@networkpro/web
Version:
Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies
1,169 lines (859 loc) • 114 kB
Markdown
<!-- =====================================================================
CHANGELOG.md
Copyright © 2025-2026 Network Pro Strategies (Network Pro™)
SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
This file is part of Network Pro.
====================================================================== -->
# Changelog
<!-- markdownlint-disable MD024 -->
<!-- Use sections: Added, Changed, Deprecated, Removed, Fixed, Security -->
All notable changes to this project will be documented in this file.
This project follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
Version numbers use a **SemVer-inspired** `MAJOR.MINOR.PATCH` format, with
version increments reflecting both user-visible and operational impact.
---
## [Unreleased]
---
## [1.26.11] - 2026-02-28
### Changed
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.53.4**.
- Updated all GitHub Actions workflows to utilize **npm 11.11.0**.
- Updated `.nvmrc` and `.node-version` to utilize **Node.js** `v24.14.0`.
- Bumped project version to `v1.26.11`.
- Updated dependencies:
- `@sveltejs/adapter-netlify` `^6.0.3` → `^6.0.4`
- `@sveltejs/adapter-vercel` `^6.3.2` → `^6.3.3`
- `@sveltejs/kit` `2.53.0` → `2.53.4`
- `autoprefixer` `^10.4.24` → `^10.4.27`
- `eslint-plugin-jsdoc` `^62.7.0` → `^62.7.1`
- `svelte` `5.53.2` → `5.53.6`
- `svelte-check` `^4.4.3` → `^4.4.4`
- `posthog-js` `^1.352.0` → `^1.356.1`
- `stylelint` `^17.3.0` → `^17.4.0`
- `svelte-eslint-parser` `^1.4.1` → `^1.5.1`
### Security
- Pinned transitive dependency `basic-ftp` to `^5.2.0` to mitigate CVE-2026-27699.
---
## [1.26.10] - 2026-02-21
### Changed
- Refactored PostHog store to centralize environment gating across `initPostHog()`, `capture()`, and `identify()` via a shared `shouldSkipAnalytics()` helper.
- Cached environment detection results to avoid repeated evaluation and ensure consistent behavior across analytics APIs.
- Reintroduced hostname-based audit detection (`audit.netwk.pro`) as a defense-in-depth fallback alongside environment-mode audit detection.
- Removed unnecessary comments from `src/lib/stores/posthog.js` and `src/lib/pages/LicenseContent.svelte`.
- Corrected `tests/unit/client/lib/utils/utm.test.js` to import `vi` variable before first use.
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.53.0**.
- Bumped project version to `v1.26.10`.
- Updated dependencies:
- `@sveltejs/adapter-netlify` `^6.0.0` → `^6.0.3`
- `@sveltejs/adapter-vercel` `^6.3.1` → `^6.3.2`
- `globby` `^16.1.0` → `^16.1.1`
- `@sveltejs/kit` `2.51.0` → `2.53.0`
- `eslint-plugin-jsdoc` `^62.5.4` → `^62.7.0`
- `jsdom` `28.0.0` → `28.1.0`
- `posthog-js` `^1.347.0` → `^1.352.0`
- `prettier-plugin-svelte` `^3.4.1` → `^3.5.0`
- `stylelint` `^17.2.0` → `^17.3.0`
- `svelte` `5.50.3` → `5.53.2`
- `svelte-check` `^4.3.6` → `^4.4.3`
- `markdownlint-cli2` `0.20.0` → `0.21.0`
### Fixed
- Prevented analytics gating logic from executing during SSR by adding an explicit `typeof window === 'undefined'` guard.
- Improved test isolation by updating `\_resetPostHog()` to reset cached environment state and tracking-related stores.
### Security
- Pinned the `tar` package to `^7.5.9` in transitive dependencies, in order to address CVE-2026-26960.
- Pinned transitive `minimatch` to `>=10.2.1` to address an `npm audit`-reported high-severity ReDoS/DoS issue in older minimatch versions.
---
## [1.26.9] - 2026-02-12
### Changed
- Updated all GitHub Actions workflows to utilize **npm 11.10.0**.
- Updated `.nvmrc` and `.node-version` to utilize **Node.js** `v24.13.1`.
- Bumped project version to `v1.26.9`.
- Updated dependencies:
- `eslint-plugin-jsdoc` `^62.5.3` → `^62.5.4`
- `svelte` `5.50.0` → `5.50.3`
- `@sveltejs/kit` `2.50.2` → `2.51.0`
- `eslint-plugin-svelte` `^3.14.0` → `^3.15.0`
- `posthog-js` `^1.342.1` → `^1.347.0`
- `stylelint` `^17.1.1` → `^17.2.0`
- `vite-tsconfig-paths` `^6.0.5` → `^6.1.1`
- `@sveltejs/adapter-netlify` `^5.2.4` → `^6.0.0`
---
## [1.26.8] - 2026-02-07
### Changed
- Refreshed timestamp for main route in `static/sitemap.xml`.
- Updated all GitHub Actions workflows to utilize **npm 11.9.0**.
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.50.2**.
- Added `eslint` and `@eslint/js` to `.ncurc.js` **reject** list, pinned `v9.39.2` in `package.json`.
- Bumped project version to `v1.26.8`.
- Updated dependencies:
- `posthog-js` `^1.336.4` → `^1.342.1`
- `semver` `^7.7.3` → `^7.7.4`
- `svelte` `5.49.1` → `5.50.0`
- `@playwright/test` `^1.58.1` → `^1.58.2`
- `@sveltejs/kit` `2.50.1` → `2.50.2`
- `eslint-plugin-jsdoc` `^62.5.0` → `^62.5.3`
- `jsdom` `27.4.0` → `28.0.0`
- `playwright` `^1.58.1` → `^1.58.2`
- `stylelint` `^17.1.0` → `^17.1.1`
---
## [1.26.7] - 2026-02-01
### Changed
- Refreshed timestamp for `/legal` route in `static/sitemap.xml`.
- Added standardized header to `AGENTS.md`, `CLAUDE.md`, `VERSIONING.md`, and `.github/COMMIT_GUIDE.md`, as well as all issue templates.
- Updated footer of `LICENSE.md` and `README.md` to reflect the company's full legal name.
- Refreshed **Effective Date** for Legal, Copyright, and Licensing route (`/legal`).
- Updated `src/lib/pages/LicenseContent.svelte` to include our trade name.
- Bumped project version to `v1.26.7`.
