From 3909bbcfc00cda2173ef10eff463f7e78a67ad83 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martinmckeaveney@gmail.com>
Date: Mon, 3 Jun 2024 15:05:18 +0100
Subject: [PATCH 1/9] NGINX headers for security audit

---
 hosting/proxy/nginx.prod.conf | 1 +
 packages/account-portal       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosting/proxy/nginx.prod.conf b/hosting/proxy/nginx.prod.conf
index 79007da311..217106b1bf 100644
--- a/hosting/proxy/nginx.prod.conf
+++ b/hosting/proxy/nginx.prod.conf
@@ -74,6 +74,7 @@ http {
     add_header X-Content-Type-Options nosniff always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header Content-Security-Policy "${csp_default}; ${csp_script}; ${csp_style}; ${csp_object}; ${csp_base_uri}; ${csp_connect}; ${csp_font}; ${csp_frame}; ${csp_img}; ${csp_manifest}; ${csp_media}; ${csp_worker};" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
 
     # upstreams
     set $apps ${APPS_UPSTREAM_URL};
diff --git a/packages/account-portal b/packages/account-portal
index c167c331ff..2a5022fb94 160000
--- a/packages/account-portal
+++ b/packages/account-portal
@@ -1 +1 @@
-Subproject commit c167c331ff9b8161fc18e2ecbaaf1ea5815ba964
+Subproject commit 2a5022fb946481c9f7a9c38d1413922729972be0

From 8018d957aedcbdff91dd60353da60fbefd424c98 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 4 Jun 2024 12:58:43 +0200
Subject: [PATCH 2/9] Add PR size labeler

---
 .github/workflows/pr-labeler.yml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 .github/workflows/pr-labeler.yml

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
new file mode 100644
index 0000000000..1bfa79dad3
--- /dev/null
+++ b/.github/workflows/pr-labeler.yml
@@ -0,0 +1,25 @@
+name: PR labeler
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  size-labeler:
+    runs-on: ubuntu-latest
+    name: Label the PR size
+    steps:
+      - uses: codelytv/pr-size-labeler@v1
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          xs_label: "xs"
+          xs_max_size: "10"
+          s_label: "s"
+          s_max_size: "100"
+          m_label: "m"
+          m_max_size: "500"
+          l_label: "l"
+          l_max_size: "1000"
+          xl_label: "xl"
+          fail_if_xl: "false"
+          files_to_ignore: "yarn.lock"

From fb7411dee3fca07e30d44363bca44cfeb2d4faef Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 4 Jun 2024 13:03:30 +0200
Subject: [PATCH 3/9] Team label

---
 .github/workflows/pr-labeler.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index 1bfa79dad3..d10d67c4b7 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -23,3 +23,18 @@ jobs:
           xl_label: "xl"
           fail_if_xl: "false"
           files_to_ignore: "yarn.lock"
+
+  team-labeler:
+    runs-on: ubuntu-latest
+    name: Label the PR size
+    steps:
+      - uses: rodrigoarias/auto-label-per-user@v1.0.0
+        with:
+          git-token: ${{ secrets.GITHUB_TOKEN }}
+          user-team-map: |
+            {
+                "adrinr": "firestorm"
+                "samwho": "firestorm"
+                "pclmnt": "firestorm"
+                "mike12345567": "firestorm"
+            }

From 63e7421dd56cbfe18ba304628af4394e899328e8 Mon Sep 17 00:00:00 2001
From: Martin McKeaveney <martinmckeaveney@gmail.com>
Date: Tue, 4 Jun 2024 12:41:07 +0100
Subject: [PATCH 4/9] acct portal

---
 packages/account-portal | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/account-portal b/packages/account-portal
index 2a5022fb94..e8136bd1ea 160000
--- a/packages/account-portal
+++ b/packages/account-portal
@@ -1 +1 @@
-Subproject commit 2a5022fb946481c9f7a9c38d1413922729972be0
+Subproject commit e8136bd1ea9fa4c61a4bcbeda482abea0b6c3d9f

From 9717c2bd17b89c2c435d76f0f6ff3e4d17029356 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 4 Jun 2024 14:16:29 +0200
Subject: [PATCH 5/9] Fix json

---
 .github/workflows/pr-labeler.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index d10d67c4b7..85f664ca30 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -33,8 +33,8 @@ jobs:
           git-token: ${{ secrets.GITHUB_TOKEN }}
           user-team-map: |
             {
-                "adrinr": "firestorm"
-                "samwho": "firestorm"
-                "pclmnt": "firestorm"
+                "adrinr": "firestorm",
+                "samwho": "firestorm",
+                "pclmnt": "firestorm",
                 "mike12345567": "firestorm"
             }

From cbcba76309a2c418d61a1cd401a016457a94f19b Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 4 Jun 2024 14:18:47 +0200
Subject: [PATCH 6/9] Use default labels

---
 .github/workflows/pr-labeler.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index 85f664ca30..8a9e20c2ac 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -12,15 +12,10 @@ jobs:
       - uses: codelytv/pr-size-labeler@v1
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          xs_label: "xs"
           xs_max_size: "10"
-          s_label: "s"
           s_max_size: "100"
-          m_label: "m"
           m_max_size: "500"
-          l_label: "l"
           l_max_size: "1000"
-          xl_label: "xl"
           fail_if_xl: "false"
           files_to_ignore: "yarn.lock"
 

From c17b12d4669ac3615381ddc8cad5b05a3c8d4133 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 4 Jun 2024 14:19:54 +0200
Subject: [PATCH 7/9] Add concurrency

---
 .github/workflows/pr-labeler.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index 8a9e20c2ac..c63e7029ba 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -1,5 +1,9 @@
 name: PR labeler
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
 on:
   pull_request:
     types: [opened, synchronize]

From c8e68978d8eafa2308d342b05ceb51d5b2216ad6 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 4 Jun 2024 14:22:30 +0200
Subject: [PATCH 8/9] Label team only on opened

---
 .github/workflows/pr-labeler.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index c63e7029ba..553b87d3cf 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -26,6 +26,7 @@ jobs:
   team-labeler:
     runs-on: ubuntu-latest
     name: Label the PR size
+    if: ${{ github.event.action == 'opened' }}
     steps:
       - uses: rodrigoarias/auto-label-per-user@v1.0.0
         with:

From e131835852088c92e86515b5a4bde7fb6f4582d2 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 4 Jun 2024 14:24:38 +0200
Subject: [PATCH 9/9] Use default names

---
 .github/workflows/pr-labeler.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index 553b87d3cf..998c95be27 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -11,7 +11,6 @@ on:
 jobs:
   size-labeler:
     runs-on: ubuntu-latest
-    name: Label the PR size
     steps:
       - uses: codelytv/pr-size-labeler@v1
         with:
@@ -25,7 +24,6 @@ jobs:
 
   team-labeler:
     runs-on: ubuntu-latest
-    name: Label the PR size
     if: ${{ github.event.action == 'opened' }}
     steps:
       - uses: rodrigoarias/auto-label-per-user@v1.0.0