{{ message }}
[Port dspace-8_x] Escape html tags in innerHTML #4737#4882
Merged
Conversation
…rough an innerHTML attribute or not to properly escape them
…rt-4737-to-dspace-8_x
alexandrevryghem
added
bug
high priority
component: Item
alexandrevryghem
moved this to 🙋 Needs Reviewers Assigned
in DSpace Maintenance (10.x, 9.x, 8.x)
tdonohue
requested changes
Dec 3, 2025
tdonohue
left a comment
tdonohue
left a comment
Member
There was a problem hiding this comment.
@bram-maegerman : Thanks also for this backport. Similar to my review on #4881, I believe there's a few minor bugs in this backport. Also there's a change that is unrelated to this PR. See inline below.
Once this is updated, I can retest / rereview.
github-project-automation
Bot
moved this from 🙋 Needs Reviewers Assigned
to 👀 Under Review
in DSpace Maintenance (10.x, 9.x, 8.x)
Contributor
Author
tdonohue
approved these changes
Dec 8, 2025
tdonohue
left a comment
tdonohue
left a comment
Member
There was a problem hiding this comment.
👍 Thanks for the updates, @bram-maegerman ! I retested and re-reviewed this today and it now looks good and works well.
github-project-automation
Bot
moved this from 👀 Under Review
to 👍 Reviewer Approved
in DSpace Maintenance (10.x, 9.x, 8.x)
github-project-automation
Bot
moved this from 👍 Reviewer Approved
to ✅ Done
in DSpace Maintenance (10.x, 9.x, 8.x)
dspeed2
added a commit
to UoEMainLibrary/dspace-angular
that referenced
this pull request
Mar 16, 2026
* Bump sanitize-html from 2.16.0 to 2.17.0 Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 2.16.0 to 2.17.0. - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](apostrophecms/sanitize-html@2.16.0...2.17.0) --- updated-dependencies: - dependency-name: sanitize-html dependency-version: 2.17.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * minor translation improvement: use plural in German translation (cherry picked from commit 027a5ec) * added German translations (cherry picked from commit f12fae3) * added german translations (cherry picked from commit 4ca1edf) * Fixed search facet deadlock Also fixed minor issue in MetadataService, but this doesn't cause any issues in the current code (cherry picked from commit 446280b) * fix theming for DS8 * Bump @babel/runtime from 7.27.3 to 7.27.4 Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.27.3 to 7.27.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-version: 7.27.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump postcss from 8.5.3 to 8.5.4 in the postcss group Bumps the postcss group with 1 update: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 8.5.3 to 8.5.4 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.4) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: postcss ... Signed-off-by: dependabot[bot] <support@github.com> * Bump postcss from 8.5.3 to 8.5.4 in the postcss group Bumps the postcss group with 1 update: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 8.5.3 to 8.5.4 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.3...8.5.4) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: postcss ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @babel/runtime from 7.27.3 to 7.27.4 Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.27.3 to 7.27.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.4/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-version: 7.27.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * 129964: Fixed the header role structure being invalid in the custom theme - Replaced the menubar role from the parent of all the header buttons like lang switch, auth menu & help toggle with toolbar - Replaced the remaining `<a>` buttons in the header with `<button>` to make them expandable with space - Fixed accessibility issues flagged by axe DevTools in the user menu dropdown * 129964: Fixed the header role structure being invalid in the custom theme - Replaced the menubar role from the parent of all the header buttons like lang switch, auth menu & help toggle with toolbar - Replaced the remaining `<a>` buttons in the header with `<button>` to make them expandable with space - Fixed accessibility issues flagged by axe DevTools in the user menu dropdown * Pin zone.js dependency to ~0.14.0 This is a peer dependency of Angular so we should keep it in sync to avoid dependency conflicts. DSpace 8.x uses Angular 17.x so we can pin the same version. See: https://github.com/angular/angular/blob/17.3.x/packages/core/package.json * fix typo in German translation of bitstream.edit.form.description.hint (cherry picked from commit c72af8e) * fix typo in German translation of bitstream.edit.form.description.hint (cherry picked from commit c72af8e) * Bump sass from 1.89.0 to 1.89.1 in the sass group Bumps the sass group with 1 update: [sass](https://github.com/sass/dart-sass). Updates `sass` from 1.89.0 to 1.89.1 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.89.0...1.89.1) --- updated-dependencies: - dependency-name: sass dependency-version: 1.89.