Skip to content

v1.0.4

Choose a tag to compare

@github-actions github-actions released this 11 Jul 16:45
b19c0b0

Other Changes

fix: require a passing connection test before adding a mailbox - @TRC-Loop in #14

Summary

  • canSubmitPassword only checked that email/password/imapHost were non-empty, so the wizard's "Add" button was enabled without ever running "Test connection".
  • createAccount (backend) deliberately keeps the account even when the post-creation folder-discovery connection fails (so a temporarily-unreachable-but-real server isn't rejected outright) - which meant a completely invalid host sailed straight through with no validation at all.
  • "Add" is now gated on testOk === true; editing any tested field (email, password, host, port) invalidates a prior test result so a stale "ok" can't wave through a since-edited value. Added a small hint explaining why Add is disabled until tested.

Test plan

  • pnpm run check: clean
  • Manual verification in the running app pending

Summary

  • Enforced a successful connection test before enabling mailbox creation in AddMailboxWizard.svelte.
  • Reset the prior test result whenever email, password, IMAP host, or port changes, preventing stale validation from being reused.
  • Added a user-facing hint explaining that the connection must be tested before adding the mailbox.
  • Added the new hint string to the English, German, Spanish, French, and Dutch locale files.

AI usage

Probably — the PR contains signs of AI-assisted work, but not enough to say it was fully agentic or 100%.

build(deps): Bump golang.org/x/crypto from 0.51.0 to 0.52.0 - @dependabot[bot] in #19

Bumps golang.org/x/crypto from 0.51.0 to 0.52.0.

Commits
  • a1c0d99 go.mod: update golang.org/x dependencies
  • 3c7c869 ssh: fix deadlock on unexpected channel responses
  • 533fb3f ssh: fix source-address critical option bypass
  • abbc44d ssh: fix incorrect operator order
  • e052873 ssh: fix infinite loop on large channel writes due to integer overflow
  • b61cf85 ssh: enforce user presence verification for security keys
  • 9c2cd33 ssh: enforce strict limits on DSA key parameters
  • 8907318 ssh: reject RSA keys with excessively large moduli
  • ffd87b4 ssh: fix panic when authority callbacks are nil
  • 4e7a738 ssh: fix deadlock on unexpected global responses
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Updated go.mod to bump the indirect dependency golang.org/x/crypto from v0.51.0 to v0.52.0.

AI usage: Not Likely

build(deps): Bump the go-dependencies group with 2 updates - @dependabot[bot] in #20

Bumps the go-dependencies group with 2 updates: github.com/wailsapp/wails/v2 and golang.org/x/text.

Updates github.com/wailsapp/wails/v2 from 2.12.0 to 2.13.0

Release notes

Sourced from github.com/wailsapp/wails/v2's releases.

Wails v2.13.0

Installation

go install github.com/wailsapp/wails/v2/cmd/wails@v2.13.0

Changes

Added

Added

Fixed

  • Fixed wake (experimental WAILS_USE_WAKE=true build runner) running precondition sh: strings without template expansion, causing a spurious "garble is required for obfuscated builds" error on every build by @​leaanthony
  • Fixed nil pointer crash in application.Quit when called before Run or after Run returned early #5452 by @​c-tonneslan
Commits
  • 474b677 release: v2.13.0
  • 77fbbfa ci(npm): rebase-and-retry the version-bump push so publishes stop failing (#5...
  • 97f5f46 fix(v3/windows): guard FillRect against nil client rect in WM_ERASEBKGND (#5687)
  • 78254ef fix(v3): return error to frontend as dedicated Error objects instead of strin...
  • fd231e9 [skip ci] Publish @​wailsio/runtime v3.0.0-alpha.96
  • 198c9ce ci: verify the bundled runtime is built from source, not supplied by PRs (#5759)
  • 3c1ca71 fix(v3/windows): web server (server tag) build fails on Windows (#5680) (#5...
  • 0ea5f3a chore: update sponsors.svg and contributors.svg [skip ci]
  • a84a490 ci: skip release/publish/changelog automation on forks (#5756)
  • 1961c27 chore(v3): bump to v3.0.0-alpha2.114 and update changelog [skip ci]
  • Additional commits viewable in compare view

