chore: update to Node 24 and upgrade dependencies

.devcontainer/Dockerfile

@@ -1,6 +1,6 @@
 # Based of https://github.com/devcontainers/images/blob/main/src/javascript-node/.devcontainer/Dockerfile
 
-ARG VARIANT=22-bookworm
+ARG VARIANT=24-bookworm
 FROM node:${VARIANT}
 
 ARG USERNAME=node

.devcontainer/app-init.sh

@@ -4,6 +4,7 @@ cd /workspace
 
 echo "Disabling git info in terminal..."
 git config codespaces-theme.hide-status 1
+git config devcontainers-theme.hide-status 1
 git config oh-my-zsh.hide-info 1
 
 echo "Waiting for DB container to come online..."

.devcontainer/devcontainer.json

@@ -59,7 +59,7 @@
 			"upgradePackages": "true"
 		},
     "ghcr.io/devcontainers/features/node:1": {
-      "version": "none"
+      "version": "24"
     },
     "ghcr.io/devcontainers/features/git:1": {},
     "ghcr.io/joedmck/devcontainer-features/cloudflared:1": {}

.devcontainer/docker-compose.yml

@@ -7,7 +7,7 @@ services:
         # Update 'VARIANT' to pick an LTS version of Node.js: 18, 16, 14, 12.
         # Append -bullseye or -buster to pin to an OS version.
         # Use -bullseye variants on local arm64/Apple Silicon.
-        VARIANT: 22-bookworm
+        VARIANT: 24-bookworm
 
     volumes:
       - ..:/workspace
@@ -26,7 +26,7 @@ services:
     # (Adding the "ports" property to this file will not forward from a Codespace.)
 
   db:
-    image: postgres:16
+    image: postgres:17
     restart: unless-stopped
     volumes:
       - postgres-data:/var/lib/postgresql/data

dev/build/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20
+FROM node:24
 LABEL maintainer="requarks.io"
 
 RUN apt-get update && apt-get install -qy --no-install-recommends \

server/controllers/common.mjs

@@ -33,7 +33,7 @@ export default function () {
   /**
    * Site Asset
    */
-  router.get('/_site/:siteId?/:resource', async (req, res, next) => {
+  router.get('/_site{/:siteId}/:resource', async (req, res, next) => {
     const site = req.params.siteId ? WIKI.sites[req.params.siteId] : await WIKI.db.sites.getSiteByHostname({ hostname: req.hostname })
     if (!site) {
       return res.status(404).send('Site Not Found')
@@ -540,7 +540,7 @@ export default function () {
   //   }
   // })
 
-  router.get('/*', async (req, res, next) => {
+  router.get('/{*splat}', async (req, res, next) => {
     const site = await WIKI.db.sites.getSiteByHostname({ hostname: req.hostname })
 
     if (!site) {

server/core/servers.mjs

@@ -2,7 +2,7 @@ import fs from 'node:fs/promises'
 import http from 'node:http'
 import https from 'node:https'
 import { ApolloServer } from '@apollo/server'
-import { expressMiddleware } from '@apollo/server/express4'
+import { expressMiddleware } from '@as-integrations/express5'
 import { isEmpty } from 'lodash-es'
 import { Server as IoServer } from 'socket.io'
 import { ApolloServerPluginLandingPageLocalDefault, ApolloServerPluginLandingPageProductionDefault } from '@apollo/server/plugin/landingPage/default'
@@ -46,7 +46,7 @@ export default {
     })
 
     this.http.on('connection', conn => {
-      let connKey = `http:${conn.remoteAddress}:${conn.remotePort}`
+      const connKey = `http:${conn.remoteAddress}:${conn.remotePort}`
       this.connections.set(connKey, conn)
       conn.on('close', () => {
         this.connections.delete(connKey)
@@ -113,7 +113,7 @@ export default {
     })
 
