* Add OTP and security guidelines documentation and additional checks on client-provided values
- Introduced additional checks on client-provided values such as cookies
- Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations.
- Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling.
These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices.
* Add OTP API documentation and enhance security guidelines
- Introduced comprehensive documentation for the OTP API, detailing the creation and verification of OTP tokens for sensitive operations.
- Enhanced security guidelines for Next.js, emphasizing the importance of input validation, environment variable management, and error handling.
- Implemented additional checks for client-provided values to improve overall security posture.
These updates provide clear instructions for developers and strengthen the project's security framework.
* Update Next.js and React versions in all packages
* Replace onRedirect function with next/link in BillingSessionStatus, since it's no longer cached by default
* Remove unused revalidatePath import in billing return page, since it's no longer cached by default
* Add Turbopack module aliases to improve development server speed
* Converted new Dynamic APIs to be Promise-based
* Adjust mobile layout
* Use ENABLE_REACT_COMPILER to enable the React Compiler in Next.js 15
* Report Errors using the new onRequestError hook
The update changes the way locales are checked against the list of accepted languages. Now, instead the full locale, only the language segment is considered when determining if the locale is accepted. Additionally, a check in 'getPreferredLanguageFromBrowser' was added to ensure 'acceptLanguage' is not undefined before attempting to parse it.
This commit adds a new 'languagePriority' key to the feature flags configuration. It determines whether to use user's preferred language or the application's default language. Adjustments to the language selection process according to new flag have been made in the 'createInstance' function in 'i18n.server.ts'. Additionally, updates have been made to 'README.md' and '.env' files to reflect these changes.
This update separates the creation of i18n settings into its own function (@kit/i18n) and enhances the handling of language and namespace loading in i18n.client. It tracks loaded languages and namespaces, and prevents rendering if none are loaded or after a maximum number of iterations. The usage of Suspense has also been modified in root-providers to employ a null fallback.
This commit refactors the i18n settings in `i18n.settings.ts` to improve language handling. In addition, it updates the `pnpm-lock.yaml` file to upgrade the lockfile version and several package dependencies. Most notably, it integrates `tailwind-merge` and `@tanstack/react-table` into various packages.
The code changes correspond to the rebranding of "Password Reset" to "Update Password". The names of components, functions, and routes have been updated to reflect this change. Also, a minor code optimization has been made in the i18n.server file for the creation of i18n server instances.
The update simplifies accessing environment keys and role warnings in Supabase clients by moving them to new functions 'getSupabaseClientKeys' and 'getServiceRoleKey'. The redundancy in the code is reduced promoting clearer and more maintainable code. The '@epic-web/invariant' import has been removed from files as it is no longer needed.
The commit encompasses the aspect of refactoring the i18n handling for language cookies and headers. It also includes the deletion of get-language-cookie file and its transformation into a function inside i18n.server file. Extra functionalities were added to the i18n.server like enhancing the i18n server instance creation to consider the 'accept-language' header and default to environment provided values when necessary. The changes were also adjusted accordingly on the packages/i18n/package.json where deletion of "./cookie" was realized.