- Updated dependencies:
- `@eslint/compat` `^2.0.1` → `^2.0.2`
- `@playwright/test` `^1.58.0` → `^1.58.1`
- `autoprefixer` `^10.4.23` → `^10.4.24`
- `playwright` `^1.58.0` → `^1.58.1`
- `posthog-js` `^1.336.2` → `^1.336.4`
- `svelte` `5.49.0` → `5.49.1`
- `svelte-check` `^4.3.5` → `^4.3.6`
- `eslint-plugin-jsdoc` `^62.4.1` → `^62.5.0`
- `globals` `^17.2.0` → `^17.3.0`
- `stylelint` `^17.0.0` → `^17.1.0`
---
## [1.26.6] - 2026-01-29
### Changed
- Added Prettier to the `npm-check-updates` ignore list (`.ncurc.cjs`) for deterministic formatting changes.
- Updated the company name in `src/lib/pages/AboutContent.svelte` to the full, legal name.
- Updated the copyright statement in `src/lib/pages/LicenseContent.svelte` to use the full, legal company name.
- Updated the footer to display the full, legal company name.
- Bumped project version to `v1.26.6`.
- Updated dependencies:
- `globals` `^17.1.0` → `^17.2.0`
- `posthog-js` `^1.335.2` → `^1.336.2`
- `svelte` `5.48.2` → `5.49.0`
### Security
- Pinned the `tar` package to `^7.5.7` in transitive dependencies, in order to address CVE-2026-24842.
---
## [1.26.5] - 2026-01-24
### Added
- `scripts/hooks/pre-push.sh`: `simple-git-hooks` pre-push guard to prevent accidental pushes directly to `master`/`main` while preserving the existing `npm run checkout` pre-push behavior.
### Changed
- `.github/workflows/deploy-audit-netlify.yml`: Added `workflow_dispatch` so the audit Netlify deployment can be triggered manually (e.g., when `audit-netlify` is already in sync and no new push occurs).
- `package.json`: Updated `simple-git-hooks` configuration to run `bash scripts/hooks/pre-push.sh` on `pre-push` (alongside the existing `pre-commit` hook).
- Bumped project version to `v1.26.5`.
---
## [1.26.4] - 2026-01-24
### Added
- Added `AGENTS.md` to provide operational, tool-neutral guidance for automated agents.
### Changed
- **Workflow tooling updates** to keep CI aligned with upstream releases:
- `npm` upgraded to `11.8.0` across build/test/publish workflows.
- `actions/checkout` `v5` → `v6`, `actions/upload-artifact` `v4` → `v6`, and `actions/github-script` `v7` → `v8`.
- Restored Node.js/npm version logging in `publish-test` workflow jobs.
- **Documentation note added** in `CLAUDE.md` to point automation tools to `AGENTS.md`.
- **Playwright E2E stabilization** (Firefox + SvelteKit SPA navigation):
- Updated the shared navigation helper (`tests/e2e/shared/helpers.js`) to prefer SPA-safe URL-change waiting (polling assertions) over navigation lifecycle events, improving Firefox stability.
- Strengthened the desktop “About link” test (`tests/e2e/app.spec.js`) with a stable `/about` page marker assertion (`"Security, with Intent"`) to reduce intermittent flakes.
- Refreshed timestamp for root route in `static/sitemap.xml`.
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.50.1**.
- **Project version bumped** to `v1.26.4`.
- Updated dependencies:
- `@sveltejs/adapter-vercel` `^6.3.0` → `^6.3.1`
- `@sveltejs/kit` `2.50.0` → `2.50.1`
- `@vitest/coverage-v8` `4.0.17` → `4.0.18`
- `svelte` `5.48.0` → `5.48.2`
- `vite-tsconfig-paths` `^6.0.4` → `^6.0.5`
- `vitest` `4.0.17` → `4.0.18`
- `@playwright/test` `^1.57.0` → `^1.58.0`
- `eslint-plugin-jsdoc` `^62.3.0` → `^62.4.1`
- `globals` `^17.0.0` → `^17.1.0`
- `playwright` `^1.57.0` → `^1.58.0`
- `posthog-js` `^1.334.0` → `^1.335.2`
---
## [1.26.3] - 2026-01-21
### Added
- **Codex-aware analytics guard** in `src/lib/stores/posthog.js` to explicitly skip PostHog initialization when the application is executed by automation or AI-assisted tooling.
This prevents analytics side effects during non-interactive builds, cloud executions, and AI-driven analysis while preserving normal production behavior.
- **`.env.codex` environment configuration** to support Codex and similar automation tools.
This file defines a controlled, non-interactive execution context that mirrors production build semantics without enabling analytics or requiring secrets, enabling safe use of cloud-based AI and CI-style tooling.
- **`CLAUDE.md` project guidance file** to provide persistent, repository-level instructions for Claude Code and other AI-assisted development tools.
The file establishes clear expectations and constraints for AI usage, including:
- **AI guardrails** that prohibit changes to security posture, environment detection logic, deployment assumptions, or analytics behavior without explicit human approval.
- An explicit **Allowed AI Uses** section defining safe, permitted activities such as code comprehension, incremental feature development, bug fixing, testing, and documentation updates.
### Changed
- **Project version bumped** to `v1.26.3`.
- **Dependency updates** to incorporate upstream fixes, improvements, and compatibility updates:
- `prettier` `3.8.0` → `3.8.1`
- `eslint-plugin-jsdoc` `^62.0.1` → `^62.3.0`
- `lightningcss` `^1.30.2` → `^1.31.1`
- `posthog-js` `^1.327.0` → `^1.334.0`
- `svelte` `5.46.4` → `5.48.0`
### Security
- **Updated transitive dependency override** to remediate a reported vulnerability:
- `tar` `7.5.3` → `7.5.6`
_(addresses CVE-2026-23950)_
- **Added transitive dependency override** to mitigate a reported vulnerability:
- `lodash` pinned to `4.17.23`
_(addresses CVE-2025-13465)_
---
## [1.26.2] - 2026-01-17
### Changed
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.50.0**.
- Updated `.nvmrc` and `.node-version` to utilize **Node.js** `v24.13.0`.
- Bumped project version to `v1.26.2`.
- Updated dependencies:
- `@sveltejs/kit` `2.49.5` → `2.50.0`
- `posthog-js` `^1.323.0` → `^1.327.0`
- `eslint-plugin-jsdoc` `^62.0.0` → `^62.0.1`
### Security
- Updated transitive dependency override to address reported vulnerabilities:
- `tar@7.5.2` → `tar@7.5.3` (addresses CVE-2026-23745).
---
## [1.26.1] - 2026-01-15
### Changed
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.49.5**.
- Updated `static/manifest.json` to better reflect the company's current mission, focus, and messaging.
- Updated timestamps in `sitemap.xml`.