Updates golang.org/x/text from 0.38.0 to 0.40.0

Commits
  • 724af9c go.mod: update golang.org/x dependencies
  • bf5b9d6 internal/export/idna: always treat Punycode encoding pure ASCII as an error
  • b326f3d go.mod: update golang.org/x dependencies
  • 5ae8e57 unicode/norm: avoid infinite loop on invalid input
  • 0dc94a2 all: fix some comments
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary

  • Updated github.com/wailsapp/wails/v2 from v2.12.0 to v2.13.0, including Wake build runner fixes and an application.Quit nil-pointer crash fix.
  • Updated golang.org/x/text from v0.38.0 to v0.40.0, including Punycode validation and Unicode normalization improvements.
  • No public API changes.

AI involvement

AI use is Probably likely, but not demonstrably agentic. The provided change summary is explicitly AI-generated, suggesting AI assisted the review or documentation process. There is no evidence here of 100% agentic implementation.

build(deps): Bump the frontend-dependencies group in /frontend with 11 updates - @dependabot[bot] in #21

Bumps the frontend-dependencies group in /frontend with 11 updates:

Package From To
@codemirror/state 6.7.0 6.7.1
@codemirror/view 6.43.4 6.43.6
@tiptap/core 3.27.1 3.27.3
@tiptap/extension-link 3.27.1 3.27.3
@tiptap/pm 3.27.1 3.27.3
@tiptap/starter-kit 3.27.1 3.27.3
marked 18.0.5 18.0.6
@sveltejs/vite-plugin-svelte 7.1.2 7.2.0
svelte-check 4.7.1 4.7.2
typescript 6.0.3 7.0.2
vite 8.1.3 8.1.4

Updates @codemirror/state from 6.7.0 to 6.7.1

Commits

Updates @codemirror/view from 6.43.4 to 6.43.6

Commits

Updates @tiptap/core from 3.27.1 to 3.27.3

Release notes

Sourced from @​tiptap/core's releases.

v3.27.3

@​tiptap/core

Patch Changes

  • 94de762: Fix deleteSelection to delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.
  • @​tiptap/pm@​3.27.3

@​tiptap/extension-list

Patch Changes

  • 94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:

    • Thematic breaks (---, ***, ___, * * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.
    • Fenced code blocks (``` and ~~~) were nested inside the list item. They now terminate the list and become a top-level code block.
    • Unindented bullet markers (- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.

    An indented ***/___ inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A --- line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.

  • 94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.

  • Updated dependencies [94de762]

    • @​tiptap/core@​3.27.3
    • @​tiptap/pm@​3.27.3

@​tiptap/extensions

Patch Changes

  • 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental StateField<DecorationSet> that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords), requestAnimationFrame scheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.

v3.27.2

@​tiptap/extension-emoji

Patch Changes

  • ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/suggestion@​3.27.2

@​tiptap/extension-file-handler

Patch Changes

  • ceebb31: Add consumePasteEvent option to the file-handler extension. When true, handlePaste returns true even when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default is false.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/extension-text-style@​3.27.2

... (truncated)

Changelog

Sourced from @​tiptap/core's changelog.

3.27.3

Patch Changes

  • 023f98c: Fix deleteSelection to delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.
    • @​tiptap/pm@​3.27.3

3.27.2

Patch Changes

  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
Commits
  • 24d6aba chore(release): publish a new stable version (#8002)
  • 023f98c fix(core): delete content across all selection ranges, not just the first (#8...
  • 76a76da fix(extension-placeholder): eliminate placeholder flickering in large… (#8003)
  • a14683f chore(release): publish a new stable version (#7963)
  • 06b4274 fix(extension-file-handler): add consumePasteEvent option to prevent duplicat...
  • See full diff in compare view

Updates @tiptap/extension-link from 3.27.1 to 3.27.3

Release notes

Sourced from @​tiptap/extension-link's releases.

v3.27.3

@​tiptap/core

Patch Changes

  • 94de762: Fix deleteSelection to delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.
  • @​tiptap/pm@​3.27.3

@​tiptap/extension-list

Patch Changes

  • 94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:

    • Thematic breaks (---, ***, ___, * * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.
    • Fenced code blocks (``` and ~~~) were nested inside the list item. They now terminate the list and become a top-level code block.
    • Unindented bullet markers (- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.

