Your web application for managing personal data.

  • By Dariusz
  • Last update: Jan 8, 2023
  • Comments: 17

Personal Management System

Your central point for managing personal data
(if current modules allow to do that).

Documentation / Demo


  • Documentation - available here
  • Demo - click here
    • Login: admin
    • Password/LockPassword: admin

Description


It's easier to understand this web application when you think about a CMS (WordPress) or CRM (SugarCRM); the logic behind this system is very similar to those two. My PMS may offer fewer possibilities than those systems above, but it just does what I want it to do. Additionally, writing extensions is not too hard, depending on the logic required. Anyone with development knowledge can pretty much write their own extensions for personal needs.

Reasoning/Purpose


I decided to create my own system, because playing around with tons of plugins for WordPress and writing customizations to some existing CRMs would take me as much time as writing my own system and by knowing the logic from its core it's easier for me to write extensions and add additional modules - whatever I need.

Secondly, there is no system like that, and I didn't wanted to end up integrating a docker based cloud with CMS. Furthermore I just need an application like that to keep organized and I'm tired of having some very personal data on OneDrive, other data on Google cloud, some notes here, and some notes there. The end goal is to have an application running on terminal or raspberry 24/7 plugged into my home network, without access to internet.

Preview


Available options and modules


  1. 🎯 Todo/Goals - Keep a track of your personal goals. You can use todolist to keep track of your goals progress or use payments submodule to keep an eye of the money amount that you want to collect for something.

  2. 📖 Notes - Add any personal note to desired category. Here, you can keep any small information that you need; it can be either quick notes from phone call, bunch of information collected all around different pages or some links to things that you want to check somewhere later in future.

  3. 📞 Contacts - You ever feel like You got dozens of phone contacts, emails etc. that you would like to get rid of, or make some safety backup in case you loose your phone? With this simple module you can organize your personal contacts.

  4. 🔑 Passwords - We all get to certain point when there are just way too many passwords to handle all around. Yeah we can keep them on email, pendrive, have special patterns in our heads, but lets face it sometimes it's just too many. With the Passwords module You can keep Your passwords encrypted in Your database, while on the frontend there is a copy button that will fetch You back the original password.

  5. 🏆 Achievements - Want to keep a track on anything cool you did - put in this module!

  6. 📅 Schedules - This module purpose is to keep track of any recurring things you got to do like for example car oil changes, payments, visits etc. Data added to the groups of schedules will be displayed on Dashboard and in the notification bell.

  7. 🔁 Issues - In this section You can track any ongiong/pending cases that have to be eventually resolved but it's not necessary required to keep constantly an eye on it - yet it might be required to go back one day in future to it so it allows to add subrecords of performed contacts and progress in given case

  8. 🌴 Travels - Having some ideas of places to visit but without any specific plans to it? Add it to this Module with google map link and some image so you can come back to it at any moment. May the image remind you why you were interested in this particular place.

  9. 💸 Payments - Don't know how much money You spend on food, travels, domestic shopping? Simply from now on add every shopping details to the list and let it do all the calculations, alongside with summary for given month.

    On the other hand if you would like to keep an eye of prices for particular products you can add information about them in Products Prices submodule (which I'm personally using while being in other country - on the moment when I'm writing this).

    Here You can also keep track of who owes You some money or who You owe something to by using owed money submodule.

    Bills submodule allows saving information about money spent on certain things (separately from monthly payments for things like money spent on holiday etc.)


  10. 🛒 Shopping - You got plans to buy something in future? Add it to the list, and then just check it out, maybe You will be able to buy this particular thing just now.

  11. 💻 Job - The Afterhours submodule is a nice way to keep an eye of all the afterhours you've made in work. With this you can also separate specified minutes/hours for certain goal. For example you need 24h for trip and 4h to do something. Just add some time to pre existing goal, create new one or leave it blank (will go to general purpose pool). Holidays submodule is a simple way to track down how many days did You used from yearly holidays pool.

  12. 📷 Images - This module allows You to organize Your photos/scans/downloaded pics in form of masonry galleries. Clicking on image miniature will call lightbox gallery with possibility to rename, remove or download image. You can create as many galleries (folders) as You want.