- Minor edits made to `PrivacyContent.svelte` and `TermsUseContent.svelte` for clarity and accuracy.
- Bumped project version to `v1.26.1`.
- Updated dependencies:
- `@sveltejs/kit` `2.49.4` → `2.49.5`
- `@vitest/coverage-v8` `4.0.16` → `4.0.17`
- `svelte` `5.46.1` → `5.46.4`
- `vitest` `4.0.16` → `4.0.17`
- `posthog-js` `^1.318.1` → `^1.323.0`
- `prettier` `3.7.4` → `3.8.0`
- `stylelint` `^16.26.1` → `^17.0.0`
- `stylelint-config-recommended` `^17.0.0` → `^18.0.0`
### Security
- Updated `@sveltejs/kit` to `2.49.5`, in order to address CVE-2026-22803.
---
## [1.26.0] - 2026-01-10
### Changed
- Updated home page content to emphasize a focus on both security and privacy.
- Refined header navigation styling to improve external link icon alignment and spacing consistency across layouts.
- Updated `CONSTANTS.COMPANY_INFO.YEAR` in `src/lib/index.js` to reflect `2025, 2026`.
- Updated copyright headers across all tracked source files to reflect effective copyright years.
- Clarified repository distribution intent and reuse expectations in `README.md`, including documentation of copyright header conventions for this template project.
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.49.4**.
- Bumped project version to `v1.26.0`.
- Updated test tooling to support Vitest 4.x:
- Removed Vitest-related version constraints from update tooling.
- Updated Vitest configuration for compatibility with `vitest` and `@vitest/coverage-v8` v4.
- Updated dependencies:
- `@eslint/compat` `^2.0.0` → `^2.0.1`
- `@sveltejs/kit` `2.49.3` → `2.49.4`
- `@sveltejs/vite-plugin-svelte` `^6.2.3` → `^6.2.4`
- `@vitest/coverage-v8` `3.2.4` → `4.0.16`
- `posthog-js` `^1.315.1` → `^1.318.1`
- `eslint-plugin-jsdoc` `^61.5.0` → `^62.0.0`
- `vite-tsconfig-paths` `^6.0.3` → `^6.0.4`
- `vitest` `3.2.4` → `4.0.16`
---
## [1.25.24] - 2026-01-07
### Changed
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.49.3**.
- Bumped project version to `v1.25.24`.
- Updated dependencies:
- `@sveltejs/kit` `2.49.2` → `2.49.3`
- `@sveltejs/vite-plugin-svelte` `^6.2.1` → `^6.2.3`
- `vite` `^7.3.0` → `^7.3.1`
- `@sveltejs/adapter-vercel` `^6.2.0` → `^6.3.0`
- `eslint-plugin-svelte` `^3.13.1` → `^3.14.0`
- `posthog-js` `^1.313.0` → `^1.315.1`
---
## [1.25.23] - 2026-01-04
### Changed
- Updated `README.md` to accurately reflect hosting.
- Updated timestamp in `static/.well-known/security.txt` and created a new detached signature.
- Bumped project version to `v1.25.23`.
---
## [1.25.22] - 2026-01-01
### Added
- Conditional guards to ensure artifacts, issues, and external notifications are only created when workflows run in a trusted context (non-PR runs or PRs originating from the same repository).
- Redacted, public-safe Gitleaks scan summaries in GitHub Actions step output to prevent accidental exposure of sensitive file paths or values.
- Optional installation of `jq` gated to trusted execution contexts to support future structured output (e.g., SARIF) while preserving fork safety.
### Changed
- Updated the Gitleaks secret scanning workflow to explicitly exclude Dependabot pull requests, avoiding failures caused by unavailable organization secrets in bot-triggered PRs.
- Refined workflow trust boundaries to distinguish between forked pull requests and trusted repository contexts.
- Updated `.gitignore` to stop tracking generated `.svelte-kit` files.
- Bumped project version to `v1.25.22`.
- Updated dependencies:
- `stylelint-order` `^7.0.0` → `^7.0.1`
- `posthog-js` `^1.310.1` → `^1.313.0`
- `globals` `^16.5.0` → `^17.0.0`
### Removed
- Removed Mastodon verification in `src/routes/posts/+page.svelte`, as it was not functioning properly. This route will remain unverified.
### Security
- Hardened secret-handling logic in CI by preventing the use of organization-level secrets, write permissions, and external notifications in untrusted pull request contexts.
- Ensured Gitleaks license usage is restricted to safe execution paths, eliminating false-negative or false-positive failures caused by GitHub Actions secret scoping rules.
- Added transitive dependency override for `qs` to `^6.14.1`, in order to address CVE-2025-15284.
---
## [1.25.21] - 2025-12-27
### Added
- Added Mastodon verification to `src/routes/posts/+page.svelte` via `<svelte:head>`.
### Changed
- Updated intro paragraph of `README.md` to better reflect the company's current mission, focus, and messaging.
- Bumped project version to `v1.25.21`.
- Updated dependencies:
- `@testing-library/svelte` `^5.3.0` → `^5.3.1`
- `jsdom` `27.3.0` → `27.4.0`
---
## [1.25.20] - 2025-12-24
### Added
- Added `VERSIONING.md` to document the project’s versioning strategy.
### Changed
- Updated `.lighthouse.cjs` to utilize `https://netwk.pro` as the target.
- Removed **Services** route from `sitemap.xml` and refreshed last modified timestamps.
- Updated `README.md` to clarify the project's versioning strategy and changelog format.
- Updated `src/routes/+page.svelte` to apply `containerClass="readable"` to `<FullWidthSection>` for improved readability.
- Revised homepage and About page content (`HomeContent.svelte` and `AboutContent.svelte`) to better reflect the company’s current mission, focus, and messaging.
- Bumped project version to `v1.25.20`.
### Removed
- Removed **Services** from primary navigation (`HeaderDefault.svelte` and `HeaderHome.svelte`).
- Removed references to home implementation services from `AboutContent.svelte`.
- This change reflects a clarified focus on internal research, education, advocacy, and selectively aligned consulting, rather than broad outward-facing service offerings.
---
## [1.25.19] - 2025-12-24
### Changed
- Updated GitHub workflows to utilize `actions/checkout@v6`, `actions/upload-artifact@v6`, and `actions/download-artifact@v7`:
- `.github/workflows/templates/publish.template.yml`
- `.github/workflows/backup-branch.yml`
- `.github/workflows/build-and-publish.yml`
- `.github/workflows/dependency-review.yml`
- `.github/workflows/lighthouse.yml`
- `.github/workflows/meta-check.yml`
- `.github/workflows/playwright.yml`
- `.github/workflows/probely-scan.yml`
- `.github/workflows/publish-test.yml`
- `.github/workflows/secret-scan.yml`
- Corrected `README.md` to properly state that subsites are hosted on Vercel and Netlify.
