Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2026-05-06 09:17:35 +02:00
Code Issues Packages Projects Releases Activity

docs(user): add breaking change documentation for axios

Browse Source
This commit is contained in:
Elian Doran
2026-04-10 10:15:24 +03:00
parent bfe593ae52
commit fe710823c1
9 changed files with 162 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/server/src/assets/doc_notes/en/User Guide/!!!meta.json generated vendored
View File

File diff suppressed because one or more lines are too long

8
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Note Types/Text/Spell Check.html generated vendored
View File

@@ -3,7 +3,7 @@
or accessing Trilium through a <strong>web browser</strong>.</p>
<h2>Desktop</h2>
<p>The desktop app uses Chromium's built-in spellchecker. You can configure
it from <em>Options</em><strong> </strong><em>Spell Check</em>.</p>
it from <em>Options</em> <em>Spell Check</em>.</p>
<h3>Enabling spell check</h3>
<p>Toggle <em>Check spelling</em> to enable or disable the spellchecker. A
restart is required for changes to take effect — use the restart button
@@ -14,7 +14,7 @@
by checking the boxes. The spellchecker will accept words that are valid
in <em>any</em> of the selected languages.</p>
<p>The available languages depend on your operating system's installed language
packs. For example, on Windows you can add languages through <em>Options </em><em>Time &amp; Language </em><em>Language &amp; Region </em><em>Add a language</em>.</p>
packs. For example, on Windows you can add languages through <em>Options</em> <em>Time &amp; Language</em> <em>Language &amp; Region</em> <em>Add a language</em>.</p>
<aside
class="admonition note">
<p>The changes take effect only after restarting the application.</p>
@@ -27,7 +27,7 @@ class="admonition note">
→ "Add to dictionary") are stored in a <strong>synced note</strong> inside
Trilium. This means your custom dictionary automatically syncs across all
your devices.</p>
<p>You can view and edit the dictionary directly from <em>Settings </em><em>Spell Check </em><em>Custom Dictionary </em><em>Edit dictionary</em>.
<p>You can view and edit the dictionary directly from <em>Settings</em> <em>Spell Check</em> <em>Custom Dictionary</em> <em>Edit dictionary</em>.
This opens the underlying note, which contains one word per line. You can
add, remove, or modify entries as you like.</p>
<aside class="admonition note">
@@ -48,7 +48,7 @@ class="admonition note">
(e.g. you removed them manually) are cleaned up from the local dictionary
on startup.</li>
</ul>
<h4>Known limitations<a id="known-limitations"></a></h4>
<h4>Known limitations</h4>
<p>On Windows and macOS, Electron delegates "Add to dictionary" to the operating
system's user dictionary. This means:</p>
<ul>

1
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Scripting/Breaking changes.html → apps/server/src/assets/doc_notes/en/User Guide/User Guide/Scripting/Breaking changes/v0.102.0 Upgrade to jQuery.0.0.html generated vendored
View File

@@ -1,4 +1,3 @@
<h2>v0.102.0: Upgrade to jQuery 4.0.0</h2>
<p>jQuery 4 removes legacy browser support (such as IE11 support), but it
also removes some APIs that are considered deprecated such as:</p>
<blockquote>

27
apps/server/src/assets/doc_notes/en/User Guide/User Guide/Scripting/Breaking changes/v0.103.0 Removal of axios.html generated vendored Normal file
View File

@@ -0,0 +1,27 @@
<p>The <code spellcheck="false">api.axios</code> library has been removed from
the backend scripting API.</p>
<p>Axios was marked as deprecated at least since April 2024 in favor of the
native <code spellcheck="false">fetch()</code> API, which is available in
both browser and Node.js environments. After two years of deprecation,
the library was removed following the <a href="https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust">March 2026 npm supply chain compromise</a>,
where attackers published malicious versions that deployed a remote access
trojan. The Trilium's main developer almost got compromised, but <code spellcheck="false">pnpm</code> not
trusting unknown post-install scripts successfully avoided that.</p>
<p>Scripts that attempt to use <code spellcheck="false">api.axios</code> will
now throw an error with migration instructions.</p>
<h2>Migration</h2>
<p>Replace <code spellcheck="false">api.axios</code> calls with the native
<code
spellcheck="false">fetch()</code>API.</p>
<h3><code spellcheck="false">GET</code> calls</h3>
<p>Before (Axios):</p><pre><code class="language-application-javascript-env-backend">const response = await api.axios.get('https://api.example.com/data');
const data = response.data;</code></pre>
<p>After (<code spellcheck="false">fetch</code>):</p><pre><code class="language-application-javascript-env-backend">const response = await fetch('https://api.example.com/data');
const data = await response.json();</code></pre>
<h3><code spellcheck="false">POST</code> calls</h3>
<p>Before (Axios):</p><pre><code class="language-application-javascript-env-backend">await api.axios.post('https://api.example.com/data', { key: 'value' });</code></pre>
<p>After (fetch):</p><pre><code class="language-application-javascript-env-backend">await fetch('https://api.example.com/data', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ key: 'value' })
});</code></pre>

2
docs/Developer Guide/Developer Guide/Documentation.md vendored
View File

@@ -1,5 +1,5 @@
# Documentation
There are multiple types of documentation for Trilium:<img class="image-style-align-right" src="api/images/2E07SO1IRJxo/Documentation_image.png" width="205" height="162">
There are multiple types of documentation for Trilium:<img class="image-style-align-right" src="api/images/P8lHe64WV7LD/Documentation_image.png" width="205" height="162">
* The _User Guide_ represents the user-facing documentation. This documentation can be browsed by users directly from within Trilium, by pressing <kbd>F1</kbd>.
* The _Developer's Guide_ represents a set of Markdown documents that present the internals of Trilium, for developers.