    An indented ***/___ inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A --- line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.

  • 94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.

  • Updated dependencies [94de762]

    • @​tiptap/core@​3.27.3
    • @​tiptap/pm@​3.27.3

@​tiptap/extensions

Patch Changes

  • 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental StateField<DecorationSet> that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords), requestAnimationFrame scheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.

v3.27.2

@​tiptap/extension-emoji

Patch Changes

  • ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/suggestion@​3.27.2

@​tiptap/extension-file-handler

Patch Changes

  • ceebb31: Add consumePasteEvent option to the file-handler extension. When true, handlePaste returns true even when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default is false.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/extension-text-style@​3.27.2

... (truncated)

Changelog

Sourced from @​tiptap/extension-link's changelog.

3.27.3

Patch Changes

  • Updated dependencies [023f98c]
    • @​tiptap/core@​3.27.3
    • @​tiptap/pm@​3.27.3

3.27.2

Patch Changes

  • d3eb052: Coerce undefined HTMLAttributes (target, rel, class) to null so ProseMirror does not emit "No value supplied for attribute" warnings when these options are explicitly set to undefined.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
Commits
  • 24d6aba chore(release): publish a new stable version (#8002)
  • a14683f chore(release): publish a new stable version (#7963)
  • d51e62b Update packages/extension-link/src/link.ts
  • 864e719 Update packages/extension-link/src/link.ts
  • 3a91de1 Update packages/extension-link/src/link.ts
  • ef97c53 Update packages/extension-link/src/link.ts
  • eb78ee2 fix(link): coerce undefined HTMLAttributes to null to avoid ProseMirror error
  • 06b4274 fix(extension-file-handler): add consumePasteEvent option to prevent duplicat...
  • See full diff in compare view

Updates @tiptap/pm from 3.27.1 to 3.27.3

Release notes

Sourced from @​tiptap/pm's releases.

v3.27.3

@​tiptap/core

Patch Changes

  • 94de762: Fix deleteSelection to delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.
  • @​tiptap/pm@​3.27.3

@​tiptap/extension-list

Patch Changes

  • 94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:

    • Thematic breaks (---, ***, ___, * * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.
    • Fenced code blocks (``` and ~~~) were nested inside the list item. They now terminate the list and become a top-level code block.
    • Unindented bullet markers (- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.

    An indented ***/___ inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A --- line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.

  • 94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.

  • Updated dependencies [94de762]

    • @​tiptap/core@​3.27.3
    • @​tiptap/pm@​3.27.3

@​tiptap/extensions

Patch Changes

  • 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental StateField<DecorationSet> that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords), requestAnimationFrame scheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.

v3.27.2

@​tiptap/extension-emoji

Patch Changes

  • ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/suggestion@​3.27.2

@​tiptap/extension-file-handler

Patch Changes

  • ceebb31: Add consumePasteEvent option to the file-handler extension. When true, handlePaste returns true even when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default is false.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/extension-text-style@​3.27.2

... (truncated)

Changelog

Sourced from @​tiptap/pm's changelog.

3.27.3

3.27.2

Patch Changes

  • ceebb31: Updated all ProseMirror packages to the latest publicly available versions
Commits
  • 24d6aba chore(release): publish a new stable version (#8002)
  • a14683f chore(release): publish a new stable version (#7963)
  • ceebb31 Update ProseMirror packages (#7960)
  • 06b4274 fix(extension-file-handler): add consumePasteEvent option to prevent duplicat...
  • See full diff in compare view

Updates @tiptap/starter-kit from 3.27.1 to 3.27.3

Release notes

Sourced from @​tiptap/starter-kit's releases.

v3.27.3

@​tiptap/core

Patch Changes

  • 94de762: Fix deleteSelection to delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.
  • @​tiptap/pm@​3.27.3

@​tiptap/extension-list

Patch Changes

  • 94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:

    • Thematic breaks (---, ***, ___, * * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.
    • Fenced code blocks (``` and ~~~) were nested inside the list item. They now terminate the list and become a top-level code block.
    • Unindented bullet markers (- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.

    An indented ***/___ inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A --- line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.

  • 94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.