- Updated `.node-version` and `.nvmrc` to utilize **Node.js** `v24.12.0`.
- Bumped project version to `v1.25.19`.
- Updated dependencies:
- `@eslint/js` `^9.39.1` → `^9.39.2`
- `@testing-library/svelte` `^5.2.9` → `^5.3.0`
- `autoprefixer` `^10.4.22` → `^10.4.23`
- `eslint` `^9.39.1` → `^9.39.2`
- `prettier-plugin-svelte` `^3.4.0` → `^3.4.1`
- `svelte-check` `^4.3.4` → `^4.3.5`
- `globby` `^16.0.0` → `^16.1.0`
- `posthog-js` `^1.305.0` → `^1.310.1`
- `svelte` `5.45.9` → `5.46.1`
- `vite` `^7.2.7` → `^7.3.0`
- `vite-tsconfig-paths` `^5.1.4` → `^6.0.3`
## Removed
- Removed `/* eslint-env vitest */` comment from `vitest-setup-client.js`, as it was causing an ESLint warning.
---
## [1.25.18] - 2025-12-11
### Changed
- Refreshed timestamp for root route in `sitemap.xml`.
- Reformatted the following files with Prettier:
- `src/lib/README.md`
- `src/lib/pages/LicenseContent.svelte`
- `src/lib/pages/PrivacyContent.svelte`
- `src/lib/pages/TermsUseContent.svelte`
- Bumped project version to `v1.25.18`.
- Updated dependencies:
- `prettier` `3.6.2` → `3.7.4`
---
## [1.25.17] - 2025-12-11
### Added
- Added SSR boundary protection test (`tests/unit/server/internal/ssrBoundary.test.js`):
- Detects Node-only imports (`jsdom`, `fs`, `path`, etc.) in client-visible modules.
- Ensures imports are properly gated behind `import.meta.env.SSR`.
- Prevents accidental SSR/client boundary violations in future code changes.
- Added support for detecting SSR-safe code paths by allowing SSR-gated dynamic imports in shared modules.
### Changed
- Refactored `src/service-worker.js` for improved consistency, clarity, and lint compatibility:
- Removed unused function parameters (`_err`) and adjusted callback signatures to align with ESLint expectations.
- Replaced anonymous no-op parameters with explicitly ignored placeholders using the `_` naming convention.
- Improved async iteration patterns in asset caching logic for better readability and maintainability.
- Updated JSDoc annotations for accuracy and improved editor support.
- Ensured all cache operations conform to structured error-handling patterns consistent with the rest of the codebase.
- Updated `src/lib/utils/purify.js`:
- Replaced `typeof window !== 'undefined'` guard with compile-time `import.meta.env.SSR`.
- Ensures Vite tree-shakes `jsdom` imports from client bundles.
- Fixed build failures caused by jsdom/cssstyle when bundled on the client.
- Preserves existing DOMPurify caching and SSR behavior.
- Enhanced ESLint `no-unused-vars` rule in `eslint.config.mjs`:
- Added support for ignoring unused catch parameters via `caughtErrors` and `caughtErrorsIgnorePattern`.
- Prevented false positives on intentionally unused error variables (e.g., `_err`).
- Expanded ignore patterns to match project coding conventions.
- Replaced `src/lib/img/qr/vcard.png` and `src/lib/img/qr/vcard.webp` with revised versions.
- Updated GitHub workflows to utilize **npm** `11.7.0`.
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.49.2**.
- Updated `src/lib/README.md` to reflect the newly updated app constant.
- Updated contact information in `static/bin/contact.vcf`.
- Updated `CONTACT.PHONE` app constant to reflect our new phone number, (602) 428-5300.
- Removed `jsdom` from `.ncurc.cjs` `reject` list.
- Bumped project version to `v1.25.17`.
- Updated dependencies:
- `dompurify` `^3.3.0` → `^3.3.1`
- `posthog-js` `^1.295.0` → `^1.305.0`
- `svelte` `5.43.12` → `5.45.9`
- `@playwright/test` `^1.56.1` → `^1.57.0`
- `@sveltejs/adapter-vercel` `^6.1.1` → `^6.2.0`
- `@sveltejs/kit` `2.48.5` → `2.49.2`
- `browserslist` `^4.28.0` → `^4.28.1`
- `eslint-plugin-jsdoc` `^61.2.1` → `^61.5.0`
- `eslint-plugin-svelte` `^3.13.0` → `^3.13.1`
- `markdownlint` `^0.39.0` → `^0.40.0`
- `markdownlint-cli2` `0.19.0` → `0.20.0`
- `playwright` `^1.56.1` → `^1.57.0`
- `stylelint` `^16.25.0` → `^16.26.1`
- `svelte-eslint-parser` `^1.4.0` → `^1.4.1`
- `vite` `^7.2.2` → `^7.2.7`
- `jsdom` `26.1.0` → `27.3.0`
### Fixed
- Resolved client-side build failures caused by dynamic jsdom imports leaking into the Vite dependency graph.
- Resolved false positive ESLint errors for unused catch bindings in JS modules.
---
## [1.25.16] - 2025-11-18
### Changed
- Removed `vercel-insights.com` from the `disallowedHosts` list in `service-worker.js`.
### Removed
- Removed `https://vercel-insights.com` from `script-src` and `connect-src` in `hooks.server.js`.
### Notes
- **Analytics:** Reverted Vercel Analytics integration due to inline script injection requirement. Continuing with PostHog Cloud until migration to CSP-compliant Matomo is feasible.
---
## [1.25.15] - 2025-11-18
### Added
- Added `https://vercel-insights.com` to `script-src` and `connect-src` in `hooks.server.js` to allow for Vercel Analytics.
### Changed
- Added `vercel-insights.com` to the `disallowedHosts` list in `service-worker.js`, in order to prevent SW caching.
- Bumped project version to `v1.25.15`.
- Updated dependencies:
- `svelte` `5.43.10` → `5.43.12`
---
## [1.25.14] - 2025-11-18
### Changed
- Bumped project version to `v1.25.14`.
- Updated dependencies:
- `svelte` `5.43.7` → `5.43.10`
- `posthog-js` `^1.293.0` → `^1.295.0`
### Security
- Added transitive dependency override for `glob` to `^11.1.0`, in order to address CVE-2025-64756.
---
## [1.25.13] - 2025-11-16
### Changed
- Updated `.markdownlint.mjs` to ignore rule `MD060`, which is overly strict and unnecessary.
