Open
Conversation
Co-authored-by: Kevin Aleman <kaleman960@gmail.com>
…iaCallHistoryContextualbar` (#38854)
Co-authored-by: Khizarshah01 <5263975+Khizarshah01@users.noreply.github.com> Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
…ints (#38861) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: ggazzo <5263975+ggazzo@users.noreply.github.com> Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: ggazzo <5263975+ggazzo@users.noreply.github.com>
…38864) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: ggazzo <guilherme@gazzo.xyz>
#38760) Co-authored-by: Kevin Aleman <11577696+KevLehman@users.noreply.github.com>
Co-authored-by: Kevin Aleman <kaleman960@gmail.com>
Co-authored-by: Guilherme Gazzo <guilhermegazzo@gmail.com> Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
…nd add Contextualbar bug fixes (#38610) Co-authored-by: gabriellsh <40830821+gabriellsh@users.noreply.github.com>
Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
Co-authored-by: Kevin Aleman <kaleman960@gmail.com>
…UserInfoActions (#38859)
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: Douglas Fabris <devfabris@gmail.com> Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Co-authored-by: Kevin Aleman <kaleman960@gmail.com> Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
… parser (#38958) Co-authored-by: ggazzo <5263975+ggazzo@users.noreply.github.com>
…r custom-sounds and emoji-custom endpoints (#38531) Co-authored-by: Guilherme Gazzo <guilherme@gazzo.xyz>
🦋 Changeset detectedLatest commit: aad2007 The changes in this PR will be included in the next version bump. This PR includes no changesetsWhen changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
|
Looks like this PR is not ready to merge, because of the following issues:
Please fix the issues and try again If you have any trouble, please check the PR guidelines |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
3 issues found across 1653 files
Note: This PR contains a large number of files. cubic only reviews up to 75 files per PR, so some files may not have been reviewed.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".changeset/eight-colts-kiss.md">
<violation number="1" location=".changeset/eight-colts-kiss.md:6">
P3: Fix the release-note sentence grammar to avoid unclear wording in the published changelog.</violation>
</file>
<file name=".github/workflows/dedupe-issues.yml">
<violation number="1" location=".github/workflows/dedupe-issues.yml:26">
P1: Pin the third-party action to an immutable commit SHA instead of `@beta` to avoid supply-chain risk when handling repository secrets.</violation>
<violation number="2" location=".github/workflows/dedupe-issues.yml:35">
P2: `always()` causes duplicate-comment-added telemetry to be sent even when dedupe fails; gate this step on successful prior execution to avoid false-positive metrics.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| uses: actions/checkout@v6 | ||
|
|
||
| - name: Run Claude Code slash command | ||
| uses: anthropics/claude-code-base-action@beta |
Contributor
There was a problem hiding this comment.
P1: Pin the third-party action to an immutable commit SHA instead of @beta to avoid supply-chain risk when handling repository secrets.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/dedupe-issues.yml, line 26:
<comment>Pin the third-party action to an immutable commit SHA instead of `@beta` to avoid supply-chain risk when handling repository secrets.</comment>
<file context>
@@ -0,0 +1,83 @@
+ uses: actions/checkout@v6
+
+ - name: Run Claude Code slash command
+ uses: anthropics/claude-code-base-action@beta
+ with:
+ prompt: '/dedupe ${{ github.repository }}/issues/${{ github.event.issue.number || inputs.issue_number }}'
</file context>
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: Log duplicate comment event to Statsig | ||
| if: always() |
Contributor
There was a problem hiding this comment.
P2: always() causes duplicate-comment-added telemetry to be sent even when dedupe fails; gate this step on successful prior execution to avoid false-positive metrics.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/workflows/dedupe-issues.yml, line 35:
<comment>`always()` causes duplicate-comment-added telemetry to be sent even when dedupe fails; gate this step on successful prior execution to avoid false-positive metrics.</comment>
<file context>
@@ -0,0 +1,83 @@
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Log duplicate comment event to Statsig
+ if: always()
+ env:
+ STATSIG_API_KEY: ${{ secrets.STATSIG_API_KEY }}
</file context>
Suggested change
| if: always() | |
| if: success() |
| "@rocket.chat/meteor": patch | ||
| --- | ||
|
|
||
| Fixes an issue on Federation where all domains ending with the pattern where being allowed to communicate, the feature is meant to work with a list, url by url |
Contributor
There was a problem hiding this comment.