  13. 📁 Files - Files uploaded for this module are visible in form of DataTable where You can see simple information about the file - that is: extension, filetype icon (if there is one defined for given type), file size. Files can be renamed, downloaded and removed from the gui.

  14. 🎬 Video - Got small video downloaded from internet or recorded on phone? That's a module to store it then - supports most popular web video formats.

  15. 📑 Reports - contains readonly reports created from already existing data in database

How to install/documentation

Linux installer

In both cases it's explicitly required to install composer dependencies at first!

  • For standard installation call:
    composer pms-installer
  • For installation from within docker usage call:
    composer pms-installer-docker

Future development plans

Improvements

Overally I will just add some bug fixes/improvements/modules from time to time - anything that I will just need.


Support

I cannot guarantee support. I've got a job, personal things etc, I'm just sharing my code/my application as MIT. However feel totally free to ask about something, write issues etc. As mentioned I'm using and I will use this application from now on daily so there might be some changes even good for me.

As I'm working on it there will be some fixes, and new modules in future when I reach the point when I got all I need. So after reaching my goal I could handle some support requests if anyone will be interested.

Browsers Support

  • Chrome

I mean for real. Just Chrome. I know about bug with copying password in Firefox for example. But I just do everything in Chrome so I'm not really planning to check that on other browsers. And before You ask why I only support chrome - I don't do it because of "chrome is the best" or anything like that, I just use that browser for 98% of time and that's just it.


Tech

Personal Management System is a web application which can be ran either in Windows and Linux enviroment. Everything is by default tested on Ubuntu 20.x.

Used languages/frameworks/solutions

  • Php 7.4.x
  • JS
  • JQ
  • TypeScript (as from v1.3)
  • Symfony 5.x
  • MySQL
  • Css
  • Scss
  • Node 10.22.1
  • Bootstrap
  • Webpack
  • And maybe some others which I just don't remember

Used packages

Special thanks to

  • Mark Ogilvie - for fixing EncryptBundle bugs for Symfony 4
  • Furcan - for adding my idea of contenteditable support for Icon Picker
  • Petervanderwalt - for adding fontawesome js version support for IconPicker
  • SimonHaas - for providing docker configuration
  • MohamedElashri - for testing docker configuration
  • Rob Waight - for providing changes and documentation for running docker on windows

Contact


Github

https://github.com/Volmarg/personal-management-system

Comments(17)

  • 1

    infinite loading

    hosting my own instance, for some reason when I open a new page, it seems to load indefinitely, followed install instructions, and if I refresh the page, the loading circle goes away, and I can use the site normally, but I can't seem to recreate this on the demo site.

    EDIT: I cannot use the site normally on some pages, such as the goals page, I cannot add a new goal.

    is there a difference between using a release and using a standard git clone?

  • 2

    Loading after each page-change.

    Everytime i change module on the site, example fro Goals to Notes i get the loading"dot" staying in front of the page. forcing me to reload the page so that i can continue.

    Seams to be after every "page load"

    Any ideas?

  • 3

    Security Issue

    Hi dear Dariusz, I am Amammad a bug bounty hunter from Huntr.dev I find some vulnerabilities in this repository and I just want to ask you look at those and if they are correct just validate them so that I can assume that I was not wrong after validation the disclosure wait for fix pull request and until that the vulnerabilities will not be shown. with regards , your little friend Amammad.

  • 4

    Fixed mobile zooming issue

    Problem I have fixed the issue on mobile devices when you click on a input field the application the page zooms in, this is unwanted because it creates a jarring experience for the user.

    Solution Change the line: <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> to: <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"/>

    This has been tested locally by myself, on the login page (I couldn't figure out what the credientials are proberly a pebcak issue, maybe implement a signup page, like in Wordpress or Nextcloud)

  • 5

    Error while installing PMS in Linux using docker

    Hi, I am eager to use PMS which fits a personal project perfectly. Unfortunately I have an issue when opening the application.

