mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-05-21 03:31:20 -05:00
Code Issues Packages Projects Releases 177 Wiki Activity
5,145 Commits 469 Branches 219 Tags
c296abdde90da08e546b4bfb3ab200535c8775db
Commit Graph

2091 Commits

Author SHA1 Message Date
Dhruwang 613c91a719 Merge branch 'release/4.9' of https://github.com/formbricks/formbricks into backport/7930-sso-account-deletion 
# Conflicts:
#	pnpm-lock.yaml
 2026-05-13 10:44:58 +05:30
Matti Nannt 80e1cc2411 fix: patch transitive and direct dependency security vulnerabilities for 4.9 
Updates direct dependencies with known CVEs and adds/tightens pnpm overrides
for transitive dependencies that cannot be updated directly.

Direct updates:
- next: 16.1.7 → 16.2.6 (middleware bypass, SSRF, DoS, XSS CVEs)
- lodash: 4.17.23 → 4.18.1 (code injection via template CVE-2025-62616)
- nodemailer: 8.0.2 → 8.0.7 (SMTP injection CVEs)
- uuid: 13.0.0 → 13.0.2 (buffer bounds check CVE)
- postcss: 8.5.8 → 8.5.14 (XSS via unescaped </style> CVE-2025-62695)
- @opentelemetry suite: 0.213.0 → 0.217.0 / 2.6.0 → 2.7.1

