Team-CARPENTER-SCALE

There was issue with the contact page as it display error message as user navigate to the contact page. This pull request fixes this issue.

Error page (before)

Our fix (after)

Fixes Issue/Linear Ticket

( This could be an existing issue or a linear ticket )

My PR Closes #issue_number_here or My PR Fixes ID-Team-plug-space/issue/FE-28/implement-video-Broadcast Linearlink: https://linear.app/team-plug-space/issue/FE-28/implement-video-broadcast

Changes proposed

What were you told to do?

Implement Video Broadcast using agora ui engine

What did you do?

i implemented video broadcast feature using agora UI engine also added the feature livebroadcast button to the sideBar

Check List (Check all the applicable boxes)

🚨Please review the style guide for contributing and guidelines for contributing to this repository.

• [X] My code follows the code style of this project.
• [X] This PR does not contain plagiarized content.
• [X] The title and description of the PR is clear and explains the approach.
• [X] I am making a pull request against the dev branch (left side).
• [X] My commit messages styles matches our requested structure.
• [X] My code additions will fail neither code linting checks nor unit test.
• [X] I am only making changes to files I was requested to.

Screenshots/ Videos

#sceenshot #new changes screenshot

#video

https://user-images.githubusercontent.com/97587019/203947310-9b37cec4-4e8f-4d82-baf1-41a8b006c06f.mp4

#new changes video

https://user-images.githubusercontent.com/97587019/204111198-a8711864-94e9-42c4-8c86-5f47fbdd59c2.mp4

https://linear.app/zurichat2/issue/ZUR-182/integrate-a-gif-platform.

On clicking on the gif icon, a modal containing a lists of gifs with infinite scrolling and a search form is displayed.

This PR changes the style in the CreateWorkspace component default page to enable the texts on the left of the icons be centered.

Solves the issue: https://linear.app/zurichat2/issue/ZUR-140/text-at-the-left-side-of-the-icons-in-the-create-workspace-should-be

Below is a screenshot of the initial look.

This is a screenshot of the fixed look where the left-sided texts are properly centered.

This is the mobile view of the fixed page.

I corrected implemented of UI screen for themes page. Linear issue link: https://linear.app/zuri/issue/ZC-2390/implementation-of-complete-ui-screen-for-theming

Fixes Issue/Line

https://linear.app/team-bevel/issue/FRO-76/create-a-new-thread-through-reply-icon-right

https://linear.app/team-bevel/issue/FRO-76/create-a-new-thread-through-reply-icon-right

My PR Closes #issue_number_here or My PR Fixes FRO-76

Changes proposed

What were you told to do?

Create a new thread via reply icon

What did you do?

I added the comment board as a route to when threads are opened so when a reply icon is clicked the url changes to a thread which then renders the comment board

Check List (Check all the applicable boxes)

🚨Please review the style guide for contributing and guidelines for contributing to this repository.

• [x] My code follows the code style of this project.
• [x] This PR does not contain plagiarized content.
• [x] The title and description of the PR is clear and explains the approach.
• [x] I am making a pull request against the dev branch (left side).
• [x] My commit messages styles matches our requested structure.
• [x] My code additions will fail neither code linting checks nor unit test.
• [x] I am only making changes to files I was requested to.

Screenshots/ Videos

https://user-images.githubusercontent.com/60897319/203926574-38815c97-2b96-4b11-bf18-b821d7e502d3.mp4

Before updating:

After updating:

Linear ticket number: ZUR-103

Updated the button height(both active and inactive state) of setting the status of a user.

Added UI for changing the profile picture. ZUR-155. created a user profile picture upload UI, removed unused components, removed console logs, renamed image from pp to profileAvatar which is a more specific name

User should be able to add a new keyword and zuri-bot response.

Link to Linear Issue

• [x] https://linear.app/zuri/issue/ZC-2859/add-new-zuri-bot-keyword

https://docs.google.com/spreadsheets/d/1AOe3gdinr6Y0M6GNvxof4hRaryMa5Xq9a0L-ZI1eZJM/edit#gid=1911449143

Link to document issue was assigned, number 19. No linear issue available. Increase font size of join us paragraph section

My PR Fixes ID-linear_ticket_number ZUR-148

Changes proposed

Remove the blog page and the help links that redirect to it

What did you do ?