     this.https.on('connection', conn => {
-      let connKey = `https:${conn.remoteAddress}:${conn.remotePort}`
+      const connKey = `https:${conn.remoteAddress}:${conn.remotePort}`
       this.connections.set(connKey, conn)
       conn.on('close', () => {
         this.connections.delete(connKey)
@@ -137,15 +137,17 @@ export default {
       csrfPrevention: true,
       cache: 'bounded',
       plugins: [
-        process.env.NODE_ENV === 'production' ? ApolloServerPluginLandingPageProductionDefault({
-          footer: false
-        }) : ApolloServerPluginLandingPageLocalDefault({
-          footer: false,
-          embed: {
-            endpointIsEditable: false,
-            runTelemetry: false
-          }
-        })
+        process.env.NODE_ENV === 'production'
+          ? ApolloServerPluginLandingPageProductionDefault({
+            footer: false
+          })
+          : ApolloServerPluginLandingPageLocalDefault({
+            footer: false,
+            embed: {
+              endpointIsEditable: false,
+              runTelemetry: false
+            }
+          })
         // ApolloServerPluginDrainHttpServer({ httpServer: this.http })
         // ...(this.https && ApolloServerPluginDrainHttpServer({ httpServer: this.https }))
       ]
@@ -162,20 +164,20 @@ export default {
   /**
    * Start Socket.io WebSocket Server
    */
-  async initWebSocket() {
+  async initWebSocket () {
     if (this.https) {
       this.ws = new IoServer(this.https, {
         path: '/_ws/',
         serveClient: false
       })
-      WIKI.logger.info(`WebSocket Server attached to HTTPS Server [ OK ]`)
+      WIKI.logger.info('WebSocket Server attached to HTTPS Server [ OK ]')
     } else {
       this.ws = new IoServer(this.http, {
         path: '/_ws/',
         serveClient: false,
         cors: true // TODO: dev only, replace with app settings once stable
       })
-      WIKI.logger.info(`WebSocket Server attached to HTTP Server [ OK ]`)
+      WIKI.logger.info('WebSocket Server attached to HTTP Server [ OK ]')
     }
   },
   /**
@@ -183,7 +185,7 @@ export default {
    */
   closeConnections (mode = 'all') {
     for (const [key, conn] of this.connections) {
-      if (mode !== `all` && key.indexOf(`${mode}:`) !== 0) {
+      if (mode !== 'all' && key.indexOf(`${mode}:`) !== 0) {
         continue
       }
       conn.destroy()

server/graph/resolvers/system.mjs

@@ -223,6 +223,10 @@ export default {
     },
     async installExtension (obj, args, context) {
       try {
+        if (!WIKI.auth.checkAccess(context.req.user, ['manage:system'])) {
+          throw new Error('ERR_FORBIDDEN')
+        }
+
         await WIKI.extensions.ext[args.key].install()
         // TODO: broadcast ext install
         return {

server/graph/resolvers/user.mjs

@@ -1,5 +1,5 @@
 import { generateError, generateSuccess } from '../../helpers/graph.mjs'
-import _, { isNil } from 'lodash-es'
+import { find, isNil, mapValues, transform } from 'lodash-es'
 import path from 'node:path'
 import fs from 'fs-extra'
 import { DateTime } from 'luxon'
@@ -67,7 +67,7 @@ export default {
       // usr.providerName = str.displayName
       // usr.providerIs2FACapable = _.get(str, 'strategy.useForm', false)
 
-      usr.auth = _.mapValues(usr.auth, (auth, providerKey) => {
+      usr.auth = mapValues(usr.auth, (auth, providerKey) => {
         if (auth.password) {
           auth.password = 'redacted'
         }
@@ -153,7 +153,7 @@ export default {
           throw new Error('ERR_FORBIDDEN')
         }
 