    1. My environment: Debian 10, last version of docker
    2. I am quite familiar with docker and have followed your instructions very precisely -- I know they are intended for docker/Windows, but I assumed they would work for docker/Linux too
    3. When I try to connect remotely to PMS (it is installed on a server @192.168.1.44), here is the error I get:

    Screenshot-20210505-105053

    Please help. Best, Stephen

  • 6

    Potential Security Issue

    Hello,

    We recently received a vulnerability disclosure from @ranjit-git against your repository. I couldn't find a security policy or contactable e-mail to share the vulnerability details with you.

    If you can provide me with an e-mail, I can send it over to you? Otherwise, you can view the advisory here.

    It is private to only you and the discloser. If you have any questions, here to help!

    -- Jamie from huntr.dev

  • 7

    Not really an issue, docker 2021?

    Hi, I looked into your project and I love the way it works. I tried setting it up in docker but unfortunately without success... I know there are more and more people requesting you to make a docker image. If you could make a docker image out of this project I think you will get a huge increase of people using your project and an increasing amount of attention for it. Do you have any plans for making this project into a docker image in the near-future? Sorry for opening an issue ticket, I just wanted to show you some love for greating such a cool and usefull project! Keep up the good work and please think about creating a docker image ASAP ;)

    Thanks in advance.

  • 8

    Update Symfony to 4.3

    This PR updates Symfony to 4.3 including the November 2018 changes so it would be a good idea to copy .env to .env.local before pulling these changes.

  • 9

    Podman NGINX Container FastCGI Connection Refused Error

    I've been trying to set this up on my Fedora 34 environment for the past few days using Podman. After resolving some DNS issues related to keeping the NGINX container online (running PiHole on the same server, I could not resolve the DNS of mariadb), all the containers are now online. I'm now getting a 504 Bad Gateway error when browsing to the http://192.168.0.200:8001 webpage with the following error from the nginx container output:

    2022/01/23 14:13:27 [error] 26#26: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.0.125, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://192.168.0.200:9000", host: "192.168.0.200:8001" 2022/01/23 14:13:28 [error] 26#26: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.0.125, server: , request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://192.168.0.200:9000", host: "192.168.0.200:8001", referrer: "http://192.168.0.200:8001/"

    192.168.0.125 is my laptop on network. I was running Portainer on port 9000 previously and have since move it to port 9005. I also removed Portainer completely before trying a new build of the project again with the same issue happening.

    The same for Bookstack which uses a mariadb container. I removed this completely as well in the event PMS needs 9000 and 3306 explicitly in other parts of its configuration.

    I've tried changing the EXPOSE port in the Docker file for fpm-php to 9001 and the lookup port in the Nginx.conf.d file to 9001 to match while Portainer was removed, but that results in no webpage displaying at all after a new build is pushed.

    Here is my docker-compose file and a log of a fresh build with no database built in the repository. version: "3.1" services: mariadb: image: mariadb container_name: mariadb restart: unless-stopped environment: - MYSQL_DATABASE=pms - MYSQL_ROOT_PASSWORD=password volumes: - /var/mynfsshare/data:/var/lib/mysql ports: - "3306:3306"

    nginx: container_name: nginx image: nginx:alpine restart: unless-stopped container_name: nginx working_dir: /application volumes: - /var/mynfsshare/:/application - /var/mynfsshare/docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf ports: - "8001:80"

    php-fpm: build: ./docker/php-fpm container_name: php-fpm

    restart: unless-stopped
    working_dir: /application
    volumes:
      - /var/mynfsshare/:/application
    

    adminer: container_name: adminer image: adminer restart: unless-stopped ports: - 8081:8080

    build.log

    The build log contains a lot of extra special characters for some reason, sorry about that.

    The same results happen when using podman-compose or docker-compose commands. Podman now has docker compatibility built into it, so I do not think this is a podman/docker incompatibility issue but I could be wrong. I do have a spare Fedora VM I can try this on or spin a new one up but I feel I've hit a wall here.

