The simplest way to de-Google your life and business: Inbox, Calendar, Files, Contacts & much more

Overview

Bloom logo

Bloom

The all-in-one private workspace

Try it for free!

You no longer trust tech monopolies with your data?
You are done with your privacy invaded by advertisers?
You are tired of being abused by Big Companies?

We too, so we built Bloom.

Bloom is an open source and privacy-focused productivity suite: Inbox, Calendar, Files, Contacts & much more. It's literally the easiest way to de-Google your life and business.


Why? How? What? ๐Ÿ‘‰ Read the launch post: https://kerkour.com/blog/bloom-a-free-and-open-source-google

Documentation

See docs/README.md

Roadmap

See the Projects tab

Community

Hey! Want to report a Bug or participate in the development of Bloom? Please open an issue. Pull requests will be accepted without prior discussion only for typos.

If you want to say thanks or have a question, please use the Discussions tab.

All the project's updates and news will be published on the official Blog / Newsletter: kerkour.com

Sponsorship

Do you find the project awesome and want to contribute financially? Feel free to create an account on https://bloom.sh and subscribe to a plan.

Here is a blog post with additional details about my plan to make Bloom sustainable: https://kerkour.com/blog/the-unusual-way-im-funding-my-open-source-work

Security

We take Bloom's security and our users' trust very seriously. If you believe you have found a security issue in Bloom, please responsibly disclose by contacting: https://bloom.sh/security

Comments
  • Week 1: Kernel + Drivers (28/12 - 03/01)

    Week 1: Kernel + Drivers (28/12 - 03/01)

    • [x] config
    • [x] db (namespaces, users, pending_users, sessions, pending_sessions, pending_emails)

    Users

    • [x] register api
    • [x] register service
    • [x] completeRegistration api
    • [x] completeRegistration service
    • [x] signIn api
    • [x] signIn service
    • [x] completeSignIn api
    • [x] completeSignIn service
    • [x] revokeSession api
    • [x] revokeSession service
    • [x] updateMyProfile api
    • [x] updateMyProfile service
    • [x] verifyEmail api
    • [x] verifyEmail service
    • [x] deleteMyAccount api
    • [x] deleteMyAccount service
    • [x] setupTwoFA api
    • [x] setupTwoFA service
    • [x] enableTwoFA api
    • [x] enableTwoFA service
    • [x] disableTwoFA api
    • [x] disableTwoFA service
    • [x] completeTwoFA api
    • [x] completeTwoFA service

    Groups

    • [x] createGroup api
    • [x] createGroup service
    • [x] deleteGroup api
    • [x] deleteGroup service
    • [x] updateGroupProfile api
    • [x] updateGroupProfile service
    • [x] invitePeopleInGroup api
    • [x] invitePeopleInGroup service
    • [x] acceptGroupInvitation api
    • [x] acceptGroupInvitation service
    • [x] declineGroupInvitation api
    • [x] declineGroupInvitation service
    • [x] cancelGroupInvitation api
    • [x] cancelGroupInvitation service
    • [x] quitGroup api
    • [x] quitGroup service
    • [x] removeMemberFromGroup api
    • [x] removeMemberFromGroup service

    Repository

    • [x] groups db
    • [x] all methods

    • [x] implement crypto
    • [x] implement validators
    • [x] implement otp

    Drivers

    • [x] storage interfaces

    Billing


    HTTP Server

    • [x] middlewares
    • [x] graceful shutdown

    Scheduler

    • [x] implement scheduler
    • [x] push to queue

    Worker

    • [x] pull queue
    • [x] dispatch jobs to worker
    • [x] handle jobs

    CLI

    • [x] version
    • [x] server
    • [x] worker
    • [x] scheduler
    • [x] release

    • [x] replace all println! by logs
    • [x] validate config
    • [x] remove all TODO

    Webapp

    opened by skerkour 4
  • Remove stripe requirement for self hosting

    Remove stripe requirement for self hosting

    I wanted to try self hosting a personal bloom instance, but it looks like I need to connect it to stripe for it to work. It wasn't happy with my commenting out/removing the stripe information in the .env file. Is there any way around this?

    opened by clonex10100 3
  • is this clone() required ?

    is this clone() required ?

    https://github.com/skerkour/bloom/blob/main/bloom/libs/stdx/src/mail/mod.rs#L43

    is this clone() required ?

        let address = self.address.clone();
        write!(f, "{} <{}>", name, address)
    

    ->

        write!(f, "{} <{}>", name, self.address)
    
    opened by sternix 2
  • Twitter @sylvain_kerkour is offline

    Twitter @sylvain_kerkour is offline

    Describe the bug on your site:

    https://bloom.sh/contact

    works not on twitter link https://twitter.com/sylvain_kerkour

    twitter handle is offline

    Expected behavior Hoping you are healthy! (THIS was the useCase for this issue. ;)

    We "pflegende" are back on bloom, also after the project restart.

