- Scope base JS/TS configs to only JS/TS file extensions, preventing
TypeError when ESLint applies core rules to markdown/CSS/JSON files
- Remove silent data loss from duplicate JSON keys in five translation
files where the second dashboard block was overriding the first
- Fix unsafe optional chaining in CredentialManager that would throw
TypeError when providerTypeInfo is undefined
- Remove stale eslint-disable directive for a rule now handled globally
by the unused-imports plugin
- Downgrade high-volume lint rules (testing-library, jsx-a11y, import-x,
vitest) from error to warn to unblock development while preserving
visibility for incremental cleanup
- Create sa-generate.md for generating implementation documentation from plans
- Create sa-implement.md for executing implementation plans step-by-step
- Create sa-plan.md for collaborating with users to design development plans
- Add security scan commands for CodeQL, Docker images, Go vulnerabilities, and GORM
- Implement SQL code review and optimization commands
- Add supply chain vulnerability remediation process
- Introduce backend and frontend test commands with coverage checks
- Update settings.json for command permissions
- Document governance, project overview, code quality rules, and critical architecture rules in CLAUDE.md
- Establish root cause analysis protocol and definition of done for development
- Implemented email notification functionality in the NotificationService.
- Added support for rendering email templates based on event types.
- Created HTML templates for various notification types (security alerts, SSL events, uptime events, and system events).
- Updated the dispatchEmail method to utilize the new email templates.
- Added tests for email template rendering and fallback mechanisms.
- Enhanced documentation to include email notification setup and usage instructions.
- Introduced end-to-end tests for the email notification provider in the settings.
The Dockerfile already centralizes all version pins into top-level ARGs
(GO_VERSION, ALPINE_IMAGE, CROWDSEC_VERSION, EXPR_LANG_VERSION, XNET_VERSION).
This change closes the remaining gaps so those ARGs are the single source of
truth end-to-end:
- nightly-build.yml now resolves the Alpine image digest at build time and
passes ALPINE_IMAGE as a build-arg, matching the docker-build.yml pattern.
Previously, nightly images were built with the Dockerfile ARG default and
without a pinned digest, making runtime Alpine differ from docker-build.yml.
- six CI workflows (quality-checks, codecov-upload, benchmark, e2e-tests-split,
release-goreleaser, codeql) declared a GO_VERSION env var but their setup-go
steps ignored it and hardcoded the version string directly. They now reference
${{ env.GO_VERSION }}, so Renovate only needs to update one value per file
and the env var actually serves its purpose.
- codeql.yml had no GO_VERSION env var at all; one is now added alongside the
existing GOTOOLCHAIN: auto entry.
When Renovate bumps Go, it updates the env var at the top of each workflow and
the Dockerfile ARG — zero manual hunting required.
