Conversation
) * initial changes * Add tests * Fix edge case when we need to regenerate appearances * Fix comments * Add missing comment * Add missing comment * Add missing comment * Add flatten option to the merge route * Add flatten option to the libreoffice convert route * Add flatten option to the chromium convert route * Revert "Add flatten option to the chromium convert route" This reverts commit cdab8b4. * Ignore lint false positives * Add missing tests * Add flatten route tests * Replace input instead of creating a new file * create copy before flatten in tests --------- Co-authored-by: Peter Chakalov <peter.chakalov@abraxa.com>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…nt variables' values
* Optionally allow warnings in QPDF operations * warnings are not errors by default * Apply suggestions from code review Co-authored-by: Julien Neuhart <neuhart.julien@gmail.com> * fix some merge artifacts * follow the args convention --------- Co-authored-by: Julien Neuhart <neuhart.julien@gmail.com>
…12 (gotenberg#1438) Bumps [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) from 4.25.11 to 4.25.12. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](shirou/gopsutil@v4.25.11...v4.25.12) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v4 dependency-version: 4.25.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update Go to 1.25.5 * Update go version in go.mod
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.32.0 to 0.33.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.32.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.38.0 to 0.39.0. - [Commits](golang/term@v0.38.0...v0.39.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-version: 0.39.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
toindev
force-pushed
the
feat/upgrade_from_upstream
branch
from
861d7b7 to
37a0868
Compare
There was a problem hiding this comment.
Pull request overview
This PR upgrades the codebase from upstream changes, introducing significant new functionality for PDF manipulation, logging improvements, and various bug fixes.
Changes:
- Added support for PDF splitting, flattening, encryption, file embedding, and bookmark importing operations
- Enhanced logging with GCP field support and access/application log separation
- Fixed multiple typos and improved code documentation throughout the codebase
Reviewed changes
Copilot reviewed 97 out of 269 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/modules/pdfengines/pdfengines.go | Added new PDF engine capabilities (split, flatten, encrypt, embed, import bookmarks) with corresponding field names and route configurations |
| pkg/modules/pdfengines/multi_test.go | Added comprehensive test coverage for new PDF engine methods (Encrypt, Split, Flatten) |
| pkg/modules/pdfengines/multi.go | Implemented multi-engine support for new PDF operations with proper error handling |
| pkg/modules/pdfcpu/sort_test.go | Added tests for digit suffix sorting functionality |
| pkg/modules/pdfcpu/sort.go | Implemented custom sorting logic for PDF files with numeric suffixes |
| pkg/modules/pdfcpu/pdfcpu.go | Added split, flatten, encrypt, embed, and import bookmarks methods to pdfcpu engine |
| pkg/modules/pdfcpu/doc.go | Updated documentation to reflect new capabilities |
| pkg/modules/logging/logging.go | Added GCP fields support and deprecated log-enable-gcp-severity flag |
| pkg/modules/logging/gcp.go | Implemented GCP severity mapping and encoding functions |
| pkg/modules/logging/color.go | Added color support for terminal output |
| pkg/modules/libreoffice/routes.go | Integrated new PDF operations (split, flatten, encrypt, embed) into LibreOffice conversion routes |
| pkg/modules/libreoffice/pdfengine/pdfengine.go | Added stub implementations for unsupported PDF operations |
| pkg/modules/libreoffice/libreoffice.go | Fixed comment grammar |
| pkg/modules/libreoffice/api/libreoffice.go | Added Debug method, improved comments, and file system initialization |
| pkg/modules/libreoffice/api/api.go | Added Debug method, updated documentation, and GCP field descriptions |
| pkg/modules/exiftool/exiftool.go | Added Debug method and stub implementations for new PDF operations |
| pkg/modules/chromium/tasks.go | Added support for tagged PDF generation and fixed background handling |
| pkg/modules/chromium/routes.go | Integrated split, encrypt, and embed functionality with improved markdown rendering |
| pkg/modules/chromium/chromium.go | Added bookmarks support, Debug method, and various configuration improvements |
| pkg/modules/chromium/browser.go | Improved browser lifecycle management and health checks |
| pkg/modules/api/middlewares.go | Added output filename middleware and enhanced error handling |
| pkg/gotenberg/shutdown.go | Added graceful shutdown error handling |
| pkg/gotenberg/modules.go | Introduced Debuggable interface for modules |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| unsafe := markdown.ToHTML(b, nil, nil) | ||
| sanitized := bluemonday.UGCPolicy().SanitizeBytes(unsafe) |
There was a problem hiding this comment.