4
docs/Release Notes/Release Notes/v0.102.2.md vendored
View File

@@ -14,7 +14,6 @@
## 🔒️ Security improvements
* Content Handling
* Improved request handling for SVG content in share routes
* Improved request handling for SVG content in the main API
* Enhanced content rendering in the Mermaid diagram editor
@@ -22,16 +21,13 @@
* Added validation for the `docName` attribute in the document renderer
* Marked `docName` as a sensitive attribute in the commons module
* Desktop Application (Electron)
* Added Electron fuses to harden the desktop application against external abuse
* Improved application integrity checks
* API & Import
* Added MIME type validation for image uploads via ETAPI
* Aligned attachment upload validation with note upload validation
* Import no longer preserves named note IDs to prevent potential conflicts
* Authentication
* OpenID Connect now uses a more secure random number generator
We've also updated our SECURITY.MD file to detail our security practices and how to report vulnerabilities.

90
docs/User Guide/!!!meta.json vendored
View File

@@ -17761,27 +17761,105 @@
"notePosition": 130,
"prefix": null,
"isExpanded": false,
"type": "text",
"mime": "text/html",
"type": "book",
"mime": "",
"attributes": [
{
"type": "label",
"name": "iconClass",
"value": "bx bx-up-arrow-alt",
"isInheritable": false,
"position": 30
"position": 10
},
{
"type": "label",
"name": "shareAlias",
"value": "breaking-changes",
"isInheritable": false,
"position": 20
},
{
"type": "relation",
"name": "template",
"value": "_template_list_view",
"isInheritable": false,
"position": 30
},
{
"type": "label",
"name": "sorted",
"value": "",
"isInheritable": false,
"position": 40
},
{
"type": "label",
"name": "sortDirection",
"value": "desc",
"isInheritable": false,
"position": 50
}
],
"format": "markdown",
"dataFileName": "Breaking changes.md",
"attachments": []
"attachments": [],
"dirFileName": "Breaking changes",
"children": [
{
"isClone": false,
"noteId": "fqAK6opjUagR",
"notePath": [
"pOsGYCXsbNQG",
"CdNpE2pqjmI6",
"cNpC0ITcfX0N",
"fqAK6opjUagR"
],
"title": "v0.103.0: Removal of axios",
"notePosition": 10,
"prefix": null,
"isExpanded": false,
"type": "text",
"mime": "text/html",
"attributes": [
{
"type": "label",
"name": "shareAlias",
"value": "axios-removal",
"isInheritable": false,
"position": 30
}
],
"format": "markdown",
"dataFileName": "v0.103.0 Removal of axios.md",
"attachments": []
},
{
"isClone": false,
"noteId": "72dxvnbnkDFY",
"notePath": [
"pOsGYCXsbNQG",
"CdNpE2pqjmI6",
"cNpC0ITcfX0N",
"72dxvnbnkDFY"
],
"title": "v0.102.0: Upgrade to jQuery 4.0.0",
"notePosition": 20,
"prefix": null,
"isExpanded": false,
"type": "text",
"mime": "text/html",
"attributes": [
{
"type": "label",
"name": "shareAlias",
"value": "jquery4",
"isInheritable": false,
"position": 30
}
],
"format": "markdown",
"dataFileName": "v0.102.0 Upgrade to jQuery.0.0.md",
"attachments": []
}
]
}
]
},

4
docs/User Guide/User Guide/Scripting/Breaking changes.md → docs/User Guide/User Guide/Scripting/Breaking changes/v0.102.0 Upgrade to jQuery.0.0.md vendored
View File

@@ -1,6 +1,4 @@
# Breaking changes
## v0.102.0: Upgrade to jQuery 4.0.0
# v0.102.0: Upgrade to jQuery 4.0.0
jQuery 4 removes legacy browser support (such as IE11 support), but it also removes some APIs that are considered deprecated such as:
> `jQuery.isArray`, `jQuery.parseJSON`, `jQuery.trim`, `jQuery.type`, `jQuery.now`, `jQuery.isNumeric`, `jQuery.isFunction`, `jQuery.isWindow`, `jQuery.camelCase`, `jQuery.nodeName`, `jQuery.cssNumber`, `jQuery.cssProps`, and `jQuery.fx.interval`.

44
docs/User Guide/User Guide/Scripting/Breaking changes/v0.103.0 Removal of axios.md vendored Normal file
View File

@@ -0,0 +1,44 @@
# v0.103.0: Removal of axios
The `api.axios` library has been removed from the backend scripting API.
Axios was marked as deprecated at least since April 2024 in favor of the native `fetch()` API, which is available in both browser and Node.js environments. After two years of deprecation, the library was removed following the [March 2026 npm supply chain compromise](https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust), where attackers published malicious versions that deployed a remote access trojan. The Trilium's main developer almost got compromised, but `pnpm` not trusting unknown post-install scripts successfully avoided that.
Scripts that attempt to use `api.axios` will now throw an error with migration instructions.
## Migration
Replace `api.axios` calls with the native `fetch()` API.
### `GET` calls
Before (Axios):
```javascript
const response = await api.axios.get('https://api.example.com/data');
const data = response.data;
```
After (`fetch`):
```javascript
const response = await fetch('https://api.example.com/data');
const data = await response.json();
```
### `POST` calls
Before (Axios):
```javascript
await api.axios.post('https://api.example.com/data', { key: 'value' });
```
After (fetch):
```javascript
await fetch('https://api.example.com/data', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ key: 'value' })
});
```