Fix default value for CQ part:
If the subscriber has call queue activated, use their wrap-up time
as the default value; otherwise, set the default value to 10.
Change-Id: I1e11417690d4119ce396939721cbc96f6c5ef9b8
(cherry picked from commit 6e1140713d)
(cherry picked from commit c65cdde20f)
- Removed `crypto-browserify` from package.json and quasar.config.js
(unused webpack polyfill that was bundling vulnerable bn.js and
elliptic into the production build)
Bumped up packages:
* glob
* globals
* jest
* @quasar/app-webpack
Yarn resolutions added
- `serialize-javascript: ^7.0.3` — fixes high-severity RCE vulnerability
via RegExp.flags/Date.toISOString() (CVE in terser-webpack-plugin and
@quasar/ssr-helpers paths)
- `**/postcss-svgo/svgo: ^4.0.1` — fixes high-severity Billion Laughs
DoS (XML entity expansion) in cssnano's SVG optimization pipeline
- `dot-object/minimatch: ^3.1.2` — fixes high-severity ReDoS in
dot-object's glob dependency
- `**/flatted: 3.4.0` — fixes high-severity unbounded recursion DoS
in eslint and eslint-webpack-plugin's caching layer
What remains (30 vulnerabilities — all upstream-blocked)
The remaining vulnerabilities are entirely confined to dev-only
tooling and cannot be fixed without upstream releases:
- minimatch ReDoS across jest, @vue/test-utils, jest-serializer-vue,
@quasar/app-webpack, @quasar/quasar-app-extension-testing-unit-jest
- ajv ReDoS across eslint, eslint-webpack-plugin, @quasar/app-webpack
- webpack SSRF (buildHttp feature, not used in this project)
- qs DoS in webpack-dev-server's express (local dev only)
- esbuild dev server CORS issue (local dev only)
- vue-template-compiler XSS (no patch available upstream)
- tmp symlink issue, @tootallnate/once control flow (test tooling only)
Change-Id: I72f34757538f97bb3495a57d7f0263df58102f1e
(cherry picked from commit 1ebe3c0683)
(cherry picked from commit 02f055d921)
Remove the use of apiv2 for the customer phonebook
requests as teh endpoint is not available on mr12.5.x.
NGCP-Flow: mr12.5
Change-Id: Icebc58dac2a49f015a05b0f9d74e90c498ce4a9b
(cherry picked from commit 336456d196)
removeCustomerPhonebook was called with wrong argument.
NGCP-Flow: mr12.5
Change-Id: Ic55e2038b7556e1fd4bd75bb0f763268616fc6c5
(cherry picked from commit 722c30df44)
apiGet and apiPost assign the full options
object to the variable path
rather then options.path
In this commit we fix the bug.
Change-Id: I2379c4038a7fb70183ad2c6a25252413895122ad
(cherry picked from commit 38c2f37c1a)
(cherry picked from commit 3a337bb599)
- Convert all actions from .then()/.catch() chains to async/await
- Extract savePreference() helper to centralise error handling and
state commits, avoiding repetition across every action
- Extract updateBooleanPreference() helper. It covers the following
scenarios:
* new value is false: remove PATCH property in DB
* new value is true: add PATCH property in DB
* new value is true AND the value already exist in the
customer preferences: replace PATCH to amend property in DB
(added to avoid regression introduced by previous code, which
saved a property as false instead of removing it)s
- Add proper add/set/remove logic to updateBlockInList,
updateBlockOutList and updateBlockOutOverridePin: previously all
three always called setCustomerPreference regardless of whether the
preference existed or was empty
- Split logic to add, remove and edit customer preferences
Change-Id: Ie419de31631b9ef1b06653446dfbe1a33a10c225
(cherry picked from commit 58e7a88272)
(cherry picked from commit 0511581933)
* Implemented priority flow as sort -> normalize to 0..n-1
across fetch/create/edit/remove
* On creation handles priority incrementally
* On edit, arranges and normalizes (if needed) priority values
* Enforced the same move rules in store action (moveDestination)
to block invalid reorders.