    The only thing that pops out to me at the moment is this from the first-run docker script within the php-fpm container: Continue as root/super user [yes]?

    php -r "include_once 'installer//AutoInstaller.php'; use Installer\AutoInstaller; AutoInstaller::runDocker();" < /dev/tty

    ================================================================================= sh: 1: node: not found sh: 1: npm: not found sh: 1: mysql: not found

    I also allowed ports 8001 and 9000 through the SElinux firewall in the event that was an issue with the same result.

    Any assistance with this or should I just spin this up without docker/podman on a different server? I'd like to keep all files on an NFS share for backup purposes and would rather keep it containerized for upgrading if possible.

  • 10

    composer.lock file locking for php 8.0

    Im currently trying to run pms on Ubuntu 16.04 with php 7.4.13 from main branch.

    When running composer install everything installs without issues, but when I ran bin/console cache:clear command and every command involving symfony the following message is displayed:

    Fatal Error: composer.lock was created for PHP version 8.0 or higher but the current PHP version is 7.4.13.

  • 11

    Prevent password change on demo

    I just noticed that the "admin" password has been changed on the demonstration site. It makes the demo site unavailable for one day, while you're on Hacker News frontpage ;-)

  • 12

    Build(deps): Bump express from 4.17.1 to 4.18.2

    Bumps express from 4.17.1 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 13

    Build(deps): Bump tinymce from 5.5.1 to 5.10.7

    Bumps tinymce from 5.5.1 to 5.10.7.

    Changelog

    Sourced from tinymce's changelog.

    5.10.7 - 2022-12-06

    Fixed

    • HTML in messages for the WindowManager.alert and WindowManager.confirm APIs were not properly sanitized. #TINY-3548

    5.10.6 - 2022-10-19

    Fixed

    • The name and id attributes of some elements were incorrectly removed during serialization #TINY-8773
    • Notifications would not properly reposition when toggling fullscreen mode #TINY-8701
    • Toggling fullscreen mode with the fullscreen plugin now also fires the ResizeEditor event #TINY-8701
    • The URL detection used for autolink and smart paste didn't work if a path segment contained valid characters such as ! and : #TINY-8069

    5.10.5 - 2022-05-25

    Fixed

    • Base64 data URIs were not extracted correctly during parsing when proceeded by data: text #TINY-8646
    • Empty lines that were formatted in a ranged selection using the format_empty_lines option were not kept in the serialized content #TINY-8639
    • The s element was missing from the default schema text inline elements #TINY-8639
    • Some text inline elements specified via the schema were not removed when empty by default #TINY-8639

    5.10.4 - 2022-04-27

    Fixed

    • Inline toolbars flickered when switching between editors #TINY-8594
    • Multiple inline toolbars were shown if focused too quickly #TINY-8503

    5.10.3 - 2022-02-09

    Fixed

    • Alignment would sometimes be removed on parent elements when changing alignment on certain inline nodes, such as images #TINY-8308
    • The fullscreen plugin would reset the scroll position when exiting fullscreen mode #TINY-8418

    5.10.2 - 2021-11-17

    Fixed

    • Internal selectors were appearing in the style list when using the importcss plugin #TINY-8238

    5.10.1 - 2021-11-03

    Fixed

    • The iframe aria help text was not read by some screen readers #TINY-8171
    • Clicking the forecolor or backcolor toolbar buttons would do nothing until selecting a color #TINY-7836
    • Crop functionality did not work in the imagetools plugin when the editor was rendered in a shadow root #TINY-6387
    • Fixed an exception thrown on Safari when closing the searchreplace plugin dialog #TINY-8166
    • The autolink plugin did not convert URLs to links when starting with a bracket #TINY-8091
    • The autolink plugin incorrectly created nested links in some cases #TINY-8091
    • Tables could have an incorrect height set on rows when rendered outside of the editor #TINY-7699
    • In certain circumstances, the table of contents plugin would incorrectly add an extra empty list item #TINY-4636
    • The insert table grid menu displayed an incorrect size when re-opening the grid #TINY-6532

    ... (truncated)