- Bumped project version to `v1.25.13`.
- Updated dependencies:
- `svelte` `5.43.6` → `5.43.7`
- `posthog-js` `^1.292.0` → `^1.293.0`
- `@eslint/compat` `^1.4.1` → `^2.0.0`
- `markdownlint-cli2` `0.18.1` → `0.19.0`
### Fixed
- Resolved prototype pollution vulnerability in transitive `js-yaml` dependency via `overrides`, due to outdated `@lhci/cli` dependency on `@lhci/utils`.
---
## [1.25.12] - 2025-11-14
### Added
- Added revised **QR code** image assets for **Vcard** information:
- `src/lib/img/qr/vcard.png`
- `src/lib/img/qr/vcard.webp`
### Changed
- Modified `.node-version` and `.nvmrc` to utilize **Node.js** `24.11.1` (LTS).
- Updated `.ncurc.cjs` to reject updates to `markdownlint-cli2`, due to discrepancies between in-editor and CLI linting errors.
- Updated environment template (`.env.template`) to include `PUBLIC_ENV_MODE`, which is now required to build the proper environment (e.g., `dev`, `audit`, `production`).
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.48.5**.
- Bumped project version to `v1.25.12`.
- Updated dependencies:
- `@sveltejs/kit` `2.48.4` → `2.48.5`
- `eslint-plugin-jsdoc` `^61.2.0` → `^61.2.1`
---
## [1.25.11] - 2025-11-12
### Added
- `gotoDesktop(page, path)` and `gotoMobile(page, path)` helper functions to streamline viewport + navigation setup.
- `clickAndWaitForNavigation(page, locator, options)` utility for safe SPA or full-page navigation detection with optional URL pattern matching.
- `DEBUG_LOGS` flag in `helpers.js` to allow toggling of console logs for test diagnostics.
- Navigation debug logs to `getVisibleNav()` to indicate which navigation region was detected (when debugging is enabled).
### Changed
- Refactored all E2E tests to use `gotoDesktop()` and `gotoMobile()` for consistency and DRY principles.
- Replaced brittle direct `waitForNavigation()` usages with `clickAndWaitForNavigation()` helper.
- Updated mobile and desktop tests to improve consistency across specs and improve visibility assertions.
### Removed
- Legacy direct `setViewportSize()` and `page.goto()` calls from individual test blocks (now handled via `goto*()` helpers).
---
## [1.25.10] - 2025-11-12
### Changed
- Updated GitHub workflows to specify `ENV: ci` where appropriate:
- `templates/check-codeql.template.yml`
- `templates/publish.template.yml`
- `auto-assign.yml`
- `branch-backup.yml`
- `check-security-txt-expiry.yml`
- `dependency-review.yml`
- `meta-check.yml`
- `prevent-audit-merges.yml`
- `secret-scan.yml`
- Added `@sveltejs/adapter-netlify` devDependency for smoother toggling between production and audit modes.
- Production uses `@sveltejs/adapter-vercel` only. `@sveltejs/adapter-netlify` exists solely to support the audit environment.
- Bumped project version to `v1.25.10`.
- Updated dependencies:
- `@testing-library/svelte` `^5.2.8` → `^5.2.9`
- `eslint-plugin-jsdoc` `^61.1.12` → `^61.2.0`
- `posthog-js` `^1.290.0` → `^1.292.0`
## Removed
- Removed unneeded comments in `build-and-publish.yml` workflow.
---
## [1.25.9] - 2025-11-11
### Changed
- Updated the support email address to `support@netwk.pro` in the following files:
- `README.md`
- `check-codeql.template.yml`
- `publish.template.yml`
- `contact.vcf`
- Modified `eslint.config.mjs` to include `.cjs` files when linting JavaScript.
- Bumped project version to `v1.25.9`.
## Fixed
- Modified `.github/workflows/probely-scan.yml` to accept either a 200 or 201 response.
- Workflow was correctly triggering scan, but then failed due to receiving a 200 response rather than the 201 that was expected.
---
## [1.25.8] - 2025-11-11
### Added
- 🔐 **Branch protection rules** on `master`:
- Enforced pull requests for all changes
- Blocked force pushes
- Linear history requirement
- 🚫 **CI workflow to prevent merges from `audit-netlify` to `master`**:
- PRs originating from `audit-netlify` targeting `master` are automatically rejected
- Triggered on `pull_request` events
- Uses `github.event.pull_request.head.ref` for precise branch detection
- 🚀 **Netlify CI deployment** for audit-only branch:
- Workflow `.github/workflows/deploy-audit-netlify.yml` added
- Deploys `audit-netlify` to a separate Netlify site
- Uses environmental variables to trigger `vite build --mode audit`
- 🌐 **`hooks.server.js` CSP hardening** for audit deployments:
- Probely scanner detection based on UA/IP added via `isProbelyScanner()`
- Audit-specific CSP disables analytics and CSP reporting endpoints
- Logs detailed CSP info when in `isAudit` or `isDebug` modes
- 🛡️ Middleware improvements:
- User-agent/IP fingerprinting for Probely DAST
- Added logging for audit-mode scanner matches
- 🧪 Support for per-environment `.env` files (e.g. `.env.audit`)
- 🔄 Git helper scripts:
- Added bash script to sync `audit-netlify` with latest `master`
- Supports merge conflict resolution via VS Code diff viewer
### Changed
- Updated `.stylelintignore` to exclude `.netlify` directory
- Updated `lint:md` script to exclude the `build/` and `.netlify/` directories
- Refined `svelte.config.js` to support alternate build targets (Vercel → Netlify via adapter switch)
- Audit builds now use isolated `.env` config and a separate Netlify site token
- Bumped project version to `v1.25.8`
---
## [1.25.7] - 2025-11-11
### Added
- Introduced `src/lib/security/probely.js` helper module to detect Probely vulnerability scanner requests via normalized IP and User-Agent matching.
- Supports case-insensitive substring matching for known Probely UA fragments (`ProbelySPDR/`, etc.).
- IP allowlisting based on published ranges: <https://help.probely.com/en/articles/5112461/>
- Added unit test suite `tests/unit/server/lib/security/probely.test.js` to verify robustness of `isProbelyScanner()` logic against UA/IP variations and edge cases.
### Changed
- Updated `hooks.server.js` to integrate `isProbelyScanner()` as a drop-in replacement for inline Probely detection logic, improving clarity and testability.
- Contact details and motto updated in `static/.well-known/humans.txt`.
- Refreshed last modified dates in `static/sitemap.xml`.
- Minor cosmetic changes to `static/robots.txt`.
- Corrected fallback metadata in `+layout.svelte`.