  • Updated dependencies [94de762]

    • @​tiptap/core@​3.27.3
    • @​tiptap/pm@​3.27.3

@​tiptap/extensions

Patch Changes

  • 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental StateField<DecorationSet> that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords), requestAnimationFrame scheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.

v3.27.2

@​tiptap/extension-emoji

Patch Changes

  • ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/suggestion@​3.27.2

@​tiptap/extension-file-handler

Patch Changes

  • ceebb31: Add consumePasteEvent option to the file-handler extension. When true, handlePaste returns true even when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default is false.
  • Updated dependencies [ceebb31]
    • @​tiptap/pm@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/extension-text-style@​3.27.2

... (truncated)

Changelog

Sourced from @​tiptap/starter-kit's changelog.

3.27.3

Patch Changes

  • Updated dependencies [023f98c]
  • Updated dependencies [b4600b6]
  • Updated dependencies [1f3ca7a]
  • Updated dependencies [76a76da]
    • @​tiptap/core@​3.27.3
    • @​tiptap/extension-list@​3.27.3
    • @​tiptap/extensions@​3.27.3
    • @​tiptap/extension-blockquote@​3.27.3
    • @​tiptap/extension-bold@​3.27.3
    • @​tiptap/extension-code@​3.27.3
    • @​tiptap/extension-code-block@​3.27.3
    • @​tiptap/extension-document@​3.27.3
    • @​tiptap/extension-hard-break@​3.27.3
    • @​tiptap/extension-heading@​3.27.3
    • @​tiptap/extension-horizontal-rule@​3.27.3
    • @​tiptap/extension-italic@​3.27.3
    • @​tiptap/extension-link@​3.27.3
    • @​tiptap/extension-paragraph@​3.27.3
    • @​tiptap/extension-strike@​3.27.3
    • @​tiptap/extension-text@​3.27.3
    • @​tiptap/extension-underline@​3.27.3
    • @​tiptap/extension-list-item@​3.27.3
    • @​tiptap/extension-list-keymap@​3.27.3
    • @​tiptap/extension-bullet-list@​3.27.3
    • @​tiptap/extension-ordered-list@​3.27.3
    • @​tiptap/extension-dropcursor@​3.27.3
    • @​tiptap/extension-gapcursor@​3.27.3
    • @​tiptap/pm@​3.27.3

3.27.2

Patch Changes

  • Updated dependencies [d3eb052]
  • Updated dependencies [f586b6f]
  • Updated dependencies [ceebb31]
    • @​tiptap/extension-link@​3.27.2
    • @​tiptap/extension-list@​3.27.2
    • @​tiptap/pm@​3.27.2
    • @​tiptap/extension-list-item@​3.27.2
    • @​tiptap/extension-list-keymap@​3.27.2
    • @​tiptap/extension-bullet-list@​3.27.2
    • @​tiptap/extension-ordered-list@​3.27.2
    • @​tiptap/core@​3.27.2
    • @​tiptap/extension-code-block@​3.27.2
    • @​tiptap/extension-horizontal-rule@​3.27.2

... (truncated)

Commits
  • 24d6aba chore(release): publish a new stable version (#8002)
  • a14683f chore(release): publish a new stable version (#7963)
  • 06b4274 fix(extension-file-handler): add consumePasteEvent option to prevent duplicat...
  • See full diff in compare view

Updates marked from 18.0.5 to 18.0.6

Release notes

Sourced from marked's releases.

v18.0.6

18.0.6 (2026-07-09)

Bug Fixes

  • Avoid O(n^2) backtracking in inline link href regex (#4013) (a009808)
  • Fix ordered lists after blockquotes (#4003) (33928d0)
  • keep trailing text on HTML block close line for PI, declarations, and CDATA (#3991) (bbb84c8)
Commits
  • 39bd884 chore(release): 18.0.6 [skip ci]
  • 6bce57d chore(deps-dev): bump @​semantic-release/github from 12.0.8 to 12.0.9 (#4009)
  • 63a4bba chore(deps-dev): bump markdown-it from 14.2.0 to 14.3.0 (#4010)
  • a009808 fix: Avoid O(n^2) backtracking in inline link href regex (#4013)
  • 33928d0 fix: Fix ordered lists after blockquotes (#4003)
  • bbb84c8 fix: keep trailing text on HTML block close line for PI, declarations, and CD...
  • d2af54e chore(deps-dev): bump eslint from 10.5.0 to 10.6.0 (#4005)
  • f403898 chore(deps-dev): bump @​arethetypeswrong/cli from 0.18.3 to 0.18.4 (#4006)
  • f8f4112 chore(deps): bump actions/checkout from 6 to 7 (#4000)
  • 5ddfd8a chore: Update repository metadata URLs (#3998)
  • Additional commits viewable in compare view

Updates @sveltejs/vite-plugin-svelte from 7.1.2 to 7.2.0

Release notes

Sourced from @​sveltejs/vite-plugin-svelte's releases.

@​sveltejs/vite-plugin-svelte@​7.2.0

Minor Changes

  • feat(inspector): add a context menu with current component stack (#1370)

@​sveltejs/vite-plugin-svelte@​7.1.4

Patch Changes

  • fix: enforce ltr styles for inspector (#1324)

@​sveltejs/vite-plugin-svelte@​7.1.3

Patch Changes

  • fix: ensure the inspector is injected into the client correctly for Vite+ projects (#1355)
Changelog

Sourced from @​sveltejs/vite-plugin-svelte's changelog.

7.2.0

Minor Changes

  • feat(inspector): add a context menu with current component stack (#1370)

7.1.4

Patch Changes

  • fix: enforce ltr styles for inspector (#1324)

7.1.3

Patch Changes

  • fix: ensure the inspector is injected into the client correctly for Vite+ projects (#1355)
Commits

Updates svelte-check from 4.7.1 to 4.7.2

Release notes

Sourced from svelte-check's releases.

svelte-check@4.7.2

Patch Changes

  • fix: resolve tsgo bin path with package.json (#3074)

  • fix: report tsconfig errors in --tsgo-experimental-api (#3070)

Commits

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Updates vite from 8.1.3 to 8.1.4

Release notes

Sourced from vite's releases.

v8.1.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.1.4 (2026-07-09)

Features

Bug Fixes

  • build: add workaround for building on stackblitz (#22840) (575c32c)
  • build: keep import.meta.url in preload function as-is (#22839) (f1f90ed)
  • deps: update all non-major dependencies (#22865) (d4295a9)
  • deps: update rolldown-related dependencies (#22866) (7cf07e4)
  • html: avoid backtracking in import-only check (#22848) (b5868c0)
  • optimizer: avoid optimizer run for transform request before init (#22852) (72a5e21)
  • ssr: align named export function call stacktrace column with Node (#22829) (173a1b6)
  • strip pure CSS chunk imports when chunkImportMap is enabled (#22841) (648bd04)

Documentation

Miscellaneous Chores

  • deps: update dependency postcss-modules to v9 (#22867) (a9539d6)

Code Refactoring

Tests

Build System

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary

  • Updated 11 frontend dependencies, including CodeMirror, Tiptap, marked, Svelte tooling, TypeScript, and Vite.
  • Includes patch, minor, and major version upgrades with upstream fixes and enhancements for parsing, selection handling, builds, optimization, inspection, and type checking.

AI usage

AI assistance is Not Likely. No clear indicators such as AI-related files, co-author attribution, or AI-generated comments were identified.

fix: pin typescript to 6.x, svelte-check crashes on ts 7 - @TRC-Loop in #29

The Dependabot frontend-dependencies group (#21) bumped typescript to 7.0.2. TypeScript 7 is the native ("tsgo") port and changes the module shape, which svelte-check@4.7.2 does not support yet: a fresh install makes pnpm run check crash with

TypeError: Cannot read properties of undefined (reading 'useCaseSensitiveFileNames')

Local checks kept passing only because node_modules still had TS 6.0.3; CI or a fresh install would fail.

  • Pinned typescript back to ^6.0.3 and regenerated the lockfile (svelte-check and vite bumps kept).
  • Added a Dependabot ignore for typescript >= 7.0.0 so it is not re-proposed until the Svelte language tools support it.
fix: show Settings in window title instead of last message - @TRC-Loop in #22

While the settings screen is open, the native window title kept showing the last opened message's subject. Set it to the localized "Settings - Pelton" whenever settings is open, and restore the folder/message title on close.