-        if (args.id <= 2) {
+        if (args.id === WIKI.auth.guest.id) {
           throw new WIKI.Error.UserDeleteProtected()
         }
         await WIKI.db.users.deleteUser(args.id, args.replaceId)
@@ -165,11 +165,7 @@ export default {
           operation: generateSuccess('User deleted successfully')
         }
       } catch (err) {
-        if (err.message.indexOf('foreign') >= 0) {
-          return generateError(new WIKI.Error.UserDeleteForeignConstraint())
-        } else {
-          return generateError(err)
-        }
+        return generateError(err)
       }
     },
     async updateUser (obj, args, context) {
@@ -371,7 +367,7 @@ export default {
         const destFolder = path.resolve(
           process.cwd(),
           WIKI.config.dataPath,
-          `assets`
+          'assets'
         )
         const destPath = path.join(destFolder, `userav-${args.id}.jpg`)
         await fs.ensureDir(destFolder)
@@ -451,22 +447,24 @@ export default {
   User: {
     async auth (usr, args, context) {
       const authStrategies = await WIKI.db.authentication.getStrategies({ enabledOnly: true })
-      return _.transform(usr.auth, (result, value, key) => {
-        const authStrategy = _.find(authStrategies, ['id', key])
-        const authModule = _.find(WIKI.data.authentication, ['key', authStrategy.module])
+      return transform(usr.auth, (result, value, key) => {
+        const authStrategy = find(authStrategies, ['id', key])
+        const authModule = find(WIKI.data.authentication, ['key', authStrategy.module])
         if (!authStrategy || !authModule) { return }
         result.push({
           authId: key,
           authName: authStrategy.displayName,
           strategyKey: authStrategy.module,
           strategyIcon: authModule.icon,
-          config: authStrategy.module === 'local' ? {
-            isPasswordSet: value.password?.length > 0,
-            isTfaSetup: value.tfaIsActive && value.tfaSecret?.length > 0,
-            isTfaRequired: (value.tfaRequired || authStrategy.config.enforceTfa) ?? false,
-            mustChangePwd: value.mustChangePwd ?? false,
-            restrictLogin: value.restrictLogin ?? false
-          } : value
+          config: authStrategy.module === 'local'
+            ? {
+                isPasswordSet: value.password?.length > 0,
+                isTfaSetup: value.tfaIsActive && value.tfaSecret?.length > 0,
+                isTfaRequired: (value.tfaRequired || authStrategy.config.enforceTfa) ?? false,
+                mustChangePwd: value.mustChangePwd ?? false,
+                restrictLogin: value.restrictLogin ?? false
+              }
+            : value
         })
       }, [])
     },

server/index.mjs

@@ -14,8 +14,8 @@ import logger from './core/logger.mjs'
 
 const nanoid = customAlphabet('1234567890abcdef', 10)
 
-if (!semver.satisfies(process.version, '>=20')) {
-  console.error('ERROR: Node.js 20.x or later required!')
+if (!semver.satisfies(process.version, '>=24')) {
+  console.error('ERROR: Node.js 24.x or later required!')
   process.exit(1)
 }
 