P3: Fix the release-note sentence grammar to avoid unclear wording in the published changelog.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .changeset/eight-colts-kiss.md, line 6:
<comment>Fix the release-note sentence grammar to avoid unclear wording in the published changelog.</comment>
<file context>
@@ -0,0 +1,6 @@
+"@rocket.chat/meteor": patch
+---
+
+Fixes an issue on Federation where all domains ending with the pattern where being allowed to communicate, the feature is meant to work with a list, url by url
</file context>
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #39778 +/- ##
==========================================
+ Coverage 70.57% 70.59% +0.01%
==========================================
Files 3188 3258 +70
Lines 112623 115858 +3235
Branches 20402 21056 +654
==========================================
+ Hits 79480 81785 +2305
- Misses 31089 32014 +925
- Partials 2054 2059 +5
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
Contributor
|
Important Review skippedToo many files! This PR contains 295 files, which is 145 over the limit of 150. ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (5)
📒 Files selected for processing (295)
You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Co-authored-by: Diego Sampaio <chinello@gmail.com>
Contributor
There was a problem hiding this comment.
2 issues found across 16 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="ee/packages/federation-matrix/src/FederationMatrix.ts">
<violation number="1" location="ee/packages/federation-matrix/src/FederationMatrix.ts:144">
P3: Use the existing `MatrixMediaService.generateMXCUri` helper instead of rebuilding the MXC URL inline.
(Based on your team's feedback about reusing existing helpers over duplicated logic.) [FEEDBACK_USED]</violation>
</file>
<file name="ee/packages/federation-matrix/src/events/member.ts">
<violation number="1" location="ee/packages/federation-matrix/src/events/member.ts:301">
P2: Missing `avatar_url` is treated as avatar removal, so join events without that field can unintentionally wipe federated users’ avatars.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| // handle avatar updates to membership events | ||
| if (senderServerName !== federationSDK.getConfig('serverName')) { | ||
| // TODO if there is no avatar_url we may want to validate first if we should remove the user avatar because if may be dealing with an old join event, and the user may have changed their avatar since then, so we need to check if the avatar_url is different from the current one before removing it | ||
| void downloadAndSetAvatarDebounced(joiningUser._id, joiningUser, content.avatar_url || null); |
Contributor
There was a problem hiding this comment.
P2: Missing avatar_url is treated as avatar removal, so join events without that field can unintentionally wipe federated users’ avatars.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At ee/packages/federation-matrix/src/events/member.ts, line 301:
<comment>Missing `avatar_url` is treated as avatar removal, so join events without that field can unintentionally wipe federated users’ avatars.</comment>
<file context>
@@ -224,6 +293,14 @@ async function handleJoin({
+ // handle avatar updates to membership events
+ if (senderServerName !== federationSDK.getConfig('serverName')) {
+ // TODO if there is no avatar_url we may want to validate first if we should remove the user avatar because if may be dealing with an old join event, and the user may have changed their avatar since then, so we need to check if the avatar_url is different from the current one before removing it
+ void downloadAndSetAvatarDebounced(joiningUser._id, joiningUser, content.avatar_url || null);
+ }
+
</file context>
Suggested change
| void downloadAndSetAvatarDebounced(joiningUser._id, joiningUser, content.avatar_url || null); | |
| if ('avatar_url' in content) { | |
| void downloadAndSetAvatarDebounced(joiningUser._id, joiningUser, content.avatar_url ?? null); | |
| } |
| const matrixUserId = `@${localUser.username}:${this.serverName}`; | ||
|
|
||
| // if no avatarETag is provided, it means the user removed his avatar, so we need to send an empty string to Matrix to remove the avatar from their side as well | ||
| const avatarUrl = avatarETag ? `mxc://${this.serverName}/${avatarETag}` : null; |
Contributor
There was a problem hiding this comment.