Override additions/updates:
- protobufjs@7: 7.5.8, protobufjs@8: 8.2.0 (GHSA-xq3m-2v4x-88gg arbitrary code execution)
- @protobufjs/utf8: 1.1.1 (overlong UTF-8 CVE)
- vite@7: 7.3.3, vite@8: 8.0.12 (GHSA-v2wj-q39q-566r fs.deny bypass, GHSA-p9ff-h696-f583 file read)
- node-forge: 1.4.0 (multiple signature forgery / DoS CVEs)
- defu: 6.1.7 (prototype pollution CVE-2025-62629)
- brace-expansion@1/2/5: patched (ReDoS CVE-2025-67313)
- picomatch@2/4: patched (ReDoS CVE-2025-60538/63394)
- dompurify: 3.4.2 (XSS CVE-2025-26791)
- ip-address: 10.1.1 (ReDoS CVE-2025-62629)
- fast-uri: 3.1.2 (CVE-2025-48944/48945)
- fast-xml-parser: 5.7.0 (multiple CVEs)
- yaml: 2.8.3 (CVE-2025-63675)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-12 21:33:15 +02:00
Tiago 5b26354f48 fix: sso account deletion password check (#7930) 
(cherry picked from commit 69ead97965)
 2026-05-11 14:52:01 +00:00
Dhruwang Jariwala 007d99f6b8 fix: prevent Airtable integration crash when token expires (backport #7811) (#7873) 2026-04-27 15:32:03 +05:30
Dhruwang Jariwala a65e6d9093 fix: prevent Airtable integration crash when token expires (#7811) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-27 11:02:04 +05:30
Anshuman Pandey 592d36542f fix: fixes sentry ref issue (#7776) 2026-04-27 11:01:17 +05:30
Dhruwang 60e7c7e8ee fix(surveys): prevent split offline responses on restore (backport #7767) 
Backport of #7767 to release/4.9. Anchors displayId and responseId back
into saved survey progress as soon as they are created, recovers a
missing responseId from displayId on restore, and falls back to a
bootstrap create path that uses the full accumulated response state.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-20 11:43:46 +05:30
Dhruwang Jariwala 7988d7775c fix: [backport] remove dark: variant classes from survey-ui to prevent host page style leakage (#7748) 2026-04-16 11:20:33 +05:30
Dhruwang Jariwala b7ede6c578 fix: prevent offline replay from dropping survey blocks after completion (#7744) 2026-04-15 22:00:29 +02:00
Dhruwang Jariwala f5c3212b2c revert: enhance welcome card to support video uploads (backport #7712) (#7720) 
Co-authored-by: Johannes <72809645+jobenjada@users.noreply.github.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-13 14:59:20 +05:30
Dhruwang Jariwala 652970003d fix: validate "Other" option text on required questions and remove duplicate response entry (backport #7716) (#7717) 2026-04-13 12:27:08 +04:00
Dhruwang Jariwala a8b5e286b6 fix: only show beforeunload warning when offline support is active (backport #7715) (#7718) 2026-04-13 12:26:30 +04:00
Dhruwang Jariwala 322f0be197 fix: improve restricted ID validation toast with i18n support (#7703) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-04-12 06:18:13 +00:00
Dhruwang Jariwala d39e3ee638 feat: offline support for link surveys (#7694) 
Co-authored-by: Matti Nannt <mail@matthiasnannt.com>
Co-authored-by: Anshuman Pandey <54475686+pandeymangg@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-04-10 11:27:48 +00:00
Anshuman Pandey 3d16e859c6 feat: custom posthog events (#7647) 2026-04-09 05:34:01 +00:00
Tiago 87bcad2b20 feat: Supporting different AI providers within Formbricks (#7611) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-04-06 05:45:12 +00:00
Dhruwang Jariwala 8cb8d734cf fix: prevent language switch from breaking survey orientation and resetting language on auto-save (#7654) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-02 12:08:12 +00:00
Anshuman Pandey 44d5530b48 fix: adds formbricks instance on window (#7630) 2026-04-02 07:26:48 +00:00
Tiago b975e7fa2e feat: Make password reset links single-use and revocable (#7627) 2026-04-01 07:12:37 +00:00
Dhruwang Jariwala 5bb8119ebf feat: split AI toggle into smart tools and data analysis settings (#7563) 2026-03-31 11:23:51 +00:00
Bhagya Amarasinghe 01f765e969 fix: migrate auth sessions to database-backed storage (#7594) 2026-03-27 07:15:06 +00:00
IllimarR 697dc9cc99 feat: add Estonian language support for surveys (#7574) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-27 06:12:40 +00:00
Dhruwang Jariwala 20dc147682 fix: scrolling behaviour to invalid questions (#7573) 2026-03-25 13:35:51 +00:00
cursor[bot] 2bb7a6f277 fix: prevent TypeError when checking for duplicate matrix labels (#7579) 
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
 2026-03-25 13:14:18 +00:00
Anshuman Pandey 6da4c6f352 fix: proper errors server side when resources are not found (#7571) 2026-03-24 07:52:37 +00:00
Aryan Ghugare 659b240fca feat: enhance welcome card to support video uploads and display #7491 (#7497) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-24 07:34:43 +00:00
Dhruwang Jariwala b4472f48e9 fix: (Duplicate) prevent multi-language survey buttons from falling back to English (#7559) 2026-03-24 05:45:47 +00:00
Matti Nannt 645f0ab0d1 fix: resolve remaining dependabot alerts (#7561) 2026-03-23 09:59:01 +00:00
Johannes 389a7d9e7b feat: enhance segment activity summary and settings in segment modal (#7553) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-23 08:39:10 +00:00
Tiago c4cf468c7e fix: localize survey and app date rendering (#7473) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-23 07:23:07 +00:00
Matti Nannt 998e5c0819 fix: resolve high severity dependabot alerts (#7551) 2026-03-20 15:55:15 +00:00
Dhruwang Jariwala 0b5418a03a feat: searchable dropdown (#7530) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-03-20 12:15:48 +00:00
Tiago d3250736a9 feat: add V3 surveys API (#7499) 2026-03-20 09:55:33 +00:00
Dhruwang Jariwala e6ee6a6b0d feat: choice rotation (#7512) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-20 06:54:05 +00:00
Dhruwang Jariwala c0b097f929 refactor: update CTA component styles and utility class groups (#7532) 2026-03-20 06:43:35 +00:00
Anshuman Pandey 0dcb98ac29 fix: sdk init issues (#7516) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-19 11:04:12 +00:00
Balázs Úr 540f7aaae7 chore: change LINGO_API_KEY environment variable name (#7521) 2026-03-19 07:30:44 +00:00
Johannes 94b0248075 fix: only allow URL in exact match URL (#7505) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-18 07:20:14 +00:00
Johannes 8c19587baa fix: ensure at least one filter is required for segments (#7503) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-18 06:39:58 +00:00
Anshuman Pandey 433750d3fe fix: removes pino pretty from edge runtime (#7510) 2026-03-18 06:32:55 +00:00
Dhruwang Jariwala 1e7817fb69 fix: pre-strip style attributes before DOMPurify to prevent CSP violations (#7489) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-17 15:33:44 +00:00
Anshuman Pandey f250bc7e88 fix: fixes race between setUserId and trigger (#7498) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-17 08:57:07 +00:00
Anshuman Pandey a51a006c26 fix: fixes data element i18n fixes (#7488) 2026-03-16 10:12:48 +00:00
Matti Nannt ce96cb0b89 feat: replace hosted stripe pricing table (#7486) 
Co-authored-by: Johannes <johannes@formbricks.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-03-16 10:11:40 +00:00
Johannes 2dc5c50f4d feat: implement trial days remaining alert in billing components (#7474) 2026-03-13 16:38:43 +01:00
Anshuman Pandey bddcec0466 fix: adds monkey patching for replaceState (#7475) 2026-03-13 13:40:20 +00:00
Dhruwang Jariwala 4015c76f2b fix: use logical CSS direction classes for RTL matrix question (#7463) 
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-13 10:06:41 +00:00
Matti Nannt 89bb3bcd84 chore: apply NCU minor upgrades fixups (#7460) 2026-03-12 10:44:18 +00:00
Johannes 99bd2ba256 feat: add reverse trial functionality (#7435) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Matti Nannt <matti@formbricks.com>
 2026-03-11 14:47:48 +00:00
Johannes 3e3c696972 feat: add trigger after time passed (#7452) 
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
 2026-03-11 10:12:31 +00:00