail.com>
- Updated PostHog React package to version 1.4.0 and posthog-js to version 1.255.1.
- Refactored PostHogProvider to include hydration state management for improved event tracking.
- Cleaned up version references in pnpm-lock.yaml for react-router and next-themes.
* feat: add project shortcut in command palette
* feat: global project switcher shortcut
* refactor: generalize command palette entity handling
* feat: extend command palette navigation
* feat: add issue shortcut to command palette
* feat: add modular project selection for cycle navigation
* chore: add reusable command palette utilities
* fix: update key sequence handling to use window methods for timeout management
* fix: build errors
* chore: minor ux copy improvements
* feat: implement a new command registry and renderer for enhanced command palette functionality
* feat: introduce new command palette components and enhance search functionality
* feat: enhance command palette components with improved initialization and loading indicators
* feat: Implement new command palette architecture with multi-step commands, context-aware filtering, and reusable components. Add comprehensive documentation and integration guides. Enhance command execution with a dedicated executor and context provider. Introduce new command types and improve existing command definitions for better usability and maintainability.
* refactor: hook arguments
* refactor: folder structure
* refactor: update import paths
* fix: context prop drilling
* refactor: update search components
* refactor: create actions
* chore: add type to pages
* chore: init contextual actions
* refactor: context based actions code split
* chore: module context-based actions
* refactor: streamline command execution flow and enhance multi-step handling in command palette
* refactor: remove placeholder management from command execution and implement centralized placeholder mapping
* chore: cycle context based actions
* refactor: simplify command execution by consolidating selection steps and adding page change handling
* chore: added more options to work item contextual actions
* chore: page context actions
* refactor: update step type definitions and enhance page mapping for command execution
* feat: implement Command Palette V2 with global shortcuts and enhanced context handling
* refactor: power k v2
* refactor: creation commands
* feat: add navigation utility for Power K context handling
* feat: implement comprehensive navigation commands for Power K
* refactor: work item contextual actions
* fix: build errors
* refactor: remaining contextual actions
* refactor: remove old code
* chore: update placeholder
* refactor: enhance command registry with observable properties and context-aware shortcut handling
* refactor: improve command filtering logic in CommandPaletteModal
* chore: context indicator
* chore: misc actions
* style: shortcut badge
* feat: add open entity actions and enhance navigation commands for Power K
* refactor: rename and reorganize Power K components for improved clarity and structure
* refactor: update CommandPalette components and streamline global shortcuts handling
* refactor: adjust debounce timing in CommandPaletteModal for improved responsiveness
* feat: implement shortcuts modal and enhance command registry for better shortcut management
* fix: search implemented
* refactor: search results code split
* refactor: search results code split
* feat: introduce creation and navigation command modules for Power K, enhancing command organization and functionality
* chore: update menu logos
* refactor: remove unused PowerKOpenEntityActionsExtended component from command palette
* refactor: search menu
* fix: clear context on backspace and manual clear
* refactor: rename creation command keys for consistency and clarity in Power K
* chore: added intake in global search
* chore: preferences menu
* chore: removed the empty serach params
* revert: command palette changes
* cleanup
* refactor: update command IDs to use underscores for consistency across Power K components
* refactor: extended context based actions
* chore: modal command item status props
* refactor: replace CommandPalette with CommandPaletteProvider in settings and profile layouts
* refactor: update settings menu to use translated labels instead of i18n labels
* refactor: update command titles to use translation keys for creation actions
* refactor: update navigation command titles to use translation keys for consistency
* chore: minor cleanup
* chore: misc commands added
* chore: code split for no search results command
* chore: state menu items for work item context based commands
* chore: add more props to no search results command
* chore: add more props to no search results command
* refactor: remove shortcut key for create workspace command
* Refactor command palette to use PowerK store
- Replaced instances of `useCommandPalette` with `usePowerK` across various components, including `AppSearch`, `CommandModal`, and `CommandPalette`.