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: sass ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sass from 1.89.0 to 1.89.1 in the sass group Bumps the sass group with 1 update: [sass](https://github.com/sass/dart-sass). Updates `sass` from 1.89.0 to 1.89.1 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.89.0...1.89.1) --- updated-dependencies: - dependency-name: sass dependency-version: 1.89.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: sass ... Signed-off-by: dependabot[bot] <support@github.com> * make the default tab for browsing communities and collections configurable * lint fixes * 117287: Fixed various layout issues - The unthemed home news didn't stick to the header like the dspace theme - Impersonate user button has additional margin - Submission form loading icon is not translatable - Create resource policy page doesn't have the correct heading (cherry picked from commit 56e45a9) * Bump @babel/runtime from 7.27.4 to 7.27.6 Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.27.4 to 7.27.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.6/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-version: 7.27.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @babel/runtime from 7.27.4 to 7.27.6 Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.27.4 to 7.27.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.6/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-version: 7.27.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * [DURACOM-291] back porting of fix submission section visibility in order to rely on the configured section scope * Resolve field instance models using index when filtering errors (cherry picked from commit d218e22) * Resolve field instance models using index when filtering errors (cherry picked from commit d218e22) * Bump postcss from 8.5.4 to 8.5.5 in the postcss group Bumps the postcss group with 1 update: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 8.5.4 to 8.5.5 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.4...8.5.5) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: postcss ... Signed-off-by: dependabot[bot] <support@github.com> * Bump postcss from 8.5.4 to 8.5.5 in the postcss group Bumps the postcss group with 1 update: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 8.5.4 to 8.5.5 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.4...8.5.5) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: postcss ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sass from 1.89.1 to 1.89.2 in the sass group Bumps the sass group with 1 update: [sass](https://github.com/sass/dart-sass). Updates `sass` from 1.89.1 to 1.89.2 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.89.1...1.89.2) --- updated-dependencies: - dependency-name: sass dependency-version: 1.89.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: sass ... Signed-off-by: dependabot[bot] <support@github.com> * Bump axios from 1.9.0 to 1.10.0 Bumps [axios](https://github.com/axios/axios) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump axios from 1.9.0 to 1.10.0 Bumps [axios](https://github.com/axios/axios) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.9.0...v1.10.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.10.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * 122464: Fixed a memory leak when initComponentInstance is called multiple times (cherry picked from commit 62f1566) * 117287: Fixed various layout issues - The unthemed home news didn't stick to the header like the dspace theme - Impersonate user button has additional margin - Submission form loading icon is not translatable - Create resource policy page doesn't have the correct heading (cherry picked from commit 56e45a9) * Bump postcss from 8.5.5 to 8.5.6 in the postcss group Bumps the postcss group with 1 update: [postcss](https://github.com/postcss/postcss). Updates `postcss` from 8.5.5 to 8.5.6 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.5...8.5.6) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: postcss ... Signed-off-by: dependabot[bot] <support@github.com> * Bump postcss from 8.5.5 to 8.5.6 in the postcss group --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: postcss ... Signed-off-by: dependabot[bot] <support@github.com> * 119602: Align accessibility link with other footer links * 119602: Open tooltip to left of info icon * 119602: Port disabling of cookie popup from main * 119602: Align accessibility link with other footer links * 119602: Open tooltip to left of info icon * 119602: Port disabling of cookie popup from main # Conflicts: # src/app/footer/footer.component.spec.ts # src/app/footer/footer.component.ts # src/config/default-app-config.ts # src/config/info-config.interface.ts # src/environments/environment.test.ts * 119602: Fix SSR error by making klaroService optional KlaroService handles cookies which are not applicable during SSR. By making the service optional, and handling the case when it is not available, SSR can do its work without throwing NullInjectorErrors. * 119602: Fix SSR error by making klaroService optional KlaroService handles cookies which are not applicable during SSR. By making the service optional, and handling the case when it is not available, SSR can do its work without throwing NullInjectorErrors. * 119612: UI warning that only first part of configured items will be exported (cherry picked from commit b69b21a) * 119612: Check if a warning should be shown on changes to the total elements of the search, default to 500 if no value for the configuration property was returned (cherry picked from commit e1b773c) * 119612: aria-label to also include warning message if applicable (cherry picked from commit 8eaff78) * 119612: fix spec test (cherry picked from commit 6232d4e) * 119612: UI warning that only first part of configured items will be exported (cherry picked from commit b69b21a) * 119612: Check if a warning should be shown on changes to the total elements of the search, default to 500 if no value for the configuration property was returned (cherry picked from commit e1b773c) * 119612: aria-label to also include warning message if applicable (cherry picked from commit 8eaff78) * 119612: fix spec test (cherry picked from commit 6232d4e) * Bump @types/lodash from 4.17.17 to 4.17.20 Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.17.17 to 4.17.20. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) --- updated-dependencies: - dependency-name: "@types/lodash" dependency-version: 4.17.20 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix missing imports after backport * Sync i18n files to prepare for 8.2 release. * Sync i18n files to prepare for the 7.6.4 release * Bump core-js from 3.42.0 to 3.44.0 Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.42.0 to 3.44.0. - [Release notes](https://github.com/zloirock/core-js/releases) - [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/zloirock/core-js/commits/v3.44.0/packages/core-js) --- updated-dependencies: - dependency-name: core-js dependency-version: 3.44.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update version tag for release * Update version tag for development of next release * Update version tag for release * Update version tag for development of next release * Bump eslint-plugin-import from 2.31.0 to 2.32.0 in the eslint group --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-version: 2.32.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: eslint ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sass from 1.89.1 to 1.89.2 in the sass group Bumps the sass group with 1 update: [sass](https://github.com/sass/dart-sass). Updates `sass` from 1.89.1 to 1.89.2 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.89.1...1.89.2) --- updated-dependencies: - dependency-name: sass dependency-version: 1.89.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: sass ... Signed-off-by: dependabot[bot] <support@github.com> * Bump eslint-plugin-import from 2.31.0 to 2.32.0 in the eslint group Bumps the eslint group with 1 update: [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import). Updates `eslint-plugin-import` from 2.31.0 to 2.32.0 - [Release notes](https://github.com/import-js/eslint-plugin-import/releases) - [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md) - [Commits](import-js/eslint-plugin-import@v2.31.0...v2.32.0) --- updated-dependencies: - dependency-name: eslint-plugin-import dependency-version: 2.32.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: eslint ... Signed-off-by: dependabot[bot] <support@github.com> * Bump compression from 1.8.0 to 1.8.1 Bumps [compression](https://github.com/expressjs/compression) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/expressjs/compression/releases) - [Changelog](https://github.com/expressjs/compression/blob/master/HISTORY.md) - [Commits](expressjs/compression@1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: compression dependency-version: 1.8.