v1.0.4
Other Changes
fix: require a passing connection test before adding a mailbox -
@TRC-Loop in #14
Summary
canSubmitPasswordonly checked that email/password/imapHost were non-empty, so the wizard's "Add" button was enabled without ever running "Test connection".createAccount(backend) deliberately keeps the account even when the post-creation folder-discovery connection fails (so a temporarily-unreachable-but-real server isn't rejected outright) - which meant a completely invalid host sailed straight through with no validation at all.- "Add" is now gated on
testOk === true; editing any tested field (email, password, host, port) invalidates a prior test result so a stale "ok" can't wave through a since-edited value. Added a small hint explaining why Add is disabled until tested.
Test plan
-
pnpm run check: clean - Manual verification in the running app pending
Summary
- Enforced a successful connection test before enabling mailbox creation in
AddMailboxWizard.svelte. - Reset the prior test result whenever email, password, IMAP host, or port changes, preventing stale validation from being reused.
- Added a user-facing hint explaining that the connection must be tested before adding the mailbox.
- Added the new hint string to the English, German, Spanish, French, and Dutch locale files.
AI usage
Probably — the PR contains signs of AI-assisted work, but not enough to say it was fully agentic or 100%.
build(deps): Bump golang.org/x/crypto from 0.51.0 to 0.52.0 -
@dependabot[bot] in #19
Bumps golang.org/x/crypto from 0.51.0 to 0.52.0.
Commits
a1c0d99go.mod: update golang.org/x dependencies3c7c869ssh: fix deadlock on unexpected channel responses533fb3fssh: fix source-address critical option bypassabbc44dssh: fix incorrect operator ordere052873ssh: fix infinite loop on large channel writes due to integer overflowb61cf85ssh: enforce user presence verification for security keys9c2cd33ssh: enforce strict limits on DSA key parameters8907318ssh: reject RSA keys with excessively large moduliffd87b4ssh: fix panic when authority callbacks are nil4e7a738ssh: fix deadlock on unexpected global responses- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Updated go.mod to bump the indirect dependency golang.org/x/crypto from v0.51.0 to v0.52.0.
AI usage: Not Likely
build(deps): Bump the go-dependencies group with 2 updates -
@dependabot[bot] in #20
Bumps the go-dependencies group with 2 updates: github.com/wailsapp/wails/v2 and golang.org/x/text.
Updates github.com/wailsapp/wails/v2 from 2.12.0 to 2.13.0
Release notes
Sourced from github.com/wailsapp/wails/v2's releases.
Wails v2.13.0
Installation
go install github.com/wailsapp/wails/v2/cmd/wails@v2.13.0Changes
Added
- Added example demonstrating events usage in the documentation
[#5026](https://github.com/wailsapp/wails/issues/5026)by@iamhabbeboyAdded
- Added Kira to the community showcase by
@thiennguyen93Fixed
- Fixed wake (experimental
WAILS_USE_WAKE=truebuild runner) running preconditionsh:strings without template expansion, causing a spurious "garble is required for obfuscated builds" error on every build by@leaanthony- Fixed nil pointer crash in
application.Quitwhen called beforeRunor afterRunreturned early #5452 by@c-tonneslan
Commits
474b677release: v2.13.077fbbfaci(npm): rebase-and-retry the version-bump push so publishes stop failing (#5...97f5f46fix(v3/windows): guard FillRect against nil client rect in WM_ERASEBKGND (#5687)78254effix(v3): return error to frontend as dedicated Error objects instead of strin...fd231e9[skip ci] Publish@wailsio/runtimev3.0.0-alpha.96198c9ceci: verify the bundled runtime is built from source, not supplied by PRs (#5759)3c1ca71fix(v3/windows): web server (servertag) build fails on Windows (#5680) (#5...0ea5f3achore: update sponsors.svg and contributors.svg [skip ci]a84a490ci: skip release/publish/changelog automation on forks (#5756)1961c27chore(v3): bump to v3.0.0-alpha2.114 and update changelog [skip ci]- Additional commits viewable in compare view
Updates golang.org/x/text from 0.38.0 to 0.40.0
Commits
724af9cgo.mod: update golang.org/x dependenciesbf5b9d6internal/export/idna: always treat Punycode encoding pure ASCII as an errorb326f3dgo.mod: update golang.org/x dependencies5ae8e57unicode/norm: avoid infinite loop on invalid input0dc94a2all: fix some comments- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Summary
- Updated
github.com/wailsapp/wails/v2fromv2.12.0tov2.13.0, including Wake build runner fixes and anapplication.Quitnil-pointer crash fix. - Updated
golang.org/x/textfromv0.38.0tov0.40.0, including Punycode validation and Unicode normalization improvements. - No public API changes.