- Introduced `PowerKStore` to manage modal states and commands, enhancing the command palette functionality.
- Updated modal handling to toggle `PowerKModal` and `ShortcutsListModal` instead of the previous command palette modals.
- Refactored related components to ensure compatibility with the new store structure and maintain functionality.
* Refactor PowerK command handling to remove context dependency
- Updated `usePowerKCommands` and `usePowerKCreationCommands` to eliminate the need for a context parameter, simplifying their usage.
- Adjusted related command records to utilize the new structure, ensuring consistent access to command configurations.
- Enhanced permission checks in creation commands to utilize user project roles for better access control.
* chore: add context indicator
* chore: update type import
* chore: migrate toast implementation from @plane/ui to @plane/propel/toast across multiple command files
* refactor: power k modal wrapper and provider
* fix: type imports
* chore: update creation command shortcuts
* fix: page context commands
* chore: update navigation and open command shortcuts
* fix: work item standalone page modals
* fix: context indicator visibility
* fix: potential error points
* fix: build errors
* fix: lint errors
* fix: import order
---------
Co-authored-by: Vihar Kurama <vihar.kurama@gmail.com>
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
* use issue store was not loading up properly , and hence created data issues for rendering filters options
* Added React.FC for better type suggestions
* chore: observer implementation change
---------
Co-authored-by: shivam-jainn <shivam.clgstash@gmail.com>
description:Generate a PR description following the project's GitHub PR template. Analyzes the current branch's changes against the base branch to produce a complete, filled-out PR description.
user_invocable:true
---
# PR Description Generator
Generate a pull request description based on the project's PR template at `.github/pull_request_template.md`.
## Steps
1.**Determine the base branch**: Prefer the PR's actual `baseRefName` (via `gh pr view <PR> --json baseRefName`) when a PR exists. Otherwise default by intent — feature PRs target `preview`, release PRs target `master`. If still ambiguous, ask the user.
2.**Analyze changes**: Run the following to understand what changed:
-`git log <base>...HEAD --oneline` to see all commits on this branch
-`git diff <base>...HEAD --stat` to see which files changed
-`git diff <base>...HEAD` to read the actual diff (use `--no-color`)
- If the diff is very large, focus on the most important files first
3.**Fill out the PR template** with the following sections:
### Description
Write a clear, concise summary of what the PR does and why. Focus on the "what" and "why", not line-by-line changes. Mention any important implementation decisions.
### Type of Change
Check the appropriate box(es) based on the changes:
- Bug fix (non-breaking change which fixes an issue)
- Feature (non-breaking change which adds functionality)
- Improvement (non-breaking change that improves existing functionality)
- Code refactoring
- Performance improvements
- Documentation update
### Screenshots and Media
Leave this section for the user to fill in, preserving the existing placeholder comment from `.github/pull_request_template.md` verbatim rather than introducing different text.
### Test Scenarios
Based on the code changes, suggest specific test scenarios that should be verified. Be concrete (e.g., "Navigate to project settings and verify the new toggle works") rather than generic.
### References
- If commit messages or branch name reference a work item identifier (e.g., `WEB-1234`), include it
- If the user provides a linked issue, include it
- If Sentry issue links or IDs (e.g., `SENTRY-ABC123`, Sentry URLs) were mentioned earlier in the conversation, include them as references
4.**Output format**: Print the filled-out markdown template so the user can copy it directly. Do NOT wrap it in a code fence — output the raw markdown.
## Guidelines
- Keep the description concise but informative
- Use bullet points for multiple changes
- Focus on user-facing impact, not implementation details
- If the branch has a Plane work item ID in its name (e.g., `WEB-1234`), reference it
- Don't fabricate test scenarios that aren't relevant to the actual changes
description:"Generate release notes for a Plane release PR in `makeplane/plane` (semver, e.g. `release: vX.Y.Z`). Reads PR commits, filters out noise, categorizes by conventional-commit type, optionally enriches via Plane MCP, and writes the result as the PR description."
user_invocable:true
---
# Release Notes Generator
Generate structured release notes from a Plane release PR by parsing its commit list, then update the PR description.
