Open
Conversation
- Add `migration:up:direct` npm script that uses DATABASE_URL_DIRECT - Add conditional `ensureDatabase` (only enabled in development) - Update deployment docs with D.O. migration pipeline instructions - Document two-connection strategy: pool (25061) for runtime, direct (25060) for migrations 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Convert all 20 entities from decorator-based classes to EntitySchema definitions with explicit string `name` properties. This fixes the "Duplicate entity names are not allowed: d, c, v" error caused by Next.js 16 Turbopack minifying class names in production builds. EntitySchema's explicit `name: 'EntityName'` survives any bundler minification, making it the recommended approach for bundled environments. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Create email normalization utility to ensure email addresses are handled consistently (lowercase, trimmed) across the codebase. This prevents potential account confusion and security bypass risks from email case sensitivity issues. - Add normalizeEmail() utility function - Apply to all email lookups and comparisons in routers - Update: user.ts, invite.ts, group.ts, wishlistCollaborator.ts 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Fix security gap where bookmarklet tokens without a createdAt timestamp would never expire. Now tokens are treated as expired if createdAt is null. - Add validateBookmarkletToken helper function for consistent validation - Apply token expiry check to all bookmarklet token endpoints - Consolidate duplicate validation logic 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add input length constraints to shipping address fields to prevent potential denial of service from excessively long inputs. - street: max 200 chars - city: max 100 chars - state: max 100 chars - zipCode: max 20 chars - country: max 100 chars 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add composite indexes to improve query performance for frequently accessed patterns: - Wishlist: [owner, status] and [event, status] for filtered listings - Dib: [groupDibId], [type], [user, purchased] for dib lookups - Comment: [item, group] for comment fetching by item/group 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Replace per-event queries (3N queries for N events) with batch queries (2 queries total) when fetching event stats. Before: For each event, 3 queries - wishlists, items count, dibbed count After: 2 batch queries using $in filters for all events 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Remove production console.logs from opengraph-client.ts by gating them behind DEBUG_OPENGRAPH environment variable. Only enabled in development when explicitly set. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Add proper types for Item/Dib entities with populated relations in wishlistLink.ts - Replace any with Area type in BannerInlineEditor.tsx crop area parameter - Replace any with explicit crop area type in groups page handleRepositionBanner 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Fix conditional hook violation in DibsChecklist by calling hooks unconditionally - Add timeout refs and cleanup for copy operations in DibsChecklist - Add timeout ref and cleanup for copy operations in GroupDibDialog - Add timeout ref and cleanup for dismiss animation in GroupDibsCarousel 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
- Export getDecryptedPaymentMethods from app/lib/utils/privacy.ts - Remove duplicate definitions from dib.ts, admin.ts, and user.ts - All files now import from the centralized utility 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
…ditor - Revert explicit typing in wishlistLink.ts that exposed pre-existing type mismatches - Add eslint-disable comments for necessary any types in wishlistLink.ts - Fix null vs undefined type mismatch in BannerInlineEditor onSave call 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Moved the Follow button from an absolute-positioned overlay to be stacked vertically above the date calendar widget on desktop. Added mobile follow button below the "Updated" timestamp. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Filter out archived/deleted wishlists from the listWishlistsByToken endpoint so users don't see them in the wishlist selector when adding items via the bookmarklet. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Extract countdown and auto-save indicator logic into isolated components to prevent parent component re-renders every second: - Add CountdownRedirect component to add/page.tsx for success screen - Add AutoSaveIndicator component to wishlists/[id]/page.tsx for modal - Remove countdown from successState, manage internally in component - Remove useRelativeTime from parent, call it inside isolated component 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Add 2-second long-press requirement for mobile drag-to-reorder on pinned pages. This prevents conflicts between scrolling and reordering when swiping through pins. Includes visual feedback during the hold (pulse animation) and a lift animation when activated. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Remove drag-and-drop reordering functionality from pinned pages. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Remove drag-and-drop reordering from pinned pages in the recent pages bar. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Bumps [jws](https://github.com/brianloveswords/node-jws) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: jws dependency-version: 4.0.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps jws from 4.0.0 to 4.0.1.
Release notes
Sourced from jws's releases.
Changelog
Sourced from jws's changelog.
... (truncated)
Commits
34c45b2Merge commit from fork49bc39bversion 4.0.1d42350cEnhance tests for HMAC streaming sign and verify5cb007cImprove secretOrKey initialization in VerifyStreamf9a2e1cImprove secret handling in SignStreamb9fb8d3Merge pull request #102 from auth0/SRE-57-Upload-opslevel-yaml95b75eeUpload OpsLevel YAML8857ee7test: remove unused variable (#96)Maintainer changes
This version was pushed to npm by julien.wollscheid, a new releaser for jws since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.