AI involvement
AI use is Probably likely, but not demonstrably agentic. The provided change summary is explicitly AI-generated, suggesting AI assisted the review or documentation process. There is no evidence here of 100% agentic implementation.
build(deps): Bump the frontend-dependencies group in /frontend with 11 updates -
@dependabot[bot] in #21
Bumps the frontend-dependencies group in /frontend with 11 updates:
| Package | From | To |
|---|---|---|
| @codemirror/state | 6.7.0 |
6.7.1 |
| @codemirror/view | 6.43.4 |
6.43.6 |
| @tiptap/core | 3.27.1 |
3.27.3 |
| @tiptap/extension-link | 3.27.1 |
3.27.3 |
| @tiptap/pm | 3.27.1 |
3.27.3 |
| @tiptap/starter-kit | 3.27.1 |
3.27.3 |
| marked | 18.0.5 |
18.0.6 |
| @sveltejs/vite-plugin-svelte | 7.1.2 |
7.2.0 |
| svelte-check | 4.7.1 |
4.7.2 |
| typescript | 6.0.3 |
7.0.2 |
| vite | 8.1.3 |
8.1.4 |
Updates @codemirror/state from 6.7.0 to 6.7.1
Commits
- See full diff in compare view
Updates @codemirror/view from 6.43.4 to 6.43.6
Commits
- See full diff in compare view
Updates @tiptap/core from 3.27.1 to 3.27.3
Release notes
Sourced from @tiptap/core's releases.
v3.27.3
@tiptap/corePatch Changes
- 94de762: Fix
deleteSelectionto delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.@tiptap/pm@3.27.3
@tiptap/extension-listPatch Changes
94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:
- Thematic breaks (
---,***,___,* * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.- Fenced code blocks (
```and~~~) were nested inside the list item. They now terminate the list and become a top-level code block.- Unindented bullet markers (
- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.An indented
***/___inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A---line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.
Updated dependencies [94de762]
@tiptap/extensionsPatch Changes
- 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental
StateField<DecorationSet>that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords),requestAnimationFramescheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.v3.27.2
@tiptap/extension-emojiPatch Changes
- ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
- Updated dependencies [ceebb31]
@tiptap/extension-file-handlerPatch Changes
- ceebb31: Add
consumePasteEventoption to the file-handler extension. Whentrue,handlePastereturnstrueeven when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default isfalse.- Updated dependencies [ceebb31]
... (truncated)
Changelog
Sourced from @tiptap/core's changelog.
3.27.3
Patch Changes
- 023f98c: Fix
deleteSelectionto delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.
@tiptap/pm@3.27.33.27.2
Patch Changes
- Updated dependencies [ceebb31]
@tiptap/pm@3.27.2
Commits
24d6abachore(release): publish a new stable version (#8002)023f98cfix(core): delete content across all selection ranges, not just the first (#8...76a76dafix(extension-placeholder): eliminate placeholder flickering in large… (#8003)a14683fchore(release): publish a new stable version (#7963)06b4274fix(extension-file-handler): add consumePasteEvent option to prevent duplicat...- See full diff in compare view
Updates @tiptap/extension-link from 3.27.1 to 3.27.3
Release notes
Sourced from @tiptap/extension-link's releases.
v3.27.3
@tiptap/corePatch Changes
- 94de762: Fix
deleteSelectionto delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.@tiptap/pm@3.27.3
@tiptap/extension-listPatch Changes
94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:
- Thematic breaks (
---,***,___,* * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.- Fenced code blocks (
```and~~~) were nested inside the list item. They now terminate the list and become a top-level code block.- Unindented bullet markers (
- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.An indented
***/___inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A---line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.
