Skip to content

Release v0.33.0

Latest

Choose a tag to compare

@github-actions github-actions released this 06 Jul 23:59
Immutable release. Only release title and notes can be modified.
ad38ebb

What's Changed

🚀 Features

  • comprehensive theme system + FOUC fix (closes #34) (#1092)
  • add Settings Appearance tab, theme gallery, and preview
  • add custom color picker and theme import/export
  • add logo customization — backend upload endpoint and frontend UI
  • add banner upload endpoint and named themes backend CRUD
  • add banner customizer and named user themes frontend
  • enhanced dashboard with statistics (#25) (#1075)
  • add RequestLog model and AutoMigrate registration
  • add StatsIngester for log fan-out and batch DB writes
  • add StatsService with aggregation queries and TTL cache
  • add stats API client and TypeScript type definitions
  • add useStats and useStatsWebSocket hooks
  • add stats chart and widget components
  • integrate stats sections into Dashboard page
  • add stats handler and WebSocket hub for dashboard stats
  • add widget tooltips, top-hosts color coding, and hide/show controls
  • add warmup guide and improve empty state UX

🐛 Bug Fixes & Improvements

  • retry go mod download in backend-builder stage
  • sync frontend version and default backend version
  • retry network fetches during Docker image build
  • retry SBOM attestation, switch to actions/attest
  • close db connections and sync integrity check in TestMain
  • show toast on session expiry, dismiss on re-login
  • show toast on session expiry, dismiss on re-login
  • support squash-merge bodies in auto-versioning and changelog
  • add sourceUrl for prometheus/client_golang lookup
  • update module gorm.io/gorm to v1.31.2 (#1105)
  • revert node image to 24.16.0-alpine3.24 with valid multi-arch digest
  • upgrade node image to 24.17.0 and patch undici CVE-2026-12151
  • restore missing vite@8.1.0 entry in frontend lock file
  • use axios for session validation to fix Firefox E2E auth test
  • migrate CSS to data-theme selectors and update Tailwind config
  • replace useLayoutEffect with useEffect + data-theme attribute; fix FOUC
  • update test mocks for ThemeContext useUserThemes dependency and banner API
  • update theme-fouc spec to use data-theme attribute instead of className
  • add explicit semicolons in FOUC script to satisfy CodeQL ASI rule
  • remove unused imports in theme.spec.ts to resolve CodeQL finding
  • rewrite theme-fouc spec to eliminate unreliable DOMContentLoaded listener
  • suppress CVE-2026-39824 (GO-2026-5024) in Trivy and Grype
  • ensure server-side session is invalidated before local state clears on logout
  • eliminate TempDir cleanup race in database tests
  • correct react-hook-form 7.80.0 integrity hash in lockfile
  • wrap webkit scrollbar styles in @supports selector guard
  • remove unused autoprefixer dependency
  • add post-upload SARIF verification to weekly security rebuild
  • align trivyignores and upload-sarif SHA across scan workflows
  • resolve js-yaml and markdown-it DoS vulnerabilities via npm overrides
  • add aria-expanded to sidebar accordion buttons
  • join proxy_hosts to populate Top Hosts hostname
  • run SQLite integrity check in background to avoid blocking startup
  • give startup integrity check its own connection
  • use proxy host Name instead of domain names for Top Hosts
  • silence record-not-found noise in GORM query logs
  • match Top Hosts by domain instead of ProxyHost UUID
  • replace CSS variable with hex literal in TrafficVolumeChart
  • add LineChart mock and update QA report for feature/stats
  • update npm-non-major to ^7.18.0 (#1084)
  • update npm-non-major (#1082)
  • regenerate frontend lock file to restore missing eslint@10.5.0 entries
  • prepare for npm v12 breaking changes (#1072)
  • disable dependency install scripts for all npm installs
  • simplify PATH export and remove redundant list cmd
  • move frontend builder to node alpine3.24 base to clear critical/high base-image CVEs
  • unregister auth error handler on AuthProvider unmount (#1070)
  • update go-non-major to v0.7.2 (#1068)
  • gracefully handle production dlv stub when CHARON_DEBUG=1
  • gate Delve install on BUILD_DEBUG, pin x/sys for GO-2026-5024
  • extend no-cache-filters to caddy-builder and crowdsec-builder in e2e workflow
  • pass pr_number when dispatching security-pr.yml from weekly promotion
  • add Renovate sourceUrl overrides for gin packages (#1065)
  • add sourceUrl overrides for gin packages in Renovate config
  • serve banner.webp and use picture element for optimized image delivery (#1063)
  • serve banner.webp and use picture element for optimized image delivery
  • update codecov action
  • remove deprecated Firefox CSS and add modern browserslist targets (#1060)
  • update bytedance/sonic to v1.15.2 and mattn/go-sqlite3 to v1.14.45
  • update knip to v 6.16.0
  • update npm-non-major to ^7.17.0
  • suppress GO-2024-2565, GO-2024-2557, GO-2026-4518 in grype/trivy
  • patch CVE-2026-40898 (quic-go QPACK) in crowdsec-builder
  • patch CVE-2026-40898 in buger/jsonparser via caddy-builder
  • update npm-non-major to ^7.17.0
  • patch CVE-2026-40898 in buger/jsonparser via crowdsec-builder
  • resolve Go toolchain mismatch in CodeQL and all CI workflows
  • align all workflow and VS Code go.goroot references to 1.26.4
  • update grype version to 0.113.0
  • prevent flash of unstyled content on page load
  • update Syft version to v1.45.0 in multiple workflows and scripts
  • update Go version to 1.26.4 in settings, Dockerfile, and module files
  • update @tanstack/react-query to v5.101.0 and axios to v1.17.0
  • update prometheus/common to v0.68.1
  • update Caddy version to 2.11.4 in Dockerfile
  • update Renovate configuration to correctly map gopkg.in/yaml.v3
  • restore stale Grype code scanning pipeline
  • regenerate lockfile to restore missing eslint and vite package entries

Full Changelog: v0.32.7...v0.33.0