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump morgan from 1.10.0 to 1.10.1 Bumps [morgan](https://github.com/expressjs/morgan) from 1.10.0 to 1.10.1. - [Release notes](https://github.com/expressjs/morgan/releases) - [Changelog](https://github.com/expressjs/morgan/blob/master/HISTORY.md) - [Commits](expressjs/morgan@1.10.0...1.10.1) --- updated-dependencies: - dependency-name: morgan dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump morgan from 1.10.0 to 1.10.1 --- updated-dependencies: - dependency-name: morgan dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump compression from 1.8.0 to 1.8.1 --- updated-dependencies: - dependency-name: compression dependency-version: 1.8.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Automatic update to yarn.locak after various dependency updates. This dependency is no longer needed. * Update version tag for release * Fix current parent order when creating subcommunity (cherry picked from commit 44fcc72) * Bump vite from 5.4.17 to 5.4.19 Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.17 to 5.4.19. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.19/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 5.4.19 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @babel/helpers from 7.25.6 to 7.27.6 Bumps [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) from 7.25.6 to 7.27.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.27.6/packages/babel-helpers) --- updated-dependencies: - dependency-name: "@babel/helpers" dependency-version: 7.27.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix empty search query after previous non-empty search (cherry picked from commit cf34198) * Bump axios from 1.10.0 to 1.11.0 Bumps [axios](https://github.com/axios/axios) from 1.10.0 to 1.11.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.10.0...v1.11.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.11.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump isbot from 5.1.28 to 5.1.29 Bumps [isbot](https://github.com/omrilotan/isbot) from 5.1.28 to 5.1.29. - [Changelog](https://github.com/omrilotan/isbot/blob/main/CHANGELOG.md) - [Commits](omrilotan/isbot@v5.1.28...v5.1.29) --- updated-dependencies: - dependency-name: isbot dependency-version: 5.1.29 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(versioning): encode summary The reason for creating a new version is now encoded in the URL. (cherry picked from commit 2dd870e) * Bump webpack-dev-server from 4.15.2 to 5.2.1 Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 4.15.2 to 5.2.1. - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v4.15.2...v5.2.1) --- updated-dependencies: - dependency-name: webpack-dev-server dependency-version: 5.2.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @babel/runtime from 7.27.6 to 7.28.2 Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.27.6 to 7.28.2. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.2/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-version: 7.28.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Updates French translations for 8.x * Bump the webpack group across 1 directory with 2 updates Bumps the webpack group with 2 updates in the / directory: [webpack](https://github.com/webpack/webpack) and [webpack-dev-server](https://github.com/webpack/webpack-dev-server). Updates `webpack` from 5.99.9 to 5.101.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](webpack/webpack@v5.99.9...v5.101.0) Updates `webpack-dev-server` from 5.2.1 to 5.2.2 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/master/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v5.2.1...v5.2.2) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.101.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: webpack - dependency-name: webpack-dev-server dependency-version: 5.2.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: webpack ... Signed-off-by: dependabot[bot] <support@github.com> * fix back button navigation after visiting a community or collection page (cherry picked from commit c7c1c0f) * .github/workflows/codescan.yml: use codeql-action v3 Version 2 was deprecated in January, 2024 after the release of v3. See: https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/ (cherry picked from commit 3333ee4) * add untranslated i18n keys for ROR API * add in pt-BR file and remove form pt-PT * fix code style * Inspect event key characters, not keyCodes on tag keyUp (cherry picked from commit f313b4a) * Create dynamic tag test events with key chars, not keyCodes (cherry picked from commit 98fc76d) * Bump core-js from 3.44.0 to 3.45.1 Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.44.0 to 3.45.1. - [Release notes](https://github.com/zloirock/core-js/releases) - [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/zloirock/core-js/commits/v3.45.1/packages/core-js) --- updated-dependencies: - dependency-name: core-js dependency-version: 3.45.