🤖 Generated with Claude Code

fix: avatar initials leaking address chars and dull geometric style - @TRC-Loop in #23

Two fixes to the generated placeholder avatars:

  • Initials glitch: a display name that still carried its address ("Foo foo@example.com") produced initials like "F<". The name is now stripped of any bracketed address and surrounding quotes before deriving initials, and only tokens starting with a letter/digit are considered.
  • Geometric style: the old style layered muddy translucent polygons and mostly differed by color. Replaced with a generative Bauhaus-style mark on a 2x2 grid, driven by a seeded PRNG so each sender gets a structurally distinct composition (disc, half/quarter-disc, triangle, ring, dot at varied rotations, with occasional negative space).
feat: auto-sync interval as a stepped slider - @TRC-Loop in #24

The automatic-sync interval in Sync & Energy used a long segmented control that overflowed and wrapped to multiple lines. Replaced it with a stepped slider (StepSlider) whose steps are the existing predefined intervals (off, 30s, 5m, 15m, 30m, 1h, 6h, 12h, 24h). The current step's label is shown above the track and the range ends are anchored, so it reads cleanly at any panel width. Fully tokened; keyboard accessible via the native range input.

feat: manage trusted image senders whitelist - @TRC-Loop in #25

Adds a "Manage whitelist" button in Privacy that opens a modal listing every sender and domain the user has allowed to load remote images. Each entry shows an example cached message (click to open it and remember who it is) and a remove button to revoke trust.

  • Backend: ListImageAllowlist and RemoveImageAllow bindings over the existing remote_allow_senders / remote_allow_domains settings, plus storage.LatestMessageFrom to resolve an example message per sender/domain.
  • Frontend: ImageAllowlistModal (lazy-loaded so its list logic doesn't weigh on the settings bundle), wired into the Privacy section. Fully localized across all five locales.
fix: resume interrupted offline download and add cancel - @TRC-Loop in #27

Resume bug

An offline bulk download did not continue after closing the app. The cause: runRangeDownload cleared the resume marker (settingDownloadPending) on every exit path, including when the app context was cancelled at shutdown, so a mid-download close wiped the marker and ResumePendingDownload had nothing to pick up next launch. The marker is now only cleared on genuine completion, a real error, or an explicit user cancel; if the job stops because the app is shutting down it is left in place, so the download resumes automatically on the next start.

Cancel

Added a cancel button in the status-line download progress (and in the offline settings section while a download runs). The job now runs under its own cancellable context, so CancelDownload stops it without tearing down the app context, and clears the resume marker so it does not restart.

Removed the size estimate

Dropped the pre-download "~X GB across N messages" estimate: sizing the range required a full connect/search/fetch-sizes pass over IMAP on every start-date change, which is most of the download work itself. Removed EstimateDownloadRange, planAndSizeAccount, DownloadEstimateDTO, the now-unused imap.FetchSizes, and the settings UI + locale strings for it.

The offline range menu already uses the custom DateTimePicker.

fix: choppy swipe gesture firing before full pull - @TRC-Loop in #28

The trackpad two-finger swipe on message rows was choppy and would fire an action before the row was pulled all the way. Causes: the release timer was too short (130 ms), so a natural mid-swipe pause counted as "let go" and committed at just 55%; the drag was hard-clamped so it felt stuck at the edge; and a switch to vertical scrolling left the row hanging open.

Reworked the wheel physics (still trackpad two-finger, as before):

  • Release is inferred from wheel deltas stopping for 200 ms, so a pause mid-swipe no longer commits.
  • Commit only past 60% of the row width; otherwise it snaps back.
  • Rubber-band resistance past the row width so the reveal feels anchored instead of flinging off-screen.
  • A clearly vertical burst while engaged ends the gesture and snaps back, so scrolling is never hijacked.
feat: search keyword chips with autocomplete - @TRC-Loop in #30

Adds structured search chips to the message-list search:

  • Type from:/sender:, to:, subject:, or has:attachment and the token becomes a chip on space or Enter. Chips render as removable pills; Backspace on an empty input removes the last one.
  • An autocomplete dropdown suggests the keywords as you type a partial one (Tab accepts the first).
  • The calendar button now inserts before:/after: date chips instead of the old custom-range popover.
  • Free text and the chip constraints are dispatched as a structured SearchFilter; the query clears when the folder/view changes.