• Deleted the ZuriChatBlog file.
• Deleted the ZurichatBlog CSS file.
• Deleted the blog link at the footer.js file.

Fixes Issue

( This could be an existing issue or a linear ticket )

My PR Closes #issue_number_here or My PR Fixes ID-linear_ticket_number_here

Changes proposed

What were you told to do ?

What did you do ?

Check List (Check all the applicable boxes)

🚨Please review the style guide for contributing and guidelines for contributing to this repository.

• [x] My code follows the code style of this project.
• [x] This PR does not contain plagiarized content.
• [x] The title and description of the PR is clear and explains the approach.
• [ ] I am making a pull request against the dev branch (left side).
• [x] My commit messages styles matches our requested structure.
• [ ] My code additions will fail neither code linting checks nor unit test.
• [x] I am only making changes to files I was requested to.

Screenshots/ Videos

CVE-2022-46175 - High Severity Vulnerability

Vulnerable Libraries - json5-1.0.1.tgz, json5-0.5.1.tgz, json5-2.2.0.tgz

json5-1.0.1.tgz

JSON for humans.

Library home page: https://registry.npmjs.org/json5/-/json5-1.0.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json5/package.json

Dependency Hierarchy:

• @zuri/main-1.0.0.tgz (Root Library)
  • js-yaml-loader-1.2.2.tgz
    • loader-utils-1.4.0.tgz
      • :x: json5-1.0.1.tgz (Vulnerable Library)

json5-0.5.1.tgz

JSON for the ES5 era.

Library home page: https://registry.npmjs.org/json5/-/json5-0.5.1.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json5/package.json

Dependency Hierarchy:

• @zuri/zuri-ui-1.0.0.tgz (Root Library)
  • draft-js-plugin-editor-0.0.0.tgz
    • extract-text-webpack-plugin-1.0.1.tgz
      • loader-utils-0.2.17.tgz
        • :x: json5-0.5.1.tgz (Vulnerable Library)

json5-2.2.0.tgz

JSON for humans.

Library home page: https://registry.npmjs.org/json5/-/json5-2.2.0.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json5/package.json

Dependency Hierarchy:

• @zuri/root-config-1.0.0.tgz (Root Library)
  • webpack-config-single-spa-react-4.0.2.tgz
    • webpack-config-single-spa-5.1.1.tgz
      • css-loader-5.2.7.tgz
        • loader-utils-2.0.0.tgz
          • :x: json5-2.2.0.tgz (Vulnerable Library)

Found in HEAD commit: b144247b62e851190fe052db385e082185524e69

Found in base branch: dev

Vulnerability Details

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The parse method of the JSON5 library before and including version 2.2.1 does not restrict parsing of keys named __proto__, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. JSON5.parse should restrict parsing of __proto__ keys when parsing JSON strings to objects. As a point of reference, the JSON.parse method included in JavaScript ignores __proto__ keys. Simply changing JSON5.parse to JSON.parse in the examples above mitigates this vulnerability. This vulnerability is patched in json5 version 2.2.2 and later.

Publish Date: 2022-12-24

URL: CVE-2022-46175

CVSS 3 Score Details (7.1)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-46175

Release Date: 2022-12-24

Fix Resolution: json5 - 2.2.2

Step up your Open Source Security Game with Mend here

Linear Ticket link: https://linear.app/team-brainbox/issue/FRO-172/zuri-chat-zuri-chat-fix-the-broken-customize-link-on-the-sidebar-and

Fixes Issue/Linear Ticket

My PR Fixes ID-linear_ticket_number_FRO-172

Changes proposed

Worked on fixing the broken Customize link on the sidebar and route properly

What were you told to do?

ZURI CHAT - Fix the broken Customize link on the sidebar and the route properly.

What did you do?

• I moved Customize files from the old src folder to new src folder in the protected folder
• I fixed all the import errors and paths of other files associated with Customize files
• I fixed the routing links for Customize file in the App.jsx file in the new src folder
• I moved necessary and equivalent assets from old src folder to new src folder
• I fixed the Back to Zuri Chat and Home link on the Admin settings sidebar
• I removed the Analytic and Configure App link (non-essential link) from the Admin settings sidebar

Check List (Check all the applicable boxes)

• [X] My code follows the code style of this project.
• [X] This PR does not contain plagiarized content.
• [X] The title and description of the PR is clear and explains the approach.
• [X] I am making a pull request against the dev branch (left side).
• [X] My commit messages styles matches our requested structure.
• [X] My code additions will fail neither code linting checks nor unit test.
• [X] I am only making changes to files I was requested to.

