# Pull Request Template
## Description
This PR fixes the issue where the saved `order_by` value for the
conversation list is not being applied. The feature was originally added
in PR https://github.com/chatwoot/chatwoot/pull/8237 but broke after
merging the Vue 3 migration PR
https://github.com/chatwoot/chatwoot/pull/10047
Fixes
https://linear.app/chatwoot/issue/CW-4110/not-using-the-saved-sort-order-by-option-from-ui-settings
**Cause of the Issue:**
The previous implementation checked `orderBy` against the keys of the
sorting constants instead of their values. Since `orderBy` stores a
sorting value, this caused the condition to fail, leading to fallback to
the default sorting option.
**Solution:**
The fix ensures that `orderBy` is validated against the values of the
sorting constants rather than the keys. This correctly applies the saved
sorting preference, while still falling back to the default if needed.
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
**Loom video**
https://www.loom.com/share/ebe8a4d3f1c041c6862334dc3b6d43a3?sid=5167feb7-eb4a-4f2c-8211-662830ba946c
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
This PR adds service to automate account abuse detection. Currently
based on the signup name and URL, could potentially add more context
such as usage analysis, message metadata etc.
This PR allows Copilot to be used without connecting the Captain assistant to an inbox. Currently, if Captain is enabled on an account, it takes over conversations and responds directly to users. This PR enables the use of Captain as a Copilot without allowing it to respond to users. Additionally, it allows using a different assistant for Copilot instead of the default Captain assistant.
The selection logic for the Copilot assistant follows this order of preference:
- If the user has selected a specific assistant, it takes first preference for Copilot.
- If the above is not available, the assistant connected to the inbox takes preference.
- If neither of the above is available, the first assistant in the account takes preference.
In Chatwoot, we rely on the Content-ID for inline attachments to replace
the link with the uploaded attachment URL. Our expectation was that only
images would be inline, while other attachments would not. However,
email clients like Apple Mail (sigh) allow users to send inline
attachments that are not images, and these attachments often lack a
Content-ID. This creates significant issues in rendering.
I investigated how other email clients handle this scenario. When
viewing the same email (sent from Apple Mail) in Gmail, only one image
appears—and it’s treated as an attachment, not inline. This happens
because both attachments are the same image, and Apple Mail only sends
one copy. See the screenshot below.
| Apple Mail | Gmail |
| -- | -- |
| <img width="646" alt="Screenshot 2025-02-27 at 8 20 17 PM"
src="https://github.com/user-attachments/assets/e0d1cd2d-e47c-4081-a53b-7a67106341b3"
/> | <img width="360" alt="Screenshot 2025-02-27 at 8 20 51 PM"
src="https://github.com/user-attachments/assets/b206e56e-8f86-43e9-867b-d895c36aff78"
/> |
A good fix for this would be to check if the Content-ID is missing and
then upload the file as a regular attachment. However, the Mail gem (for
some reason) automatically adds a default Content-ID to inline parts. I
need to dig into the source code to understand why this happens.
For now, I’ve implemented a check to treat non-image attachments as
regular attachments. Inline image attachments are already handled by
appending an image tag at the end if the content-id is not found in the
body. A sample conversation to test this behavior is
[here](https://app.chatwoot.com/app/accounts/1/conversations/46732).
This PR has the following changes
- Add `LINEAR_CLIENT_ID` and `LINEAR_CLIENT_SECRET` to installation
config
- Add Linear config to super_admin/features.yml
- Replace usage of ENV.fetch with GlobalConfigService.load for fetch
Client Id and Secret.
This PR is part of the larger #10849 implementation and introduces a new
Live Reports API to provide real-time conversation metrics.
The /live_reports/conversation_metrics endpoint returns account-level or
team-level conversation statistics, including open, pending, unattended,
and unassigned conversation counts.
The /live_reports/grouped_conversation_metrics endpoint accepts a group
parameter, either team_id or assignee_id, and returns open and
unattended conversation counts based on the specified grouping.
# Pull Request Template
## Description
Fixed an issue where hover styles were still applied to disabled
buttons. Previously, `disabled:pointer-events-none` was used to prevent
interactions, ensuring hover styles wouldn’t apply. However, this also
removed showing the "not-allowed" cursor. This has been replaced with
`hover:enabled` to ensure hover effects only apply when the button is
enabled while preserving proper cursor behavior.