- Removed inline styles from `src/lib/components/PWAInstallButton.svelte` and `src/lib/components/foss/FossFeatures.svelte`.
- Moved styles to `src/lib/styles/css/default.css`.
- Regenerated `global.min.css` bundle with LightningCSS.
- Minor optimizations and cleanup to several files:
- `src/lib/components/RedirectPage.svelte`
- `src/lib/components/layout/Footer.svelte`
- `src/lib/pages/AboutContent.svelte`
- `src/lib/pages/TermsConditionsContent.svelte`
- `src/lib/pages/TermsUseContent.svelte`
- `src/routes/contact/+page.svelte`
- `src/routes/posts/+page.svelte`
- `src/routes/privacy-rights/+page.svelte`
- Bumped project version to `v1.25.7`.
- Updated dependencies:
- `autoprefixer` `^10.4.21` → `^10.4.22`
- `browserslist` `^4.27.0` → `^4.28.0`
- `svelte` `5.43.3` → `5.43.6`
- `svelte-check` `^4.3.3` → `^4.3.4`
- `posthog-js` `^1.285.1` → `^1.290.0`
- `vite` `^7.1.12` → `^7.2.2`
---
## [1.25.6] - 2025-11-04
### Security
- Hardened `Content-Security-Policy (CSP)` in `hooks.server.js`:
- Environment-specific policies for `production`, `audit`, `dev`, and `test`
- Added real CSP reporting endpoint (`csp.netwk.pro`) in production
- Report-only mode enabled in non-prod for safer diagnostics
- Added `/api/mock-csp` endpoint to capture and log CSP violation reports in non-prod environments
### Changed
- Updated `README.md` with detailed explanation of the CSP enforcement strategy and future nonce-based roadmap
- Moved inline styles from `Badges.svelte` and `Logo.svelte` to external stylesheet (`default.css`)
- Regenerated `global.min.css` using LightningCSS to reflect updated external styles
- Bumped project version to `v1.25.6`
- Updated dependencies:
- `@eslint/js` `^9.39.0` → `^9.39.1`
- `eslint` `^9.39.0` → `^9.39.1`
- `eslint-plugin-jsdoc` `^61.1.11` → `^61.1.12`
- `svelte` `5.43.2` → `5.43.3`
- `posthog-js` `^1.284.0` → `^1.285.1`
### Fixed
- Updated `probely-scan.yml` GitHub workflow to utilize the correct API endpoint and cURL requests.
---
## [1.25.5] - 2025-11-03
### Added
- Introduced `static/b173de6c44c144c1b186841b88d51c67.txt` for use with [IndexNow](https://www.indexnow.org) and Bing Webmaster Tools.
### Changed
- Bumped project version to `v1.25.5`.
### Fixed
- Corrected the URLs for the HTML versions of the licenses in `static/sitemap.xml`.
---
## [1.25.4] - 2025-11-03
### Added
- `detectEnvironment()` now returns:
- `isDebug` boolean (true if `isDev` or `isTest`)
- `isLocalhost` (optional, in browser contexts)
- Support for `PUBLIC_POSTHOG_PROJECT_KEY` using `import.meta.env`
- Dynamic PostHog initialization (`initPostHog`) now uses env-based key injection
- vite.config.js:
- `envPrefix: ['PUBLIC_']` added to expose public vars to client
- Console banner for `ENV_MODE`, `PUBLIC_ENV_MODE`, and audit-mode warning
- CSP debug logs gated behind `isDebug` and server-only context
- `.env.production` support via `--mode=production` guidance
- Conditional `minify` flag for `lightningcssPlugin` based on `mode` (`production` or `audit`)
### Changed
- Environment detection (`env.js`) now respects hostname overrides and normalizes fallback logic for SSR/client consistency
- Logs in `hooks.server.js` and PostHog analytics client are now gated by `isDebug` to avoid unnecessary noise in production
- Better logging structure for PostHog initialization, including full `import.meta.env` dump in debug mode
- Bumped project version to `v1.25.4`
### Fixed
- Broken or undefined env var behavior due to missing `envPrefix` in `vite.config.js`
- Client-only `import.meta.env.PUBLIC_*` variables incorrectly resolving as `undefined` in production builds
- CSP not reflecting audit context due to host-based detection mismatch
### Developer Notes
- `.env.production` is **now required** for full environment variable injection during `npm run build --mode=production` or Vercel deployments.
- Without it, `PUBLIC_` variables (e.g. `PUBLIC_POSTHOG_PROJECT_KEY`) may resolve as undefined in the client bundle.
- Local builds can still fall back to `.env` or `.env.development` by default.
---
## [1.25.3] - 2025-11-03
### Changed
- Updated `posthog.js` to display environmental context logs only in development and testing environments.
- Bumped project version to `v1.25.3`.
### Removed
- Removed **Branch Guard** workflow (`.github/workflows/branch-guard.yml`), as it was resulting in mostly false positives.
---
## [1.25.2] - 2025-11-03
### Changed
- **Unified Environment Detection (`env.js`)**
- Added support for server-side hostname injection via optional `hostOverride` parameter.
- Enables accurate audit environment detection on both server (`hooks.server.js`) and client.
- Logs the resolved environment and host when executed on the server.
- Maintains safe fallback behavior for client-only usage.
- **CSP Handling (`hooks.server.js`)**
- Replaced reliance on `window.location` (unavailable on server) with `event.url.hostname` for host detection.
- Now correctly applies hardened audit-mode CSP in deployments matching `*.audit.netwk.pro`.
- Improved logging for audit/test/prod environment resolution during server request lifecycle.
- **Build Diagnostics (`vite.config.js`)**
- Added `stderr` output for `audit` mode builds to ensure visibility in CI logs.
- Displays a prominent `🔒 Audit Mode Detected` tag during Vercel and local builds.
- Continues to log `ENV_MODE`, `PUBLIC_ENV_MODE`, and `NODE_ENV` for build-time inspection.
- Bumped project version to `v1.25.2`.
---
## [1.25.1] - 2025-11-02
### Added
- Introduced new **environment diagnostics endpoint** at `src/routes/api/env-check/+server.js`.
- Returns resolved build and runtime environment data for verification.
- Useful for confirming `ENV_MODE` / `PUBLIC_ENV_MODE` propagation on Vercel builds.
- Helps troubleshoot environment mismatches between build-time and client-side contexts.
### Changed
- **vite.config.js**
- Enhanced configuration to log build mode and environment variables during bundling.
- Prints `mode`, `ENV_MODE`, `PUBLIC_ENV_MODE`, and `NODE_ENV` to aid CI/CD debugging.
- Uses color-coded console output for clear visibility in build logs.