Screenshots/ Videos

Before changes:

After changes:

Fixes Issue/Linear Ticket

( This could be an existing issue or a linear ticket )

My PR Closes #issue_number_here or My PR Fixes ID-linear_ticket_number_here

• Team plug (Yieldvest) - Feat/FE-60-Implement-agora-video-call-using-Agora-sdk

Changes proposed

• Implement Video call using Agora

What were you told to do?

Project 20: Using Agora, make it possible to do a group call in ZuriChat. Also make it possible to do video calls and video broadcasts.

What did you do?

I made it possible to have a video call in a workspace on zurichat using Agora UIKIT. Currently, due to delay in the backend, there is only one channel. When the backend is resolved, there will be different channel, and this will be the workspaces Id

Check List (Check all the applicable boxes)

🚨Please review the style guide for contributing and guidelines for contributing to this repository.

• [X] My code follows the code style of this project.
• [X] This PR does not contain plagiarized content.
• [X] The title and description of the PR is clear and explains the approach.
• [X] I am making a pull request against the dev branch (left side).
• [X] My commit messages styles matches our requested structure.
• [X] My code additions will fail neither code linting checks nor unit test.

https://user-images.githubusercontent.com/69268373/206876757-0f7d8f3b-15d9-47b6-be78-8a0504adf6dc.mp4

FRO-198

My PR Fixes Fixes FRO-198 - Allows an admin User to update their Username in the backend. Linear Ticket link:- https://linear.app/team-brainbox/issue/FRO-198/zuri-chat-changeset-username

Changes proposed

What were you told to do?

UPDATE AND SET USERNAME FOR ADMIN SETTINGS

What did you do?

• Check if there is an admin user logged.
• Get the User_id and the organization_id.
• Use these details to change and update the User Name for the person logged in.
• Make the patch request to the API backend.

Check List (Check all the applicable boxes)

🚨Please review the style guide for contributing and guidelines for contributing to this repository.

• [X] My code follows the code style of this project.
• [X] This PR does not contain plagiarized content.
• [X] The title and description of the PR is clear and explains the approach.
• [X] I am making a pull request against the dev branch (left side).
• [X] My commit messages styles matches our requested structure.
• [X] My code additions will fail neither code linting checks nor unit test.
• [X] I am only making changes to files I was requested to.

Screenshots/ Videos

Fixes Issue/Linear Ticket - https://linear.app/team-repute/issue/FRO-103/preview-multiple-files

( This could be an existing issue or a linear ticket )

My PR Fixes FRO-103-Preview mulitple files

Changes proposed

What were you told to do?

I was told to fix the previewing of multiple files after adding one by one to stop resetting. Fix the passing of attached file handler function props to work in MessageBoard.

What did you do?

I changed the state of the attached file into an array .

Check List (Check all the applicable boxes)

🚨Please review the style guide for contributing and guidelines for contributing to this repository.

• [x] My code follows the code style of this project.
• [x] This PR does not contain plagiarized content.
• [x] The title and description of the PR is clear and explains the approach.
• [x] I am making a pull request against the dev branch (left side).
• [x] My commit messages styles matches our requested structure.
• [x] My code additions will fail neither code linting checks nor unit test.
• [x] I am only making changes to files I was requested to.

Screenshots/ Videos

CVE-2021-32640 - Medium Severity Vulnerability

Vulnerable Library - ws-6.1.4.tgz

Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js

Library home page: https://registry.npmjs.org/ws/-/ws-6.1.4.tgz

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ws/package.json

Dependency Hierarchy:

• @zuri/main-1.0.0.tgz (Root Library)
  • notification-center-0.9.2.tgz
    • socket.io-client-2.3.1.tgz
      • engine.io-client-3.4.4.tgz
        • :x: ws-6.1.4.tgz (Vulnerable Library)

Found in base branch: dev

Vulnerability Details

ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options.

Publish Date: 2021-05-25

URL: CVE-2021-32640

CVSS 3 Score Details (5.3)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693

Release Date: 2021-05-25

Fix Resolution: 5.2.3,6.2.2,7.4.6

Step up your Open Source Security Game with Mend here