eec1653ff4
fix(security): ship isolated JWT decorator hotfix
...
* fix(security): isolate dependency hotfix from github main
* fix(security): expose hotfix jwt decorators across routes
* test(e2e): restore stable app header selectors
* test(e2e): align planner and app shell checks
* test(e2e): add legacy settings page selectors
* test(e2e): align settings page contracts
2026-04-05 14:49:50 +02:00
98062358be
build(deps): bump the minor-and-patch group in /backend with 5 updates ( #501 )
...
* build(deps): bump the minor-and-patch group in /backend with 5 updates
Bumps the minor-and-patch group in /backend with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm ) | `0.45.1` | `0.45.2` |
| [fastify](https://github.com/fastify/fastify ) | `5.8.3` | `5.8.4` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome ) | `2.4.8` | `2.4.9` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8 ) | `4.1.0` | `4.1.2` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ) | `4.1.0` | `4.1.2` |
Updates `drizzle-orm` from 0.45.1 to 0.45.2
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases )
- [Commits](https://github.com/drizzle-team/drizzle-orm/compare/0.45.1...0.45.2 )
Updates `fastify` from 5.8.3 to 5.8.4
- [Release notes](https://github.com/fastify/fastify/releases )
- [Commits](https://github.com/fastify/fastify/compare/v5.8.3...v5.8.4 )
Updates `@biomejs/biome` from 2.4.8 to 2.4.9
- [Release notes](https://github.com/biomejs/biome/releases )
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md )
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.9/packages/@biomejs/biome )
Updates `@vitest/coverage-v8` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/coverage-v8 )
Updates `vitest` from 4.1.0 to 4.1.2
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.2/packages/vitest )
---
updated-dependencies:
- dependency-name: drizzle-orm
dependency-version: 0.45.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: fastify
dependency-version: 5.8.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: "@biomejs/biome"
dependency-version: 2.4.9
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: "@vitest/coverage-v8"
dependency-version: 4.1.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: vitest
dependency-version: 4.1.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
* test(e2e): wait for login submit button before click
* test(e2e): prefer API login in setup with UI fallback
* test(e2e): align selectors with current ui testids
* chore: rerun ci after merge resolution
* chore: trim stale e2e diff from dependency branch
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Volz <mail@danielvolz.org >
2026-03-30 20:35:19 +02:00
bd2bfe6972
fix: unblock PR 502 checks
...
* build(deps-dev): bump typescript from 5.9.3 to 6.0.2 in /backend
Bumps [typescript](https://github.com/microsoft/TypeScript ) from 5.9.3 to 6.0.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases )
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2 )
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.2
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
* fix: unblock PR 502 checks
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Volz <mail@danielvolz.org >
2026-03-30 20:14:29 +02:00
026091c5ca
build(deps): bump brace-expansion from 5.0.2 to 5.0.5 in /backend
...
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion ) from 5.0.2 to 5.0.5.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases )
- [Commits](https://github.com/juliangruber/brace-expansion/compare/v5.0.2...v5.0.5 )
---
updated-dependencies:
- dependency-name: brace-expansion
dependency-version: 5.0.5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-27 08:46:22 +01:00
08f75e44ff
build(deps): bump nodemailer from 8.0.3 to 8.0.4 in /backend
...
* build(deps): bump nodemailer from 8.0.3 to 8.0.4 in /backend
Bumps [nodemailer](https://github.com/nodemailer/nodemailer ) from 8.0.3 to 8.0.4.
- [Release notes](https://github.com/nodemailer/nodemailer/releases )
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodemailer/nodemailer/compare/v8.0.3...v8.0.4 )
---
updated-dependencies:
- dependency-name: nodemailer
dependency-version: 8.0.4
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
* chore: retrigger ci for dependabot pr 492
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Volz <mail@danielvolz.org >
2026-03-27 08:43:23 +01:00
73a235dd83
build(deps): bump yaml from 2.8.2 to 2.8.3 in /backend ( #485 )
...
Bumps [yaml](https://github.com/eemeli/yaml ) from 2.8.2 to 2.8.3.
- [Release notes](https://github.com/eemeli/yaml/releases )
- [Commits](https://github.com/eemeli/yaml/compare/v2.8.2...v2.8.3 )
---
updated-dependencies:
- dependency-name: yaml
dependency-version: 2.8.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Volz <mail@danielvolz.org >
2026-03-26 07:56:06 +01:00
675cb88f3e
build(deps): bump picomatch from 4.0.3 to 4.0.4 in /backend
...
Bumps [picomatch](https://github.com/micromatch/picomatch ) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/micromatch/picomatch/releases )
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md )
- [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4 )
---
updated-dependencies:
- dependency-name: picomatch
dependency-version: 4.0.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-26 07:36:55 +01:00
c39b5c9501
build(deps): bump fastify from 5.8.2 to 5.8.3 in /backend ( #479 )
...
Bumps [fastify](https://github.com/fastify/fastify ) from 5.8.2 to 5.8.3.
- [Release notes](https://github.com/fastify/fastify/releases )
- [Commits](https://github.com/fastify/fastify/compare/v5.8.2...v5.8.3 )
---
updated-dependencies:
- dependency-name: fastify
dependency-version: 5.8.3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Volz <mail@danielvolz.org >
2026-03-26 07:24:47 +01:00
39c19ab2fe
build(deps): bump the minor-and-patch group in /backend with 4 updates
...
Squash merge PR #470
2026-03-25 07:11:44 +01:00
68ab79c713
feat: enable weekday-based medication scheduling
...
Closes #463
2026-03-20 14:58:25 +01:00
9180783c42
build(deps): bump the minor-and-patch group in /backend with 5 updates
...
Squash merge Dependabot backend minor-and-patch dependency updates from PR #443 .
2026-03-16 07:51:28 +01:00
c0507c4c4b
feat: backend API key auth context and settings hardening ( #406 )
...
* feat: add backend api-key auth context and settings hardening
* fix: harden api key token hashing
2026-03-10 06:26:20 +01:00
0e4d7f71e4
build(deps): bump the minor-and-patch group in /backend with 3 updates
...
Bumps the minor-and-patch group in /backend with 3 updates: [fastify](https://github.com/fastify/fastify ), [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome ) and [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `fastify` from 5.8.1 to 5.8.2
- [Release notes](https://github.com/fastify/fastify/releases )
- [Commits](https://github.com/fastify/fastify/compare/v5.8.1...v5.8.2 )
Updates `@biomejs/biome` from 2.4.4 to 2.4.6
- [Release notes](https://github.com/biomejs/biome/releases )
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md )
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.6/packages/@biomejs/biome )
Updates `@types/node` from 25.3.3 to 25.3.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: fastify
dependency-version: 5.8.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: "@biomejs/biome"
dependency-version: 2.4.6
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: "@types/node"
dependency-version: 25.3.5
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-09 22:08:13 +01:00
36d50c0736
build(deps): bump fastify from 5.7.4 to 5.8.1 in /backend ( #387 )
...
Bumps [fastify](https://github.com/fastify/fastify ) from 5.7.4 to 5.8.1.
- [Release notes](https://github.com/fastify/fastify/releases )
- [Commits](https://github.com/fastify/fastify/compare/v5.7.4...v5.8.1 )
---
updated-dependencies:
- dependency-name: fastify
dependency-version: 5.8.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-06 20:02:08 +01:00
30c97e2f0d
fix: use per-intake reminder setting as single source of truth ( #384 )
...
- Filter intakes by per-intake intakeRemindersEnabled instead of falling
back to medication-level setting (fixes #383 )
- Add SMTP delivery validation with accepted/rejected recipient checks
- Enhance email success logging with recipient, messageId, SMTP response
- Simplify MedDetailModal reminder icon logic to match backend behavior
- Sync lockfile versions to 1.18.2
2026-03-06 19:50:45 +01:00
067a8c166b
build(deps-dev): bump @types/node ( #371 )
...
Bumps the minor-and-patch group in /backend with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 25.3.2 to 25.3.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.3
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-02 12:56:23 +01:00
508bc764d5
fix: align backend amount stock and reminder semantics ( #362 )
...
* fix: align backend amount stock and reminder semantics
* test: align settings email route success mock with SMTP delivery checks
2026-03-02 00:02:26 +01:00
8e4cb5dcd4
build(deps): bump minimatch from 10.2.2 to 10.2.4 in /backend ( #338 )
...
Bumps [minimatch](https://github.com/isaacs/minimatch ) from 10.2.2 to 10.2.4.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md )
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.2...v10.2.4 )
---
updated-dependencies:
- dependency-name: minimatch
dependency-version: 10.2.4
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-27 01:29:04 +01:00
7f26dca7a7
build(deps-dev): bump @types/node ( #343 )
...
Bumps the minor-and-patch group in /backend with 1 update: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ).
Updates `@types/node` from 25.3.0 to 25.3.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-27 01:29:00 +01:00
1668eb935c
build(deps-dev): bump @types/supertest from 6.0.3 to 7.2.0 in /backend ( #346 )
...
Bumps [@types/supertest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/supertest ) from 6.0.3 to 7.2.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/supertest )
---
updated-dependencies:
- dependency-name: "@types/supertest"
dependency-version: 7.2.0
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-27 01:28:47 +01:00
6b27d234d9
chore: reduce polling log noise across backend and nginx ( #336 )
2026-02-27 00:54:21 +01:00
fd7cc56bb7
build(deps): bump rollup from 4.57.1 to 4.59.0 in /backend ( #332 )
...
Bumps [rollup](https://github.com/rollup/rollup ) from 4.57.1 to 4.59.0.
- [Release notes](https://github.com/rollup/rollup/releases )
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rollup/rollup/compare/v4.57.1...v4.59.0 )
---
updated-dependencies:
- dependency-name: rollup
dependency-version: 4.59.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-26 06:28:51 +01:00
8420c74a55
build(deps): bump bn.js from 4.12.2 to 4.12.3 in /backend ( #330 )
...
Bumps [bn.js](https://github.com/indutny/bn.js ) from 4.12.2 to 4.12.3.
- [Release notes](https://github.com/indutny/bn.js/releases )
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/indutny/bn.js/compare/v4.12.2...v4.12.3 )
---
updated-dependencies:
- dependency-name: bn.js
dependency-version: 4.12.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-26 00:14:46 +01:00
a47bde0956
chore: sync lockfile package versions to 1.16.0 ( #325 )
...
* chore: sync lockfile package versions to 1.16.0
* fix(ci): align medications route formatting with biome
2026-02-25 22:15:43 +01:00
2a9ca39c24
Allow medications with only a generic name (no commercial name required) ( #311 )
...
* Initial plan
* feat: allow generic name only for medications (frontend changes)
- Add getMedDisplayName() helper for consistent name display
- Update validation to require either commercial or generic name
- Update all display locations to use display name fallback
- Add i18n keys for nameOrGenericRequired in en.json and de.json
- Remove required attribute from commercial name field
- Update FIELD_LIMITS.name.min from 1 to 0
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com >
* feat: allow generic name only for medications (backend changes)
- Update Zod schema to allow empty name with cross-field refinement
- Update reminder scheduler to use name || genericName for display
- Update planner routes to match medications by display name
- Update existing tests to match new validation behavior
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com >
* fix: update placeholder text and fix FIELD_LIMITS test
- Remove "(optional)" from generic name placeholder in en/de
- Update types.test.ts to expect FIELD_LIMITS.name.min = 0
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com >
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com >
2026-02-25 21:29:25 +01:00
691550fb33
build(deps): bump bn.js from 4.12.2 to 4.12.3 in /backend ( #305 )
...
Bumps [bn.js](https://github.com/indutny/bn.js ) from 4.12.2 to 4.12.3.
- [Release notes](https://github.com/indutny/bn.js/releases )
- [Changelog](https://github.com/indutny/bn.js/blob/master/CHANGELOG.md )
- [Commits](https://github.com/indutny/bn.js/compare/v4.12.2...v4.12.3 )
---
updated-dependencies:
- dependency-name: bn.js
dependency-version: 4.12.3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-25 21:29:13 +01:00
96b2a0c96f
feat: image upload optimization with sharp, thumbnails, and structured error codes ( #304 )
...
- Add sharp for server-side image processing (WebP conversion + thumbnails)
- New shared backend utility for image upload, optimization, and cleanup
- Return structured error codes from upload endpoints (IMAGE_TOO_LARGE, INVALID_TYPE, etc.)
- Frontend error code mapping with i18n support (EN + DE)
- MedicationAvatar tries thumbnail first, falls back to full image
- Error display in MedicationsPage, MobileEditModal, and Auth avatar upload
Closes #302
2026-02-24 23:52:59 +01:00
3e4f1440a9
build(deps-dev): bump the minor-and-patch group ( #290 )
...
Bumps the minor-and-patch group in /backend with 3 updates: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome ), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) and [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer ).
Updates `@biomejs/biome` from 2.4.1 to 2.4.4
- [Release notes](https://github.com/biomejs/biome/releases )
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md )
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.4/packages/@biomejs/biome )
Updates `@types/node` from 25.2.3 to 25.3.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
Updates `@types/nodemailer` from 7.0.10 to 7.0.11
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer )
---
updated-dependencies:
- dependency-name: "@biomejs/biome"
dependency-version: 2.4.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: "@types/node"
dependency-version: 25.3.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-and-patch
- dependency-name: "@types/nodemailer"
dependency-version: 7.0.11
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-23 19:25:24 +01:00
8f57aa8bc9
build(deps): bump ajv from 8.17.1 to 8.18.0 in /backend ( #238 )
...
Bumps [ajv](https://github.com/ajv-validator/ajv ) from 8.17.1 to 8.18.0.
- [Release notes](https://github.com/ajv-validator/ajv/releases )
- [Commits](https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0 )
---
updated-dependencies:
- dependency-name: ajv
dependency-version: 8.18.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-20 19:51:41 +01:00
f42ed87d94
build(deps): bump minimatch from 10.2.0 to 10.2.2 in /backend ( #237 )
...
Bumps [minimatch](https://github.com/isaacs/minimatch ) from 10.2.0 to 10.2.2.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md )
- [Commits](https://github.com/isaacs/minimatch/compare/v10.2.0...v10.2.2 )
---
updated-dependencies:
- dependency-name: minimatch
dependency-version: 10.2.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-20 19:51:37 +01:00
ff100dfea5
build(deps-dev): bump @types/nodemailer in /backend ( #223 )
...
Bumps [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer ) from 6.4.21 to 7.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer )
---
updated-dependencies:
- dependency-name: "@types/nodemailer"
dependency-version: 7.0.10
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-16 19:06:28 +01:00
47581ca7ad
build(deps-dev): bump @biomejs/biome ( #222 )
...
Bumps the minor-and-patch group in /backend with 1 update: [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome ).
Updates `@biomejs/biome` from 2.3.15 to 2.4.1
- [Release notes](https://github.com/biomejs/biome/releases )
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md )
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.1/packages/@biomejs/biome )
---
updated-dependencies:
- dependency-name: "@biomejs/biome"
dependency-version: 2.4.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-and-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-16 19:06:18 +01:00
874babe1d8
build(deps-dev): bump @types/node from 22.19.3 to 25.2.3 in /backend ( #191 )
...
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ) from 22.19.3 to 25.2.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases )
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node )
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.2.3
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 20:20:40 +01:00
c9039b6e87
build(deps): bump dotenv from 16.6.1 to 17.3.1 in /backend ( #190 )
...
Bumps [dotenv](https://github.com/motdotla/dotenv ) from 16.6.1 to 17.3.1.
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md )
- [Commits](https://github.com/motdotla/dotenv/compare/v16.6.1...v17.3.1 )
---
updated-dependencies:
- dependency-name: dotenv
dependency-version: 17.3.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 20:20:37 +01:00
5918eb5aae
build(deps): bump nodemailer from 7.0.11 to 8.0.1 in /backend ( #189 )
...
Bumps [nodemailer](https://github.com/nodemailer/nodemailer ) from 7.0.11 to 8.0.1.
- [Release notes](https://github.com/nodemailer/nodemailer/releases )
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nodemailer/nodemailer/compare/v7.0.11...v8.0.1 )
---
updated-dependencies:
- dependency-name: nodemailer
dependency-version: 8.0.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 20:20:33 +01:00
19d3f83aef
build(deps): bump @fastify/static from 8.3.0 to 9.0.0 in /backend ( #187 )
...
Bumps [@fastify/static](https://github.com/fastify/fastify-static ) from 8.3.0 to 9.0.0.
- [Release notes](https://github.com/fastify/fastify-static/releases )
- [Commits](https://github.com/fastify/fastify-static/compare/v8.3.0...v9.0.0 )
---
updated-dependencies:
- dependency-name: "@fastify/static"
dependency-version: 9.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 20:20:30 +01:00
6922a856c0
build(deps): bump @fastify/cors from 10.1.0 to 11.2.0 in /backend ( #186 )
...
Bumps [@fastify/cors](https://github.com/fastify/fastify-cors ) from 10.1.0 to 11.2.0.
- [Release notes](https://github.com/fastify/fastify-cors/releases )
- [Commits](https://github.com/fastify/fastify-cors/compare/v10.1.0...v11.2.0 )
---
updated-dependencies:
- dependency-name: "@fastify/cors"
dependency-version: 11.2.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 20:20:26 +01:00
45a319dc06
build(deps): bump @fastify/cookie from 10.0.1 to 11.0.2 in /backend ( #184 )
...
Bumps [@fastify/cookie](https://github.com/fastify/fastify-cookie ) from 10.0.1 to 11.0.2.
- [Release notes](https://github.com/fastify/fastify-cookie/releases )
- [Commits](https://github.com/fastify/fastify-cookie/compare/v10.0.1...v11.0.2 )
---
updated-dependencies:
- dependency-name: "@fastify/cookie"
dependency-version: 11.0.2
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 20:11:18 +01:00
6c10f9af0c
build(deps): bump the minor-and-patch group in /backend with 10 updates ( #182 )
...
Bumps the minor-and-patch group in /backend with 10 updates:
| Package | From | To |
| --- | --- | --- |
| [@fastify/multipart](https://github.com/fastify/fastify-multipart ) | `9.3.0` | `9.4.0` |
| [@libsql/client](https://github.com/tursodatabase/libsql-client-ts/tree/HEAD/packages/libsql-client ) | `0.10.0` | `0.17.0` |
| [argon2](https://github.com/ranisalt/node-argon2 ) | `0.40.3` | `0.44.0` |
| [fastify](https://github.com/fastify/fastify ) | `5.7.3` | `5.7.4` |
| [openid-client](https://github.com/panva/openid-client ) | `6.8.1` | `6.8.2` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome ) | `2.3.12` | `2.3.15` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8 ) | `4.0.16` | `4.0.18` |
| [drizzle-kit](https://github.com/drizzle-team/drizzle-orm ) | `0.31.8` | `0.31.9` |
| [supertest](https://github.com/ladjs/supertest ) | `7.1.4` | `7.2.2` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ) | `4.0.16` | `4.0.18` |
Updates `@fastify/multipart` from 9.3.0 to 9.4.0
- [Release notes](https://github.com/fastify/fastify-multipart/releases )
- [Commits](https://github.com/fastify/fastify-multipart/compare/v9.3.0...v9.4.0 )
Updates `@libsql/client` from 0.10.0 to 0.17.0
- [Release notes](https://github.com/tursodatabase/libsql-client-ts/releases )
- [Changelog](https://github.com/tursodatabase/libsql-client-ts/blob/main/CHANGELOG.md )
- [Commits](https://github.com/tursodatabase/libsql-client-ts/commits/v0.17.0/packages/libsql-client )
Updates `argon2` from 0.40.3 to 0.44.0
- [Release notes](https://github.com/ranisalt/node-argon2/releases )
- [Commits](https://github.com/ranisalt/node-argon2/commits/v0.44.0 )
Updates `fastify` from 5.7.3 to 5.7.4
- [Release notes](https://github.com/fastify/fastify/releases )
- [Commits](https://github.com/fastify/fastify/compare/v5.7.3...v5.7.4 )
Updates `openid-client` from 6.8.1 to 6.8.2
- [Release notes](https://github.com/panva/openid-client/releases )
- [Changelog](https://github.com/panva/openid-client/blob/main/CHANGELOG.md )
- [Commits](https://github.com/panva/openid-client/compare/v6.8.1...v6.8.2 )
Updates `@biomejs/biome` from 2.3.12 to 2.3.15
- [Release notes](https://github.com/biomejs/biome/releases )
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md )
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.3.15/packages/@biomejs/biome )
Updates `@vitest/coverage-v8` from 4.0.16 to 4.0.18
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.18/packages/coverage-v8 )
Updates `drizzle-kit` from 0.31.8 to 0.31.9
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases )
- [Commits](https://github.com/drizzle-team/drizzle-orm/compare/drizzle-kit@0.31.8...drizzle-kit@0.31.9 )
Updates `supertest` from 7.1.4 to 7.2.2
- [Release notes](https://github.com/ladjs/supertest/releases )
- [Commits](https://github.com/ladjs/supertest/compare/v7.1.4...v7.2.2 )
Updates `vitest` from 4.0.16 to 4.0.18
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.0.18/packages/vitest )
---
updated-dependencies:
- dependency-name: "@fastify/multipart"
dependency-version: 9.4.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: minor-and-patch
- dependency-name: "@libsql/client"
dependency-version: 0.17.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: minor-and-patch
- dependency-name: argon2
dependency-version: 0.44.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: minor-and-patch
- dependency-name: fastify
dependency-version: 5.7.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: openid-client
dependency-version: 6.8.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: "@biomejs/biome"
dependency-version: 2.3.15
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: "@vitest/coverage-v8"
dependency-version: 4.0.18
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: drizzle-kit
dependency-version: 0.31.9
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
- dependency-name: supertest
dependency-version: 7.2.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: minor-and-patch
- dependency-name: vitest
dependency-version: 4.0.18
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: minor-and-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-13 20:10:51 +01:00
0b0472f2f5
Fix OIDC token exchange behind HTTPS reverse proxy ( #162 )
...
* Initial plan
* Fix OIDC callback URL construction for HTTPS reverse proxy
- Replace hardcoded http:// URL with OIDC_REDIRECT_URI from environment
- Build complete callback URL with query parameters for proper validation
- Fixes token exchange 401 errors when running behind HTTPS reverse proxy
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com >
* Update OIDC_REDIRECT_URI documentation to clarify full URL requirement
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com >
* fix: format oidc.ts to pass biome check
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com >
Co-authored-by: DanielVolz <3275994+DanielVolz@users.noreply.github.com >
Co-authored-by: Daniel Volz <mail@danielvolz.org >
2026-02-13 18:29:33 +01:00
38f3533dd9
build(deps-dev): bump qs from 6.14.1 to 6.14.2 in /backend ( #158 )
...
Bumps [qs](https://github.com/ljharb/qs ) from 6.14.1 to 6.14.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md )
- [Commits](https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2 )
---
updated-dependencies:
- dependency-name: qs
dependency-version: 6.14.2
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-12 21:43:41 +01:00
463c756447
build(deps): bump fast-xml-parser and @aws-sdk/client-ses in /backend ( #157 )
...
Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser ) and [@aws-sdk/client-ses](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-ses ). These dependencies needed to be updated together.
Updates `fast-xml-parser` from 5.2.5 to 5.3.4
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases )
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md )
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.2.5...v5.3.4 )
Updates `@aws-sdk/client-ses` from 3.956.0 to 3.988.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases )
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-ses/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.988.0/clients/client-ses )
---
updated-dependencies:
- dependency-name: fast-xml-parser
dependency-version: 5.3.4
dependency-type: indirect
- dependency-name: "@aws-sdk/client-ses"
dependency-version: 3.988.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-12 21:43:35 +01:00
4275dca838
fix: improve modal scroll lock and e2e script workflow ( #156 )
2026-02-12 21:43:28 +01:00
f56f2b7c88
feat: backend improvements - reminder tracking, share stock status, planner notifications ( #145 )
...
- Separate stock/intake reminder tracking in DB with dedicated columns
- Add shareStockStatus setting to control stock visibility on shared links
- Rewrite planner notification to support both email and Shoutrrr push
- Add push notification footer text for intake and stock reminders
- New DB migrations: stock_reminder_tracking (0006), share_stock_status (0007)
- Update backend i18n with demandCalculator section and critically low text
- Add 514 passing backend tests including new coverage for all changes
2026-02-09 19:32:32 +01:00
8c5deed4c2
feat: theme dropdown with system preference and comprehensive bottle-type fixes ( #138 )
...
- Replace dark/light toggle with Light/Dark/System dropdown menu
- System theme follows OS prefers-color-scheme setting
- Apply theme dropdown to shared schedule page
- Fix 7 packageType (bottle) bugs across stock calc, share, refills, export/import
- Fix planner bottle-type stock calculation and display
- Fix dailyRate double-counting with per-intake takenBy
- Fix About modal update check stale caching
- Fix intake reminder past-intake seeding and push title
- Fix phantom DB path in drizzle.config.ts
- Fix mobile dose field visibility
- Make medication name clickable in dashboard reminder bar
- Improve planner checkbox UX with inline tooltip
- Add 20+ new tests covering all fixes
2026-02-08 20:32:40 +01:00
e0c5eb4bf3
feat: simplify About modal with single version link to GitHub release ( #123 )
...
- Replace separate Frontend/Backend versions with single app version
- Version is now a clickable link to the GitHub release page
- Replace stopwatch SVG with actual app logo (favicon.svg)
- Fix update check UX: previous result stays visible during re-check
- Add 1s minimum delay for update check spinner visibility
- Reserve space for update result to prevent modal jumping
- Remove unused i18n keys (frontend/backend)
- Update release-manager docs with version link info
2026-02-08 13:09:33 +01:00
7b88d71c8f
build(deps): bump @isaacs/brace-expansion in /backend ( #94 )
...
Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1.
---
updated-dependencies:
- dependency-name: "@isaacs/brace-expansion"
dependency-version: 5.0.1
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Daniel Volz <mail@danielvolz.org >
2026-02-05 07:53:32 +01:00
6296aa1251
build(deps): bump fastify from 5.6.2 to 5.7.3 in /backend ( #91 )
...
Bumps [fastify](https://github.com/fastify/fastify ) from 5.6.2 to 5.7.3.
- [Release notes](https://github.com/fastify/fastify/releases )
- [Commits](https://github.com/fastify/fastify/compare/v5.6.2...v5.7.3 )
---
updated-dependencies:
- dependency-name: fastify
dependency-version: 5.7.3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-05 07:43:42 +01:00
85f4d2dd21
chore: update package.json versions to 1.6.0 ( #75 )
...
The release script created tag v1.6.0 but did not update the version
numbers in package.json files. This fix ensures the About modal
displays the correct version.
2026-01-25 19:36:19 +01:00
cab0fcbba7
feat: mobile UI improvements, biome linting, and reminder info display ( #71 )
...
* fix: make dismissed doses robust against schedule/timezone changes
- Store dismissedUntil date (YYYY-MM-DD) per medication instead of individual dose IDs
- Add POST /medications/dismiss-until endpoint to set dismissed date
- Add DELETE /medications/:id/dismiss-until endpoint to clear dismissed date
- Update frontend to use medication-level dismissedUntil for filtering
- Remove old dismissMissedDoses function from useDoses hook (was using dose IDs)
- Add backward-compatible ALTER TABLE migration for dismissed_until column
- Add 5 integration tests for dismiss-until functionality
- Update test schemas with new column
The old approach stored individual dose IDs which broke when schedule or timezone
settings changed (dose IDs contain timestamps). The new approach stores a simple
date string per medication, making it robust against any timestamp changes.
* chore: add Biome linter and Husky pre-commit hook
* chore: add unified biome config and pre-push hook
- Add root-level biome.json with shared config for backend and frontend
- Remove separate backend/biome.json and frontend/biome.json
- Add .husky/pre-push hook to run backend tests before push
- Update package.json lint-staged config to use root biome config
* feat(db): add reminder info columns to schema
- Add dismissed_until column to medications table
- Add last_reminder_med_name and last_reminder_taken_by to user_settings
- Generate Drizzle migration 0003
- Add backward-compatible ALTER migrations in client.ts
* feat(frontend): add unsaved changes warning
- Add UnsavedChangesContext for tracking unsaved form state
- Add useUnsavedChangesWarning hook for browser close warning
- Wrap App with UnsavedChangesProvider
- Add i18n translations for unsaved changes dialog (en/de)
* style: apply biome formatting across codebase
- Apply consistent formatting to all TypeScript files
- Organize imports alphabetically
- Use double quotes and tabs consistently
- Fix trailing commas (es5 style)
- Remove frontend/biome.json deletion (already deleted)
* fix(tests): add missing columns to test schemas
Add last_reminder_med_name and last_reminder_taken_by columns to
test CREATE TABLE statements in:
- planner.test.ts
- e2e-routes.test.ts
- integration.test.ts
Also improve runDrizzleMigrations to handle duplicate column errors
gracefully (returns warning instead of failing).
* fix(planner): add missing 'as unknown' type cast for request.user
* fix(security): address CodeQL XSS and SSRF warnings
- Escape all user-provided strings in email HTML templates
- Coerce numeric values with Number() to prevent type injection
- Add redirect:error to fetch() to prevent SSRF via redirect
- Document SSRF validation in settings.ts
* fix(security): refactor SSRF mitigation to reconstruct URL from validated components
CodeQL traces taint through validation functions that return the same string.
Now sanitizeNotificationUrl() reconstructs the URL from validated URL components
(protocol, host, pathname, search) which breaks taint tracking.
- Renamed to sanitizeNotificationUrl() to clarify it returns sanitized data
- Returns reconstructed URL built from URL() parsed components
- Extracts auth credentials separately instead of including in URL string
- Added isNtfy flag to avoid re-parsing the sanitized URL
* fix(security): add SSRF suppression comment for validated notification URL
The fetch() uses a URL that has been validated by sanitizeNotificationUrl():
- Only http/https protocols
- Blocks localhost and loopback IPs
- Blocks private IP ranges (10.x, 172.16-31.x, 192.168.x, 169.254.x)
- Blocks internal hostnames (.local, .internal, .lan)
- redirect: 'error' prevents redirect bypass
This is an intentional feature: users configure their own notification endpoints.
2026-01-25 18:01:35 +01:00
Daniel Volz
dependabot[bot]
Copilot