    Commits
    • a4c4e46 TINY-9402: Prepare for TinyMCE 5.10.7 release (take 3) (#8331)
    • 0fea476 TINY-9402: Prepare for TinyMCE 5.10.7 release (#8328)
    • 8bb2d26 Merge pull request from GHSA-gg8r-xjwq-4w92
    • 78fa310 TINY-8885: Update changelog for 5.10.6 release (#8198)
    • 5421ec9 TINY-9219: Fix broken tests on Firefox (#8158)
    • 70f8c28 TINY-8979: Backport URL link detection fix (#8127)
    • 4e102c0 TINY-8978: Backport fix for notifications in fullscreen (#8121)
    • a0ae700 TINY-8773: Prevent stripping of "name" and "id" attributes on iframe and img ...
    • 29e04bb TINY-8622: Updated changelog for 5.10.5 release (#7848)
    • f3ab303 TINY-8639: Retain formatted blank lines when format_empty_lines is true (ba...
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by tinymce, a new releaser for tinymce since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 14

    Build(deps): Bump tinymce/tinymce from 5.5.1 to 5.10.7

    Bumps tinymce/tinymce from 5.5.1 to 5.10.7.

    Changelog

    Sourced from tinymce/tinymce's changelog.

    5.10.7 - 2022-12-06

    Fixed

    • HTML in messages for the WindowManager.alert and WindowManager.confirm APIs were not properly sanitized. #TINY-3548

    5.10.6 - 2022-10-19

    Fixed

    • The name and id attributes of some elements were incorrectly removed during serialization #TINY-8773
    • Notifications would not properly reposition when toggling fullscreen mode #TINY-8701
    • Toggling fullscreen mode with the fullscreen plugin now also fires the ResizeEditor event #TINY-8701
    • The URL detection used for autolink and smart paste didn't work if a path segment contained valid characters such as ! and : #TINY-8069

    5.10.5 - 2022-05-25

    Fixed

    • Base64 data URIs were not extracted correctly during parsing when proceeded by data: text #TINY-8646
    • Empty lines that were formatted in a ranged selection using the format_empty_lines option were not kept in the serialized content #TINY-8639
    • The s element was missing from the default schema text inline elements #TINY-8639
    • Some text inline elements specified via the schema were not removed when empty by default #TINY-8639

    5.10.4 - 2022-04-27

    Fixed

    • Inline toolbars flickered when switching between editors #TINY-8594
    • Multiple inline toolbars were shown if focused too quickly #TINY-8503

    5.10.3 - 2022-02-09

    Fixed

    • Alignment would sometimes be removed on parent elements when changing alignment on certain inline nodes, such as images #TINY-8308
    • The fullscreen plugin would reset the scroll position when exiting fullscreen mode #TINY-8418

    5.10.2 - 2021-11-17

    Fixed

    • Internal selectors were appearing in the style list when using the importcss plugin #TINY-8238

    5.10.1 - 2021-11-03

    Fixed

    • The iframe aria help text was not read by some screen readers #TINY-8171
    • Clicking the forecolor or backcolor toolbar buttons would do nothing until selecting a color #TINY-7836
    • Crop functionality did not work in the imagetools plugin when the editor was rendered in a shadow root #TINY-6387
    • Fixed an exception thrown on Safari when closing the searchreplace plugin dialog #TINY-8166
    • The autolink plugin did not convert URLs to links when starting with a bracket #TINY-8091
    • The autolink plugin incorrectly created nested links in some cases #TINY-8091
    • Tables could have an incorrect height set on rows when rendered outside of the editor #TINY-7699
    • In certain circumstances, the table of contents plugin would incorrectly add an extra empty list item #TINY-4636
    • The insert table grid menu displayed an incorrect size when re-opening the grid #TINY-6532

    ... (truncated)

    Commits
    • f078d8e Added version 5.10.7 release.
    • 8ba4429 Added version 5.10.6 release.
    • c91227a Added version 5.10.5 release.
    • 3d7c892 Added version 5.10.4 release.
    • dadd7f2 Added version 5.10.3 release.
    • ef9962f Added version 5.10.2 release.
    • 23dbb5d Added version 5.10.1 release.
    • dbd8fef Added version 5.10.0 release.
    • 48c665a Added version 5.9.2 release.
    • 2692079 Added version 5.9.1 release.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 15

    Build(deps): Bump qs and express

    Bumps qs and express. These dependencies needed to be updated together. Updates qs from 6.5.2 to 6.11.0

    Changelog

    Sourced from qs's changelog.

