mirror of https://github.com/twentyhq/twenty.git synced 2026-06-12 01:46:39 -04:00

Files

Charles Bochet fc764115ef security: clear all High next alerts by upgrading react-email 5 → 6 (#21377 )

## What

Clears **all 9 High `next` Dependabot alerts** (incl.
GHSA-26hh-7cqf-hhc6) in twenty-emails — via a parent bump, no
resolutions.

All 9 traced to a stale **`next@16.0.10`** pulled by
`@react-email/preview-server` 5.x. The latest preview-server 5.x still
ships a vulnerable next (16.1.7 < 16.2.6), so bumping it alone wouldn't
help. **react-email 6.x** is a rewrite that no longer depends on next or
on a separate preview-server.

- bump `react-email` `5.1.0` → `6.5.0`
- remove the obsolete `@react-email/preview-server` devDependency
- add `@react-email/ui` `6.5.0` devDependency

### Why `@react-email/ui` (the CI fix)

react-email 6's `email dev` preview server loads its UI from
`@react-email/ui`, and **prompts to install it interactively** if
missing — which hangs the `emails-test` CI job (no TTY), so the server
never starts and the `/preview/test.email` smoke check fails. Pinning
`@react-email/ui` makes `email dev` start non-interactively.

### Net effect on `next`

The vulnerable `16.0.10` is gone. `@react-email/ui@6.5.0` pulls
**`next@16.2.6`** — the **patched** version (≥ every current next
advisory fix), so all 9 alerts clear and **no vulnerable next remains**.

## Notes
- `react-email` and `@react-email/ui` pinned to exact `6.5.0` (matching
the prior react-email pin) because the `6.6.0` line was published today
and is still registry-quarantined.
- react-email is a dev-only preview tool; CI builds emails via `vite` +
typecheck.

## Verification
- No `next < 16.2.6` in `yarn.lock`
- `nx build` + `nx typecheck` twenty-emails
- `email dev -d src/emails -p 4001` starts non-interactively and serves
`/preview/test.email` → HTTP 200 (reproduces the emails-test check, now
passing)
- `yarn install --immutable` clean

2026-06-10 10:46:59 +02:00

src

feat(server): in-app server-level admin management (#19785 ) (#21321 )

2026-06-10 06:50:25 +02:00

.gitignore

fix(twenty-front): fix tsconfig to properly typecheck all files with tsgo (#17380 )

2026-01-23 11:22:23 +01:00

.oxlintrc.json

Optimize merge queue to only run E2E and integrate prettier into lint (#18459 )

2026-03-06 13:20:57 +01:00

.prettierignore

Optimize merge queue to only run E2E and integrate prettier into lint (#18459 )

2026-03-06 13:20:57 +01:00

.swcrc

Optimize merge queue to only run E2E and integrate prettier into lint (#18459 )

2026-03-06 13:20:57 +01:00

lingui.config.ts

CSV Import translations and dark mode fixes (#11184 )

2025-03-27 08:53:00 +01:00

package.json

security: clear all High next alerts by upgrading react-email 5 → 6 (#21377 )

2026-06-10 10:46:59 +02:00

project.json

chore: improve i18n workflow to prevent stale compiled translations (#18850 )

2026-03-23 12:53:31 +01:00

README.md

have footer on emails (#11300 )

2025-04-03 14:26:19 +02:00

tsconfig.json

Optimize merge queue to only run E2E and integrate prettier into lint (#18459 )

2026-03-06 13:20:57 +01:00

tsconfig.lib.json

Optimize merge queue to only run E2E and integrate prettier into lint (#18459 )

2026-03-06 13:20:57 +01:00

vite.config.ts

Speed up twenty-emails build by replacing vite-plugin-dts with tsgo (#17857 )

2026-02-13 10:39:26 +00:00

README.md

Twenty Emails

This package contains the email templates used by Twenty.

Features

Email templates built with React Email
Internationalization (i18n) support via @lingui/react
Local preview server for testing email templates

Getting Started

Starting the Local Preview Server

To start the local preview server for email development:

npx nx start twenty-emails

This will run the development server on port 4001. You can then view your email templates at http://localhost:4001.

Building Emails

To build the email templates:

npx nx build twenty-emails

Email Structure

Each email template is located in the src/emails directory. The templates use various components from the src/components directory to maintain consistent styling and functionality.