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
### **Screen recording**
**Before**
https://github.com/user-attachments/assets/a5d33869-4d9d-499b-94c8-6371cbb44ecc
**After**
https://github.com/user-attachments/assets/a03d93dc-2374-4c76-8bed-8f1fe79593d2
**Case where `disabled:pointer-events-none` and `hover:enabled` are not
added (for context only).**
https://github.com/user-attachments/assets/407320d8-f889-49d2-a78c-a5d24ed745a0
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
# Pull Request Template
## Description
Fixes
https://linear.app/chatwoot/issue/CW-4091/accessibility-improvement-support-bigger-font-size-for-the-dashboard
## Type of change
- [x] New feature (non-breaking change which adds functionality)
## How Has This Been Tested?
### **Loom video**
https://www.loom.com/share/1ab781859fa748a5ad54aacbacd127b4?sid=a7dd9164-a6de-462f-bff7-1b25e9c55b4f
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
https://github.com/chatwoot/chatwoot/pull/10888 introduced a bug in the
conversation editor since we were using the templates , email and phone
number payloads in contactable inboxes . temporary fix for this, we need
to rework this fix.
# Pull Request Template
## Description
The PR includes usability feedback fixes for the conversation card
context menu. A "Mark as Read" option has been added after "Mark as
Unread" to prevent misclicks due to shifting menu positions.
Additionally, a separator line has been introduced for better grouping
and clarity
#### **Orders**
<img width="210" alt="image"
src="https://github.com/user-attachments/assets/d7c04356-7cfb-4f43-ac55-beb4167f91e9"
/>
<img width="210" alt="image"
src="https://github.com/user-attachments/assets/593acd58-39cf-4b25-b119-03b89cb3528c"
/>
**Fixes** https://linear.app/chatwoot/issue/CW-4088/usability-feedback
## Type of change
- [x] New feature (non-breaking change which adds functionality)
## How Has This Been Tested?
### **Loom video**
https://www.loom.com/share/59f8ad3bf4054b299bfcffc0ba24eca1?sid=98fbb67d-c3e9-4fa4-9b04-2a7cb3bf8568
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
## Description
[fix bug when send tranascription by mail
pt_BR](d6c2e5eaad)
when we send a trascription by email has a bug that don't send e-mail
comparing en.yml x pt_BR.yml I see a diference in end fix a bug removing
+ after <reply
Fixes
## Type of change
Please delete options that are not relevant.
- [ x ] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have made corresponding changes to the documentation
- [x] New and existing unit tests pass locally with my changes
# Pull Request Template
## Description
This PR fixes the issue with accented characters in variable
capitalization in canned responses.
#### **Utils PR** : https://github.com/chatwoot/utils/pull/46
Fixes https://linear.app/chatwoot/issue/CW-4068/issue-with-variables
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
### **Screen recordings**
#### **Before**
https://github.com/user-attachments/assets/82e94fd3-5839-46e4-bd2b-59e46a2fabc6
#### **After**
https://github.com/user-attachments/assets/110b7677-bef9-41d2-816e-31c0b5350646
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
This pull request includes multiple changes to the sidebar and route
metas to configure visibility of features on the dashboard.
Here's a summary of the changes
1. Added `installationTypes`, field to routes `meta`, this works along
side `permissions` and `featureFlags`
This allows us to decide weather a particular feature is accessible on a
particular type. For instance, the Billing pages should only be
available on Cloud
2. Updated `usePolicy` and `policy.vue` to use the new
`installationTypes` config
3. Updated Sidebar related components to remove `showOnlyOnCloud` to use
the new policy updates.
