Merge remote-tracking branch 'origin/next' into SER-2219-name-input-improvement

Author: gabrieloliveirapinto

CHANGELOG.md

@@ -132,6 +132,27 @@ Enterprise Features:
 - [users] UI improvements
 - [views] Added a quick transition to drill
 
+## Version 24.05.20
+Fixes:
+- [push] Fixed bug where IOS credentials get mixed up while sending messages from different apps at the same time
+- [push] Fixed bug where it crashes in connection pool growth because of a type mismatch in an if condition
+
+Security:
+- [cohorts] Prevent query injection on cohort creation
+
+Dependencies:
+- Bump countly-sdk-nodejs from 22.6.0 to 24.10.0
+- Bump countly-sdk-web from 24.4.1 to 24.11.0
+- Bump express from 4.21.1 to 4.21.2
+- Bump form-data from 4.0.0 to 4.0.1
+- Bump jimp from 0.22.12 to 1.6.0
+- Bump jsdoc from 4.0.3 to 4.0.4
+- Bump mocha from 10.2.0 to 10.8.2
+- Bump mongodb from 4.9.1 to 4.17.2
+- Bump nodemailer from 6.9.15 to 6.9.16
+- Bump puppeteer from 23.8.0 to 23.9.0
+- Bump tslib from 2.7.0 to 2.8.1
+
 ## Version 24.05.19
 Fixes:
 - [dashboards] Fixing issue where dashboard widgets go into single column

plugins/star-rating/api/api.js

@@ -722,9 +722,15 @@ function uploadFile(myfile, id, callback) {
                             if (!changes.targeting) {
                                 changes.targeting = {};
                             }
+                            if (!changes.targeting.user_segmentation) {
+                                changes.targeting.user_segmentation = '{"query":{},"queryText":""}';
+                            }
+                            if (!changes.targeting.steps) {
+                                changes.targeting.steps = '[]';
+                            }
                             changes.targeting.app_id = params.app_id + "";//has to be string
                             // eslint-disable-next-line
-                            createCohort(params, type, widgetId, changes.targeting, function(cohortId) { //create cohort using this 
+                            createCohort(params, type, widgetId, changes.targeting, function(cohortId) { //create cohort using this
                                 if (cohortId) {
                                     //update widget record to have this cohortId
                                     common.db.collection("feedback_widgets").findAndModify({ "_id": widgetId }, {}, { $set: { "cohortID": cohortId } }, function(/*err, widget*/) {

ui-tests/cypress/lib/dashboard/manage/configurations/configurations.js

@@ -725,7 +725,7 @@ const verifyPageElements = () => {
 
     cy.verifyElement({
         element: configurationsListBoxElements({ subFeature: SETTINGS.SECURITY.API_ADDITIONAL_HEADERS }).SELECTED_SUBFEATURE_TEXTAREA,
-        value: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nAccess-Control-Allow-Origin:*",
+        value: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nAccess-Control-Allow-Origin:*",
     });
 
     cy.verifyElement({
@@ -740,7 +740,7 @@ const verifyPageElements = () => {
 
     cy.verifyElement({
         element: configurationsListBoxElements({ subFeature: SETTINGS.SECURITY.DASHBOARD_ADDITIONAL_HEADERS }).SELECTED_SUBFEATURE_TEXTAREA,
-        value: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000 ; includeSubDomains\nX-Content-Type-Options: nosniff"
+        value: "X-Frame-Options:deny\nX-XSS-Protection:1; mode=block\nStrict-Transport-Security:max-age=31536000; includeSubDomains; preload\nX-Content-Type-Options: nosniff"
     });
 
     cy.verifyElement({
@@ -1844,4 +1844,4 @@ const verifyPageElements = () => {
 
 module.exports = {
     verifyPageElements
-};
+};