Backend: search.Query gains From/To/Subject (field-scoped, AND-matched; to: matches to+cc), and Search post-filters has:attachment using the stored message flag (no re-index needed).

Old date-preset UI (Any time / Last 7 days / custom range) is replaced by the date chips; its locale strings were removed and the new chip/suggestion strings added across all five locales.

Verified: Go build + tests, svelte-check, and unit-checked the chip parser. Worth a manual pass via make run for the interaction feel.

feat: customizable reading pane empty-state image - @TRC-Loop in #26

The reading pane's empty state (no message open) always showed the bundled Pelton logo. Adds a "Reading pane image" control in Appearance settings with "Select image" (picks a local image, stored as a data URI in settings) and "Reset to default" (restores the logo).

Size handling: files over 50 MB are refused; between 3 MB and 50 MB a "here be dragons" warning appears (a large data URI in settings can slow app load) and the user can proceed anyway.

Persisted through the existing UI-prefs bundle (emptyStateImage), so it applies immediately and survives restarts. Localized across all five locales.

feat: replace config sync with settings import/export - @TRC-Loop in #31

Removes the folder-based config-sync feature (it was broken) and replaces it with a local, file-based Import/Export in the same settings tab.

Removal + migration

  • Deleted the mirror-mode config-sync (Manager, full-cache, merge, metadata, settings snapshots), its bindings, the two Svelte components, the status event, and the fsnotify dependency.
  • Kept the data-directory plumbing needed for a one-shot migration: on startup, if a device still has the legacy "in-place" marker (its live data dir was redirected into the synced folder), MigrateInPlaceBack snapshots that data back to the normal app-support directory and removes the marker, so the next launch opens from the standard location. No data is lost.

Import / Export

  • Export: pick categories (Settings, Trusted senders) and save to a JSON file with metadata (created timestamp, app version).
  • Import: pick a file; the UI shows when it was made and which categories it holds, then you choose what to bring in. Settings are re-applied and prefs reload live.
  • Backend: ExportData, InspectBackupFile, ImportData. The whitelist is exported separately from settings; local/transient keys (search watermark, pending-download marker) are never exported.

Verified: go build ./..., go vet, go test ./internal/..., and svelte-check all pass. Recommend a manual pass via make run for the export/import dialogs.

fix: use mailbox consistently instead of account in ui copy - @TRC-Loop in #32

The UI calls a connected account a "mailbox" almost everywhere (Add mailbox, Mailboxes, the wizard, the sidebar), but a handful of strings drifted to "account", which read inconsistently.

Unified those strays to the canonical mailbox term per language:

  • en → mailbox, de → Postfach, fr → boîte mail, nl → mailbox
  • Spanish is left as-is: it deliberately uses "cuenta" throughout, so it is already internally consistent.

Strings touched: onboarding (connect/portable), the message info modal's field label, the mailbox-badge note, the Mailboxes section hint, and the auto-sync interval hint. Only translation values changed (no key renames, no code identifiers touched, so the backend Account type and bindings are unaffected). svelte-check passes.

feat: cosmetic demo mode via --potatoes-are-nice - @TRC-Loop in #33

Adds a purely-cosmetic demo mode for website screenshots, launched with the --potatoes-are-nice flag (or make nice-potatoes).

When active, the frontend fills the whole UI with fixed potato-themed sample data instead of reading real accounts and mail:

  • Two Pelton/potato mailboxes with folder trees and counts.
  • A unified inbox of ~10 potato emails (Marina's Q4 numbers, Pelton Potato Island, seed-potato invoices, harvest festival, ...). Every message opens to the same casual "coworker about potatoes" HTML body.
  • A sync shown in progress in the status bar, and one email frozen in the "sending" state so the outbox indicator is visible.

It is genuinely offline and non-destructive:

  • Backend: when --potatoes-are-nice is set, startup skips all background services (sync, IMAP idle, the outbox worker, auto-update checks, download resume, migrations). The store still opens so bound calls don't error, but nothing runs against it or the network.
  • Frontend: the data functions and senderPhotos short-circuit to the samples/generated avatars, so no Gravatar/BIMI lookups either.

