release: New release v5.10.5.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

app/common/config-util.ts

@@ -1,7 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
 
-import * as Sentry from "@sentry/electron";
+import * as Sentry from "@sentry/core";
 import {JsonDB} from "node-json-db";
 import {DataError} from "node-json-db/dist/lib/Errors";
 import type {z} from "zod";

app/main/autoupdater.ts

@@ -2,7 +2,7 @@ import {shell} from "electron/common";
 import {app, dialog, session} from "electron/main";
 import process from "node:process";
 
-import log from "electron-log";
+import log from "electron-log/main";
 import type {UpdateDownloadedEvent, UpdateInfo} from "electron-updater";
 import {autoUpdater} from "electron-updater";
 
@@ -31,9 +31,10 @@ export async function appUpdater(updateFromMenu = false): Promise<void> {
   let updateAvailable = false;
 
   // Log what's happening
-  log.transports.file.fileName = "updates.log";
-  log.transports.file.level = "info";
-  autoUpdater.logger = log;
+  const updateLogger = log.create({logId: "updates"});
+  updateLogger.transports.file.fileName = "updates.log";
+  updateLogger.transports.file.level = "info";
+  autoUpdater.logger = updateLogger;
 
   // Handle auto updates for beta/pre releases
   const isBetaUpdate = ConfigUtil.getConfigItem("betaUpdate", false);

app/main/request.ts

@@ -6,7 +6,7 @@ import {Readable} from "node:stream";
 import {pipeline} from "node:stream/promises";
 import type {ReadableStream} from "node:stream/web";
 
-import * as Sentry from "@sentry/electron";
+import * as Sentry from "@sentry/electron/main";
 import {z} from "zod";
 
 import Logger from "../common/logger-util.js";

app/renderer/js/main.ts

@@ -5,7 +5,7 @@ import url from "node:url";
 
 import {Menu, app, dialog, session} from "@electron/remote";
 import * as remote from "@electron/remote";
-import * as Sentry from "@sentry/electron";
+import * as Sentry from "@sentry/electron/renderer";
 
 import type {Config} from "../../common/config-util.js";
 import * as ConfigUtil from "../../common/config-util.js";

app/renderer/js/utils/domain-util.ts

@@ -2,7 +2,7 @@ import fs from "node:fs";
 import path from "node:path";
 
 import {app, dialog} from "@electron/remote";
-import * as Sentry from "@sentry/electron";
+import * as Sentry from "@sentry/electron/renderer";
 import {JsonDB} from "node-json-db";
 import {DataError} from "node-json-db/dist/lib/Errors";
 import {z} from "zod";

app/renderer/main.html

@@ -2,6 +2,10 @@
 <html lang="en" class="responsive desktop">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self' 'unsafe-inline'"
+    />
     <meta name="viewport" content="width=device-width" />
     <title>Zulip</title>
     <link rel="stylesheet" href="css/fonts.css" />

app/renderer/network.html

@@ -2,6 +2,10 @@
 <html lang="en" class="responsive desktop">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'"
+    />
     <meta name="viewport" content="width=device-width" />
     <title>Zulip - Network Troubleshooting</title>
     <link

changelog.md

@@ -2,6 +2,16 @@
 
 All notable changes to the Zulip desktop app are documented in this file.
 
+### v5.10.5 --2024-01-25
+
+**Dependencies**:
+
+- Upgraded all dependencies, including Electron 28.2.0.
+
+**Enhancements**:
+
+- Improved security hardening by setting a Content-Security-Policy for the app UI.
+
 ### v5.10.4 --2024-01-09
 
 **Dependencies**:

package.json

@@ -1,7 +1,7 @@
 {
   "name": "zulip",
   "productName": "Zulip",
-  "version": "5.10.4",
+  "version": "5.10.5",
   "main": "./dist-electron",
   "description": "Zulip Desktop App",
   "license": "Apache-2.0",
@@ -147,6 +147,7 @@
   },
   "devDependencies": {
     "@electron/remote": "^2.0.8",
+    "@sentry/core": "^7.94.1",
     "@sentry/electron": "^4.1.2",
     "@types/adm-zip": "^0.5.0",
     "@types/auto-launch": "^5.0.2",
@@ -239,6 +240,10 @@
         "error",
         {
           "paths": [
+            {
+              "name": "@sentry/electron",
+              "message": "Use @sentry/electron/main, @sentry/electron/renderer, or @sentry/core."
+            },
             {
               "name": "electron",
               "message": "Use electron/main, electron/renderer, or electron/common."
@@ -256,6 +261,10 @@
                 "ipcRenderer"
               ],
               "message": "Use typed-ipc-renderer."
+            },
+            {
+              "name": "electron-log",
+              "message": "Use electron-log/main or electron-log/renderer."
             }
           ]
         }

tsconfig.json

@@ -8,6 +8,6 @@
     "resolveJsonModule": true,
     "strict": true,
     "noImplicitOverride": true,
-    "types": ["vite/client"]
-  }
+    "types": ["vite/client"],
+  },
 }