    Screenshots Opera Momentaufnahme_2021-10-04_193113_twitter com

    Additional context Thx for the great dataSaving tool in the "old" bloom. CU KEEP HEALTHY :+1:

    opened by pflegende 2
  • readme typos

    readme typos

    - What I did

    Corrected English grammar mistakes in README

    - How I did it

    I forked the repo and edited the README file right here on GitHub

    - How to verify it

    Find an English language scholar from a top academic University and verify that my English grammar is accurate and professional.

    Which issue(s) this PR fixes:

    Fixes #

    Special notes for your reviewer:

    - Description for the changelog

    opened by JKhawaja 2
  • webapp: leftbar

    webapp: leftbar

    Tasks

    • [x] leftbar on desktop
    • [x] preferences and billings
    • [x] fix scrolling
    • [x] fix drawer
    • [ ] workspace switch on /app page (for mobiles) + preferences + billing
    opened by skerkour 2
  • Project status?

    Project status?

    As a newcomer I read in readme about the change in focus from February 2022. It is already a few months since that commit and now I wonder whether there is anything to publish about the new plans or not yet.

    Thanks!

    opened by dumblob 1
  • build(deps): bump moment from 2.29.1 to 2.29.2 in /webapp

    build(deps): bump moment from 2.29.1 to 2.29.2 in /webapp

    Bumps moment from 2.29.1 to 2.29.2.

    Changelog

    Sourced from moment's changelog.

    2.29.2 See full changelog

    • Release Apr 3 2022

    Address https://github.com/advisories/GHSA-8hfj-j24r-96c4

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump url-parse from 1.4.7 to 1.5.7 in /webapp

    build(deps): bump url-parse from 1.4.7 to 1.5.7 in /webapp

    Bumps url-parse from 1.4.7 to 1.5.7.

    Commits
    • 8b3f5f2 1.5.7
    • ef45a13 [fix] Readd the empty userinfo to url.href (#226)
    • 88df234 [doc] Add soft deprecation notice
    • 78e9f2f [security] Fix nits
    • e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
    • 4c9fa23 1.5.6
    • 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
    • e4a5807 1.5.5
    • 193b44b [minor] Simplify whitespace regex
    • 319851b [fix] Remove CR, HT, and LF
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • build(deps): bump url-parse from 1.4.7 to 1.5.7 in /chatbox.js

    build(deps): bump url-parse from 1.4.7 to 1.5.7 in /chatbox.js

    Bumps url-parse from 1.4.7 to 1.5.7.

    Commits
    • 8b3f5f2 1.5.7
    • ef45a13 [fix] Readd the empty userinfo to url.href (#226)
    • 88df234 [doc] Add soft deprecation notice
    • 78e9f2f [security] Fix nits
    • e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
    • 4c9fa23 1.5.6
    • 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
    • e4a5807 1.5.5
    • 193b44b [minor] Simplify whitespace regex
    • 319851b [fix] Remove CR, HT, and LF
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 1
  • rust_fast_port_scanner returns all ports

    rust_fast_port_scanner returns all ports

    Hello Sylvain, I tested rust_fast_port_scanner today. Not sure if this is an issue or a lack of understanding from me: I run the program with the IP address of my linux server to check what ports might be listening to requests. so I ran the command like this:

    ./target/release/rust_fast_port_scanner 192.168.1.70
    

    I will not print the result here, But I get 1002 rows in the result so, all the ports tested.

    However when I check what ports are listening as per https://www.techrepublic.com/article/how-to-locate-and-close-an-open-port-in-linux/ I only see 6 open ports

    [email protected]:~/projects/kerkour.com/2021/rust_fast_port_scanner$ sudo ss -tulwn | grep LISTEN
    tcp   LISTEN 0      511                            127.0.0.1:41683      0.0.0.0:*
    
    tcp   LISTEN 0      4096                       127.0.0.53%lo:53         0.0.0.0:*
    
    tcp   LISTEN 0      128                              0.0.0.0:22         0.0.0.0:*
    
    tcp   LISTEN 0      100                              0.0.0.0:25         0.0.0.0:*
    
    tcp   LISTEN 0      100                                 [::]:25            [::]:*
    
    opened by claudiociardelli 1
  • build(deps): bump minimatch from 3.0.4 to 3.1.2 in /chatbox.js

    build(deps): bump minimatch from 3.0.4 to 3.1.2 in /chatbox.js

    Bumps minimatch from 3.0.4 to 3.1.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • bump minimatch from 3.0.4 to 3.1.2 in /webapp

    bump minimatch from 3.0.4 to 3.1.2 in /webapp

    Bumps minimatch from 3.0.4 to 3.1.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Failure to send confirmation email