## Versioning
Plane community uses **semver** (`vX.Y.Z`, major.minor.patch) for releases.
- PR title format: `release: vX.Y.Z`
- Source branch: `canary`
- Target branch: `master`
## When to Use
- User links/mentions a Plane release PR (e.g. `release: v1.3.0`) and asks for release notes
- User asks to "create release notes" / "update PR description" for a release PR in `makeplane/plane`
- The branch is named `canary` or `release/x.y.z` and the base is `master`
Use the returned `name` and `description_stripped` to flesh out the bullet. Skip this for routine fixes — commit body is usually enough. Don't enrich every item (slow + work item descriptions are often empty).
Optional 1–2 sentence elaboration drawn from commit body.
## 🐛 Bug Fixes
- **<Short title>** — [WEB-XXXX] (#PR_NUM)
## 🔧 Refactor & Chore
- **<Short title>** — [WEB-XXXX] (#PR_NUM)
## 📦 Dependencies
- Bump `<package>` X.Y.Z → A.B.C (#PR_NUM)
```
Rules:
- Lead with a bold human-readable title (rewrite the commit subject if cryptic)
- Always include the work item ID in brackets and the merge PR number in parens
- Add a sub-line elaboration only when the commit body has substance worth surfacing (acceptance criteria, scope notes, gotchas like "behind feature flag", "requires migration", "requires Vercel setting")
- Drop empty sections
### 7. Update the PR description
```bash
gh pr edit <PR_NUM> --body "$(cat <<'EOF'
<release notes markdown>
EOF
)"
```
Always use a HEREDOC with single-quoted `'EOF'` so backticks/dollars in the notes are preserved.
description:Guidelines for using modern TypeScript features (v5.0-v5.8)
applyTo:"**/*.{ts,tsx,mts,cts}"
---
# TypeScript Coding Guidelines & Modern Features (v5.0 - v5.8)
When writing TypeScript code, prioritize using modern features and best practices introduced in recent versions (up to 5.8).
## Global Themes Across 5.x
1.**Standard decorators are here; legacy decorators are legacy.**
New TC39-compliant decorators landed in 5.0 and were extended in 5.2 (metadata). Old `experimentalDecorators`-style behavior is still supported but should be treated as legacy.
2.**Type system is more precise and less noisy.**
Major work went into narrowing, control flow analysis, error messages, and new helpers like `NoInfer`, inferred predicates, and better `undefined`/`never`/uninitialized checks.
3.**Module / runtime interop has been modernized.**
Options like `--moduleResolution bundler`, `--module nodenext`/`node18`, `--rewriteRelativeImportExtensions`, `--erasableSyntaxOnly`, and `--verbatimModuleSyntax` are about playing nicely with ESM, Node 18+/22+, direct TypeScript execution, and bundlers.
4.**The standard library keeps tracking modern JS.**
Support for new ES features (iterator helpers, `Object.groupBy`/`Map.groupBy`, new Set/ES2024 APIs) shows up as type declarations and sometimes extra checks (regex syntax checking, etc.).
When generating or refactoring code, prefer these newer idioms, and avoid patterns that conflict with updated checks.
## Modern Features to Utilize
### Type System & Inference
- **`const` Type Parameters (5.0)**: Use `const` type parameters for more precise literal inference.
```typescript
declare function names<const T extends string[]>(...names: T): void;
```
- **`@satisfies` Operator (5.0)**: Use `satisfies` to validate types without widening them.
- **Inferred Type Predicates (5.5)**: Allow TypeScript to infer type predicates for functions that filter arrays or check types, reducing the need for explicit `is` return types.
- **`NoInfer` Utility (5.4)**: Use `NoInfer<T>` to block inference for specific type arguments when you want them to be determined by other arguments.
