v1.1.0
Security updates!
- Added shared security helpers for safe JSON-in-script serialization and rich HTML sanitization.
- Sanitized dynamic Add to Calendar PRO event descriptions before rendering them as HTML.
- Escaped JSON payloads embedded in structured data and WebMCP scripts to prevent </script> breakout XSS.
- Replaced raw hreflang HTML generation with native Astro rendering.
- Hardened content URL schemas to allow only http and https URLs.
- Documented sanitization requirements for external CMS/API content.
- Re-enabled Dependabot version update PRs.
- Pinned GitHub Actions to immutable commit SHAs.