- **env.js**
- Simplified and stabilized environment detection logic for better cross-environment consistency.
- Removed redundant imports and corrected handling of static vs dynamic `BUILD_ENV_MODE`.
- Improved comments and type annotations for maintainability and IDE autocompletion.
- Bumped project version to `v1.25.1`.
### Developer Experience
- Build logs now clearly display environment information before bundling.
- `env-check` API endpoint provides real-time environment inspection without rebuilding.
---
## [1.25.0] - 2025-11-02
### Added
- Introduced unified environment detection utility (`src/lib/utils/env.js`) with full **JSDoc typing**.
- Normalizes `process.env` and `import.meta.env` usage across SSR (Node) and client contexts.
- Safely handles browser environments where `process` is undefined.
- Provides standardized flags for:
- `isDev`, `isProd`, `isAudit`, `isCI`, and `isTest`
- Enables consistent environment checks across analytics, CSP, and runtime logic.
- Added hybrid **environment + host-based analytics guard** in `src/lib/stores/posthog.js`.
- Automatically disables PostHog tracking in `audit` mode or when hostname matches `*.audit.netwk.pro`.
- Prevents analytics initialization during development and test contexts.
- Uses the shared `detectEnvironment()` utility for centralized logic.
- Improves runtime logging for environment-specific behavior.
### Changed
- Updated `hooks.server.js` to include a dedicated **audit environment block** for Content Security Policy (CSP).
- Hardened audit CSP by removing all analytics-related sources (`posthog.com`, `posthog-assets.com`).
- Redirects CSP violation reporting to the mock endpoint (`/api/mock-csp`) in audit mode.
- Preserves full HSTS and other production security headers for audit deployments.
- Added clear separation between `test`, `audit`, and `prod` security policies.
- Improved console debugging for environment detection (`NODE_ENV`, `ENV_MODE`).
- Refactored **environment detection logic** for improved reliability across client and server contexts.
- Added unified environment resolver at `src/lib/utils/env.js` to standardize detection for `dev`, `prod`, `audit`, `ci`, and `test` modes.
- Ensures consistent handling of both `process.env.*` (Node/SSR) and `import.meta.env.*` (Vite/client) variables.
- Prevents mismatched behavior between browser-side analytics (`posthog.js`) and server-side policies (`hooks.server.js`).
- Automatically falls back to `'unknown'` if no explicit mode is set, avoiding build-time exceptions.
- Refactored **Branch Guard** workflow (`.github/workflows/branch-guard.yml`) for improved accuracy and reduced noise.
- Adjusted detection logic to **ignore merge commits**, Dependabot updates, and automated actions.
- Ensures workflow warnings are shown **only for true direct commits** to protected branches (`master`, `main`).
- Simplified step output and summary formatting for clearer reporting in the Actions log and job summary.
- Maintains lightweight permissions (`contents: read`) and executes entirely without repository writes.
- Improves reliability of branch protection monitoring without affecting CI or merge operations.
- Bumped project version to `v1.25.0`.
### Fixed
- Resolved client-side crash in browser environments caused by `process.env` being undefined.
- Implemented defensive checks in `env.js` for `process` availability.
- Eliminated reference errors during client-side initialization of analytics.
### Developer Experience
- Simplified future configuration by consolidating environment checks into a single typed utility.
- Improved maintainability and Vercel compatibility by ensuring `.env.audit` and `PUBLIC_ENV_MODE` variables propagate correctly to both client and server environments.
### Developer Notes
- When deploying audit builds, ensure Vercel environment variables include:
```bash
ENV_MODE=audit
PUBLIC_ENV_MODE=audit
```
This enables analytics filtering and CSP hardening for the audit environment.
- Audit deployments retain full HTTPS and security headers but omit telemetry and external CSP reporting.
---
## [1.24.5]
### Added
- Introduced **Branch Guard workflow** (`.github/workflows/branch-guard.yml`) to automatically enforce branch protection policies.
- Ensures consistent branch naming conventions.
- Blocks direct pushes to protected branches (e.g., `master`, `main`, and `release/*`).
- Provides early validation for pull requests and feature branches to maintain repository integrity.
- Introduced comprehensive pre-push checks for code consistency and style compliance.
- Added optional `simple-git-hooks` configuration to automate local linting before commits or pushes.
- Implemented `lint:all` script using `npm-run-all` for efficient, parallel execution of linters.
- Ensures **ESLint**, **Stylelint**, **Markdownlint**, and **Prettier** all run before code is committed, improving codebase hygiene and preventing formatting drift.
- Designed for **developer-side speed and reliability**, running linters in parallel while deferring `format` (Prettier) until after lint checks complete for safety.
- Added **hybrid linting configuration**:
- Parallel execution for static lint tasks (`eslint`, `stylelint`, `markdownlint`).
- Sequential Prettier formatting step for deterministic, race-free execution.
### Changed
- Reorganized local linting commands for clarity and consistency, consolidating redundant sequential scripts into the `lint:all` aggregator.
- Improved developer experience with faster pre-push validations and clearer script naming conventions.
- Bumped project version to `v1.24.5`.
### Developer Experience
- Enhanced local development workflow by introducing **fast, parallel linting** and **optional pre-commit hooks**, reducing turnaround time for style and quality checks.
- Simplified npm scripts for readability and maintainability by adopting `npm-run-all` as the central task runner.
### Notes
- For instructions on installing and configuring the new dependencies, please see the **[Editor Configuration](https://github.com/netwk-pro/netwk-pro.github.io/wiki/Editor-Configuration#automation)** section of the [Wiki](https://github.com/netwk-pro/netwk-pro.github.io/wiki).
> **Note:** Version `1.24.4` was merged but not tagged or released.
> Subsequent updates are reflected in `v1.24.5` and later.
---
## [1.24.4]
### Documentation
- Added a **Continuous Security & Dependency Checks** section to `README.md`, outlining the automated vulnerability and dependency analysis integrated into CI/CD workflows.
### Added
- Introduced **non-blocking** `npm audit` **step** in the `build-and-publish.yml` workflow to automatically detect known vulnerabilities during dependency installation.
- Introduced **[Probely](https://probely.com/) Dynamic Application Security Testing (DAST)** integration via a new GitHub Actions workflow at `.github/workflows/probely-scan.yml`.
- Executes **weekly automated scans** of the `audit.netwk.pro` environment every Tuesday at 09:00 UTC.
- Authenticates securely using a scoped **API key** stored in GitHub Secrets (`PROBELY_API_KEY`).
- Polls the Probely API for scan completion and retrieves the full **HTML vulnerability report**.
- Uploads reports as workflow **artifacts** for maintainers to review.