Testing the PR
Here's the matrix of cases:
https://docs.google.com/spreadsheets/d/15AAJntJZoyudaby77BOnRcC4435FGuT7PXbUXoTyU50/edit?usp=sharing
---------
Co-authored-by: Pranav <pranav@chatwoot.com>
Co-authored-by: Sojan Jose <sojan@pepalo.com>
Co-authored-by: Pranav <pranavrajs@gmail.com>
# Pull Request Template
## Description
This PR fixes showing y-axis numeric labels in reports charts. It occurs
after merging this PR. https://github.com/chatwoot/chatwoot/pull/10938
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
#### **Screenshots**
#### **Before**
<img width="500" alt="image"
src="https://github.com/user-attachments/assets/40299ba8-6f6b-43d5-b71a-5af22c238e2d"
/>
#### **After**
<img width="500" alt="image"
src="https://github.com/user-attachments/assets/72ee5729-9789-43c4-a85f-8037f647c7df"
/>
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
# Pull Request Template
## Description
This PR includes fix for,
**1**. Incorrect error message translation for search in contact merge
modal.
<img width="395" alt="image"
src="https://github.com/user-attachments/assets/e6592bcc-4656-4a6e-83a9-7124e2c4732a"
/>
**2**. Z-index issue in chat screen
<img width="395" alt="image"
src="https://github.com/user-attachments/assets/387a2b47-ea85-49c7-832b-8bc1a4f0ec3f"
/>
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
**Screenshots**
**1.**
<img width="395" alt="image"
src="https://github.com/user-attachments/assets/a1f1e36d-0801-4e7b-9ee9-c72728933332"
/>
**2.**
<img width="395" alt="image"
src="https://github.com/user-attachments/assets/60a0ddc1-eb8f-4dbc-9028-245e6bb64c33"
/>
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
At the moment, when updating the inbox members, or team members the
account cache used for IndexedDB is not invalidated. This can cause
inconsistencies in the UI. This PR fixes this by adding explicit
invalidation after performing the member changes
### Summary of changes
1. Added a new method `add_members` and `remove_members` to both `team`
and `inbox` models. The change was necessary for two reasons
- Since the individual `add_member` and `remove_member` is called in a
loop, it's wasteful to run the cache invalidation in the method.
- Moving the account cache invalidation call in the controller pollutes
the controller business logic
2. Updated tests across the board
### More improvements
We can make a concern called `Memberable` with usage like
`memberable_with :inbox_members`, that can encapsulate the functionality
---
Related: https://github.com/chatwoot/chatwoot/issues/10578
Just making it easier to test and merge
https://github.com/chatwoot/chatwoot/pull/10796.
This PR does the following:
- Removes the change on br + br condition.
- Support 1x, 1.5x, 2x playbacks
- Add a hover on the agent avatar
# Pull Request Template
## Description
Fixes
https://linear.app/chatwoot/issue/CW-4064/convert-average-metric-tooltips-from-seconds-to-readable-time-format
#### **Cause**
Chart tooltip configuration was using outdated Chart.js structure,
causing the time formatting function to not be applied correctly to
tooltip values in time-based metrics.
#### **Solution**
Updated tooltip configuration to use correct Chart.js Vue 3 plugin
structure
## Type of change
- [x] Bug fix (non-breaking change which fixes an issue)
