You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Single-quote escape in Pagefind result rendering (Search.astro): escapeHtml was neutralizing &, <, >, and " before injecting Pagefind result excerpts into the DOM but left ' untouched, leaving an attribute-context breakout vector if a result excerpt was ever rendered inside a single-quoted attribute. Added ' → ' to the chain — mirrors the v1.1.11 hardening on Schema.astro.
Performance
Cached Pagefind init Promise + O(1) keyboard navigation in Search.astro: loadPagefind now memoizes the in-flight Promise rather than only the resolved module, so concurrent callers (keyboard shortcut + rapid keystrokes) share one init cycle. setActive updates only the previously-active and newly-active result nodes instead of iterating the full NodeList per keypress (O(N) → O(1)).
UX
Tactile click feedback + focus ring on /download/ installer cards: .card elements now scale to 0.96 on :active (wrapped in prefers-reduced-motion: no-preference) and render an explicit :focus-visible outline. Disabled cards are excluded. Extends the v1.1.12 landing-page CTA affordance to the download surface.
Focus-visible + active states on DocsSidebar.astro links: docs sidebar links now show a 2px inset focus-visible outline and scale to 0.96 on :active, honouring reduced-motion. Closes the last navigation surface that lacked keyboard / tactile parity.
CI
pnpm/action-setup bumped 6.0.5 → 6.0.6 (upstream fix: bin_dest output now points to the self-updated pnpm rather than the bootstrap binary).