The variable name 'unsafe' is misleading as the content is subsequently sanitized. Consider renaming to 'unsanitized' or 'raw' to better reflect the actual state of the content.
| unsafe := markdown.ToHTML(b, nil, nil) | |
| sanitized := bluemonday.UGCPolicy().SanitizeBytes(unsafe) | |
| rawHTML := markdown.ToHTML(b, nil, nil) | |
| sanitized := bluemonday.UGCPolicy().SanitizeBytes(rawHTML) |
| case []interface{}: | ||
| // See https://github.com/gotenberg/gotenberg/issues/1048. | ||
| strings := make([]string, len(val)) | ||
| strs := make([]string, len(val)) |
There was a problem hiding this comment.
The variable 'strs' should be renamed to 'strings' for clarity, or alternatively to 'stringValues' to avoid potential confusion with the strings package.
…otenberg#1446) * Add `waitForSelector` option to Chromium conversions Closes gotenberg#960 As an alternative to waiting on an expression, this allows users to wait for a specific node matching a selector to become visible in the HTML / at the remote URL before converting to PDF. * Fix style / prettify
…lation in async mode
Bumps [prettier](https://github.com/prettier/prettier) from 3.7.4 to 3.8.1. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.7.4...3.8.1) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.8.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.48.0 to 0.49.0. - [Commits](golang/net@v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.49.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ng metadata (fixes gotenberg#1463)
This reverts commit 05e15a1.
* displays timezone in debug information * fixes cs * fixes debug_test.go
gotenberg#1464) Bumps [github.com/shirou/gopsutil/v4](https://github.com/shirou/gopsutil) from 4.25.12 to 4.26.1. - [Release notes](https://github.com/shirou/gopsutil/releases) - [Commits](shirou/gopsutil@v4.25.12...v4.26.1) --- updated-dependencies: - dependency-name: github.com/shirou/gopsutil/v4 dependency-version: 4.26.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: add concurrency support to ProcessSupervisor - Replace the single-slot mutex channel with a configurable semaphore to allow multiple concurrent tasks. - Add drain logic to ensure all active tasks complete before process restarts. * feat: add chromium-max-concurrency flag - Add a --chromium-max-concurrency flag (1-6) to the Chromium module to control how many conversions run in parallel. - Update LibreOffice to pass maxConcurrency=1 as LibreOffice only supports a single concurrent conversion. * test: add integration tests for concurrent Chromium conversions - Add concurrent request support to the integration test framework with new step definitions for sending parallel requests and asserting on all responses. - Add a feature file for concurrent HTML to PDF conversions.
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
| else | ||
| echo "⚙️ Running command:" | ||
| echo "$cmd" | ||
| eval "$cmd" |
There was a problem hiding this comment.
The script uses eval("$cmd") to execute a dynamically constructed command string, which can hide the actual operations. Avoid eval; run commands directly or use arrays to execute without shell evaluation.
Details
✨ AI Reasoning
The code builds command strings dynamically (including interpolated arrays and variables) and executes them via eval in a helper that runs build commands. Dynamically constructed and evaluated shell commands can hide actual executed operations and make review or static analysis miss side effects. This harms transparency and increases risk that injected values or unexpected expansions change runtime behavior.
🔧 How do I fix it?
Ensure code is transparent and not intentionally obfuscated. Avoid hiding functionality from code review. Focus on intent and deception, not specific patterns.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
| else | ||
| echo "⚙️ Running command:" | ||
| echo "$cmd" | ||
| eval "$cmd" |
There was a problem hiding this comment.
The test runner uses eval("$cmd") to execute a dynamically built command string, which can obscure the real commands executed. Prefer executing commands directly or using bash arrays to avoid eval.
Details
✨ AI Reasoning
A helper in the integration test script also accepts a constructed command string and executes it via eval. This makes it difficult to audit what will run, and expanded variables or untrusted inputs may alter behavior unexpectedly. Using eval for running build/test commands reduces transparency and can mask harmful or unintended actions.
🔧 How do I fix it?
Ensure code is transparent and not intentionally obfuscated. Avoid hiding functionality from code review. Focus on intent and deception, not specific patterns.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 99 out of 274 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| p := &libreOfficeProcess{ | ||
| arguments: arguments, | ||
| fs: gotenberg.NewFileSystem(), | ||
| fs: gotenberg.NewFileSystem(new(gotenberg.OsMkdirAll)), |
There was a problem hiding this comment.
The variable name 'fs' is ambiguous in this context. Consider renaming to 'fileSystem' for better clarity.
| } | ||
|
|
||
| // Modules returns the list of modules which satisfies the requested interface. | ||
| // Modules return the list of modules which satisfies the requested interface. |
There was a problem hiding this comment.
Corrected 'return' to 'returns' to match function documentation convention.
| // Modules return the list of modules which satisfies the requested interface. | |
| // Modules returns the list of modules which satisfies the requested interface. |
20 participants
No description provided.