## How Has This Been Tested?
### **Screenshots**
#### **Before**
<img width="496" alt="image"
src="https://github.com/user-attachments/assets/a70cbfe6-f179-43dc-a8f4-93951b257e81"
/>
#### **After**
<img width="496" alt="image"
src="https://github.com/user-attachments/assets/ed5d0c6c-2404-43ae-82fa-bbe5c42cecca"
/>
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to
3.2.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases">dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.2.4</h2>
<ul>
<li>Fixed a conditional and config dependent mXSS-style <a
href="https://nsysean.github.io/posts/dompurify-323-bypass/">bypass</a>
reported by <a
href="https://github.com/nsysean"><code>@nsysean</code></a></li>
<li>Added a new feature to allow specific hook removal, thanks <a
href="https://github.com/davecardwell"><code>@davecardwell</code></a></li>
<li>Added <em>purify.js</em> and <em>purify.min.js</em> to exports,
thanks <a
href="https://github.com/Aetherinox"><code>@Aetherinox</code></a></li>
<li>Added better logic in case no window object is president, thanks <a
href="https://github.com/yehuya"><code>@yehuya</code></a></li>
<li>Updated some dependencies called out by dependabot</li>
<li>Updated license files etc to show the correct year</li>
</ul>
<h2>DOMPurify 3.2.3</h2>
<ul>
<li>Fixed two conditional sanitizer bypasses discovered by <a
href="https://github.com/parrot409"><code>@parrot409</code></a> and <a
href="https://x.com/slonser_"><code>@Slonser</code></a></li>
<li>Updated the attribute clobbering checks to prevent future bypasses,
thanks <a
href="https://github.com/parrot409"><code>@parrot409</code></a></li>
</ul>
<h2>DOMPurify 3.2.2</h2>
<ul>
<li>Fixed a possible bypass in case a rather specific config for custom
elements is set, thanks <a
href="https://github.com/yaniv-git"><code>@yaniv-git</code></a></li>
<li>Fixed several minor issues with the type definitions, thanks again
<a href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Fixed a minor issue with the types reference for trusted types,
thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
<li>Fixed a minor problem with the template detection regex on some
systems, thanks <a
href="https://github.com/svdb99"><code>@svdb99</code></a></li>
</ul>
<h2>DOMPurify 3.2.1</h2>
<ul>
<li>Fixed several minor issues with the type definitions, thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a> <a
href="https://github.com/ghiscoding"><code>@ghiscoding</code></a> <a
href="https://github.com/asamuzaK"><code>@asamuzaK</code></a> <a
href="https://github.com/MiniDigger"><code>@MiniDigger</code></a></li>
<li>Fixed an issue with non-minified dist files and order of imports,
thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a></li>
</ul>
<h2>DOMPurify 3.2.0</h2>
<ul>
<li>Added type declarations, thanks <a
href="https://github.com/reduckted"><code>@reduckted</code></a> , <a
href="https://github.com/philmayfield"><code>@philmayfield</code></a>,
<a href="https://github.com/aloisklink"><code>@aloisklink</code></a>,
<a href="https://github.com/ssi02014"><code>@ssi02014</code></a> and
others</li>
<li>Fixed a minor issue with the handling of hooks, thanks <a
href="https://github.com/kevin-mizu"><code>@kevin-mizu</code></a></li>
</ul>
<h2>DOMPurify 3.1.7</h2>
<ul>
<li>Fixed an issue with comment detection and possible bypasses with
specific config settings, thanks <a
href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li>
<li>Fixed several smaller typos in documentation and test & build
files, thanks <a
href="https://github.com/christianhg"><code>@christianhg</code></a></li>
<li>Added better support for Angular compiler, thanks <a
href="https://github.com/jeroen1602"><code>@jeroen1602</code></a></li>
<li>Added several new attributes to HTML and SVG allow-list, thanks <a
href="https://github.com/Gigabyte5671"><code>@Gigabyte5671</code></a>
and <a href="https://github.com/Rotzbua"><code>@Rotzbua</code></a></li>
<li>Removed the <code>foreignObject</code> element from the list of HTML
entry-points, thanks <a
href="https://github.com/masatokinugawa"><code>@masatokinugawa</code></a></li>
<li>Bumped several dependencies to be more up to date</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ec29e65f36"><code>ec29e65</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1062">#1062</a>
from cure53/main</li>
<li><a
href="1c1b183862"><code>1c1b183</code></a>
chore: Preparing 3.2.4 release</li>
<li><a
href="d18ffcb554"><code>d18ffcb</code></a>
fix: Changed the template literal regex to avoid a config-dependent
bypass</li>
<li><a
href="0d64d2b12f"><code>0d64d2b</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1060">#1060</a>
from yehuya/initializeTestImprovements</li>
<li><a
href="9ad7933156"><code>9ad7933</code></a>
tests: DOMPurify custom window tests improvements</li>
<li><a
href="72760ca8ee"><code>72760ca</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1059">#1059</a>
from yehuya/fixMissingWindowElement</li>
<li><a
href="bc72d44b2e"><code>bc72d44</code></a>
Fix tests</li>
<li><a
href="363a89dd3a"><code>363a89d</code></a>
fix: handle undefined Element in DOMPurify initialization</li>
<li><a
href="f41b45df18"><code>f41b45d</code></a>
Update LICENSE</li>
<li><a
href="b25bf26d67"><code>b25bf26</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.1.6...3.2.4">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