* Removes references to LocalSubscriber
* Fixes unit tests
Change-Id: Ib64cc30ea75141692085ec38df5c528565389469
(cherry picked from commit 38d6e2089c)
(cherry picked from commit f0d78c695f)
The CF to Local Subscriber feature has been removed
in ticket MT#59011 but never deleted from CSC.
Change-Id: I1ed32c4db3e4ee2e0be8ab2218efe0ec48c3a098
(cherry picked from commit 8c51d8f041)
(cherry picked from commit 89d30653fd)
Add the query param ?create_primary_acli=false
to PATCH /api/numbers/{id} as default
behaviour.
Change-Id: Ib05602ed7850a19c4a984576fd3645ec158c4b0d
(cherry picked from commit 7cb3addfb9)
(cherry picked from commit f3ef723269)
Our nightly tests flagged the fact that
the feature was unstable and unrealiable.
Changes:
* Extract subscriber phonebook api and state
* Change direct use of http in the sub-phonebook
method to use the relevant method in common.js
* Simplify logic to PATCH single properties
with a unique PUT in the Phonebook entry form
* Amend getList, handleResponseError and
put to allow use with API v2 endpoints
* Amend translations and methods to replace
"phonebook" with "phonebook entry" where
necessary
Change-Id: I189d45fe426a1ded400a251d7efdfa72f76f9061
(cherry picked from commit ff40864da0)
(cherry picked from commit 8eb8cfb10d)
Update axios to version 1.13.5 to fix a
denial‑of‑service issue in mergeConfig when
using malicious config object.
Change-Id: I4c1d2b3de42d7ab854ffaaee07e30fcb98d4cadc
(cherry picked from commit d62d29bfc1)
(cherry picked from commit 3433a194b9)
- Keep callNumberInput getter returning full input for display purposes
- Use callNumberNormalized getter to strip domain before making calls
- Add callNumberNormalized to component's mapped getters
- Update startCall validation to use normalized number
Change-Id: I4172a4f426bf7f827e3ff717a901b8a64f4264d1
(cherry picked from commit afd3e09d55)
(cherry picked from commit 85061c3081)
- force @isaacs/brace-expansion 5.0.1 (patches minimatch/glob issue)
- force qs 6.14.1 (patches express/body-parser issue from quasar tooling)
- force tar 7.5.7 (patches node-gyp/tar issue pulled via npm)
- note: npm itself has no patch plus the dep was not used so we
removed it.
Change-Id: Ic145cbc509d80cf9d96b9a053de1ce0a7d8dc5a8
(cherry picked from commit cecc11ab30)
(cherry picked from commit 60ab5cd2a1)
This reverts commit b70ea928dd.
NGCP-Flow: mr12.5
Reason for revert: The new Quasar is struggling to resolve assets path's and crashes the app.
Change-Id: Id4d53d9f660c02c77642c0e5feb455caa0b56a81
(cherry picked from commit 69c8b370f8)
The custom announcements were not showing in
the CF menu under the PBXGroup section
because the action to load the announcements
was missing from the mounting hook.
Change-Id: I5813f2ce4471aa5a51ebc08ed3cdc08bde16b931
(cherry picked from commit acd9d84724)
(cherry picked from commit af96841727)
Trickle ICE candidate updates were not sent through
to kamailio/rtpengine. This was happening because
there was not ICE configuration.
Change-Id: I2a3ae1ab92ac9d6e766bd46915930fd553a6ff26
(cherry picked from commit ed162e8e56)
(cherry picked from commit 4733b2c363)
This update introduced many breaking changes.
Listed here the most important ones:
* quasar.conf.js file has been renamed
quasar.config.js.
* Quasar v4 replaced the old /src/index.template.html
with a new /index.html at the root of the project.
The special comment <!-- quasar:entry-point -->
is used to inject scripts/styles automatically.
* Use setupMiddlewares instead of onBeforeSetupMiddleware.
* proxy is now an array of proxy config objects.
* Dropped support for Vuex. We can still use Vuex as any
Vue plugin, but we have to manage everything (installing the
store, no store parameter in boot files, etc.).
