- Update Content Security Policy (CSP) in next.config.ts to avoid `unsafe-eval` in production, improving security against XSS attacks.
- Refactor API routes to enforce admin authentication and session validation, ensuring secure access to sensitive endpoints.
- Optimize analytics data retrieval by using database aggregation instead of loading all records into memory, improving performance and reducing memory usage.
- Implement session token creation and verification for better session management and security across the application.
- Enhance error handling and input validation in various API routes to ensure robustness and prevent potential issues.
- Created separate workflows for production and dev deployments
- Production branch → dk0.dev (port 3000)
- Dev branch → dev.dk0.dev (port 3002)
- Zero-downtime deployment pattern (start new, wait for health, remove old)
- Complete isolation between environments (separate containers, databases, networks)
- Cleaned up unused code and files:
- Removed unused GhostEditor and ResizableGhostEditor components
- Removed old/unused workflows and markdown files
- Fixed docker-compose references
- Upgraded dependencies to latest compatible versions
- Fixed TypeScript errors in editor page
- Updated staging to use dev.dk0.dev domain
refactor: modify layout to use ClientOnly and BackgroundBlobsClient components
fix: correct import statement for ActivityFeed in the main page
fix: enhance sitemap fetching logic with error handling and mock support
refactor: convert BackgroundBlobs to default export for consistency
refactor: simplify ErrorBoundary component and improve error handling UI
chore: update framer-motion to version 12.24.10 in package.json and package-lock.json
test: add minimal Prisma Client mock for testing purposes
feat: create BackgroundBlobsClient for dynamic import of BackgroundBlobs
feat: implement ClientOnly component to handle client-side rendering
feat: add custom error handling components for better user experience
- Update Next.js to 15.5.7 and React to 19.0.1 (React2Shell fix)
- Update Nodemailer to 7.0.11 (Security fix)
- Update React Markdown and others to resolve all audit issues
- Add SECURITY-UPDATE.md
* update
* cleanup
* fixing linting and tests errors
* Refactor API Parameter Handling and Update Email Transport
✅ Updated API Route Parameters:
- Changed parameter type from `{ id: string }` to `Promise<{ id: string }>` in PUT and DELETE methods for better async handling.
✅ Fixed Email Transport Creation:
- Updated `nodemailer.createTransporter` to `nodemailer.createTransport` for correct transport configuration.
✅ Refactored AnalyticsDashboard Component:
- Changed export from default to named export for better modularity.
✅ Enhanced Email Responder Toast:
- Updated toast structure to include additional properties for better user feedback.
🎯 Overall Improvements:
- Improved async handling in API routes.
- Ensured correct usage of nodemailer.
- Enhanced component exports and user notifications.
* ✨ chore: update CI workflow to include testing and multi-arch build (#29)
* ✨ chore: remove unused dependencies from package-lock.json and updated to a better local dev environment (#30)
* ✨ test: add unit tests
* ✨ test: add unit tests for whole project
* ✨ feat: add whatwg-fetch for improved fetch support
* ✨ chore: update Node.js version to 22 in workflow
* ✨ refactor: update types and improve email handling tests
* ✨ refactor: remove unused imports
* ✨ fix: normalize image name to lowercase in workflows
* ✨ fix: ensure Docker image names are consistently lowercase
* ✨ chore: update
* ✨ chore: update base URL to use secret variable
* ✨ chore: update to login to ghcr
* ✨ fix: add missing 'fi' to close if statement in workflow
Replace "@vercel/analytics" with "@tryghost/content-api" and add
"node-fetch" to dependencies. Remove "@vercel/speed-insights" to
streamline the package. Update robots.txt to dis access to
"/legal-notice" and "/privacy-policy". Change <p> tags to <div> in
the Privacy Policy for better structure. Update the last modified
date in the Legal Notice. Add a new API route for fetching images
with error handling for missing URL parameters.