    6.11.0

    • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
    • [readme] fix version badge

    6.10.5

    • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

    6.10.4

    • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
    • [meta] use npmignore to autogenerate an npmignore file
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

    6.10.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [actions] reuse common workflows
    • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

    6.10.2

    • [Fix] stringify: actually fix cyclic references (#426)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [actions] update codecov uploader
    • [actions] update workflows
    • [Tests] clean up stringify tests slightly
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

    6.10.1

    • [Fix] stringify: avoid exception on repeated object values (#402)

    6.10.0

    • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
    • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
    • [meta] fix README.md (#399)
    • [meta] only run npm run dist in publish, not install
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
    • [Tests] fix tests on node v0.6
    • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
    • [Tests] Revert "[meta] ignore eclint transitive audit warning"

    6.9.7

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [Tests] clean up stringify tests slightly
    • [meta] fix README.md (#399)
    • Revert "[meta] ignore eclint transitive audit warning"

    ... (truncated)

    Commits
    • 56763c1 v6.11.0
    • ddd3e29 [readme] fix version badge
    • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
    • 95bc018 v6.10.5
    • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
    • ba9703c v6.10.4
    • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
    • 113b990 [Dev Deps] update object-inspect
    • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
    • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
    • Additional commits viewable in compare view

    Updates express from 4.17.1 to 4.18.2

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 16

    Build(deps): Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 17

    Build(deps): Bump engine.io and socket.io

    Bumps engine.io and socket.io. These dependencies needed to be updated together. Updates engine.io from 3.4.2 to 3.6.1

    Release notes

    Sourced from engine.io's releases.

    3.6.1

    :warning: This release contains an important security fix :warning:

    A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

    Error: read ECONNRESET
        at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
    Emitted 'error' event on Socket instance at:
        at emitErrorNT (internal/streams/destroy.js:106:8)
        at emitErrorCloseNT (internal/streams/destroy.js:74:3)
        at processTicksAndRejections (internal/process/task_queues.js:80:21) {
      errno: -104,
      code: 'ECONNRESET',
      syscall: 'read'
    }
    

    Please upgrade as soon as possible.

    Bug Fixes

    • catch errors when destroying invalid upgrades (83c4071)

    3.6.0

    Bug Fixes

    • add extension in the package.json main entry (#608) (3ad0567)
    • do not reset the ping timer after upgrade (1f5d469)

    Features

    • decrease the default value of maxHttpBufferSize (58e274c)

    This change reduces the default value from 100 mb to a more sane 1 mb.

    This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

    See also: https://github.com/advisories/GHSA-j4f2-536g-r55m

    • increase the default value of pingTimeout (f55a79a)

    Links

    ... (truncated)

    Changelog

    Sourced from engine.io's changelog.

    3.6.1 (2022-11-20)

    :warning: This release contains an important security fix :warning:

    A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

    Error: read ECONNRESET
        at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
    Emitted 'error' event on Socket instance at:
        at emitErrorNT (internal/streams/destroy.js:106:8)
        at emitErrorCloseNT (internal/streams/destroy.js:74:3)
        at processTicksAndRejections (internal/process/task_queues.js:80:21) {
      errno: -104,
      code: 'ECONNRESET',
      syscall: 'read'
    }
    

    Please upgrade as soon as possible.

    Bug Fixes

    • catch errors when destroying invalid upgrades (83c4071)

    6.2.1 (2022-11-20)

    :warning: This release contains an important security fix :warning:

    A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

    Error: read ECONNRESET
        at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
    Emitted 'error' event on Socket instance at:
        at emitErrorNT (internal/streams/destroy.js:106:8)
        at emitErrorCloseNT (internal/streams/destroy.js:74:3)
        at processTicksAndRejections (internal/process/task_queues.js:80:21) {
      errno: -104,
      code: 'ECONNRESET',
      syscall: 'read'
    }
    

    Please upgrade as soon as possible.