Updated dependencies [94de762]
@tiptap/extensionsPatch Changes
- 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental
StateField<DecorationSet>that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords),requestAnimationFramescheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.v3.27.2
@tiptap/extension-emojiPatch Changes
- ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
- Updated dependencies [ceebb31]
@tiptap/extension-file-handlerPatch Changes
- ceebb31: Add
consumePasteEventoption to the file-handler extension. Whentrue,handlePastereturnstrueeven when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default isfalse.- Updated dependencies [ceebb31]
... (truncated)
Changelog
Sourced from @tiptap/extension-link's changelog.
3.27.3
Patch Changes
3.27.2
Patch Changes
Commits
24d6abachore(release): publish a new stable version (#8002)a14683fchore(release): publish a new stable version (#7963)d51e62bUpdate packages/extension-link/src/link.ts864e719Update packages/extension-link/src/link.ts3a91de1Update packages/extension-link/src/link.tsef97c53Update packages/extension-link/src/link.tseb78ee2fix(link): coerce undefined HTMLAttributes to null to avoid ProseMirror error06b4274fix(extension-file-handler): add consumePasteEvent option to prevent duplicat...- See full diff in compare view
Updates @tiptap/pm from 3.27.1 to 3.27.3
Release notes
Sourced from @tiptap/pm's releases.
v3.27.3
@tiptap/corePatch Changes
- 94de762: Fix
deleteSelectionto delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.@tiptap/pm@3.27.3
@tiptap/extension-listPatch Changes
94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:
- Thematic breaks (
---,***,___,* * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.- Fenced code blocks (
```and~~~) were nested inside the list item. They now terminate the list and become a top-level code block.- Unindented bullet markers (
- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.An indented
***/___inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A---line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.
Updated dependencies [94de762]
@tiptap/extensionsPatch Changes
- 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental
StateField<DecorationSet>that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords),requestAnimationFramescheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.v3.27.2
@tiptap/extension-emojiPatch Changes
- ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
- Updated dependencies [ceebb31]
@tiptap/extension-file-handlerPatch Changes
- ceebb31: Add
consumePasteEventoption to the file-handler extension. Whentrue,handlePastereturnstrueeven when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default isfalse.- Updated dependencies [ceebb31]
... (truncated)
Changelog
Sourced from @tiptap/pm's changelog.
3.27.3
3.27.2
Patch Changes
- ceebb31: Updated all ProseMirror packages to the latest publicly available versions
Commits
Updates @tiptap/starter-kit from 3.27.1 to 3.27.3
Release notes
Sourced from @tiptap/starter-kit's releases.
v3.27.3
@tiptap/corePatch Changes
- 94de762: Fix
deleteSelectionto delete content across all selection ranges instead of only the first range. This restores multi-cell table selections and other custom selections with multiple ranges.@tiptap/pm@3.27.3
@tiptap/extension-listPatch Changes
94de762: Fix markdown parsing bugs where block elements right after an ordered list item (with no blank line in between) were wrongly treated as lazy continuation of the list item, instead of terminating the list the way other markdown parsers do:
- Thematic breaks (
---,***,___,* * *) were swallowed into the list item as literal paragraph text — along with every line after them. They now terminate the list and become a horizontal rule.- Fenced code blocks (
```and~~~) were nested inside the list item. They now terminate the list and become a top-level code block.- Unindented bullet markers (
- item) were nested inside the ordered list item. They now terminate the ordered list and start a new top-level bullet list. Indented bullets still nest inside the item as before.An indented
***/___inside item content is now also parsed as a horizontal rule inside the item instead of literal text. A---line directly below item paragraph text keeps its current behavior because it is a setext heading underline per CommonMark, not a thematic break.94de762: Fix indented ordered list items (e.g. one leading space before the marker, as happens when a top-level ordered list is itself nested inside another list) losing inline formatting during markdown parsing. The custom ordered-list markdown tokenizer built its nested structure with a hardcoded base indentation of 0, so an item whose actual indentation was non-zero never matched, causing the tokenizer to silently produce zero items and bail out — falling back to a path that left the item's content as literal, unparsed text instead of running it through inline tokenization (bold, italic, etc. were lost). The base indentation is now taken from the first collected item instead of being hardcoded.
