#2052: update vulnerable npm dependencies (npm audit fix)

.dev/.stylelintrc.js

@@ -1,15 +1,13 @@
 module.exports = {
-  extends: 'stylelint-config-standard',
-  plugins: [
-    "stylelint-scss"
-  ],
+  extends: 'stylelint-config-standard-scss',
   rules: {
-    "indentation": [2],
-    "number-leading-zero": null,
     // Replace CSS @ with SASS ones
     "at-rule-no-unknown": null,
     "scss/at-rule-no-unknown": true,
     // not compatible with SASS apparently
+    "color-function-notation": null,
+    "media-feature-range-notation": 'prefix',
+    "shorthand-property-no-redundant-values": null,
     "no-descending-specificity": null
   },
 }

.github/workflows/ci.yml

@@ -20,7 +20,7 @@ jobs:
         run: sudo apt-get install gettext
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
@@ -63,12 +63,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
         with:
-          node-version: '14.x'
+          node-version: 18
 
       - name: Yarn install
         run: yarnpkg install
@@ -86,12 +86,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: '3.10'
 
       - name: Build documentation
         run: make htmldoc
@@ -100,7 +100,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run trivy scanner on repository (non-blocking)
         run: make test_trivy_repo TRIVY_EXIT_CODE=0

.github/workflows/docker-latest.yml

@@ -7,33 +7,33 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
         if: github.repository == 'shaarli/Shaarli'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Login to GitHub Container Registry
         if: github.repository == 'shaarli/Shaarli'
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set shaarli version to the latest commit hash
         run: sed -i "s/dev/$(git rev-parse --short HEAD)/" shaarli_version.php
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: .
           push: ${{ github.repository == 'shaarli/Shaarli' }}

.github/workflows/docker-pr.yml

@@ -8,12 +8,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Build Docker image
         id: docker_build
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           push: false
           tags: shaarli/shaarli:pr-${{ github.event.number }}

.github/workflows/docker-tags.yml

@@ -13,9 +13,9 @@ jobs:
       - name: Get the tag name
         run: echo "REF=${GITHUB_REF##*/}" >> $GITHUB_ENV
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
         if: github.repository == 'shaarli/Shaarli'
@@ -33,7 +33,7 @@ jobs:
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           push: ${{ github.repository == 'shaarli/Shaarli' }}
           platforms: linux/amd64,linux/arm/v7

.github/workflows/trivy-release.yml

@@ -10,7 +10,7 @@ jobs:
     name: trivy scan (release composer/yarn dependencies)
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Run trivy scanner on repository
@@ -20,6 +20,6 @@ jobs:
     name: trivy scan (release docker image)
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Run trivy scanner on release docker image
         run: make test_trivy_docker TRIVY_TARGET_DOCKER_IMAGE=ghcr.io/shaarli/shaarli:release

Dockerfile

@@ -16,7 +16,7 @@ RUN cd shaarli \
 
 # Stage 3:
 # - Frontend dependencies
-FROM docker.io/node:12-alpine as node
+FROM docker.io/node:18-alpine as node
 COPY --from=composer /app/shaarli shaarli
 RUN cd shaarli \
     && yarnpkg install \
@@ -25,7 +25,7 @@ RUN cd shaarli \
 
 # Stage 4:
 # - Shaarli image
-FROM docker.io/alpine:3.18.6
+FROM docker.io/alpine:3.19.1
 LABEL maintainer="Shaarli Community"
 
 RUN apk --update --no-cache add \

application/bookmark/Bookmark.php

@@ -505,15 +505,19 @@ public function getAdditionalContentEntry(string $key, $default = null)
     }
 
     /**
-     * Rename a tag in tags list.
+     * Rename a tag in tags list. If the new tag already exists, merge them
      *
      * @param string $fromTag
      * @param string $toTag
      */
     public function renameTag(string $fromTag, string $toTag): void
     {
         if (($pos = array_search($fromTag, $this->tags ?? [])) !== false) {
-            $this->tags[$pos] = trim($toTag);
+            if (in_array($toTag, $this->tags ?? []) !== false) {
+                $this->deleteTag($fromTag);
+            } else {
+                $this->tags[$pos] = trim($toTag);
+            }
         }
     }
 

assets/default/scss/shaarli.scss

@@ -19,8 +19,8 @@ $orange: #f89406;
 $blue: #0b5ea6;
 $background-color: #d0d0d0;
 $background-linklist-info: #ddd;
-$light-shadow: rgba(255, 255, 255, .078);
-$dark-shadow: rgba(0, 0, 0, .298);
+$light-shadow: rgba(255, 255, 255, 7.8%);
+$dark-shadow: rgba(0, 0, 0, 29.8%);
 $warning-text: #97600d;
 $form-input-border: #d8d8d8;
 $form-input-background: #eee;
@@ -66,7 +66,7 @@ pre {
 }
 
 @font-face {
-  font-family: 'Roboto';
+  font-family: Roboto;
   font-weight: 400;
   font-style: normal;
   src:
@@ -76,7 +76,7 @@ pre {
 }
 