P3: Use the existing MatrixMediaService.generateMXCUri helper instead of rebuilding the MXC URL inline.
(Based on your team's feedback about reusing existing helpers over duplicated logic.)
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At ee/packages/federation-matrix/src/FederationMatrix.ts, line 144:
<comment>Use the existing `MatrixMediaService.generateMXCUri` helper instead of rebuilding the MXC URL inline.
(Based on your team's feedback about reusing existing helpers over duplicated logic.) </comment>
<file context>
@@ -117,6 +117,51 @@ export class FederationMatrix extends ServiceClass implements IFederationMatrixS
+ const matrixUserId = `@${localUser.username}:${this.serverName}`;
+
+ // if no avatarETag is provided, it means the user removed his avatar, so we need to send an empty string to Matrix to remove the avatar from their side as well
+ const avatarUrl = avatarETag ? `mxc://${this.serverName}/${avatarETag}` : null;
+
+ const roomsUserIsMemberOf = await Subscriptions.findUserFederatedRoomIds(localUser._id);
</file context>
Suggested change
| const avatarUrl = avatarETag ? `mxc://${this.serverName}/${avatarETag}` : null; | |
| const avatarUrl = avatarETag ? MatrixMediaService.generateMXCUri(avatarETag, this.serverName) : null; |
Contributor
There was a problem hiding this comment.
3 issues found across 4 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/rest-typings/src/v1/Ajv.ts">
<violation number="1">
P1: This reverts the strict body validation introduced in #39559. With `coerceTypes: true` on `ajv`, POST/PUT/PATCH bodies will again silently coerce wrong types (e.g., numbers to strings), defeating the purpose of splitting `ajv` and `ajvQuery` into separate instances. The `ajv` instance (used for body validation) should keep `coerceTypes: false`.</violation>
</file>
<file name="apps/meteor/tests/end-to-end/api/livechat/12-priorites.ts">
<violation number="1">
P2: This test enforces incorrect API behavior by expecting a boolean `name` to succeed, even though the route schema declares `name` must be a string.</violation>
</file>
<file name="apps/meteor/tests/end-to-end/api/subscriptions.ts">
<violation number="1">
P2: This assertion expects a subscription-domain error for malformed input, which misclassifies the invalid-params case and weakens validation coverage.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| @@ -8,20 +8,39 @@ const ajv = new Ajv({ | |||
| discriminator: true, | |||
Contributor
There was a problem hiding this comment.
P1: This reverts the strict body validation introduced in #39559. With coerceTypes: true on ajv, POST/PUT/PATCH bodies will again silently coerce wrong types (e.g., numbers to strings), defeating the purpose of splitting ajv and ajvQuery into separate instances. The ajv instance (used for body validation) should keep coerceTypes: false.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At packages/rest-typings/src/v1/Ajv.ts, line 5:
<comment>This reverts the strict body validation introduced in #39559. With `coerceTypes: true` on `ajv`, POST/PUT/PATCH bodies will again silently coerce wrong types (e.g., numbers to strings), defeating the purpose of splitting `ajv` and `ajvQuery` into separate instances. The `ajv` instance (used for body validation) should keep `coerceTypes: false`.</comment>
<file context>
@@ -2,7 +2,7 @@ import Ajv from 'ajv';
const ajv = new Ajv({
- coerceTypes: false,
+ coerceTypes: true,
allowUnionTypes: true,
code: { source: true },
</file context>
Suggested change
| discriminator: true, | |
| coerceTypes: false, |
| @@ -59,7 +59,7 @@ describe('[Subscriptions]', () => { | |||
| .expect(400) | |||
Contributor
There was a problem hiding this comment.