server/package.json

@@ -36,70 +36,71 @@
     "node": ">=18.0"
   },
   "dependencies": {
-    "@apollo/server": "4.11.3",
-    "@azure/storage-blob": "12.27.0",
+    "@apollo/server": "5.0.0",
+    "@as-integrations/express5": "1.1.2",
+    "@azure/storage-blob": "12.28.0",
     "@exlinc/keycloak-passport": "1.0.2",
-    "@graphql-tools/schema": "10.0.23",
-    "@graphql-tools/utils": "10.8.6",
+    "@graphql-tools/schema": "10.0.25",
+    "@graphql-tools/utils": "10.9.1",
     "@hexagon/base64": "2.0.4",
-    "@joplin/turndown-plugin-gfm": "1.0.61",
-    "@node-saml/passport-saml": "5.0.1",
+    "@joplin/turndown-plugin-gfm": "1.0.62",
+    "@node-saml/passport-saml": "5.1.0",
     "@root/csr": "0.8.1",
     "@root/keypairs": "0.10.3",
     "@root/pem": "1.0.4",
-    "@simplewebauthn/server": "13.1.1",
+    "@simplewebauthn/server": "13.1.2",
     "@vue-email/compiler": "0.8.14",
     "acme": "3.0.3",
     "akismet-api": "6.0.0",
     "aws-sdk": "2.1692.0",
     "bcryptjs": "3.0.2",
     "chalk": "5.4.1",
-    "cheerio": "1.0.0",
+    "cheerio": "1.1.2",
     "chokidar": "4.0.3",
     "chromium-pickle-js": "0.2.0",
     "clean-css": "5.3.3",
     "command-exists": "1.2.9",
-    "compression": "1.8.0",
+    "compression": "1.8.1",
     "connect-session-knex": "5.0.0",
     "cookie-parser": "1.4.7",
     "cors": "2.8.5",
-    "cron-parser": "5.0.6",
+    "cron-parser": "5.3.0",
     "cuint": "0.2.2",
     "custom-error-instance": "2.1.2",
     "dependency-graph": "1.0.0",
-    "diff": "7.0.0",
-    "diff2html": "3.4.51",
-    "dompurify": "3.2.4",
-    "dotize": "0.3.0",
+    "diff": "8.0.2",
+    "diff2html": "3.4.52",
+    "dompurify": "3.2.6",
+    "dotize": "0.6.0",
     "emoji-regex": "10.4.0",
     "eventemitter2": "6.4.9",
-    "express": "4.21.2",
+    "express": "5.1.0",
     "express-brute": "1.0.1",
-    "express-session": "1.18.1",
-    "file-type": "20.4.1",
-    "filesize": "10.1.6",
+    "express-session": "1.18.2",
+    "file-type": "21.0.0",
+    "filesize": "11.0.2",
     "fs-extra": "11.3.0",
     "getos": "3.2.1",
-    "graphql": "16.10.0",
+    "graphql": "16.11.0",
     "graphql-list-fields": "2.0.4",
     "graphql-rate-limit-directive": "2.0.6",
-    "graphql-tools": "9.0.18",
+    "graphql-tools": "9.0.20",
     "graphql-upload": "17.0.0",
     "gray-matter": "4.0.3",
     "he": "1.2.0",
     "highlight.js": "11.11.1",
-    "image-size": "2.0.1",
+    "image-size": "2.0.2",
     "js-base64": "3.7.7",
     "js-binary": "1.2.0",
     "js-yaml": "4.1.0",
-    "jsdom": "26.0.0",
+    "jsdom": "26.1.0",
     "jsonwebtoken": "9.0.2",
-    "katex": "0.16.21",
+    "katex": "0.16.22",
     "klaw": "4.1.0",
     "knex": "3.1.0",