    Failure to send confirmation email

    Support request or question relating to Bloom

    Twice I've tried to register and neither time have I received the required confirmation request email containing a 12 digit code. I have confirmed that the email address submitted was correct and I have verified the email was not flagged as spam, I simply have not gotten them. How long is it supposed to take before an email arrives? Perhaps there should be a link to resend if not received promptly; I'm sure it's not supposed to take more than 15 minutes and I assume the emails were not sent at all.

    opened by rcrx 1
  • build(deps): bump vuetify from 2.4.9 to 2.6.10 in /webapp

    build(deps): bump vuetify from 2.4.9 to 2.6.10 in /webapp

    Bumps vuetify from 2.4.9 to 2.6.10.

    Release notes

    Sourced from vuetify's releases.

    v2.6.10

    :wrench: Bug Fixes

    • VCalendar: prevent XSS from eventName function (ade1434), closes #15757
    • VDialog: don't try to focus tabindex="-1" or hidden inputs (89e3850), closes #15745
    • VMenu: disable activatorFixed when attach is enabled (#15709) (464529a), closes #14922
    • VTextField: only show clear icon on hover or when focused (7a51ad0)
    • VTextField: prevent tabbing to clear button (f8ee680), closes #11202
    • web-types: add support for VDataTable pattern slots (#15694) (ac45c98)

    :microscope: Code Refactoring

    • VSelect: render highlight with vnodes instead of innerHTML (4468e3c)

    BREAKING CHANGES

    • VCalendar: eventName function can no longer render arbitrary HTML, convert to VNodes instead. eventSummary can no longer be used with v-html, replace with <component :is="{ render: eventSummary }" />

    v2.6.9

    :wrench: Bug Fixes

    • VCalendar: add aria roles to monthly calendar (#14640) (2cd34b4), closes #14604
    • VCalendar: forward all bound events to internal elements (#15592) (299330c)
    • VCarousel: add keys to delimiter buttons (#15459) (8d3895b)
    • VPagination: ignore invalid length values (f3f8d15), closes #15499
    • VRadio: change icon color when disabled (0cc43e2)
    • VSwitch: only affect control opacity when disabled (1e0a4ad)

    v2.6.8

    :wrench: Bug Fixes

    • VDataTable: display header text instead of value in group headers (100053f), closes #11516
    • VItemGroup: use valueComparator when updating value (#15395) (8bedb7c), closes #15394
    • VSimpleCheckbox: directly specify ripple directive definition (00a9668), closes #12224

    v2.6.7

    :wrench: Bug Fixes

    ... (truncated)

    Commits
    • fdfb6fc chore(release): publish v2.6.10
    • cd193e4 fix(VSelectList): correct mask class
    • 89e3850 fix(VDialog): don't try to focus tabindex="-1" or hidden inputs
    • 4468e3c refactor(VSelect): render highlight with vnodes instead of innerHTML
    • ade1434 fix(VCalendar): prevent XSS from eventName function
    • 464529a fix(VMenu): disabled activatorFixed when attach is enabled (#15709)
    • 7a51ad0 fix(VTextField): only show clear icon on hover or when focused
    • f8ee680 fix(VTextField): prevent tabbing to clear button
    • 170c7d1 chore(release): publish v2.6.9
    • 2cd34b4 fix(VCalendar): add aria roles to monthly calendar (#14640)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • build(deps): bump terser from 4.8.0 to 4.8.1 in /webapp

    build(deps): bump terser from 4.8.0 to 4.8.1 in /webapp

    Bumps terser from 4.8.0 to 4.8.1.

    Changelog

    Sourced from terser's changelog.

    v4.8.1 (backport)

    • Security fix for RegExps that should not be evaluated (regexp DDOS)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • build(deps): bump terser from 4.8.0 to 4.8.1 in /chatbox.js

    build(deps): bump terser from 4.8.0 to 4.8.1 in /chatbox.js

    Bumps terser from 4.8.0 to 4.8.1.

