Immutable
release. Only release title and notes can be modified.
What's Changed
🚀 Features
- comprehensive theme system + FOUC fix (closes #34) (#1092)
- add Settings Appearance tab, theme gallery, and preview
- add custom color picker and theme import/export
- add logo customization — backend upload endpoint and frontend UI
- add banner upload endpoint and named themes backend CRUD
- add banner customizer and named user themes frontend
- enhanced dashboard with statistics (#25) (#1075)
- add RequestLog model and AutoMigrate registration
- add StatsIngester for log fan-out and batch DB writes
- add StatsService with aggregation queries and TTL cache
- add stats API client and TypeScript type definitions
- add useStats and useStatsWebSocket hooks
- add stats chart and widget components
- integrate stats sections into Dashboard page
- add stats handler and WebSocket hub for dashboard stats
- add widget tooltips, top-hosts color coding, and hide/show controls
- add warmup guide and improve empty state UX
🐛 Bug Fixes & Improvements
- retry go mod download in backend-builder stage
- sync frontend version and default backend version
- retry network fetches during Docker image build
- retry SBOM attestation, switch to actions/attest
- close db connections and sync integrity check in TestMain
- show toast on session expiry, dismiss on re-login
- show toast on session expiry, dismiss on re-login
- support squash-merge bodies in auto-versioning and changelog
- add sourceUrl for prometheus/client_golang lookup
- update module gorm.io/gorm to v1.31.2 (#1105)
- revert node image to 24.16.0-alpine3.24 with valid multi-arch digest
- upgrade node image to 24.17.0 and patch undici CVE-2026-12151
- restore missing vite@8.1.0 entry in frontend lock file
- use axios for session validation to fix Firefox E2E auth test
- migrate CSS to data-theme selectors and update Tailwind config
- replace useLayoutEffect with useEffect + data-theme attribute; fix FOUC
- update test mocks for ThemeContext useUserThemes dependency and banner API
- update theme-fouc spec to use data-theme attribute instead of className
- add explicit semicolons in FOUC script to satisfy CodeQL ASI rule
- remove unused imports in theme.spec.ts to resolve CodeQL finding
- rewrite theme-fouc spec to eliminate unreliable DOMContentLoaded listener
- suppress CVE-2026-39824 (GO-2026-5024) in Trivy and Grype
- ensure server-side session is invalidated before local state clears on logout
- eliminate TempDir cleanup race in database tests
- correct react-hook-form 7.80.0 integrity hash in lockfile
- wrap webkit scrollbar styles in @supports selector guard
- remove unused autoprefixer dependency
- add post-upload SARIF verification to weekly security rebuild
- align trivyignores and upload-sarif SHA across scan workflows
- resolve js-yaml and markdown-it DoS vulnerabilities via npm overrides
- add aria-expanded to sidebar accordion buttons
- join proxy_hosts to populate Top Hosts hostname
- run SQLite integrity check in background to avoid blocking startup
- give startup integrity check its own connection
- use proxy host Name instead of domain names for Top Hosts
- silence record-not-found noise in GORM query logs
- match Top Hosts by domain instead of ProxyHost UUID
- replace CSS variable with hex literal in TrafficVolumeChart
- add LineChart mock and update QA report for feature/stats
- update npm-non-major to ^7.18.0 (#1084)
- update npm-non-major (#1082)
- regenerate frontend lock file to restore missing eslint@10.5.0 entries
- prepare for npm v12 breaking changes (#1072)
- disable dependency install scripts for all npm installs
- simplify PATH export and remove redundant list cmd
- move frontend builder to node alpine3.24 base to clear critical/high base-image CVEs
- unregister auth error handler on AuthProvider unmount (#1070)
- update go-non-major to v0.7.2 (#1068)
- gracefully handle production dlv stub when CHARON_DEBUG=1
- gate Delve install on BUILD_DEBUG, pin x/sys for GO-2026-5024
- extend no-cache-filters to caddy-builder and crowdsec-builder in e2e workflow
- pass pr_number when dispatching security-pr.yml from weekly promotion
- add Renovate sourceUrl overrides for gin packages (#1065)
- add sourceUrl overrides for gin packages in Renovate config
- serve banner.webp and use picture element for optimized image delivery (#1063)
- serve banner.webp and use picture element for optimized image delivery
- update codecov action
- remove deprecated Firefox CSS and add modern browserslist targets (#1060)
- update bytedance/sonic to v1.15.2 and mattn/go-sqlite3 to v1.14.45
- update knip to v 6.16.0
- update npm-non-major to ^7.17.0
- suppress GO-2024-2565, GO-2024-2557, GO-2026-4518 in grype/trivy
- patch CVE-2026-40898 (quic-go QPACK) in crowdsec-builder
- patch CVE-2026-40898 in buger/jsonparser via caddy-builder
- update npm-non-major to ^7.17.0
- patch CVE-2026-40898 in buger/jsonparser via crowdsec-builder
- resolve Go toolchain mismatch in CodeQL and all CI workflows
- align all workflow and VS Code go.goroot references to 1.26.4
- update grype version to 0.113.0
- prevent flash of unstyled content on page load
- update Syft version to v1.45.0 in multiple workflows and scripts
- update Go version to 1.26.4 in settings, Dockerfile, and module files
- update @tanstack/react-query to v5.101.0 and axios to v1.17.0
- update prometheus/common to v0.68.1
- update Caddy version to 2.11.4 in Dockerfile
- update Renovate configuration to correctly map gopkg.in/yaml.v3
- restore stale Grype code scanning pipeline
- regenerate lockfile to restore missing eslint and vite package entries
Full Changelog: v0.32.7...v0.33.0