     "lodash": "4.17.21",
     "lodash-es": "4.17.21",
-    "luxon": "3.5.0",
+    "luxon": "3.7.1",
     "markdown-it": "14.1.0",
     "markdown-it-abbr": "2.0.0",
     "markdown-it-attrs": "4.3.1",
@@ -109,21 +110,21 @@
     "markdown-it-footnote": "4.0.0",
     "markdown-it-imsize": "2.0.1",
     "markdown-it-mark": "4.0.0",
-    "markdown-it-mdc": "0.2.5",
+    "markdown-it-mdc": "0.2.6",
     "markdown-it-multimd-table": "4.2.3",
     "markdown-it-sub": "2.0.0",
     "markdown-it-sup": "2.0.0",
     "markdown-it-task-lists": "2.1.1",
     "mathjax": "3.2.2",
-    "mime-types": "2.1.35",
+    "mime-types": "3.0.1",
     "ms": "2.1.3",
-    "multer": "1.4.5-lts.2",
+    "multer": "2.0.2",
     "nanoid": "5.1.5",
     "node-2fa": "2.0.3",
     "node-cache": "5.1.2",
-    "nodemailer": "6.10.0",
+    "nodemailer": "7.0.5",
     "objection": "3.1.5",
-    "octokit": "4.1.2",
+    "octokit": "5.0.3",
     "passport": "0.7.0",
     "passport-auth0": "1.4.4",
     "passport-cas": "0.1.1",
@@ -143,44 +144,43 @@
     "passport-slack-oauth2": "1.2.0",
     "passport-twitch-strategy": "2.2.0",
     "pem-jwk": "2.0.0",
-    "pg": "8.14.1",
+    "pg": "8.16.3",
     "pg-hstore": "2.3.4",
     "pg-pubsub": "0.8.1",
-    "pg-query-stream": "4.8.1",
+    "pg-query-stream": "4.10.3",
     "pg-tsquery": "8.4.2",
-    "poolifier": "4.4.5",
+    "poolifier": "5.1.0",
     "prom-client": "15.1.3",
     "punycode": "2.3.1",
-    "puppeteer-core": "24.4.0",
+    "puppeteer-core": "24.15.0",
     "qr-image": "3.2.0",
-    "remove-markdown": "0.6.0",
+    "remove-markdown": "0.6.2",
     "safe-regex": "2.1.1",
     "sanitize-filename": "1.6.3",
     "scim-query-filter-parser": "2.0.4",
-    "semver": "7.7.1",
-    "serve-favicon": "2.5.0",
-    "sharp": "0.33.5",
-    "simple-git": "3.27.0",
+    "semver": "7.7.2",
+    "serve-favicon": "2.5.1",
+    "sharp": "0.34.3",
+    "simple-git": "3.28.0",
     "socket.io": "4.8.1",
     "striptags": "3.2.0",
-    "tar-fs": "3.0.8",
+    "tar-fs": "3.1.0",
     "turndown": "7.2.0",
     "twemoji": "14.0.2",
-    "ufo": "1.5.4",
+    "ufo": "1.6.1",
     "uslug": "1.0.4",
     "uuid": "11.1.0",
     "validate.js": "0.13.1",
-    "vue": "3.5.13",
-    "xss": "1.0.15",
-    "yargs": "17.7.2"
+    "vue": "3.5.18",
+    "xss": "1.0.15"
   },
   "devDependencies": {
-    "eslint": "9.23.0",
-    "eslint-plugin-import": "2.31.0",
+    "eslint": "9.32.0",
+    "eslint-plugin-import": "2.32.0",
     "eslint-plugin-node": "11.1.0",
     "eslint-plugin-promise": "7.2.1",
-    "neostandard": "0.12.1",
-    "nodemon": "3.1.9"
+    "neostandard": "0.12.2",
+    "nodemon": "3.1.10"
   },
   "overrides": {
     "@graphql-tools/utils": "10.5.5"