    Changelog

    Sourced from terser's changelog.

    v4.8.1 (backport)

    • Security fix for RegExps that should not be evaluated (regexp DDOS)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
Owner
Sylvain Kerkour
https://kerkour.com/subscribe
Sylvain Kerkour
Milho (corn in portuguese) is a toy dialect of Lisp written as a way to learn more about compilers

Milho (corn in portuguese) is a toy dialect of Lisp written as a way to learn more about compilers. There are implementations in rust and go

Celso Bonutti 27 May 4, 2022
An abstraction build on top of discord-rich-presence that makes possible to use it in a more declarative way

Declarative Discord Rich Presence This library is an abstraction build on top of discord-rich-presence crate that allows you to use it in a more decla

null 2 Sep 7, 2022
LaaS: Life as a Service

LaaS: Life as a Service $ curl life-as-a-service.herokuapp.com/-1x0~0x0~1x0 0x-1~0x0~0x1 let previous = '0x-1~0x0~0x1' for (let i = 0; i < 5; i++) {

Brandon Smith 5 Nov 1, 2021
HTTP microservice using Axum and Reqwest to request the Google Translate TTS endpoint without rate limits

HTTP microservice using Axum and Reqwest to request the Google Translate TTS endpoint without rate limits

Gnome! 5 Oct 5, 2022
Polydrive an experimental open source alternative to Google Drive

Polydrive is an experimental open source alternative to Google Drive. It allows users to synchronize their files on multiple devices.

null 3 Apr 20, 2022
Rust Keeper bots that run various functions, from liquidations, to orderbook cranks, and more.

The zo-keeper (pronounced "zoo keeper") repository runs large scale instructions that secure the 01 network, and allow it to operate in a fully decentralized manner.

Zero One Global Foundation 60 Oct 25, 2022
Advent of Code 2015, done entirely in Rust both for the challenge and as a way to learn

Advent of Code 2015 In preparation for Advent of Code 2021, I wanted to go back and try some of the older challenges. I figured it made the most sense

Matt 1 Dec 9, 2021
qn (quick note) is a simple, fast and user-friendly way to save notes ๐Ÿฆ€โš™๏ธ

Quick Note qn Install This is currently for my personal use. I may push breaking changes at any time. If you want to use it, bring down the code and r

Code Smell 3 Jul 15, 2022
A Discord bot focused on addressing the inherent problems with Discord, to allow a more socialist/anarchist organization of servers.

ACABot A Discord bot focused on addressing the inherent problems with Discord, to allow a more socialist/anarchist organization of servers (or "guilds

null 4 May 3, 2022
Rust bindings for libjuice. Look at datachannel-rs if you need more batteries.

Rust bindings for libjuice. Look at datachannel-rs if you need more batteries.

Vyacheslav S. Troshin 3 Sep 25, 2022
Utility to quickly setup Starcraft Broodwar matches between 2 or more bots

BWAIShotgun Utility to quickly setup Starcraft Broodwar matches between 2 or more bots Be aware that all bots will be executed directly, without any l

Dennis Waldherr 5 Nov 25, 2022
Display strings in a safe platform-appropriate way

os_display Printing strings can be tricky. They may contain control codes that mess up the message or the whole terminal. On Unix even filenames can c

Jan Verbeek 19 Oct 9, 2022
The easiest way to use BotiCord API in Rust

The easiest way to use BotiCord API in Rust ยท Docs Usage [dependencies]

BotiCord 6 Feb 14, 2022
Provide expansion of proc-macros, in a way that rustc directs you directly to the issues at hand

expander Expands a proc-macro into a file, and uses a include! directive in place. Advantages Only expands a particular proc-macro, not all of them. I

Bernhard Schuster 16 Oct 5, 2022
A simply better way to make Discord bots.

Cognite ?? A simple blazingly fast language agnostic microservice driven Discord bot framework made in rust that leverages Apache Kafka and KeyDB to t

Eludris 5 Aug 26, 2022
Envwoman is an application, to sync your .env-files across multiple machines

Envwoman is an application, to sync your .env-files across multiple machines. The main goal is to make Envwoman secure and trustworthy, so everything is open-source and the data will never in plain-text on the server. Encryption happens client-sided via aes-gcm.

Mawoka 3 Sep 28, 2022
A library to access BGPKIT Broker API and enable searching for BGP data archive files over time from public available data sources.

BGPKIT Broker BGPKIT Broker is a online data API service that allows users to search for publicly available BGP archive files by time, collector, proj

BGPKIT 9 Oct 15, 2022
Devops kafka topics like files with kls, ktail, khead and kecho

Devops kafka topics like files with kls, ktail, khead and kecho

imotai 4 Dec 31, 2021
A library for decoding and encoding DirectDraw Surface files

A library for decoding and encoding DirectDraw Surface files. Currently handles decoding some uncompressed DX9 formats, as well as DXT1-5. Supports encoding in the A8R8G8B8 format. Support for cubemaps and volumes, as well as DX10 is planned.

Shengqiu Li 1 Feb 18, 2022