mirror/formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-05-19 19:38:39 -05:00
Code Issues Packages Projects Releases 177 Wiki Activity
5,145 Commits 466 Branches 219 Tags
4.9.6
Commit Graph

5145 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dhruwang Jariwala c296abdde9 fix: backport sso deletion redirect to 4.9 (#8040) stable 4.9.6-rc.3 4.9.6 2026-05-18 16:45:24 +05:30
Tiago Farto 471823d4e2 fix: backport sso deletion redirect 2026-05-18 10:55:32 +00:00
Dhruwang Jariwala 3ba2aa6e3e chore: backport SSO deletion simplification to 4.9 (#8012) 4.9.6-rc.2 2026-05-18 15:04:14 +05:30
Tiago Farto 039de42345 chore: update sso deletion backport 2026-05-15 11:55:14 +00:00
Tiago Farto 0834f0a849 chore: polish SSO confirmation terminology 2026-05-14 13:53:18 +00:00
Tiago Farto 0cb2d2b3d2 chore: backport SSO confirmation env rename 2026-05-14 13:50:17 +00:00
Tiago Farto 98abc421e4 chore: backport SSO deletion simplification 2026-05-14 13:47:15 +00:00
Dhruwang Jariwala 77a21d1eab fix: backport SSO account deletion reauth (#7976) 4.9.6-rc.1 2026-05-13 11:28:36 +05:30
Dhruwang 613c91a719 Merge branch 'release/4.9' of https://github.com/formbricks/formbricks into backport/7930-sso-account-deletion 
# Conflicts:
#	pnpm-lock.yaml
 2026-05-13 10:44:58 +05:30
Dhruwang Jariwala ca372b3c8b fix: patch security dependency vulnerabilities for 4.9 (#7989) 2026-05-13 10:37:33 +05:30
Matti Nannt 80e1cc2411 fix: patch transitive and direct dependency security vulnerabilities for 4.9 
Updates direct dependencies with known CVEs and adds/tightens pnpm overrides
for transitive dependencies that cannot be updated directly.

Direct updates:
- next: 16.1.7 → 16.2.6 (middleware bypass, SSRF, DoS, XSS CVEs)
- lodash: 4.17.23 → 4.18.1 (code injection via template CVE-2025-62616)
- nodemailer: 8.0.2 → 8.0.7 (SMTP injection CVEs)
- uuid: 13.0.0 → 13.0.2 (buffer bounds check CVE)
- postcss: 8.5.8 → 8.5.14 (XSS via unescaped </style> CVE-2025-62695)
- @opentelemetry suite: 0.213.0 → 0.217.0 / 2.6.0 → 2.7.1

Override additions/updates:
- protobufjs@7: 7.5.8, protobufjs@8: 8.2.0 (GHSA-xq3m-2v4x-88gg arbitrary code execution)
- @protobufjs/utf8: 1.1.1 (overlong UTF-8 CVE)
- vite@7: 7.3.3, vite@8: 8.0.12 (GHSA-v2wj-q39q-566r fs.deny bypass, GHSA-p9ff-h696-f583 file read)
- node-forge: 1.4.0 (multiple signature forgery / DoS CVEs)
- defu: 6.1.7 (prototype pollution CVE-2025-62629)
- brace-expansion@1/2/5: patched (ReDoS CVE-2025-67313)
- picomatch@2/4: patched (ReDoS CVE-2025-60538/63394)
- dompurify: 3.4.2 (XSS CVE-2025-26791)
- ip-address: 10.1.1 (ReDoS CVE-2025-62629)
- fast-uri: 3.1.2 (CVE-2025-48944/48945)
- fast-xml-parser: 5.7.0 (multiple CVEs)
- yaml: 2.8.3 (CVE-2025-63675)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-12 21:33:15 +02:00
Dhruwang fef959e9aa test: strip backport-only test additions 
Backport PRs should not introduce new test files or test cases beyond
what already exists on the release branch — even when those tests live
on main. Coverage for the underlying functionality remains on main via
the original PR (#7930); duplicating it here only inflates the backport
diff.

