Full deployment history for this project.
⚡ Bolt: Optimize data fetching on analytics dashboard Optimized the analytics page data fetching logic by: 1. Limiting profile views to the most recent 10 records at the database level using `.limit(10)`. 2. Selecting only required columns (`id`, `viewed_at`) for profile views list. 3. Restricting fetched columns to only `id` for events and products since their names/titles are not used in the overview. 4. Removing unnecessary client-side `.slice(0, 10)` on the server-rendered component. These changes reduce the database payload size and server memory usage, making the dashboard load faster as history scales. Note: Previous CI failure was a 429 Rate Limit in copilot-pull-request-reviewer, which is external to the code changes. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
⚡ Bolt: Optimize data fetching on analytics dashboard Optimized the analytics page data fetching logic by: 1. Limiting profile views to the most recent 10 records at the database level using `.limit(10)`. 2. Selecting only required columns (`id`, `viewed_at`) for profile views list. 3. Restricting fetched columns to only `id` for events and products since their names/titles are not used in the overview. 4. Removing unnecessary client-side `.slice(0, 10)` on the server-rendered component. These changes reduce the database payload size and server memory usage, making the dashboard load faster as history scales. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Fix accessibility association for Select components in BookingForm Added `id` attributes to `SelectTrigger` components in `BookingForm` to correctly associate them with their `Label` elements via `htmlFor`. This ensures proper focus management and screen reader announcements for these dropdowns. Changes: - Added `id="eventType"` to the Event Type select trigger. - Added `id="budgetRange"` to the Budget Range select trigger. - Updated `.jules/palette.md` with the learning. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix XSS vulnerability in profile links User-provided URLs for social media and websites were being rendered directly into `href` attributes, allowing for potential XSS attacks via `javascript:` URIs. This PR: - Adds a `sanitizeUrl` utility in `lib/utils.ts` that whitelists safe protocols (http, https, mailto, tel). - Applies this utility to all performer profile links in `app/performers/page.tsx` and `app/performers/[id]/page.tsx`. - Adds comprehensive unit tests for the utility in `tests/utils.test.ts`. - Updates the security journal in `.jules/sentinel.md`. Verification: - Ran `pnpm jest tests/utils.test.ts` (All 12 tests passed). - Ran `pnpm build` (Build successful). - Manually verified code changes in the affected files. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🎨 Palette: Fix accessibility association for Select components in BookingForm Added `id` attributes to `SelectTrigger` components in `BookingForm` to correctly associate them with their `Label` elements via `htmlFor`. This ensures proper focus management and screen reader announcements for these dropdowns. Changes: - Added `id="eventType"` to the Event Type select trigger. - Added `id="budgetRange"` to the Budget Range select trigger. - Updated `.jules/palette.md` with the learning. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🛡️ Sentinel: [HIGH] Fix XSS vulnerability in profile links User-provided URLs for social media and websites were being rendered directly into `href` attributes, allowing for potential XSS attacks via `javascript:` URIs. This PR: - Adds a `sanitizeUrl` utility in `lib/utils.ts` that whitelists safe protocols (http, https, mailto, tel). - Applies this utility to all performer profile links in `app/performers/page.tsx` and `app/performers/[id]/page.tsx`. - Adds comprehensive unit tests for the utility in `tests/utils.test.ts`. - Updates the security journal in `.jules/sentinel.md`. Verification: - Ran `pnpm jest tests/utils.test.ts` (All 12 tests passed). - Ran `pnpm build` (Build successful). - Manually verified code changes in the affected files. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
🔒 [security fix] Add server-side input validation to analytics and booking APIs - Added Zod schemas to validate JSON payloads in `app/api/track-view/route.ts` and `app/api/bookings/route.ts`. - Ensured `type` and `id` (UUID) are correctly validated for analytics tracking. - Validated name, email, and other fields for the booking API. - Replaced direct body access with validated data to prevent malicious input from reaching the database query layer.
🎨 Palette: Add aria-labels to performer social links Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add ARIA labels to social media links Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Add ARIA expanded and controls to mobile menu button Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🎨 Palette: Add ARIA labels to performer social links - Add `aria-label` attributes to the Instagram, Facebook, Youtube, and Website `<a>` tags in `app/performers/page.tsx` and `app/performers/[id]/page.tsx` to improve accessibility for screen reader users. - Add learning journal entry to `.jules/palette.md`. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: optimize database queries in analytics page Refactor the 6 sequential `await supabase...` calls into concurrent queries using `Promise.all` in `app/dashboard/analytics/page.tsx` to fix waterfall data fetching. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Optimize performer profile queries and image loading Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
⚡ Bolt: Resolve Supabase database query waterfalls Group independent database queries into Promise.all calls to eliminate sequential execution and improve page load time. Fix query waterfalls in app/dashboard/analytics/page.tsx and app/performers/[id]/page.tsx. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Fix insecure IP hashing by adding a salt This commit fixes a vulnerability where IP addresses were hashed without a salt. It updates the track-view API route to use an environment-provided salt or fallback to a default development salt. It also adds tests for the new hashing logic, sets up Jest, updates the README documentation, and adds an entry to the Sentinel journal. Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
feat: add loading spinners and alert roles to auth forms Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
🛡️ Sentinel: [MEDIUM] Fix IP address exposure in analytics API Co-authored-by: mbarbine <3211492+mbarbine@users.noreply.github.com>
Merge pull request #1 from mbarbine/vercel/react-server-components-cve-vu-le4p53 Fix React Server Components CVE vulnerabilities
Merge pull request #1 from mbarbine/vercel/react-server-components-cve-vu-le4p53 Fix React Server Components CVE vulnerabilities
Merge pull request #1 from mbarbine/vercel/react-server-components-cve-vu-le4p53 Fix React Server Components CVE vulnerabilities
Fix React Server Components CVE vulnerabilities Updated dependencies to fix Next.js and React CVE vulnerabilities. The fix-react2shell-next tool automatically updated the following packages to their secure versions: - next - react-server-dom-webpack - react-server-dom-parcel - react-server-dom-turbopack All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory. Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>