Nothing persists. Verified by running make nice-potatoes: the potato inbox renders with generated avatars and zero IMAP/network activity in the logs. go build, go vet-clean, and svelte-check pass.

Summary

Adds a cosmetic, offline potato-themed demo mode enabled with --potatoes-are-nice or make nice-potatoes.

  • Frontend serves fixed sample accounts, folders, messages, avatars, sync status, and outbox data.
  • Backend skips network services and state-changing startup tasks while keeping the store available for bound calls.
  • No real account data is accessed, persisted, or modified.
  • Validation completed with go build, go vet, and svelte-check.

AI usage

AI assistance is Very Likely, but the available change summary does not establish whether usage was 100% agentic or limited assistance. No definitive AI authorship indicators were confirmed.

fix: open links in email body in the external browser - @TRC-Loop in #34

Links and buttons in an email body were not clickable — you had to copy the URL into a browser by hand. The message body renders in a sandboxed iframe without allow-popups/allow-top-navigation, so an <a href> click silently did nothing.

Now a click listener on the iframe document intercepts anchor clicks and hands the URL to the OS default browser via Wails BrowserOpenURL (http/https/mailto only; in-page # anchors are ignored). The sandbox stays script-free.

fix: preserve email background colors so light text stays readable - @TRC-Loop in #35

Emails that design a section with light text on a dark background (very common in newsletters/marketing mail) were unreadable in Pelton: white-on-white. The sanitizer kept the text color but stripped the background, so the light text landed on our fixed white page. Apple Mail keeps the background, so it looked fine there.

Fix in the sanitizer policy (internal/mailview):

  • Keep the background shorthand style (not just background-color).
  • Keep the legacy bgcolor attribute on body and table elements (the other common way mail sets a section background).
  • Keep <font color> so its text color stays paired with the background instead of falling back to our dark default (which would flip the problem to dark-on-dark).

Remote safety is unchanged: any remote background image a style might carry is still blocked by the iframe CSP (img-src) when remote content is off, and still triggers the "remote content blocked" banner. go build/go vet pass; verified with a sanitize test that bgcolor, background: and <font color> survive.

fix: fedora copr install failing and rpm not uninstallable via GUI - @TRC-Loop in #36

Fixes two Fedora packaging defects reported on 1.0.4.

dnf install from Copr failed entirely

The Copr spec packages the binary already built on the Actions runner (Ubuntu). rpmbuild's automatic dependency generator scanned that ELF and added Requires for every SONAME and glibc symbol version it links against, taken from the build box's glibc/webkit. Those don't line up with the Fedora chroot, so dnf reported "nothing provides ..." and refused to install. rpmbuild also tried to build a -debuginfo subpackage from the stripped Go binary.

  • AutoReqProv: no + hand-declared Requires: gtk3, webkit2gtk4.1 (already the real runtime deps).
  • %global debug_package %{nil} to skip debuginfo extraction.

Double-clicking the .rpm installed, but there was no way to uninstall it

No AppStream metainfo shipped, so GNOME Software / KDE Discover never linked the installed pelton.desktop app to its owning package and showed no Remove button (dnf remove pelton from the CLI always worked).

  • New build/linux/pelton.metainfo.xml (<launchable> points at pelton.desktop), shipped to /usr/share/metainfo by both nfpm and the Copr spec. Passes appstreamcli validate.

Launcher bug

Exec=Pelton %u but the binary installs as lowercase /usr/bin/pelton, so clicking the app icon did nothing. Fixed to Exec=pelton.

Also: Copr spec now installs a hicolor icon + refreshes the icon cache in scriptlets; workflow bundles the metainfo into the Copr source tarball; README documents uninstalling.

Summary

  • Fix Fedora packaging by disabling automatic RPM dependency/debuginfo generation and declaring required GTK/WebKit dependencies.
  • Add AppStream metadata, hicolor icon installation, and icon-cache refresh scriptlets.
  • Include metainfo in nfpm packaging and Copr source archives.
  • Correct the desktop launcher to use the lowercase pelton executable.
  • Document Fedora uninstallation via dnf or graphical software centers.

AI usage

Not Likely. No explicit AI authorship, agent files, co-author markers, or AI-related comments were identified.

Full Changelog: v1.0.3...v1.0.4