server/web.mjs

@@ -93,7 +93,7 @@ export async function init () {
     next()
   })
   app.use(cors({ origin: false }))
-  app.options('*', cors({ origin: false }))
+  app.options('/{*splat}', cors({ origin: false }))
   if (WIKI.config.security.securityTrustProxy) {
     app.enable('trust proxy')
   }

ux/package.json

@@ -11,11 +11,11 @@
     "build": "NODE_OPTIONS=--max-old-space-size=8192 vite build --emptyOutDir"
   },
   "dependencies": {
-    "@apollo/client": "3.13.5",
+    "@apollo/client": "3.13.8",
     "@lezer/common": "1.2.3",
     "@mdi/font": "7.4.47",
-    "@quasar/extras": "1.16.17",
-    "@simplewebauthn/browser": "13.1.0",
+    "@quasar/extras": "1.17.0",
+    "@simplewebauthn/browser": "13.1.2",
     "@tiptap/core": "2.11.5",
     "@tiptap/extension-code-block": "2.11.5",
     "@tiptap/extension-code-block-lowlight": "2.11.5",
@@ -44,23 +44,23 @@
     "@vue/repl": "3.4.0",
     "@xterm/xterm": "5.5.0",
     "apollo-upload-client": "18.0.1",
-    "browser-fs-access": "0.35.0",
+    "browser-fs-access": "0.38.0",
     "clipboard": "2.0.11",
     "codemirror": "5.65.11",
     "codemirror-asciidoc": "1.0.4",
     "dependency-graph": "1.0.0",
-    "filesize": "10.1.6",
+    "filesize": "11.0.2",
     "filesize-parser": "1.5.1",
     "fuse.js": "7.1.0",
-    "graphql": "16.10.0",
+    "graphql": "16.11.0",
     "graphql-tag": "2.12.6",
     "highlight.js": "11.11.1",
     "js-cookie": "3.0.5",
     "jwt-decode": "4.0.0",
-    "katex": "0.16.21",
+    "katex": "0.16.22",
     "lodash-es": "4.17.21",
     "lowlight": "3.3.0",
-    "luxon": "3.5.0",
+    "luxon": "3.7.1",
     "markdown-it": "14.1.0",
     "markdown-it-abbr": "2.0.0",
     "markdown-it-attrs": "4.3.1",
@@ -70,7 +70,7 @@
     "markdown-it-footnote": "4.0.0",
     "markdown-it-imsize": "2.0.1",
     "markdown-it-mark": "4.0.0",
-    "markdown-it-mdc": "0.2.5",
+    "markdown-it-mdc": "0.2.6",
     "markdown-it-multimd-table": "4.2.3",
     "markdown-it-sub": "2.0.0",
     "markdown-it-sup": "2.0.0",
@@ -78,17 +78,17 @@
     "mitt": "3.0.1",
     "monaco-editor": "0.52.2",
     "pako": "2.1.0",
-    "pinia": "3.0.1",
-    "prosemirror-commands": "1.7.0",
+    "pinia": "3.0.3",
+    "prosemirror-commands": "1.7.1",
     "prosemirror-history": "1.4.1",
-    "prosemirror-keymap": "1.2.2",
-    "prosemirror-model": "1.25.0",
+    "prosemirror-keymap": "1.2.3",
+    "prosemirror-model": "1.25.2",
     "prosemirror-schema-list": "1.5.1",
     "prosemirror-state": "1.4.3",
-    "prosemirror-transform": "1.10.3",
-    "prosemirror-view": "1.38.1",
+    "prosemirror-transform": "1.10.4",
+    "prosemirror-view": "1.40.1",
     "pug": "3.0.3",
-    "quasar": "2.18.1",
+    "quasar": "2.18.2",
     "slugify": "1.6.6",
     "socket.io-client": "4.8.1",
     "sortablejs": "1.15.6",
@@ -96,34 +96,34 @@
     "tabulator-tables": "6.3.1",
     "tippy.js": "6.3.7",
     "twemoji": "14.0.2",
-    "typescript": "5.8.2",
+    "typescript": "5.8.3",
     "uuid": "11.1.0",
-    "v-network-graph": "0.9.20",
-    "vue": "3.5.13",
-    "vue-i18n": "11.1.2",
-    "vue-router": "4.5.0",
-    "vue3-otp-input": "0.5.21",
+    "v-network-graph": "0.9.21",
+    "vue": "3.5.18",
+    "vue-i18n": "11.1.11",
+    "vue-router": "4.5.1",
+    "vue3-otp-input": "0.5.40",
     "vuedraggable": "4.1.0",
     "zxcvbn": "4.4.2"
   },
   "devDependencies": {
-    "@eslint/js": "9.23.0",
-    "@intlify/unplugin-vue-i18n": "6.0.5",
-    "@quasar/app-vite": "2.1.4",
-    "@quasar/vite-plugin": "1.9.0",
-    "@types/lodash": "4.17.16",
-    "@vue/devtools": "7.7.2",
-    "@vue/language-plugin-pug": "2.2.8",
+    "@eslint/js": "9.32.0",
+    "@intlify/unplugin-vue-i18n": "6.0.8",
+    "@quasar/app-vite": "2.3.0",
+    "@quasar/vite-plugin": "1.10.0",
+    "@types/lodash": "4.17.20",
+    "@vue/devtools": "7.7.7",
+    "@vue/language-plugin-pug": "3.0.4",
     "autoprefixer": "10.4.21",
     "browserlist": "latest",
-    "eslint": "9.23.0",
-    "eslint-plugin-import": "2.31.0",
-    "eslint-plugin-n": "17.16.2",
+    "eslint": "9.32.0",
+    "eslint-plugin-import": "2.32.0",
+    "eslint-plugin-n": "17.21.0",
     "eslint-plugin-promise": "7.2.1",
-    "eslint-plugin-vue": "10.0.0",
-    "eslint-plugin-vue-pug": "1.0.0-alpha.2",
-    "neostandard": "0.12.1",
-    "sass": "1.86.0"
+    "eslint-plugin-vue": "10.3.0",
+    "eslint-plugin-vue-pug": "1.0.0-alpha.3",
+    "neostandard": "0.12.2",
+    "sass": "1.89.2"
   },
   "engines": {
     "node": ">= 18.0",