Removes 7 added test files and 3 test cases that were added to
jwt.test.ts (account deletion SSO reauthentication intents). Existing
test file updates (user.test.ts cleanup, providers.test.ts and
keys.test.ts trivial adjustments) are kept. No production code touched.
 2026-05-12 18:59:07 +05:30
Tiago Farto 240ce70feb test: restore sso reauth coverage 2026-05-12 12:21:58 +00:00
Tiago Farto c16a77fd66 test: restore scoped sso deletion coverage 2026-05-12 12:10:35 +00:00
Tiago Farto f33cfcd11f test: fix sso backport expectations 2026-05-12 11:46:17 +00:00
Tiago Farto a164fb213f test: cover sso account deletion backport 2026-05-12 10:57:40 +00:00
Tiago Farto d3cf3f05f2 chore: trim release backport scope 2026-05-12 10:42:35 +00:00
Tiago Farto 261d2050fc test: isolate authenticated api client 2026-05-11 15:05:34 +00:00
Tiago 5b26354f48 fix: sso account deletion password check (#7930) 
(cherry picked from commit 69ead97965)
 2026-05-11 14:52:01 +00:00
Dhruwang Jariwala bd05387d99 fix: backport account deletion authorization (#7901) (#7903) 4.9.5-rc.1 4.9.5 2026-04-28 18:39:00 +05:30
Tiago Farto 9b4be60dd9 fix: backport account deletion authorization (#7901) 2026-04-28 12:52:06 +00:00
Dhruwang Jariwala bad3b7a771 fix: (backport) prevent SSRF via redirect following in webhook delivery (#7877) (#7892) 4.9.4-rc.2 4.9.4 2026-04-27 15:32:12 +05:30
Dhruwang Jariwala 007d99f6b8 fix: prevent Airtable integration crash when token expires (backport #7811) (#7873) 2026-04-27 15:32:03 +05:30
Dhruwang Jariwala 03b7dfefe4 fix: fixes sentry ref issue (backport #7776) (#7872) 2026-04-27 15:31:52 +05:30
Anshuman Pandey 9178558ba1 fix: prevent SSRF via redirect following in webhook delivery (#7877) 2026-04-27 15:08:17 +05:30
Dhruwang Jariwala a65e6d9093 fix: prevent Airtable integration crash when token expires (#7811) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-27 11:02:04 +05:30
Anshuman Pandey 592d36542f fix: fixes sentry ref issue (#7776) 2026-04-27 11:01:17 +05:30
Tiago 5ec8218666 fix: (backport) password hash visibility improvement (#7814) (#7833) 4.9.4-rc.1 2026-04-24 14:33:26 +00:00
Tiago Farto e1a44817f2 fix: password hash visibility improvement 
(cherry picked from commit 73ad130ece)
 2026-04-24 13:10:40 +00:00
Dhruwang Jariwala 7f5b2bf69d fix: prevent split offline responses on restore (backport #7767) (#7777) 4.9.3-rc.1 4.9.3 2026-04-20 12:00:34 +05:30
Dhruwang 60e7c7e8ee fix(surveys): prevent split offline responses on restore (backport #7767) 
Backport of #7767 to release/4.9. Anchors displayId and responseId back
into saved survey progress as soon as they are created, recovers a
missing responseId from displayId on restore, and falls back to a
bootstrap create path that uses the full accumulated response state.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-04-20 11:43:46 +05:30
Dhruwang Jariwala 7988d7775c fix: [backport] remove dark: variant classes from survey-ui to prevent host page style leakage (#7748) 4.9.2-rc.1 4.9.2 2026-04-16 11:20:33 +05:30
Dhruwang Jariwala b7ede6c578 fix: prevent offline replay from dropping survey blocks after completion (#7744) 2026-04-15 22:00:29 +02:00
Bhagya Amarasinghe 8204a5c652 fix: restore legacy SSO auto-linking hotfix (#7728) 4.9.1-rc.1 4.9.1 2026-04-13 20:42:33 +05:30
Anshuman Pandey e823e10f9a fix: backports missing posthog events fix (#7723) 4.9.0 4.9.0-rc.3 2026-04-13 17:36:39 +05:30
Dhruwang Jariwala f5c3212b2c revert: enhance welcome card to support video uploads (backport #7712) (#7720) 
Co-authored-by: Johannes <72809645+jobenjada@users.noreply.github.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
4.9.0-rc.2 		2026-04-13 14:59:20 +05:30
Dhruwang Jariwala 2d66fc6987 fix: prevent TTC overcount for multi-question blocks (backport #7713) (#7719) 2026-04-13 14:40:35 +05:30
Dhruwang Jariwala 652970003d fix: validate "Other" option text on required questions and remove duplicate response entry (backport #7716) (#7717) 2026-04-13 12:27:08 +04:00
Dhruwang Jariwala a8b5e286b6 fix: only show beforeunload warning when offline support is active (backport #7715) (#7718) 2026-04-13 12:26:30 +04:00
Dhruwang Jariwala 322f0be197 fix: improve restricted ID validation toast with i18n support (#7703) 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Johannes <johannes@formbricks.com>
4.9.0-rc.1 		2026-04-12 06:18:13 +00:00
Manuel Delgado 1a02f91afd fix(api): return 409 Conflict instead of 500 when creating user with duplicate email (#7675) 
Co-authored-by: Tiago Farto <tiago@formbricks.com>
 2026-04-10 14:28:17 +00:00
Tiago cc22ccb22d chore: Harden SSO account linking for existing email-based accounts (#7702) 2026-04-10 14:19:21 +00:00
Tiago 12763f0ef6 fix: Dutch translations for link survey footer (Privacy Policy, Imprint, Report Survey) (#7707) 2026-04-10 13:42:15 +00:00
Dhruwang Jariwala d39e3ee638 feat: offline support for link surveys (#7694) 
Co-authored-by: Matti Nannt <mail@matthiasnannt.com>
Co-authored-by: Anshuman Pandey <54475686+pandeymangg@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
Co-authored-by: Johannes <johannes@formbricks.com>
 2026-04-10 11:27:48 +00:00
dingdyan d85242a86b fix: handle internal server error toast behavior in create organization (#7662) 
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
 2026-04-10 11:13:10 +00:00
Bhagya Amarasinghe ef53065abc feat: support GKE Envoy ingress split with numeric ports and service annotations (#7704) 2026-04-10 09:22:19 +00:00
Dhruwang Jariwala 805c1c6874 fix: (duplicate) server error toast handling (#7701) 2026-04-10 09:22:16 +00:00
Niels Kaspers 01687e8907 fix: add TERMS_URL support to survey link footers (#7670) 2026-04-10 09:21:11 +00:00
Johannes 31d455002d feat: unifiy nav auth behaviour (#7635) 
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Johannes <jobenjada@users.noreply.github.com>
 2026-04-09 14:26:14 +00:00
Johannes d96304d86d fix: make navigation more user-friendly (#7599) 
Co-authored-by: Tiago Farto <tiago@formbricks.com>
 2026-04-09 08:03:24 +00:00