- Tag builds now also set 'latest' Docker tag (fixes race condition where
main-push build could overwrite latest with older version)
- Remove duplicate release.yml (create-release job in docker-build.yml
already handles GitHub releases)
- Remove redundant version-bump.yml (release.sh already bumps versions
in the release PR)
- Change update-test-badges.yml trigger to workflow_run after successful
docker-build (prevents parallel execution and ensures correct ordering)
- Update agent instructions and CI documentation to reflect changes
Tests are already guaranteed by branch protection (test.yml must pass
before PR can be merged to main). Running them again in docker-build.yml
was redundant and slowed down image builds.
This reduces test runs from 3x to 2x per code change:
- test.yml on PR (required by branch protection)
- update-test-badges.yml on main push (needed for badge counts)
Docker image builds now start immediately after merge.
* fix: add credentials to all fetch calls for auth cookie support
- Add credentials: include to useMedications.ts fetch calls
- Add credentials: include to MedicationsPage.tsx save function
- Add credentials: include to useSettings.ts settings update
- Add credentials: include to useShare.ts share generation
- Add credentials: include to DashboardPage.tsx reminder email
- Add credentials: include to PlannerPage.tsx usage calculation
- Make create-release workflow skip if release already exists
* fix: default to ntfy-style notifications for HTTP URLs
- Change notification logic to use plain text format by default
- Only use JSON format for known webhook services (Discord, Slack, Telegram, Gotify)
- This fixes ntfy URLs not being recognized when hostname doesn't contain 'ntfy'
* feat: highlight medication being edited
- Add blue border and background to the medication row being edited
- Show medication avatar and name in the edit form header
- Makes it easy to identify which medication is being edited when there are many
* fix: use proper URL parsing for webhook detection (CodeQL security fix)
Replace vulnerable .includes() URL checks with proper URL hostname
parsing to prevent bypass attacks (e.g., evil.com?hooks.slack.com).
Fixes CodeQL alerts #33 and #34 (js/incomplete-url-substring-sanitization)
* chore(ci): add path filters to skip CI for docs-only changes
- test.yml: Only run on changes to backend/**, frontend/**, or the workflow itself
- docker-build.yml: Only run on code/docker changes (tags still trigger unconditionally)
* docs: move screenshots below GIF and add visual indentation
dependabot[bot]
Daniel Volz