- **Narrowing**:
- **Switch(true) (5.3)**: Utilize narrowing in `switch(true)` blocks.
- **Boolean Comparisons (5.3)**: Rely on narrowing from direct boolean comparisons.
- **Closures (5.4)**: Trust preserved narrowing in closures when variables aren't modified after the check.
- **Constant Indexed Access (5.5)**: Use constant indices to narrow object/array properties.
### Syntax & Control Flow
- **Decorators (5.0)**: Use standard ECMAScript decorators (Stage 3).
- **`using` Declarations (5.2)**: Use `using` for explicit resource management (Disposable pattern) instead of manual cleanup.
```typescript
using resource = new Resource();
```
- **Import Attributes (5.3/5.8)**: Use `with { type: "json" }` for import attributes. Avoid the deprecated `assert` syntax.
- **`switch` Exhaustiveness**: Rely on TypeScript's exhaustiveness checking in switch statements.
### Modules & Imports
- **`verbatimModuleSyntax` (5.0)**: Respect this flag by using `import type` explicitly when importing types to ensure they are erased during compilation.
- **Type-Only Imports with Extensions (5.2)**: You can use `.ts`, `.mts`, `.cts` extensions in `import type` statements.
- **`resolution-mode` (5.3)**: Use `import type { Type } from "mod" with { "resolution-mode": "import" }` if needed for specific module resolution contexts.
- **JSDoc `@import` (5.5)**: Use `@import` tags in JSDoc for cleaner type imports in JS files if working in a mixed codebase.
### Standard Library & Built-ins
- **Iterator Helpers (5.6)**: Use new iterator methods (map, filter, etc.) if targeting modern environments.
- **Set Methods (5.5)**: Utilize new `Set` methods like `union`, `intersection`, etc., when available.
- **`Object.groupBy` / `Map.groupBy` (5.4)**: Use these standard methods for grouping instead of external libraries like Lodash when appropriate.
- **`Promise.withResolvers` (5.7)**: Use `Promise.withResolvers()` for creating promises with exposed resolve/reject functions.
### Configuration & Tooling
- **`--moduleResolution bundler` (5.0)**: Assume this resolution strategy for modern web projects (Vite, Next.js, etc.).
- **`--erasableSyntaxOnly` (5.8)**: Be aware of this flag; avoid TypeScript-specific syntax that cannot be simply erased (like `enum`s or `namespaces`) if the project aims for maximum compatibility with tools like Node.js's `--strip-types`. Prefer `const` objects or unions over `enum`s if requested.
## Specific Coding Patterns
### Arrays & Collections
- Use **Copying Array Methods (5.2)** (`toSorted`, `toSpliced`, `with`) for immutable array operations.
- **TypedArrays (5.7)**: Be aware that TypedArrays are now generic over `ArrayBufferLike`.
### Classes
- **Parameter Decorators (5.0/5.2)**: Use modern standard decorators.
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name:Checkout repository
uses:actions/checkout@v4
uses:actions/checkout@v6
# Initializes the CodeQL tools for scanning.
- name:Initialize CodeQL
uses:github/codeql-action/init@v3
uses:github/codeql-action/init@v4
with:
languages:${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name:Autobuild
uses:github/codeql-action/autobuild@v3
# ℹ️ Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
@@ -91,7 +91,7 @@ If you would like to _implement_ it, an issue with your proposal must be submitt
To ensure consistency throughout the source code, please keep these rules in mind as you are working:
- All features or bug fixes must be tested by one or more specs (unit-tests).
- We use [Eslint default rule guide](https://eslint.org/docs/rules/), with minor changes. An automated formatter is available using prettier.
- We lint with [OxLint](https://oxc.rs/docs/guide/usage/linter) using the shared `.oxlintrc.json` and format with [oxfmt](https://oxc.rs/docs/guide/usage/formatter) using `.oxfmtrc.json`.
