* Add CSP nonce support and enhance security headers
Introduced secure headers and CSP nonce to improve app security by integrating `@nosecone/next`. Updated middleware, root providers, and layout to handle nonce propagation, enabling stricter CSP policies when configured. Also upgraded dependencies and tooling versions.
* Add OTP and security guidelines documentation and additional checks on client-provided values
- Introduced additional checks on client-provided values such as cookies
- Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations.
- Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling.
These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices.
* Update Stripe SDK and dependencies
1. Upgrade `stripe` package from version 17.7.0 to 18.0.0 in `package.json`.
2. Update `STRIPE_API_VERSION` in `stripe-sdk.ts` to '2025-03-31.basil'.
3. Refactor `StripeWebhookHandlerService` to retrieve subscription details using Supabase client, ensuring compatibility with the new Stripe version.
4. Introduce helper methods `getPeriodStartsAt` and `getPeriodEndsAt` for better handling of subscription periods based on the Stripe API changes.
These changes enhance the integration with the latest Stripe API and improve the overall reliability of the billing service.
* Refactor billing payload builders to remove config dependency
Removed direct dependency on `BillingConfig` in subscription payload builders.
Introduced `PlanTypeMap` to streamline plan type resolutions. Updated webhook handlers and event processing functions to handle plan types more efficiently and improve extensibility.
* Refactor Stripe subscription handling for improved accuracy
1. Add user creation and password reset dialog functionalities; added Junie guidelines
Introduced new `AdminCreateUserDialog` and `AdminResetPasswordDialog` components for managing user accounts in the admin panel. Updated the `AdminAccountsTable` page with a button for user creation and implemented backend logic for password resets with robust error handling.
2. Added Jetbrains AI guidelines
* Add OTP and security guidelines documentation and additional checks on client-provided values
- Introduced additional checks on client-provided values such as cookies
- Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations.
- Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling.
These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices.
* Add OTP API documentation and enhance security guidelines
- Introduced comprehensive documentation for the OTP API, detailing the creation and verification of OTP tokens for sensitive operations.
- Enhanced security guidelines for Next.js, emphasizing the importance of input validation, environment variable management, and error handling.
- Implemented additional checks for client-provided values to improve overall security posture.
These updates provide clear instructions for developers and strengthen the project's security framework.
Updated multiple dependencies to their latest versions, including `next` to `15.3.1`, `zod` to `3.24.3`, `@tanstack/react-query` to `5.74.4`, and others. This ensures compatibility, improves stability, and incorporates the latest bug fixes.
1. Enable Turbopack for testing builds
2. Move turbopack configuration to new top-level config property
3. Bump package.json version
4. Add missing env in .env
5. Added more ignored paths to .cursorignore
1. Added declarative schemas to Supabase
2. Added Cursor Ignore to ignore some files from Cursor
3. Added Prettier Ignore to ignore some files from Prettier
4. Formatted files so that PG Schema diff won't return any changes
- Bump versions for `@hookform/resolvers`, `@tanstack/react-query`, `lucide-react`, `tailwindcss`, and `@types/node` to their latest compatible versions.
- Update `babel-plugin-react-compiler` to a newer beta version.
- Adjust `@supabase/supabase-js` and `@stripe/react-stripe-js` to their latest versions.
- Increment `sonner` and `tailwind-merge` versions for improved functionality.
- Update `@react-email/components` to the latest version for email templates.
This update ensures compatibility with the latest features and fixes across the codebase.
1. Marketing Layout: speed up rendering by retrieving user session from cookies instead of using server side request
2. Use "redirecting" state when signing in to keep displaying a loading state while Next.js redirects to home page
3. Use "useCallback" to prevent double tracking when switching pages
4. Add links pre-fetching in marketing navigation
5. Add new pending state to MFA verification form
6. Pre-fetch sign-in/sign-up pages
7. Fix i18n when using regional languages
8. currency formatter should default to the region if it exists
9. Update packages
1. Update data loaders (#223)
2. Use new data loader functionality to allow filtering by both name and email in Super Admin
3. Update test to use email filtering
1. Revert Card changes
2. Use X logo instead of Twitter
3. Update Dependencies
* Remove reference to pg_sodium as new Supabase CLI doesn't play well with it
1. Update dependencies
2. Use cssnano for production
3. Assign an environment variable to Sentry's environment settings
4. `Pill` now accepts React Nodes so we can pass translations using Trans component
5. Switch to mailpit API during tests
6. Do not require Email Sender to be of type email and add proper error messages
* Add validation for team account names
- Prevent creating teams with reserved names like 'billing' and 'settings'
- Add regex validation to block team names with special characters
- Update localization for new error messages
- Extend E2E tests to cover various invalid team name scenarios
* Enhance team account name validation and slug generation
- Add comprehensive tests for account slug generation in Supabase
- Improve team name validation schema to handle special characters
- Add form validation message display in update team account name form
- Refine slug generation to handle various edge cases like special characters, non-ASCII text, and mixed case
* Set default oAuth scopes for azure and keycloak. Allow passing custom query parameters from the OauthProviders component.
* Pass return path if a next query parameter is provided. Use home path otherwise.
2. Alter default values for verifying nonces: verification time is reduced to 15 minutes, max attempts before a nonce expires is set to 1 when using the service
- Updated All dependencies
- Updated Next.js 15.2.0
- Updated Stripe API version
- Remove Sentry replayIntegration by default
- Added IMPROVEMENT.yml file
- Bump version to 2.5.1
* Allow Super Admin to view tables using RLS
* Replace previous usages of the Admin client using the authed client using the new RLS
* Enforce MFA for Super Admin users
* Enforce RLS when user opted in to MFA.
* Add Super Admin Access Policies and Update Database Types
* Consolidate super admin logic into a single function that uses the RPC is_super_admin
* Added Super Admin E2E tests
* Fixes and improvements
* Bump version to 2.5.0
One-Time Password (OTP) package added with comprehensive token management, including OTP verification for team account deletion and ownership transfer.
* Refactor UI components to use ComponentPropsWithRef for improved type safety
* Updated dependencies and removed duplicate instance of Tslint since it's already provided in the Next.js config
* Update dependencies and configuration files
- Upgrade Lucide React to version 0.475.0
- Update Markdoc to version 0.5.0
- Bump ESLint to version 9.20.0
- Update Tailwind CSS to version 4.0.5
- Add import-in-the-middle to Sentry package
- Remove import-in-the-middle and require-in-the-middle from web app
- Update browserslist configuration
- Remove eslintConfig from web app package.json
- Add ESLint configuration template for package generator