    Bug Fixes

    ... (truncated)

    Commits
    • 67a3a87 chore(release): 3.6.1
    • 83c4071 fix: catch errors when destroying invalid upgrades
    • f62f265 chore(release): 3.6.0
    • f55a79a feat: increase the default value of pingTimeout
    • 1f5d469 fix: do not reset the ping timer after upgrade
    • 3ad0567 fix: add extension in the package.json main entry (#608)
    • 58e274c feat: decrease the default value of maxHttpBufferSize
    • b9dee7b chore(release): 3.5.0
    • 19cc582 feat: add support for all cookie options
    • 5ad2736 feat: disable perMessageDeflate by default
    • Additional commits viewable in compare view

    Updates socket.io from 2.3.0 to 2.5.0

    Release notes

    Sourced from socket.io's releases.

    2.5.0

    :warning: WARNING :warning:

    The default value of the maxHttpBufferSize option has been decreased from 100 MB to 1 MB, in order to prevent attacks by denial of service.

    Security advisory: https://github.com/advisories/GHSA-j4f2-536g-r55m

    Bug Fixes

    • fix race condition in dynamic namespaces (05e1278)
    • ignore packet received after disconnection (22d4bdf)
    • only set 'connected' to true after middleware execution (226cc16)
    • prevent the socket from joining a room after disconnection (f223178)

    Links:

    2.4.1

    This release reverts the breaking change introduced in 2.4.0 (https://github.com/socketio/socket.io/commit/f78a575f66ab693c3ea96ea88429ddb1a44c86c7).

    If you are using Socket.IO v2, you should explicitly allow/disallow cross-origin requests:

    • without CORS (server and client are served from the same domain):
    const io = require("socket.io")(httpServer, {
      allowRequest: (req, callback) => {
        callback(null, req.headers.origin === undefined); // cross-origin requests will not be allowed
      }
    });
    
    • with CORS (server and client are served from distinct domains):
    io.origins(["http://localhost:3000"]); // for local development
    io.origins(["https://example.com"]);
    

    In any case, please consider upgrading to Socket.IO v3, where this security issue is now fixed (CORS is disabled by default).

    Reverts

    • fix(security): do not allow all origins by default (a169050)

    Links:

    ... (truncated)

    Changelog

    Sourced from socket.io's changelog.

    2.5.0 (2022-06-26)

    Bug Fixes

    • fix race condition in dynamic namespaces (05e1278)
    • ignore packet received after disconnection (22d4bdf)
    • only set 'connected' to true after middleware execution (226cc16)
    • prevent the socket from joining a room after disconnection (f223178)

    4.5.1 (2022-05-17)

    Bug Fixes

    • forward the local flag to the adapter when using fetchSockets() (30430f0)
    • typings: add HTTPS server to accepted types (#4351) (9b43c91)

    4.5.0 (2022-04-23)

    Bug Fixes

    • typings: ensure compatibility with TypeScript 3.x (#4259) (02c87a8)

    Features

    • add support for catch-all listeners for outgoing packets (531104d)

    This is similar to onAny(), but for outgoing packets.

    Syntax:

    socket.onAnyOutgoing((event, ...args) => {
      console.log(event);
    });
    
    • broadcast and expect multiple acks (8b20457)

    Syntax:

    io.timeout(1000).emit("some-event", (err, responses) => {
    </tr></table> 
    

    ... (truncated)

    Commits
    • baa6804 chore(release): 2.5.0
    • f223178 fix: prevent the socket from joining a room after disconnection
    • 226cc16 fix: only set 'connected' to true after middleware execution
    • 05e1278 fix: fix race condition in dynamic namespaces
    • 22d4bdf fix: ignore packet received after disconnection
    • dfded53 chore: update engine.io version to 3.6.0
    • e6b8697 chore(release): 2.4.1
    • a169050 revert: fix(security): do not allow all origins by default
    • 873fdc5 chore(release): 2.4.0
    • f78a575 fix(security): do not allow all origins by default
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.