## Ways to contribute
@@ -187,18 +187,19 @@ Adding a new language involves several steps to ensure it integrates seamlessly
Add the new language to the TLanguage type in the language definitions file:
```ts
// packages/i18n/src/types/language.ts
export type TLanguage = "en" | "fr" | "your-lang";
// packages/i18n/src/types/language.ts
export type TLanguage = "en" | "fr" | "your-lang";
```
1. **Add language configuration**
Include the new language in the list of supported languages:
To verify that all tracked Python files contain the correct copyright header for **Plane Software Inc.** for the year **2023**, run this command from the repository root:
Meet [Plane](https://plane.so/), an open-source project management tool to track issues, run ~sprints~ cycles, and manage product roadmaps without the chaos of managing the tool itself. 🧘♀️
> Plane is evolving every day. Your suggestions, ideas, and reported bugs help us immensely. Do not hesitate to join in the conversation on [Discord](https://discord.com/invite/A92xrEGCge) or raise a GitHub issue. We read everything and respond to most.
> Plane is evolving every day. Your suggestions, ideas, and reported bugs help us immensely. Do not hesitate to join in the conversation on [Forum](https://forum.plane.so) or raise a GitHub issue. We read everything and respond to most.
## 🚀 Installation
@@ -54,7 +47,7 @@ Getting started with Plane is simple. Choose the setup that works best for you:
## 🌟 Features
- **Issues**
- **Work Items**
Efficiently create and manage tasks with a robust rich text editor that supports file uploads. Enhance organization and tracking by adding sub-properties and referencing related issues.
- **Cycles**
@@ -72,15 +65,13 @@ Getting started with Plane is simple. Choose the setup that works best for you:
- **Analytics**
Access real-time insights across all your Plane data. Visualize trends, remove blockers, and keep your projects moving forward.
- **Drive** (_coming soon_): The drive helps you share documents, images, videos, or any other files that make sense to you or your team and align on the problem/solution.
@@ -138,7 +129,7 @@ Explore Plane's [product documentation](https://docs.plane.so/) and [developer d
## ❤️ Community
Join the Plane community on [GitHub Discussions](https://github.com/orgs/makeplane/discussions) and our [Discord server](https://discord.com/invite/A92xrEGCge). We follow a [Code of conduct](https://github.com/makeplane/plane/blob/master/CODE_OF_CONDUCT.md) in all our community channels.
Join the Plane community on [GitHub Discussions](https://github.com/orgs/makeplane/discussions) and our [Forum](https://forum.plane.so). We follow a [Code of conduct](https://github.com/makeplane/plane/blob/master/CODE_OF_CONDUCT.md) in all our community channels.
Feel free to ask questions, report bugs, participate in discussions, share ideas, request features, or showcase your projects. We’d love to hear from you!
@@ -154,7 +145,7 @@ There are many ways you can contribute to Plane:
- Report [bugs](https://github.com/makeplane/plane/issues/new?assignees=srinivaspendem%2Cpushya22&labels=%F0%9F%90%9Bbug&projects=&template=--bug-report.yaml&title=%5Bbug%5D%3A+) or submit [feature requests](https://github.com/makeplane/plane/issues/new?assignees=srinivaspendem%2Cpushya22&labels=%E2%9C%A8feature&projects=&template=--feature-request.yaml&title=%5Bfeature%5D%3A+).
- Review the [documentation](https://docs.plane.so/) and submit [pull requests](https://github.com/makeplane/docs) to improve it—whether it's fixing typos or adding new content.
- Talk or write about Plane or any other ecosystem integration and [let us know](https://discord.com/invite/A92xrEGCge)!
- Talk or write about Plane or any other ecosystem integration and [let us know](https://forum.plane.so)!
- Show your support by upvoting [popular feature requests](https://github.com/makeplane/plane/issues).
Please read [CONTRIBUTING.md](https://github.com/makeplane/plane/blob/master/CONTRIBUTING.md) for details on the process for submitting pull requests to us.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.