- Includes a 60-minute timeout and supports manual triggering via `workflow_dispatch`.
- Configured for **read-only testing** against non-production environments to safely identify potential web and API vulnerabilities.
- Future updates will introduce automated issue creation and alerting for high-severity findings.
### Changed
- Updated `static/robots.txt` to exclude redirect routes and sensitive/internal endpoints (e.g., `/api`, `/relay-*`, `/consultation`, `/contact`, `/status`, etc.) from automated crawlers and vulnerability scanners.
- Bumped project version to `v1.24.4`.
### Security
- Enhanced continuous security coverage through the addition of **Probely DAST** for dynamic web and API vulnerability testing.
- Maintained and improved **GitLeaks** secret scanning across pull requests and scheduled full-history scans.
- Together, these workflows now provide full-spectrum coverage across **SAST** (static analysis) and **DAST** (dynamic analysis) layers within the CI/CD pipeline.
---
## [1.24.3]
### Changed
- Bumped project version to `v1.24.3`.
- Updated `.github/workflows/secret-scan.yml` to utilize a unique `CODEQL_ACTION_ANALYSIS_KEY` to avoid conflicts with CodeQL.
- Updated `static/robots.txt` to disallow crawling of the `/api` route.
### Fixed
- Corrected naming of `static/7cbb39ce-750b-43da-83b8-8980e5554d4d.txt`.
---
## [1.24.2]
### Added
- Introduced new text file to prove ownership of the domain for **[Probely](https://probely.com/) DAST scans** in `static/`.
### Changed
- Bumped project version to `v1.24.2`.
- Updated `author.url` in `package.json` to reflect updated bio site, now located at [bio.netwk.pro](https://bio.netwk.pro).
---
## [1.24.1]
### Changed
- Bumped project version to `v1.24.1`.
- Updated **GitLeaks workflow** (`.github/workflows/secret-scan.yml`):
- Reworked Gitleaks step to use official environment variables (`GITLEAKS_REPORT_PATH`, `GITLEAKS_LICENSE`) for compatibility with `gitleaks/gitleaks-action@v2`.
- Added explicit handling for runs with no detected secrets (skips JSON parsing when no report is generated).
- Improved summary step output with clear “No leaks detected” message and reduced false warnings.
- Ensured consistent artifact uploads and safer fork-handling conditions.
- Lighthouse now points to the new audit version of the site at [audit.netwk.pro](https://audit.netwk.pro).
---
## [1.24.0]
### Added
- Introduced [GitLeaks](https://github.com/gitleaks/gitleaks-action) secret scan CI action as `.github/workflows/secret-scan.yml`.
- Introduced two-phase scan strategy:
- **Pull Request scans** to detect secrets before merge.
- **Nightly scheduled scans** (`cron: "0 4 * * *"`) for full-history coverage.
- Added **artifact upload** for the `gitleaks-report.json` file, allowing maintainers to download complete results from the Actions UI.
- Implemented **public-safe summary output** in `$GITHUB_STEP_SUMMARY`:
- Displays secret descriptions only.
- Redacts file paths and other sensitive details.
- Provides a concise, readable summary of findings.
- Added **GitHub Issue creation step** to automatically open a security issue when leaks are detected.
- Integrated optional **ntfy.sh notifications** for real-time alerting on secret leaks.
- Implemented **fork-safety guards** to prevent workflows triggered from untrusted forks from:
- Accessing organization secrets (license keys, ntfy topic).
- Uploading artifacts or creating issues.
- Added descriptive comments and logical layer separation:
- **Layer 1 – Output Redaction**
- **Layer 2 – Secret / Fork Handling**
### Changed
- Bumped project version to `v1.23.1`.
- Updated `.node-version` and `.nvmrc` to utilize **Node.js** `24.11.0` (LTS).
- Updated CI workflows to utilize `node-version: 24`:
- `build-and-publish.yml`
- `lighthouse.yml`
- `meta-check.yml`
- `playwright.yml`
- `publish-test.yml`
- `templates/publish.template.yml`
- Updated dependencies:
- `@eslint/js` `^9.38.0` → `^9.39.0`
- `eslint` `^9.38.0` → `^9.39.0`
- `globals` `^16.4.0` → `^16.5.0`
- `posthog-js` `^1.282.0` → `^1.284.0`
### Security
- Added **automated SAST scanning** via GitLeaks to prevent secrets and credentials from being committed.
- Implemented **security event reporting** via GitHub’s Code Scanning interface (SARIF upload supported).
- Configured **automated notifications** for detected leaks via GitHub Issues and optional ntfy alerts.
---
## [1.23.0] - 2025-10-30
### Documentation
- Updated `src/lib/README.md` to reflect newly added app constants.
### Changed
- Refactored all route files to use named imports from `$lib/components` and `$lib/pages` barrel modules, replacing individual `.svelte` imports for improved consistency and maintainability.
- Changed `COMPANY_INFO.APP_NAME` constant to `Network Pro™` in `src/lib/index.js`.
- Removed unnecessary `™` symbol from files that utilize the app constant.
- Changed `/license` and `/foss-spotlight` routes to `/legal` and `/foss`, respectively, for more intuitive navigation.
- Updated all references to the new routes, `/legal` and `/foss`.
- Updated `vercel.json` to redirect `/license` to `/legal`, and `/foss-spotlight` to `/foss`.
- Refactored Playwright helper utilities to modern standards:
- Replaced deprecated `page.waitForNavigation()` with `waitForURL()` and `waitForLoadState()` in `clickAndWaitForNavigation()` for improved SPA and full-page navigation reliability.
- Simplified logic and removed unsupported `lastResponse()` usage.
- Improved test stability for mobile navigation (especially in CI environments).
- Modified `tests/unit/server/meta.test.js` to match on `Locking Down Networks`, rather than `Network Pro`, which is now dynamically attached.
- Refreshed **Last Modified** timestamps in `static/sitemap.xml`.
- Updated `.node-version` and `.nvmrc` to utilize **Node.js** `22.21.1` (LTS).
- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.48.4**.
- Bumped project version to `v1.23.0`.
- Updated dependencies:
- `@sveltejs/kit` `2.48.3` → `2.48.4`
- `svelte` `5.43.0` → `5.43.2`
- `eslint-plugin-svelte` `^3.12.5` → `^3.13.0`
- Refactored metadata and SEO handling for consistency and maintainability:
- Centralized all `<meta>` and `<title>` management in `src/lib/components/MetaTags.svelte`.
- Removed redundant per-page `<svelte:head>` entries and `MetaTags` imports in individual `+page.svelte` files.
- Added dynamic canonical URL generation using rou