Skip to content

v2.2.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 10 Jun 05:19
v2.2.0
bf2dfa3
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

2.2.0 (2026-06-09)

Added

  • add admin technical changelog page (787de4a)
  • add automated SMS reminders for driver deliveries (42769ac)
  • add commit-trailer changelog extractor + release-please wiring (6631f37)
  • add public changelog page and what's new badge (20799b6)
  • add v2 design token foundation (additive, no visual changes) (d5414e0)
  • add v2 design token foundation (PR-A, additive, no visual changes) (9c53fc6)
  • apply: require equipment photo for driver role (b33a2f5)
  • apply: require equipment photo for driver role (client + server) (17954c7)
  • driver app mobile-first redesign (e0e5d98)
  • driver app theme foundations (scoped tokens + tailwind) (bea97cb)
  • driver UI primitive kit (44ed295)
  • driver-native delivery detail view (6710c9a)
  • dual changelog — public What's New page, admin technical changelog, localStorage badge, commit-trailer automation (e2d0aa9)
  • implement SEO improvements (P0–P3) (8bdb97e)
  • lib: add devOnlyGuard() helper (bb90e50)
  • outbound partner status webhooks + GET /orders/{id} (CaterCow integration) (e3594cf)
  • outbound partner status webhooks + GET /orders/{id} for partner API (50d7887)
  • redesign AddressSelector with RouteBuilder, MiniMap & geocoding (837687b)
  • redesign driver app screens (home, tracking, history, training) (38906c7)
  • security: gate debug + test routes with devOnlyGuard + SUPER_ADMIN (8b99c35)
  • SEO improvements — metadata, structured data, sitemap (5831b5e)

Fixed

  • auth: bridge SSR cookie to browser supabase-js session (REA-DRT-07) (649d15c)
  • auth: catch fire-and-forget token refresh rejections (06afb52)
  • auth: catch fire-and-forget token refresh rejections and force re-auth (83051ce)
  • auth: drop httpOnly from Supabase auth cookies so browser session bridges (REA-DRT-07) (a463e3f)
  • build: inline app version via next.config env, not JSON import (5c22902)
  • bundle Prisma query engine into standalone output (GHCR image) (a963d07)
  • bundle Prisma query engine into standalone output for the GHCR image (8c65a41)
  • don't flash a connection error on the SSE stream's planned 50s rotation (8f385f1)
  • driver route resilience — error boundary + graceful history fallback (aa05d23)
  • driver route resilience — error boundary + graceful history fallback (0855f33)
  • escape */ in CSS comment that prematurely closed the comment block (9ed7e36)
  • harden JSON-LD and correct BlogPosting datePublished (ed4dc17)
  • health: read version from package.json at build time (3efe2f0)
  • rate-limit driver location writes (abuse protection) (d8e0814)
  • read package.json once at next.config.js load time and expose just the version string via the env block (next inlines env entries as build-time string literals). /api/health now reads process.env.APP_VERSION, which is the single string '2.1.0' baked in at build time — no JSON in the bundle. (5c22902)
  • realtime: stop calling non-existent channel.off() (REA-367) (3735ed8)
  • realtime: stop calling non-existent channel.off(); stable broadcast dispatcher (REA-367) (7f6d82c)
  • retry Supabase Realtime CHANNEL_ERROR with backoff, downgrade Sentry noise (3a8e686)
  • route driver-tracking endpoints through the shared pooled Prisma client (4d4ad94)
  • route driver-tracking endpoints through the shared pooled Prisma client (1904914)
  • silence Sentry tracking noise (NEXTJS-1F) + fix 3 stale test suites (1d96e0b)
  • silence Supabase auth lock 'steal' AbortError noise in Sentry (67cc490)
  • silence Supabase auth lock "steal" AbortError noise in Sentry (42e9486)
  • single-source the driver home deliveries count and list (1e2b304)
  • single-source the driver home deliveries count and list (e152263)
  • stop /api/tracking/live SSE from hitting Vercel runtime timeout (514a3e3)
  • stop /api/tracking/live SSE from hitting Vercel runtime timeout (fefc81d)
  • tag Sentry environment correctly so dev deploys stop reporting as production (72eb586)

Security

  • harden driver tracking routes against IDOR + SQL injection (OWASP A01/A03) (79ac13a)

Changed

  • drop no-op CHANNEL_ERROR backoff delay, correct retry comment (7ddd862)
  • refit Shadcn display atoms to v2 token system (batch 1b) (9eef4d4)
  • refit Shadcn form atoms to v2 token system (batch 1a) (167a28f)
  • remove legacy driver components superseded by the redesign (548e3c4)

Documentation

  • claude: add Versioning section covering release-please flow (b866ffc)
  • introduce ARCHITECTURE.md + REMEDIATION_PLAN.md, mark item #4 shipped (19b1590)
Assets 2
Loading