Updated dependencies [94de762]
@tiptap/extensionsPatch Changes
- 94de762: Fixed placeholder flickering and disappearance on large documents. Replaced the viewport-based decoration scan with an incremental
StateField<DecorationSet>that only re-computes decorations for top-level nodes touched by each transaction. This eliminates the dependency on DOM measurement (posAtCoords),requestAnimationFramescheduling, and scroll listeners that caused flickering under collaboration, occlusion, and rapid edits.v3.27.2
@tiptap/extension-emojiPatch Changes
- ceebb31: Fix arrow key navigation past emoji nodes in Firefox. Previously, pressing ArrowLeft with the cursor adjacent to an inline non-selectable emoji node at a paragraph boundary would not move the cursor in Firefox. The cursor now correctly skips over emoji nodes in both directions.
- Updated dependencies [ceebb31]
@tiptap/extension-file-handlerPatch Changes
- ceebb31: Add
consumePasteEventoption to the file-handler extension. Whentrue,handlePastereturnstrueeven when HTML content is present in the clipboard, preventing paste rules from other extensions from creating duplicate content. Default isfalse.- Updated dependencies [ceebb31]
... (truncated)
Changelog
Sourced from @tiptap/starter-kit's changelog.
3.27.3
Patch Changes
- Updated dependencies [023f98c]
- Updated dependencies [b4600b6]
- Updated dependencies [1f3ca7a]
- Updated dependencies [76a76da]
@tiptap/core@3.27.3@tiptap/extension-list@3.27.3@tiptap/extensions@3.27.3@tiptap/extension-blockquote@3.27.3@tiptap/extension-bold@3.27.3@tiptap/extension-code@3.27.3@tiptap/extension-code-block@3.27.3@tiptap/extension-document@3.27.3@tiptap/extension-hard-break@3.27.3@tiptap/extension-heading@3.27.3@tiptap/extension-horizontal-rule@3.27.3@tiptap/extension-italic@3.27.3@tiptap/extension-link@3.27.3@tiptap/extension-paragraph@3.27.3@tiptap/extension-strike@3.27.3@tiptap/extension-text@3.27.3@tiptap/extension-underline@3.27.3@tiptap/extension-list-item@3.27.3@tiptap/extension-list-keymap@3.27.3@tiptap/extension-bullet-list@3.27.3@tiptap/extension-ordered-list@3.27.3@tiptap/extension-dropcursor@3.27.3@tiptap/extension-gapcursor@3.27.3@tiptap/pm@3.27.33.27.2
Patch Changes
- Updated dependencies [d3eb052]
- Updated dependencies [f586b6f]
- Updated dependencies [ceebb31]
@tiptap/extension-link@3.27.2@tiptap/extension-list@3.27.2@tiptap/pm@3.27.2@tiptap/extension-list-item@3.27.2@tiptap/extension-list-keymap@3.27.2@tiptap/extension-bullet-list@3.27.2@tiptap/extension-ordered-list@3.27.2@tiptap/core@3.27.2@tiptap/extension-code-block@3.27.2@tiptap/extension-horizontal-rule@3.27.2
... (truncated)
Commits
Updates marked from 18.0.5 to 18.0.6
Commits
39bd884chore(release): 18.0.6 [skip ci]6bce57dchore(deps-dev): bump@semantic-release/githubfrom 12.0.8 to 12.0.9 (#4009)63a4bbachore(deps-dev): bump markdown-it from 14.2.0 to 14.3.0 (#4010)a009808fix: Avoid O(n^2) backtracking in inline link href regex (#4013)33928d0fix: Fix ordered lists after blockquotes (#4003)bbb84c8fix: keep trailing text on HTML block close line for PI, declarations, and CD...d2af54echore(deps-dev): bump eslint from 10.5.0 to 10.6.0 (#4005)f403898chore(deps-dev): bump@arethetypeswrong/clifrom 0.18.3 to 0.18.4 (#4006)f8f4112chore(deps): bump actions/checkout from 6 to 7 (#4000)5ddfd8achore: Update repository metadata URLs (#3998)- Additional commits viewable in compare view
Updates @sveltejs/vite-plugin-svelte from 7.1.2 to 7.2.0
Release notes
Sourced from @sveltejs/vite-plugin-svelte's releases.
