Version 3 of the kit:
- Radix UI replaced with Base UI (using the Shadcn UI patterns)
- next-intl replaces react-i18next
- enhanceAction deprecated; usage moved to next-safe-action
- main layout now wrapped with [locale] path segment
- Teams only mode
- Layout updates
- Zod v4
- Next.js 16.2
- Typescript 6
- All other dependencies updated
- Removed deprecated Edge CSRF
- Dynamic Github Action runner
* chore: bump version to 2.21.12 and implement safe redirect path validation
- Updated application version from 2.21.11 to 2.21.12 in package.json.
- Introduced `getSafeRedirectPath` and `isSafeRedirectPath` utility functions to validate user-supplied redirect URLs, enhancing security against open redirect attacks.
* fix: address page reload issue in Admin tests for CI
* Upgraded to Next.js 16
* Refactored code to comply with React 19.2 ESLint rules
* Refactored some useEffect usages with the new useEffectEvent
* Added Identities page and added second step to set up an identity after accepting an invitation
* Updated all dependencies
* Introduced PNPM catalogs for some frequently updated dependencies
* Bugs fixing and improvements
Refactor:
- Improved consistency and robustness by standardizing file encoding arguments from 'utf-8' to 'utf8' across various file read/write operations.
- Simplified status mapping logic in billing components and services by replacing switch statements with direct mapping objects for clearer and more maintainable code.
- Enhanced type conversion and error handling in billing and internationalization components for improved reliability.
- Updated sorting logic in team member tables for more predictable member ordering.
- Improved error logging with sanitized output to prevent formatting issues.
- Adjusted environment variable whitelisting to use a more flexible matching pattern.
- Fix variables for sidebar style handling
Style:
- Refined spacing and layout in account selector and sidebar header components for better visual consistency.
1. Handle expired links on signup
2.Reject invitations when user is already a member
3. Make sure not to display errors due to Next.js redirection during team creation
4. Fix documentation sidebar
* Update Next.js and React versions in all packages
* Replace onRedirect function with next/link in BillingSessionStatus, since it's no longer cached by default
* Remove unused revalidatePath import in billing return page, since it's no longer cached by default
* Add Turbopack module aliases to improve development server speed
* Converted new Dynamic APIs to be Promise-based
* Adjust mobile layout
* Use ENABLE_REACT_COMPILER to enable the React Compiler in Next.js 15
* Report Errors using the new onRequestError hook
* Add status property to content item structure
This commit introduces a new `status` property to the content item structure, allowing content items to maintain a status such as 'draft', 'published', 'review', 'pending'. This status is mapped to the corresponding status in Wordpress and Keystatic clients to ensure consistent usage across platforms. Content retrieval methods now also include a status filter.
* Refactor code for style and readability improvements
This commit includes changes in various files across different packages to improve code readability, including adjusting spacing and breaking down complex lines into simpler parts. In addition, the switch statement in `wp-client.ts` has been refactored and status values are now held in variables, and the CSS classes in `global-loader.tsx` have been reorganized.
Refactored the condition handling for the next path in auth-callback.service.ts to only rely on the callbackUrl instead of an additional 'next' parameter. This not only simplifies the code but also reduces potential errors linked to multiple sources of truth for the next path direction.
This update improves the logic for handling the 'next' path in the auth callback service. Now, it first checks the query parameters for the 'next' path. If it's not found there, it looks into the callback URL
* Filter out metered line items from billing schema
This update refines the process of creating a billing schema by filtering out metered line items. The change is necessary as metered line items can be shared across different plans, potentially causing conflicts or duplicates in the schema.
* Update packages to newer versions
This update upgrades several packages across multiple project files to their latest version. These packages include "supabase-js", "react-query", "react-hook-form", and "pnpm". The commit ensures the project is up-to-date with recent package versions, potentially benefiting from bug fixes, new features, and performance improvements.
* Add subscription retrieval in billing services
Added a function to retrieve subscription info in both Stripe and LemonSqueezy billing services. To accomplish this, new methods were added to related services and types. This allows querying specific subscription data based on its id, and throws an error if it fails. Furthermore, PayloadBuilder classes were created to systematically build the subscription payload.
* Remove account ID retrieval from Lemon Squeezy billing service
The code that was querying the database to fetch the accountId has been removed from lemon-squeezy-billing-strategy.service.ts. It was unnecessary as the Lemon Squeezy API does not provide account ID and therefore it is always left empty. Also, adjustments have been made in billing-strategy-provider.service.ts to reflect that the target account ID can be optional.
* Extract 'next' parameter from callback URL
The update allows for the extraction of the 'next' parameter from the callback URL. If such a parameter is available, it is subsequently added to the search parameters. The enhancement improves URL parameter handling in the authentication callback service.
* Refactor URL redirection in auth-callback service
The update simplifies the redirection logic in the authentication callback service. This is achieved by setting the url pathname directly to the redirect path, instead of first setting it to the callback parameter. Moreover, the code handling the 'next' path has also been streamlined, setting the url pathname to the next path when available.
The logic handling localhost in the auth-callback service has been updated. The host is no longer automatically set to the request host; instead, it's only updated if it's currently set to localhost and the request host does not include localhost itself. This change improves handling of different host configurations.
The commit introduces changes to the behavior of the "Update Password" page on a successful password update. Instead of redirecting the user back to the home page upon a successful update, the updated code now redirects the user to a specified URL passed in as a prop. The authentication configuration has also been updated to include a list of acceptable redirect URLs.
Included a conditional to check and update host settings in the 'auth-callback.service.ts' file to avoid incorrect host setting outside of Vercel. Additionally, added a className prop to the Page component in the UI package to enhance customization capabilities.
The update on auth-callback.service now includes the deletion of 'token_hash', 'type', 'next', and 'callback' query parameters from the URL. This ensures a cleaner URL after the authentication callback process.
* Add AuthCallbackService to handle auth callbacks in Supabase
Created a new service, AuthCallbackService, in the Supabase package to centralize the handling of authentication callbacks. This service handles two main tasks: verifying the token hash for user email verification and exchanging the authentication code for a session. Code in the web app routes were updated to utilize this new service, improving code organization and reusability.
* Remove CSRF Token Meta component and add Jaeger exporter
The CSRF Token Meta component was removed from the application. Instead, CSRF tokens are now included in the root metadata of the application. Additionally, the "@opentelemetry/exporter-jaeger" package was added as a dependency to the Sentry monitoring package. This enables the tracing of application requests via Jaeger.
* Refactor README.md and remove redundant content
Removed the excessive content and detailed instruction from the README.md file. The documentation has been moved to a more suitable and detailed location elsewhere.
* Update package dependencies in sentry/package.json
An ordering change has been made in the dependencies within the sentry/package.json file. The "@opentelemetry/exporter-jaeger" dependency was moved to its correct alphabetical order. No version changes were made.