P2: This assertion expects a subscription-domain error for malformed input, which misclassifies the invalid-params case and weakens validation coverage.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At apps/meteor/tests/end-to-end/api/subscriptions.ts, line 280:
<comment>This assertion expects a subscription-domain error for malformed input, which misclassifies the invalid-params case and weakens validation coverage.</comment>
<file context>
@@ -277,7 +277,7 @@ describe('[Subscriptions]', () => {
.expect((res) => {
expect(res.body).to.have.property('success', false);
- expect(res.body).to.have.property('errorType', 'invalid-params');
+ expect(res.body).to.have.property('error', 'error-invalid-subscription');
})
.end(done);
</file context>
Suggested change
| .expect(400) | |
| expect(res.body).to.have.property('errorType', 'invalid-params'); |
Co-authored-by: Diego Sampaio <chinello@gmail.com>
[no ci]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
You can see below a preview of the release change log:
8.3.0
Engine versions
22.16.01.43.58.01.61.0Minor Changes
(#39750) Adds support to name changes on federated rooms
(#39268) refactor(ui-kit): Remove UiKit deprecations
(#38978 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat autotranslate translateMessage API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation
(#37922) Introduces native screen sharing for internal voice calls. This feature is currently in beta and can be disabled through admin settings.
(#39225 by @sezallagwal) Add OpenAPI support for the chat.followMessage and chat.unfollowMessage API endpoints by migrating to a modern chained route definition syntax and utilizing AJV schemas for body and response validation.
(#39227 by @sezallagwal) Add OpenAPI support for the chat.starMessage and chat.unStarMessage API endpoints by migrating to a modern chained route definition syntax and utilizing AJV schemas for body and response validation.
(#38957 by @Verifieddanny) Migrated rooms.leave endpoint to new OpenAPI pattern with AJV validation
(#38549 by @Rohitgiri02) migrated rooms.delete endpoint to new OpenAPI pattern with AJV validation
(#39094 by @ahmed-n-abdeltwab) Adds OpenAPI support for the Rocket.Chat e2e.updateGroupKey endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#36402 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat users.getAvatarSuggestion API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#38881 by @smirk-dev) adds
instances.getAPI endpoint to new chained pattern with response schemas(#38883 by @smirk-dev) Migrates
ldap.testConnectionandldap.testSearchREST API endpoints from legacyaddRoutepattern to the new chained.post()API pattern with typed response schemas and AJV body validation (replacing Meteorcheck()).(#38882 by @smirk-dev) Migrates
presence.getConnectionsandpresence.enableBroadcastREST API endpoints from legacyaddRoutepattern to the new chained.get()/.post()API pattern with typed response schemas.(#38610) Fixes Custom Sounds Contextualbar state and refresh behavior
(#36779 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat e2e.fetchMyKeys endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#39425) Adds support for multiple files in message composer, improving file upload experience
(#36916 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat custom-user-status.list API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation
(#39219 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat e2e endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#39678) Adds support for ban management in rooms, enabling authorized users to ban and unban members via UI and slash commands.
(#38610) Adds new
custom-sounds.getOneREST endpoint to retrieve a single custom sound by_idand updates client to consume it.Patch Changes
(#39492) Security Hotfix (https://docs.rocket.chat/docs/security-fixes-and-updates)
(#39010) Fixes an authorization issue that allowed users to confirm uploads from other users
(#39092) Fixes main channel scroll position changing when jumping to a thread message from search
Bump @rocket.chat/meteor version.
Bump @rocket.chat/meteor version.
Bump @rocket.chat/meteor version.
(#38531) Fixes a cross-resource access issue that allowed users to retrieve emojis from the Custom Sounds endpoint and sounds from the Custom Emojis endpoint when using the FileSystem storage mode.
(#39752) Fixes an issue on Federation where all domains ending with the pattern where being allowed to communicate, the feature is meant to work with a list, url by url
(#38662 by @TheRazorbill) Fixes wrong i18n key in RegisterWorkspace confirmation step so the text is translated instead of showing a missing key.
(#38983 by @copilot-swe-agent) Fixes incoming webhook messages ignoring literal
\nescape sequences, and fixes theMarkdownTextdocumentvariant not rendering newlines as line breaks.(#39087) Fixes race condition causing duplicate open livechat rooms per visitor token.