@sveltejs/vite-plugin-svelte@7.2.0Minor Changes
- feat(inspector): add a context menu with current component stack (#1370)
@sveltejs/vite-plugin-svelte@7.1.4Patch Changes
- fix: enforce ltr styles for inspector (#1324)
@sveltejs/vite-plugin-svelte@7.1.3Patch Changes
- fix: ensure the inspector is injected into the client correctly for Vite+ projects (#1355)
Changelog
Sourced from @sveltejs/vite-plugin-svelte's changelog.
7.2.0
Minor Changes
- feat(inspector): add a context menu with current component stack (#1370)
7.1.4
Patch Changes
- fix: enforce ltr styles for inspector (#1324)
7.1.3
Patch Changes
- fix: ensure the inspector is injected into the client correctly for Vite+ projects (#1355)
Commits
02981fdVersion Packages (#1371)4158aa2feat: context menu with component stack (#1370)c867a3aVersion Packages (#1368)dbdb255fix: inspector rtl host styles (#1324)694bc95chore(deps): update dependency typescript to v6 (#1315)9281816chore(deps): update all non-major dependencies (#1365)02d370dVersion Packages (#1361)3b581deRevert "feat: support.svelte.mjsand.svelte.mtsfiles" (#1366)5545e1afeat: support.svelte.mjsand.svelte.mtsfiles (#1293)2cb977efix(inspector): activate under Vite+ by matching its client module path (#1355)- See full diff in compare view
Updates svelte-check from 4.7.1 to 4.7.2
Commits
Updates typescript from 6.0.3 to 7.0.2
Commits
- See full diff in compare view
Maintainer changes
This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.
Updates vite from 8.1.3 to 8.1.4
Changelog
Sourced from vite's changelog.
8.1.4 (2026-07-09)
Features
Bug Fixes
- build: add workaround for building on stackblitz (#22840) (575c32c)
- build: keep
import.meta.urlin preload function as-is (#22839) (f1f90ed)- deps: update all non-major dependencies (#22865) (d4295a9)
- deps: update rolldown-related dependencies (#22866) (7cf07e4)
- html: avoid backtracking in import-only check (#22848) (b5868c0)
- optimizer: avoid optimizer run for transform request before init (#22852) (72a5e21)
- ssr: align named export function call stacktrace column with Node (#22829) (173a1b6)
- strip pure CSS chunk imports when chunkImportMap is enabled (#22841) (648bd04)
Documentation
Miscellaneous Chores
Code Refactoring
Tests
Build System
Commits
a477454release: v8.1.4ab5dafafeat(legacy): prefer oxc as minifier (fix #21973) (#22468)173a1b6fix(ssr): align named export function call stacktrace column with Node (#22829)575c32cfix(build): add workaround for building on stackblitz (#22840)72a5e21fix(optimizer): avoid optimizer run for transform request before init (#22852)a9539d6chore(deps): update dependency postcss-modules to v9 (#22867)70435b2docs: fix incorrect@defaultforserver.cors(#22859)2c4a217build: remove the custom onLog function (#22878)c581b55build: replace deprecatedonwarnwithonLog(#22741)ea22fb3refactor: eliminate ineffectiveDynamicImport warn (#22876)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Summary
- Updated 11 frontend dependencies, including CodeMirror, Tiptap, marked, Svelte tooling, TypeScript, and Vite.
- Includes patch, minor, and major version upgrades with upstream fixes and enhancements for parsing, selection handling, builds, optimization, inspection, and type checking.
AI usage
AI assistance is Not Likely. No clear indicators such as AI-related files, co-author attribution, or AI-generated comments were identified.
fix: pin typescript to 6.x, svelte-check crashes on ts 7 -
@TRC-Loop in #29
The Dependabot frontend-dependencies group (#21) bumped typescript to 7.0.2. TypeScript 7 is the native ("tsgo") port and changes the module shape, which svelte-check@4.7.2 does not support yet: a fresh install makes pnpm run check crash with
TypeError: Cannot read properties of undefined (reading 'useCaseSensitiveFileNames')
Local checks kept passing only because node_modules still had TS 6.0.3; CI or a fresh install would fail.
- Pinned
typescriptback to^6.0.3and regenerated the lockfile (svelte-check and vite bumps kept). - Added a Dependabot ignore for
typescript >= 7.0.0so it is not re-proposed until the Svelte language tools support it.
fix: show Settings in window title instead of last message -
@TRC-Loop in #22
While the settings screen is open, the native window title kept showing the last opened message's subject. Set it to the localized "Settings - Pelton" whenever settings is open, and restore the folder/message title on close.
