Merge branch 'release/3.6.13' into main

.github/codeql/codeql-config.yml

@@ -0,0 +1,12 @@
+name: "Custom CodeQL Config"
+
+queries:
+- uses: security-and-quality
+- uses: ./.github/codeql/custom-queries/javascript
+
+paths:
+- app/assets/javascripts
+
+paths-ignore:
+- bin
+- node_modules

.github/codeql/custom-queries/javascript/qlpack.yml

@@ -0,0 +1,4 @@
+name: custom-javascript-queries
+version: 0.0.0
+libraryPathDependencies:
+- codeql-javascript

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,68 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ develop, main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
+  schedule:
+    - cron: '21 7 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        config-file: ./.github/codeql/codeql-config.yml
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.gitignore

@@ -46,3 +46,5 @@ dump.rdb
 # Yarn
 yarn-error.log
 package-lock.json
+
+codeqldb

.npmignore

@@ -37,3 +37,5 @@ package-lock.json
 package.json
 Rakefile
 testing-server.js
+.github
+codeqldb

.prettierignore

@@ -0,0 +1,2 @@
+.github
+codeqldb

app/assets/javascripts/views/challenge_modal/challenge_modal.tsx

@@ -374,24 +374,26 @@ function ChallengePrompts({
         </div>
       ) : (
         <div key={prompt.id} className="sk-panel-row">
-          <input
+          <form className="w-full">
-            className="sk-input contrast"
+            <input
-            value={ctrl.state.values[prompt.id]!.value as string | number}
+              className="sk-input contrast"
-            onChange={(event) => {
+              value={ctrl.state.values[prompt.id]!.value as string | number}
-              const value = (event.target as HTMLInputElement).value;
+              onChange={(event) => {
-              ctrl.state.values[prompt.id]!.value = value;
+                const value = (event.target as HTMLInputElement).value;
-              ctrl.onTextValueChange(prompt);
+                ctrl.state.values[prompt.id]!.value = value;
-            }}
+                ctrl.onTextValueChange(prompt);
-            onKeyUp={(event) => {
+              }}
-              if (event.key === 'Enter') {
+              onKeyUp={(event) => {
-                event.preventDefault();
+                if (event.key === 'Enter') {
-                ctrl.submit();
+                  event.preventDefault();
-              }
+                  ctrl.submit();
-            }}
+                }
-            ref={index === 0 ? initialFocusRef : undefined}
+              }}
-            placeholder={prompt.title}
+              ref={index === 0 ? initialFocusRef : undefined}
-            type={prompt.secureTextEntry ? 'password' : 'text'}
+              placeholder={prompt.title}
-          />
+              type={prompt.secureTextEntry ? 'password' : 'text'}
+            />
+          </form>
         </div>
       )}
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "standard-notes-web",
-  "version": "3.6.8",
+  "version": "3.6.13",
   "license": "AGPL-3.0-or-later",
   "repository": {
     "type": "git",
@@ -70,8 +70,8 @@
     "@reach/alert-dialog": "^0.13.0",
     "@reach/checkbox": "^0.13.2",
     "@reach/dialog": "^0.13.0",
-    "@standardnotes/sncrypto-web": "^1.2.10",
+    "@standardnotes/sncrypto-web": "1.2.10",
-    "@standardnotes/snjs": "^2.0.75",
+    "@standardnotes/snjs": "2.1.1",
     "mobx": "^6.1.6",
     "mobx-react-lite": "^3.2.0",
     "preact": "^10.5.12"

yarn.lock

@@ -1928,7 +1928,7 @@
   resolved "https://registry.yarnpkg.com/@standardnotes/sncrypto-common/-/sncrypto-common-1.2.9.tgz#5212a959e4ec563584e42480bfd39ef129c3cbdf"
   integrity sha512-xJ5IUGOZztjSgNP/6XL+Ut5+q9UgSTv6xMtKkcQC5aJxCOkJy9u6RamPLdF00WQgwibxx2tu0e43bKUjTgzMig==
 
-"@standardnotes/sncrypto-web@^1.2.10":
+"@standardnotes/sncrypto-web@1.2.10":
   version "1.2.10"
   resolved "https://registry.yarnpkg.com/@standardnotes/sncrypto-web/-/sncrypto-web-1.2.10.tgz#ddda0c8ec92754c1334d9a83be7b320433c55b79"
   integrity sha512-mmHlXFFovBqOdctpMkyXTpK0zI/k4NuXoV5LRGLKIXUktT9/cZg1pgNNfGPFUP+g4C5M2qxeFmZKFh581ipolQ==
@@ -1936,10 +1936,10 @@
     "@standardnotes/sncrypto-common" "^1.2.7"
     libsodium-wrappers "^0.7.8"
 
-"@standardnotes/snjs@^2.0.75":
+"@standardnotes/snjs@2.1.1":
-  version "2.0.75"
+  version "2.1.1"
-  resolved "https://registry.yarnpkg.com/@standardnotes/snjs/-/snjs-2.0.75.tgz#aeb0ead927da63dc85e28f78da2362126bb16602"
+  resolved "https://registry.yarnpkg.com/@standardnotes/snjs/-/snjs-2.1.1.tgz#789bb492e76ee4fe5816ed0de01c9b774244034d"
-  integrity sha512-QL5YgDT0aN9t95gxgURqNudXr5dteVsc1ylsKKSw0DpEGiq0bACPxbI+sUFppoWTFmprxmDh3+vc+FFcFg7Lyw==
+  integrity sha512-GeOPZGX5K2YBdzIWVmS/z4wdQJLLz4Yo2lje8rjep2eLlUiQhRO5BVWaOroYq0uaIamtfSr8m+twbYUkCkPSIQ==
   dependencies:
     "@standardnotes/auth" "^2.0.0"
     "@standardnotes/sncrypto-common" "^1.2.9"
@@ -8006,9 +8006,9 @@ sshpk@^1.7.0:
     tweetnacl "~0.14.0"
 
 ssri@^6.0.1:
-  version "6.0.1"
+  version "6.0.2"
-  resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.1.tgz#2a3c41b28dd45b62b63676ecb74001265ae9edd8"
+  resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.2.tgz#157939134f20464e7301ddba3e90ffa8f7728ac5"
-  integrity sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==
+  integrity sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==
   dependencies:
     figgy-pudding "^3.5.1"