 @font-face {
-  font-family: 'Roboto';
+  font-family: Roboto;
   font-weight: 700;
   font-style: normal;
   src:
@@ -187,6 +187,7 @@ body,
   z-index: 999;
   background: var(--main-color);
   width: 100%;
+
   // Hack to transition with auto height: http://stackoverflow.com/a/8331169/1484919
   max-height: 45px;
   overflow: hidden;
@@ -320,7 +321,7 @@ body,
 
   input {
     &[type='text'] {
-      border: medium none currentColor;
+      border: medium none currentcolor;
       border-radius: 2px;
       box-shadow: 0 1px 0 $light-shadow, 0 1px 1px $dark-shadow inset;
       background: $almost-white;
@@ -329,7 +330,7 @@ body,
       height: 30px;
       color: $dark-grey;
 
-      &::-webkit-input-placeholder {
+      &::placeholder {
         color: $light-grey;
       }
     }
@@ -392,7 +393,7 @@ body,
 }
 
 %subheader-form-input {
-  border: medium none currentColor;
+  border: medium none currentcolor;
   border-radius: 2px;
   box-shadow: 0 1px 0 $light-shadow, 0 1px 4px $dark-shadow inset;
   background: $almost-white;
@@ -416,7 +417,7 @@ body,
     &[type='password'] {
       @extend %subheader-form-input;
 
-      &::-webkit-input-placeholder {
+      &::placeholder {
         color: $dark-grey;
       }
     }
@@ -472,7 +473,7 @@ body,
       width: 200px;
 
       // because chrome
-      &::-webkit-input-placeholder {
+      &::placeholder {
         color: $light-grey;
       }
     }
@@ -518,7 +519,7 @@ body,
 
   input {
     &[type='text'] {
-      border: medium none currentColor;
+      border: medium none currentcolor;
       border-radius: 2px;
       box-shadow: 0 1px 0 $light-shadow, 0 1px 1px $dark-shadow inset;
       background: $almost-white;
@@ -527,13 +528,13 @@ body,
       height: 30px;
       color: $dark-grey;
 
-      &::-webkit-input-placeholder {
+      &::placeholder {
         color: $light-grey;
       }
     }
 
     &[type='submit'] {
-      border: medium none currentColor;
+      border: medium none currentcolor;
       border-radius: 2px;
       background: $almost-white;
       padding: 0 10px;
@@ -637,7 +638,7 @@ body,
       @extend %linksperpage-button;
 
       margin: 0;
-      border: medium none currentColor;
+      border: medium none currentcolor;
       background: $almost-white;
       padding: 4px 5px 3px 8px;
       height: 20px;
@@ -995,15 +996,15 @@ body,
     &[type='text'] {
       @extend %page-form-input;
 
-      &::-webkit-input-placeholder {
+      &::placeholder {
         color: $light-grey;
       }
     }
 
     &[type='password'] {
       @extend %page-form-input;
 
-      &::-webkit-input-placeholder {
+      &::placeholder {
         color: $light-grey;
       }
     }
@@ -1530,9 +1531,6 @@ form {
 .b-lazy {
   transition: opacity 500ms ease-in-out;
   opacity: 0;
-  -webkit-transition: opacity 500ms ease-in-out;
-  -moz-transition: opacity 500ms ease-in-out;
-  -o-transition: opacity 500ms ease-in-out;
   min-width: 1px;
   min-height: 1px;
 
@@ -1624,11 +1622,6 @@ form {
   }
 }
 
-// Fix empty bookmarklet name in Firefox
-.pure-button {
-  -moz-user-select: auto;
-}
-
 .tag-sort {
   margin-top: 30px;
   text-align: center;
@@ -1790,7 +1783,7 @@ input[name='save_edit_batch'] {
   &::after {
     content: "";
     flex-grow: 1;
-    background: rgba(0, 0, 0, 0.35);
+    background: rgba(0, 0, 0, 35%);
     height: 1px;
     font-size: 0;
     line-height: 0;
@@ -1811,7 +1804,7 @@ input[name='save_edit_batch'] {
   height: 100%;
   width: 100%;
   z-index: 998;
-  background-color: rgba(0, 0, 0, .75);
+  background-color: rgba(0, 0, 0, 75%);
   color: #fff;
 
   .screen-center {

doc/md/dev/Development.md

@@ -277,7 +277,7 @@ Unit tests can be run inside [Docker](../Docker.md) containers.
 
 Test Dockerfiles are located under `tests/docker/<distribution>/Dockerfile`, and can be used to build Docker images to run Shaarli test suites under commonLinux environments. Dockerfiles are provided for the following environments:
 
-- [`alpine318`](https://github.com/shaarli/Shaarli/blob/master/tests/docker/alpine318/Dockerfile) - [Alpine Linux 3.18](https://www.alpinelinux.org/downloads/)
+- [`alpine319`](https://github.com/shaarli/Shaarli/blob/master/tests/docker/alpine319/Dockerfile) - [Alpine Linux 3.18](https://www.alpinelinux.org/downloads/)
 - [`debian8`](https://github.com/shaarli/Shaarli/blob/master/tests/docker/debian8/Dockerfile) - [Debian 8 Jessie](https://wiki.debian.org/DebianJessie) (oldoldstable)
 - [`debian9`](https://github.com/shaarli/Shaarli/blob/master/tests/docker/debian9/Dockerfile) - [Debian 9 Stretch](https://wiki.debian.org/DebianStretch) (oldstable)
 - [`ubuntu16`](https://github.com/shaarli/Shaarli/blob/master/tests/docker/ubuntu16/Dockerfile) - [Ubuntu 16.04 Xenial Xerus](https://releases.ubuntu.com/16.04/) (old LTS)