🤖 Generated with Claude Code
fix: avatar initials leaking address chars and dull geometric style -
@TRC-Loop in #23
Two fixes to the generated placeholder avatars:
- Initials glitch: a display name that still carried its address ("Foo foo@example.com") produced initials like "F<". The name is now stripped of any bracketed address and surrounding quotes before deriving initials, and only tokens starting with a letter/digit are considered.
- Geometric style: the old style layered muddy translucent polygons and mostly differed by color. Replaced with a generative Bauhaus-style mark on a 2x2 grid, driven by a seeded PRNG so each sender gets a structurally distinct composition (disc, half/quarter-disc, triangle, ring, dot at varied rotations, with occasional negative space).
feat: auto-sync interval as a stepped slider -
@TRC-Loop in #24
The automatic-sync interval in Sync & Energy used a long segmented control that overflowed and wrapped to multiple lines. Replaced it with a stepped slider (StepSlider) whose steps are the existing predefined intervals (off, 30s, 5m, 15m, 30m, 1h, 6h, 12h, 24h). The current step's label is shown above the track and the range ends are anchored, so it reads cleanly at any panel width. Fully tokened; keyboard accessible via the native range input.
feat: manage trusted image senders whitelist -
@TRC-Loop in #25
Adds a "Manage whitelist" button in Privacy that opens a modal listing every sender and domain the user has allowed to load remote images. Each entry shows an example cached message (click to open it and remember who it is) and a remove button to revoke trust.
- Backend:
ListImageAllowlistandRemoveImageAllowbindings over the existingremote_allow_senders/remote_allow_domainssettings, plusstorage.LatestMessageFromto resolve an example message per sender/domain. - Frontend:
ImageAllowlistModal(lazy-loaded so its list logic doesn't weigh on the settings bundle), wired into the Privacy section. Fully localized across all five locales.
fix: resume interrupted offline download and add cancel -
@TRC-Loop in #27
Resume bug
An offline bulk download did not continue after closing the app. The cause: runRangeDownload cleared the resume marker (settingDownloadPending) on every exit path, including when the app context was cancelled at shutdown, so a mid-download close wiped the marker and ResumePendingDownload had nothing to pick up next launch. The marker is now only cleared on genuine completion, a real error, or an explicit user cancel; if the job stops because the app is shutting down it is left in place, so the download resumes automatically on the next start.
Cancel
Added a cancel button in the status-line download progress (and in the offline settings section while a download runs). The job now runs under its own cancellable context, so CancelDownload stops it without tearing down the app context, and clears the resume marker so it does not restart.
Removed the size estimate
Dropped the pre-download "~X GB across N messages" estimate: sizing the range required a full connect/search/fetch-sizes pass over IMAP on every start-date change, which is most of the download work itself. Removed EstimateDownloadRange, planAndSizeAccount, DownloadEstimateDTO, the now-unused imap.FetchSizes, and the settings UI + locale strings for it.
The offline range menu already uses the custom DateTimePicker.
fix: choppy swipe gesture firing before full pull -
@TRC-Loop in #28
The trackpad two-finger swipe on message rows was choppy and would fire an action before the row was pulled all the way. Causes: the release timer was too short (130 ms), so a natural mid-swipe pause counted as "let go" and committed at just 55%; the drag was hard-clamped so it felt stuck at the edge; and a switch to vertical scrolling left the row hanging open.
Reworked the wheel physics (still trackpad two-finger, as before):
- Release is inferred from wheel deltas stopping for 200 ms, so a pause mid-swipe no longer commits.
- Commit only past 60% of the row width; otherwise it snaps back.
- Rubber-band resistance past the row width so the reveal feels anchored instead of flinging off-screen.
- A clearly vertical burst while engaged ends the gesture and snaps back, so scrolling is never hijacked.
feat: search keyword chips with autocomplete -
@TRC-Loop in #30
Adds structured search chips to the message-list search:
- Type
from:/sender:,to:,subject:, orhas:attachmentand the token becomes a chip on space or Enter. Chips render as removable pills; Backspace on an empty input removes the last one. - An autocomplete dropdown suggests the keywords as you type a partial one (Tab accepts the first).