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump isbot from 5.1.29 to 5.1.30 Bumps [isbot](https://github.com/omrilotan/isbot) from 5.1.29 to 5.1.30. - [Changelog](https://github.com/omrilotan/isbot/blob/main/CHANGELOG.md) - [Commits](omrilotan/isbot@v5.1.29...v5.1.30) --- updated-dependencies: - dependency-name: isbot dependency-version: 5.1.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @babel/runtime from 7.28.2 to 7.28.4 Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.28.2 to 7.28.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.28.4/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-version: 7.28.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sass from 1.89.2 to 1.92.1 in the sass group Bumps the sass group with 1 update: [sass](https://github.com/sass/dart-sass). Updates `sass` from 1.89.2 to 1.92.1 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.89.2...1.92.1) --- updated-dependencies: - dependency-name: sass dependency-version: 1.92.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: sass ... Signed-off-by: dependabot[bot] <support@github.com> * Bump cypress-axe from 1.6.0 to 1.7.0 in the testing group Bumps the testing group with 1 update: [cypress-axe](https://github.com/component-driven/cypress-axe). Updates `cypress-axe` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/component-driven/cypress-axe/releases) - [Commits](component-driven/cypress-axe@v1.6.0...v1.7.0) --- updated-dependencies: - dependency-name: cypress-axe dependency-version: 1.7.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: testing ... Signed-off-by: dependabot[bot] <support@github.com> * fix: call parent ngOnDestroy in dynamic form control container (cherry picked from commit 4d803a5) * [Port dspace-7_x] Clean up spacing in input forms Manual port of DSpace#4136 by @gingyx to DSpace 7.x. * src/themes/dspace: rework banner image For some reason our version of this image is twice the size of the original (~860KiB vs 1.6MiB). To make matters worse, the dimensions of the image are 4777x3166 pixels, but we display it at 2000 pixels wide. This regenerates the images based on the original and adjusts the dimensions to be more appropriate. Generated using ImageMagick 7 on Linux: $ magick pexels-inspiredimages-132477.jpg -resize 2000x src/themes/dspace/assets/images/banner.jpg $ magick pexels-inspiredimages-132477.jpg -resize 2000x src/themes/dspace/assets/images/banner.webp $ magick pexels-inspiredimages-132477.jpg -resize 1200x src/themes/dspace/assets/images/banner-half.jpg $ magick pexels-inspiredimages-132477.jpg -resize 1200x src/themes/dspace/assets/images/banner-half.webp See: https://www.pexels.com/photo/clear-water-drops-132477/ (cherry picked from commit d9e8fea) * server.ts: remove invalid host fallback If `environment.ui.host` is Falsy, then we attempt to fall back to a host value of '/', which is invalid. I think that, if a user has messed up their config so much that defaults in our configuration interface don't work, then we should actually fail here. (cherry picked from commit f622d58) * server.ts: remove port fallback If a user has messed up their config so much that the fallbacks in our default configuration interface don't work then we should just fail here. (cherry picked from commit 6c09677) * Backport [#9814] Fix Only show authorized communities/collections in selector to 8x * src/app: use correct icon in item mapper When adding mappings in the item mapper we should use the save icon rather than the trash icon! * SSR: avoid sending new response when headeras were already sent (fixes DSpace#2315) (cherry picked from commit 951c5f6) * Bump isbot from 5.1.30 to 5.1.31 Bumps [isbot](https://github.com/omrilotan/isbot) from 5.1.30 to 5.1.31. - [Changelog](https://github.com/omrilotan/isbot/blob/main/CHANGELOG.md) - [Commits](omrilotan/isbot@v5.1.30...v5.1.31) --- updated-dependencies: - dependency-name: isbot dependency-version: 5.1.31 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * [TLC-1202] Disable fields hidden by type bind, so they are not validated (cherry picked from commit c47d988) * [TLC-1202] Centralise getTypeBindRelations to single static method (cherry picked from commit 9244c24) * [TLC-1202] Move getTypeBindRelations to util function (cherry picked from commit f16dda8) * Added rendering namespace when client side (cherry picked from commit 75c9112) * In DSpace 8+ "environment.universal" is renamed "environment.ssr" * Bump axios from 1.11.0 to 1.13.1 Bumps [axios](https://github.com/axios/axios) from 1.11.0 to 1.13.1. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.11.0...v1.13.1) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sass from 1.92.1 to 1.93.2 in the sass group Bumps the sass group with 1 update: [sass](https://github.com/sass/dart-sass). Updates `sass` from 1.92.1 to 1.93.2 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.92.1...1.93.2) --- updated-dependencies: - dependency-name: sass dependency-version: 1.93.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: sass ... Signed-off-by: dependabot[bot] <support@github.com> * Bump core-js from 3.45.1 to 3.46.0 Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.45.1 to 3.46.0. - [Release notes](https://github.com/zloirock/core-js/releases) - [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/zloirock/core-js/commits/v3.46.0/packages/core-js) --- updated-dependencies: - dependency-name: core-js dependency-version: 3.46.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix 4241 language selection Consider the language set in the users profile when setting it on page load. Also match languages case-insensitive. Updated tests * removed references to X.509 authentication method (cherry picked from commit 1070579) * src/app/shared/search: use nofollow for facet links Use `rel="nofollow"` on Discovery search facet links to signal to well-behaved bots that they should not crawl facets. Faceted search results are derivative content of primary DSpace objects and cause excessive load on the server and even exhaust your crawl budget on crawlers like Google. See: https://developers.google.com/search/blog/2024/12/crawling-december-faceted-nav See: https://developers.google.com/search/docs/crawling-indexing/crawling-managing-faceted-navigation * 136225: Add noindex robots meta tag for non-discoverable items (cherry picked from commit 0022e29) * fix script source file access (cherry picked from commit 8ad6197) * Bump eslint-plugin-jsonc from 2.20.1 to 2.21.0 in the eslint group Bumps the eslint group with 1 update: [eslint-plugin-jsonc](https://github.com/ota-meshi/eslint-plugin-jsonc). Updates `eslint-plugin-jsonc` from 2.20.1 to 2.21.0 - [Release notes](https://github.com/ota-meshi/eslint-plugin-jsonc/releases) - [Changelog](https://github.com/ota-meshi/eslint-plugin-jsonc/blob/master/CHANGELOG.md) - [Commits](ota-meshi/eslint-plugin-jsonc@v2.20.1...v2.21.0) --- updated-dependencies: - dependency-name: eslint-plugin-jsonc dependency-version: 2.21.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: eslint ... Signed-off-by: dependabot[bot] <support@github.com> * Bump axios from 1.13.1 to 1.13.2 Bumps [axios](https://github.com/axios/axios) from 1.13.1 to 1.13.2. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.1...v1.13.2) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump csstype from 3.1.3 to 3.2.3 Bumps [csstype](https://github.com/frenic/csstype) from 3.1.3 to 3.2.3. - [Release notes](https://github.com/frenic/csstype/releases) - [Changelog](https://github.com/frenic/csstype/blob/master/.release-it.json) - [Commits](frenic/csstype@v3.1.3...v3.2.3) --- updated-dependencies: - dependency-name: csstype dependency-version: 3.2.3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump js-yaml from 4.1.0 to 4.1.1 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump sass from 1.93.3 to 1.94.0 in the sass group Bumps the sass group with 1 update: [sass](https://github.com/sass/dart-sass). Updates `sass` from 1.93.3 to 1.94.0 - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](sass/dart-sass@1.93.3...1.94.0) --- updated-dependencies: - dependency-name: sass dependency-version: 1.94.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: sass ... Signed-off-by: dependabot[bot] <support@github.com> * Bump core-js from 3.46.0 to 3.47.0 Bumps [core-js](https://github.com/zloirock/core-js/tree/HEAD/packages/core-js) from 3.46.0 to 3.47.0. - [Release notes](https://github.com/zloirock/core-js/releases) - [Changelog](https://github.com/zloirock/core-js/blob/master/CHANGELOG.md) - [Commits](https://github.com/zloirock/core-js/commits/v3.47.0/packages/core-js) --- updated-dependencies: - dependency-name: core-js dependency-version: 3.47.