(#39460) Fixes inconsistent username formatting causing '@@username' for federated users
(#38989) chore(eslint): Upgrades ESLint and its configuration
(#39541) Fixes an issue when forwarding messages to a password-protected room.
(#39003) Fix marking a message as sent before the request finishes
(#36786 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat e2e.getUsersOfRoomWithoutKey endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#38932) Fixes version update banner showing outdated versions after server upgrade.
(#39461) Deprecates
Anonymous write. Feature will be removed in version 9.0.0.(#39545) Fixes the intermittent behavior where the "New messages" indicator appears incorrectly after the user sends a message
(#39753) Fixes an issue where emails were not saved for users logging in via the GitHub OAuth provider.
(#39491) Fixes calendar events modifying the wrong status property when attempting to sync
busystatus.(#39054) Fixes a mismatch in the room icons on the sidebar items, ABAC Managed rooms were not displaying the correct icon
(#38760 by @Khizarshah01) Limits
Outgoing webhookmaximum response size to 10mb.(#39612) Fixes the download of attachments with non-unicode names on E2EE rooms
(#36882 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat push.test API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#39718) Fixes an issue where, sometimes, updatedAt was not being set during the subscription creation
(#39557) Fixes main team channels being able to be converted into public or private with only the
create-team-channelorcreate-team-group(the correct permission for main teams arecreate-candcreate-p)(#39559 by @copilot-swe-agent) Splits the single AJV validator instance into two:
ajv(coerceTypes: false) for request body validation andajvQuery(coerceTypes: true) for query parameter validation.Why this matters: Previously, a single AJV instance with
coerceTypes: truewas used everywhere. This silently accepted values with wrong types — for example, sending{ "rid": 12345 }(number) where a string was expected would pass validation because12345was coerced to"12345". With this change, body validation is now strict: the server will reject payloads with incorrect types instead of silently coercing them.What may break for API consumers:
{ "count": "10" }instead of{ "count": 10 }) will now be rejected. Ensure JSON bodies use proper types.{ "readThreads": "true" }instead of{ "readThreads": true }) will now be rejected.nullvalues where a string is expected (e.g.,{ "name": null }for atype: 'string'field withoutnullable: true) will no longer be coerced to"".No change for query parameters: GET query params (e.g.,
?count=10&offset=0) continue to be coerced viaajvQuery, since HTTP query strings are always strings.(#39250) Fixes
inquiries.takenot failing when attempting to take a chat while over chat limits(#38852) Fixes an issue where
Productionflag was not being respected when initializing Push Notifications configuration(#39363 by @gauravsingh001-cyber) Fixes "Join" button on Outlook Calendar bubbling click event, also opening the calendar event details.
(#38944 by @Khizarshah01) Limits Omnichannel webhook maximum response size to 10mb.
(#38954) Fixes reactivity of Custom Sounds and Custom Emojis storage settings
(#35995 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat rooms.favorite APIs endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#39505) Fixes
ssrfvalidation for oauth endpoints, which allows internal endpoints to be used during the auth flow.(#36523 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat emoji-custom.create API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#36953 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat commands.get API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
(#38974 by @ahmed-n-abdeltwab) Add OpenAPI support for the Rocket.Chat dm.close/im.close API endpoints by migrating to a modern chained route definition syntax and utilizing shared AJV schemas for validation to enhance API documentation and ensure type safety through response validation.
Updated dependencies [602b20a, e206889, e65b176, 6b80941, d1bf2cc, 02b1e6e, 9a70095, cd2fc20, 87f9262, a4e3c16, 652ff8c, 539659a, b1b1d6c, 1741a20, 5518503, a4341ec, 4025314, 85c0ac7, 803b807, 1361a1f, c217b0b, 2a27010, 78e37dc, 37acece, 43d0cfc, d8baf39, ddc0ed3, d83a1a9, eae3fb3, 4c2e444, 722df6f, 78b3fe3, 98a6c58, 29b453e, 39f2e87, c117492, 7c73241]: