Full deployment history for this project.
Consolidate open PRs, compatible upgrades, and platform auth Validated locally and through a READY Vercel preview. Merge commit preserves every original PR head in ancestry.
chore: validate consolidated upgrades and platform auth
chore: validate consolidated upgrades and platform auth
fix: constrain sheet cards on mobile
fix: constrain sheet cards on mobile
fix: constrain sheet cards on mobile
fix: read legacy sheet column metadata safely
fix: read legacy sheet column metadata safely
perf: keep sheet listings summary-only
perf: keep sheet listings summary-only
perf: keep sheet listings summary-only
perf: keep sheet listings summary-only
Return complete Sheets trace context
Return complete Sheets trace context
Return complete Sheets trace context
Complete Sheets Aurora cutover
Complete Sheets Aurora cutover
Complete Sheets Aurora cutover
Use production legacy driver for exact Sheets migration
Use production legacy driver for exact Sheets migration
Preserve legacy TLS settings during Sheets migration
Preserve legacy TLS settings during Sheets migration
Report Sheets migration connection stages
Report Sheets migration connection stages
Report Sheets migration connection stages
Migrate Sheets persistence to Aurora with live traces
Migrate Sheets persistence to Aurora with live traces
wire shared database env aliases
๐ fix: prevent XSS via unescaped sourceUrl in sheet-storage This commit addresses a Cross-Site Scripting (XSS) vulnerability where malicious URLs (e.g., `javascript:`) could be saved to the `sourceUrl` field in `sheet-storage`. Changes: - Implemented `sanitizeSourceUrl` helper using `validateIngestUrl` to ensure only `http` and `https` URLs are stored. - Applied sanitization in `saveSheet`, `saveSheetAsync`, `updateSheet`, `updateSheetAsync`, and `normalizeStoredSheet`. - Added a regression test in `lib/sheet-storage.test.ts`. Risk: Low. Malicious URLs are now blocked (converted to null), preventing potential execution of unauthorized scripts when the URL is rendered. Solution: Centralized validation for all entry points to sheet storage.
๐งช Add unit tests for lib/sheets/trace.ts - Added comprehensive tests for `sanitizeVercelMetadata`, including truncation of allowed headers and redaction of IP-related headers. - Added tests for `createTraceLink`, `buildTraceHeaders`, and `getBaseUrl`. - Improved environment variable mocking in tests using `vi.stubEnv`.
perf: optimize summarizeRows by reducing array iterations Refactored the `summarizeRows` function to process rows in a single pass and accumulate statistics for all columns simultaneously. This significantly reduces array allocations and redundant iterations, resulting in a ~85% performance improvement for large datasets. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #21 from mbarbine/bolt-search-performance-6436601329608069908
๐จ Palette: Add ARIA labels and titles to API key icon buttons in Settings
๐จ Palette: Add keyboard shortcut for global search Adds a global `/` keyboard shortcut to open and focus the search modal. The visual hint was already present in the UI but lacked functionality. Includes robust checks to avoid interfering with normal input typing.
Merge pull request #21 from mbarbine/bolt-search-performance-6436601329608069908 โก Bolt: Search Filtering String Allocation Optimization
Merge pull request #22 from mbarbine/bolt-optimize-data-grid-filter-13872432440837384008 โก Bolt: [performance improvement] Optimize string conversions in DataGrid filtering
Remove duplicate aria-labels from DataGrid components
โก Bolt: [performance improvement] Optimize string conversions in DataGrid filtering
โก Bolt: Search Performance Optimization - Extracted search query mapping into `useMemo` in search/page - Switched to using pre-compiled case-insensitive regex tests instead of doing multiple `toLowerCase()` conversions - Added `useDeferredValue` for the query to ensure input typing feels fast. - Implemented similar regex match on API routes for full parity.