- The calendar button now inserts
before:/after:date chips instead of the old custom-range popover. - Free text and the chip constraints are dispatched as a structured
SearchFilter; the query clears when the folder/view changes.
Backend: search.Query gains From/To/Subject (field-scoped, AND-matched; to: matches to+cc), and Search post-filters has:attachment using the stored message flag (no re-index needed).
Old date-preset UI (Any time / Last 7 days / custom range) is replaced by the date chips; its locale strings were removed and the new chip/suggestion strings added across all five locales.
Verified: Go build + tests, svelte-check, and unit-checked the chip parser. Worth a manual pass via make run for the interaction feel.
feat: customizable reading pane empty-state image -
@TRC-Loop in #26
The reading pane's empty state (no message open) always showed the bundled Pelton logo. Adds a "Reading pane image" control in Appearance settings with "Select image" (picks a local image, stored as a data URI in settings) and "Reset to default" (restores the logo).
Size handling: files over 50 MB are refused; between 3 MB and 50 MB a "here be dragons" warning appears (a large data URI in settings can slow app load) and the user can proceed anyway.
Persisted through the existing UI-prefs bundle (emptyStateImage), so it applies immediately and survives restarts. Localized across all five locales.
feat: replace config sync with settings import/export -
@TRC-Loop in #31
Removes the folder-based config-sync feature (it was broken) and replaces it with a local, file-based Import/Export in the same settings tab.
Removal + migration
- Deleted the mirror-mode config-sync (
Manager, full-cache, merge, metadata, settings snapshots), its bindings, the two Svelte components, the status event, and thefsnotifydependency. - Kept the data-directory plumbing needed for a one-shot migration: on startup, if a device still has the legacy "in-place" marker (its live data dir was redirected into the synced folder),
MigrateInPlaceBacksnapshots that data back to the normal app-support directory and removes the marker, so the next launch opens from the standard location. No data is lost.
Import / Export
- Export: pick categories (Settings, Trusted senders) and save to a JSON file with metadata (created timestamp, app version).
- Import: pick a file; the UI shows when it was made and which categories it holds, then you choose what to bring in. Settings are re-applied and prefs reload live.
- Backend:
ExportData,InspectBackupFile,ImportData. The whitelist is exported separately from settings; local/transient keys (search watermark, pending-download marker) are never exported.
Verified: go build ./..., go vet, go test ./internal/..., and svelte-check all pass. Recommend a manual pass via make run for the export/import dialogs.
fix: use mailbox consistently instead of account in ui copy -
@TRC-Loop in #32
The UI calls a connected account a "mailbox" almost everywhere (Add mailbox, Mailboxes, the wizard, the sidebar), but a handful of strings drifted to "account", which read inconsistently.
Unified those strays to the canonical mailbox term per language:
- en → mailbox, de → Postfach, fr → boîte mail, nl → mailbox
- Spanish is left as-is: it deliberately uses "cuenta" throughout, so it is already internally consistent.
Strings touched: onboarding (connect/portable), the message info modal's field label, the mailbox-badge note, the Mailboxes section hint, and the auto-sync interval hint. Only translation values changed (no key renames, no code identifiers touched, so the backend Account type and bindings are unaffected). svelte-check passes.
feat: cosmetic demo mode via --potatoes-are-nice -
@TRC-Loop in #33
Adds a purely-cosmetic demo mode for website screenshots, launched with the --potatoes-are-nice flag (or make nice-potatoes).
When active, the frontend fills the whole UI with fixed potato-themed sample data instead of reading real accounts and mail:
- Two Pelton/potato mailboxes with folder trees and counts.
- A unified inbox of ~10 potato emails (Marina's Q4 numbers, Pelton Potato Island, seed-potato invoices, harvest festival, ...). Every message opens to the same casual "coworker about potatoes" HTML body.
- A sync shown in progress in the status bar, and one email frozen in the "sending" state so the outbox indicator is visible.
It is genuinely offline and non-destructive:
- Backend: when
--potatoes-are-niceis set, startup skips all background services (sync, IMAP idle, the outbox worker, auto-update checks, download resume, migrations). The store still opens so bound calls don't error, but nothing runs against it or the network. - Frontend: the data functions and
senderPhotosshort-circuit to the samples/generated avatars, so no Gravatar/BIMI lookups either.
Nothing persists. Verified by running make nice-potatoes: the potato inbox renders with generated avatars and zero IMAP/network activity in the logs. go build, go vet-clean, and svelte-check pass.
Summary
Adds a cosmetic, offline potato-themed demo mode enabled with --potatoes-are-nice or make nice-potatoes.
- Frontend serves fixed sample accounts, folders, messages, avatars, sync status, and outbox data.
- Backend skips network services and state-changing startup tasks while keeping the store available for bound calls.
- No real account data is accessed, persisted, or modified.
- Validation completed with
go build,go vet, andsvelte-check.
AI usage
AI assistance is Very Likely, but the available change summary does not establish whether usage was 100% agentic or limited assistance. No definitive AI authorship indicators were confirmed.
fix: open links in email body in the external browser -
@TRC-Loop in #34
Links and buttons in an email body were not clickable — you had to copy the URL into a browser by hand. The message body renders in a sandboxed iframe without allow-popups/allow-top-navigation, so an <a href> click silently did nothing.
Now a click listener on the iframe document intercepts anchor clicks and hands the URL to the OS default browser via Wails BrowserOpenURL (http/https/mailto only; in-page # anchors are ignored). The sandbox stays script-free.
fix: preserve email background colors so light text stays readable -
@TRC-Loop in #35
Emails that design a section with light text on a dark background (very common in newsletters/marketing mail) were unreadable in Pelton: white-on-white. The sanitizer kept the text color but stripped the background, so the light text landed on our fixed white page. Apple Mail keeps the background, so it looked fine there.
Fix in the sanitizer policy (internal/mailview):
- Keep the
backgroundshorthand style (not justbackground-color). - Keep the legacy
bgcolorattribute onbodyand table elements (the other common way mail sets a section background). - Keep
<font color>so its text color stays paired with the background instead of falling back to our dark default (which would flip the problem to dark-on-dark).
Remote safety is unchanged: any remote background image a style might carry is still blocked by the iframe CSP (img-src) when remote content is off, and still triggers the "remote content blocked" banner. go build/go vet pass; verified with a sanitize test that bgcolor, background: and <font color> survive.
fix: fedora copr install failing and rpm not uninstallable via GUI -
@TRC-Loop in #36
Fixes two Fedora packaging defects reported on 1.0.4.
dnf install from Copr failed entirely
The Copr spec packages the binary already built on the Actions runner (Ubuntu). rpmbuild's automatic dependency generator scanned that ELF and added Requires for every SONAME and glibc symbol version it links against, taken from the build box's glibc/webkit. Those don't line up with the Fedora chroot, so dnf reported "nothing provides ..." and refused to install. rpmbuild also tried to build a -debuginfo subpackage from the stripped Go binary.
AutoReqProv: no+ hand-declaredRequires: gtk3, webkit2gtk4.1(already the real runtime deps).%global debug_package %{nil}to skip debuginfo extraction.
Double-clicking the .rpm installed, but there was no way to uninstall it
No AppStream metainfo shipped, so GNOME Software / KDE Discover never linked the installed pelton.desktop app to its owning package and showed no Remove button (dnf remove pelton from the CLI always worked).
- New
build/linux/pelton.metainfo.xml(<launchable>points atpelton.desktop), shipped to/usr/share/metainfoby both nfpm and the Copr spec. Passesappstreamcli validate.
Launcher bug
Exec=Pelton %u but the binary installs as lowercase /usr/bin/pelton, so clicking the app icon did nothing. Fixed to Exec=pelton.
Also: Copr spec now installs a hicolor icon + refreshes the icon cache in scriptlets; workflow bundles the metainfo into the Copr source tarball; README documents uninstalling.
Summary
- Fix Fedora packaging by disabling automatic RPM dependency/debuginfo generation and declaring required GTK/WebKit dependencies.
- Add AppStream metadata, hicolor icon installation, and icon-cache refresh scriptlets.
- Include metainfo in nfpm packaging and Copr source archives.
- Correct the desktop launcher to use the lowercase
peltonexecutable. - Document Fedora uninstallation via
dnfor graphical software centers.
AI usage
Not Likely. No explicit AI authorship, agent files, co-author markers, or AI-related comments were identified.
Full Changelog: v1.0.3...v1.0.4