We'll migrate to Pinia asap.
* Updated postcssrc according to docs
Change-Id: I585a3e2d17f666d9ca2773fa446d644f0fc201a2
(cherry picked from commit 72d36d22ab)
(cherry picked from commit b70ea928dd)
* Run yarn outdated and run through the list
to upgrade all libs but @quasar/app-webpack
and related libs. this will be done in a
separate commit.
* Remove parseuri because it is not used anywhere
in fact the project has a custom SIP URI parsing
implementation in sip-uri-parse.js.
* Remove jwt-decode because it is not used in fact
JWT decoding is manually implemented using native
browser functions.
* Updating to glob@11 where the glob.sync() method
is no longer accessible, but requires to be
imported directly from globModule.
* Remove eventsource:
- No Direct Usage: I could not find any direct imports,
requires, or uses of the eventsource package or
EventSource APIs in the codebase.
- Security Updates: The package was updated on
January 11, 2023, from version 1.1.1 to 2.0.2 as
part of a security updates (MT#56339).
- No Indirect Dependencies: The yarn why eventsource
command confirmed that no other packages depend on
eventsource.
- No Build Process Integration: I didn't find any
references to eventsource in the build config files
or webpack configurations.
- No SSE Implementation: While we handle media streams
for calls, in my understanding they use WebRTC or
similar technologies, not Server-Sent Events which,
in my understanding, is what eventsource is designed
for.
* Remove eslint-plugin-standard as it's not longer needed
by standard and eslint-config-standard.
* Upgrading eslint-plugin-vue required adding
vue-eslint-parser as a peer dependency and
required some changes to since new warnings.
Change-Id: I8f582275ae344f0ede7520136deba30c4d94ffd7
(cherry picked from commit bc75777bae)
(cherry picked from commit e896edfb38)
Migrating from ^8.10.0 to 9.14.0 had breaking changes.
* We moved to a flat configuration and changed the amended the script to run lint.
* We upgraded all eslint relevant libraries/plugins.
* We opened another ticket to review all the console.log/debug/info present in the repo.
Change-Id: Ie1e2c1ef49fc09cddbd9cc639505a1a65917bd35
(cherry picked from commit e935071c95)
(cherry picked from commit 7f207e4462)
Bump axios from previous version to 1.13.1 for security and stability improvements
Change-Id: I3855f02d71837f0b6c7e86590f6b8e5ab16d2cb4
(cherry picked from commit 3a6f992f4a)
(cherry picked from commit a779465321)
* Adds new messages for CE users to replace the
"No Calls, Voicemails or Faxes found" greeting
and "Calls, Faxes, VoiceMails" submenu item with
"No Calls or Voicemails found" and "Calls, VoiceMails"
respectively
* Adds translations for both the "No Calls or Voicemails found"
and "Calls, VoiceMails" messages
* Fixes typo in the word occurred on en.json
* Fixes some French and Spanish translation errors
* Fixes the call Cost formatting under CscCallItem.vue
Change-Id: I0da1dbf78ea1a609a0e1861fa1c14ee41a41d563
(cherry picked from commit 4d92ef013e)
(cherry picked from commit 93bd12d00f)
The issue was caused by a conditional(v-if=!menuMinimized) inside the <q-toolbar>.
menuMinimized property controls whether the side menu is collapsed
or expanded and affects multiple components.
When it changes (on hover or pin toggle), the layout width updates,
which can trigger the ResizeObserver.
Using v-if was recreating/destroying the element each time,
causing unnecessary layout recalculations.
The solution is to replace it with v-show="!menuPinned" which keeps
the element in the DOM (only toggles display), preventing extra
ResizeObserver triggers and making transitions smoother.
Change-Id: I2e544bb0451cc6a17a4bbeaf482ce678173adcd4
(cherry picked from commit 69e43c898e)
(cherry picked from commit a9e8b47641)
Sipwise Jenkins Builder
nidrissi-zouggari
Debora Crescenzo
Nico Schedel
Giancarlo Errigo Mattos
Hugo Zigha