search

brave / brave-talk

Unlimited private video calls with your friends and colleagues
Mozilla Public License 2.0
123 stars 35 forks source link

Add banner to talk.brave.com #1398

Closed mrose17 closed 7 months ago

mrose17 commented 7 months ago

...do not merge until release at 9AM US/PT...

github-actions[bot] commented 7 months ago

[puLL-Merge] - brave/brave-talk@1398

Description

This PR updates several dependencies, adds new features like AI-powered transcription and meeting summaries, and improves the UI/UX. The main motivation seems to be enhancing the functionality and user experience of Brave Talk.

Changes ### Changes - `.github/actions/deploy/action.yml`, `.github/workflows/codeql-analysis.yml`: Updated GitHub Actions versions - `.node-version`: Bumped Node.js version to 20.12.1 - `package.json`: Updated several dependencies to their latest versions - `src/App.tsx`: Added import for new inter.css file - `src/components/Button.tsx`: Added `textDecoration: "none"` style to button - `src/components/GlobalStyles.tsx`: Updated font family and added specific font for headings - `src/components/InCall.tsx`: Added transcription feature, transcript manager, and updated event handlers - `src/components/LeoPromo.tsx`: Added a new promo component for Leo AI meeting features - `src/components/Recordings.tsx`: Added support for transcripts, updated recording expiration logic - `src/components/SubscriptionCTA.tsx`: Wrapped button in link for better accessibility - `src/components/WelcomeScreen.tsx`: Added the new LeoPromo component - `src/css/inter.css`: Added new Inter font - `src/environment.ts`: Updated config for development environments - `src/fonts/*`: Added new Inter font files - `src/hooks/use-call-setup-status.ts`: Removed unused recordingLink and recordingTTL from context - `src/i18n/locales/en/translation.json`: Added new translation strings for transcription and Leo AI promo - `src/images/transcript.svg`: Added new transcript icon - `src/jitsi/*`: Major updates to Jitsi integration, added transcription support, new event handlers - `src/lib.ts`: Added utility function for formatting timestamps - `src/recordings-store.ts`: Updated recording storage logic, added support for transcripts - `src/rooms.ts`: Extracted reusable functions for room API requests - `src/transcripts.ts`: Added new transcript manager for handling real-time transcription - `webpack.config.js`: Updated API proxy target

Security Hotspots

  1. Potential XSS in src/components/InCall.tsx where the transcript is rendered directly into the DOM. Ensure transcript text is properly sanitized.
  2. CSRF protection in src/rooms.ts relies on x-csrf-token header. Ensure this token is securely generated and validated on the server-side.
  3. Sensitive data like JWTs are passed to the transcript manager in src/transcripts.ts. Ensure JWTs are not logged or exposed in the UI.

Overall, the changes seem to follow best practices and no major security holes stand out. However, it's important to thoroughly test the new transcription functionality and Leo AI integration to ensure they don't introduce any unexpected vulnerabilities.