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Bump @types/lodash from 4.17.20 to 4.17.21 Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash) --- updated-dependencies: - dependency-name: "@types/lodash" dependency-version: 4.17.21 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * [DURACOM-380] backporting * fix circular find Eperson request * Bump isbot from 5.1.31 to 5.1.32 Bumps [isbot](https://github.com/omrilotan/isbot) from 5.1.31 to 5.1.32. - [Changelog](https://github.com/omrilotan/isbot/blob/main/CHANGELOG.md) - [Commits](omrilotan/isbot@v5.1.31...v5.1.32) --- updated-dependencies: - dependency-name: isbot dependency-version: 5.1.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Bump the testing group with 2 updates Bumps the testing group with 2 updates: [axe-core](https://github.com/dequelabs/axe-core) and [ng-mocks](https://github.com/help-me-mom/ng-mocks). Updates `axe-core` from 4.10.3 to 4.11.0 - [Release notes](https://github.com/dequelabs/axe-core/releases) - [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md) - [Commits](dequelabs/axe-core@v4.10.3...v4.11.0) Updates `ng-mocks` from 14.13.5 to 14.14.0 - [Release notes](https://github.com/help-me-mom/ng-mocks/releases) - [Changelog](https://github.com/help-me-mom/ng-mocks/blob/master/CHANGELOG.md) - [Commits](help-me-mom/ng-mocks@v14.13.5...v14.14.0) --- updated-dependencies: - dependency-name: axe-core dependency-version: 4.11.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: testing - dependency-name: ng-mocks dependency-version: 14.14.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: testing ... Signed-off-by: dependabot[bot] <support@github.com> * Bump vite from 5.4.19 to 5.4.21 Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.19 to 5.4.21. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.4.21/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 5.4.21 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump node-forge from 1.3.1 to 1.3.2 Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](digitalbazaar/forge@v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * [Port dspace-8_x] Escape html tags in innerHTML DSpace#4737 (DSpace#4882) * Refactored code to pass down whether they are injected in the code through an innerHTML attribute or not to properly escape them * 134319: Renamed injectedAsHTML to escapeHTML * 134380: added escapeMetadataHTML as an input on ThemedItemDetailPreviewFieldComponent * 134380: fixed abstract and date field not being escaped * 134380: reverted unrelated change --------- Co-authored-by: Alexandre Vryghem <alexandre@atmire.com> * Include the missing ADD policy action in the resource policy form (cherry picked from commit 213e642) * [Port dspace-8_x] Fix uk lang file (DSpace#4943) * Fix uk lang file (cherry picked from commit 3abc497) * Update uk.json5 (cherry picked from commit 7cbe529) --------- Co-authored-by: Olexandr Shaposhnyk <118913884+oshaposhnyk@users.noreply.github.com> * Sync all i18n files with en.json5 for v8.3 * Update version tag for release --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Tim Donohue <tim.donohue@lyrasis.org> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alan Orth <alan.orth@gmail.com> Co-authored-by: Sascha Szott <szott@gmx.de> Co-authored-by: Alexandre Vryghem <alexandre@atmire.com> Co-authored-by: abhinav <abhinav.sidharthan@atmire.com> Co-authored-by: Joran De Braekeleer <joran.debraekeleer@atmire.com> Co-authored-by: nwoodward <woodward.nicholas@gmail.com> Co-authored-by: Giuseppe Digilio <giuseppe.digilio@4science.com> Co-authored-by: Kim Shepherd <kim@shepherd.nz> Co-authored-by: Zoltán Kanász-Nagy <zoltan.kanasz-nagy@qulto.eu> Co-authored-by: Andreas Awouters <andreas.awouters@atmire.com> Co-authored-by: Jens Vannerum <jens.vannerum@atmire.com> Co-authored-by: Jesiel Viana <jesielviana@proton.me> Co-authored-by: Jukka Lipka <3710455+jlipka@users.noreply.github.com> Co-authored-by: Nima Behforouz <nima.behforouz@umontreal.ca> Co-authored-by: Art Lowel <art.lowel@gmail.com> Co-authored-by: im-shubham-vish <shubhamv@virsoftech.com> Co-authored-by: Daniel Coelho <daniel.coelho@cgu.gov.br> Co-authored-by: milanmajchrak <milan.majchrak@dataquest.sk> Co-authored-by: Zahraa Chreim <zahraa.chreim@atmire.com> Co-authored-by: FrancescoMolinaro <francesco.molinaro@4science.com> Co-authored-by: bram-maegerman <91273521+bram-maegerman@users.noreply.github.com> Co-authored-by: Toni Prieto <antonio.juan.prieto@upc.edu> Co-authored-by: DSpace Bot <68393067+dspace-bot@users.noreply.github.com> Co-authored-by: Olexandr Shaposhnyk <118913884+oshaposhnyk@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Port of #4737 by @bram-maegerman to
dspace-8_x