grant/proof-of-work
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c02892e178834a3e30b2b337963403f1a53cbfdc
proof-of-work/start9/0.4/startos/versions/index.ts
T
Keysat f487204b73
CI / proof-of-work (Next.js app) (push) Has been cancelled
Details
CI / start9/0.4 (StartOS package code) (push) Has been cancelled
Details
v1.2.0:1 — upgrade to Next.js 15 / React 19 
Closes the remaining P1: move off Next 14 onto the CVE-patched Next 15
line (15.5.x), eliminating the framework's RSC DoS/source-exposure
advisories and the middleware-auth-bypass class that applied to the 14.x
auth gate. App Router on Next 15 requires React 19, so react/react-dom
move to 19.x in lockstep; lucide-react and next-themes bump to their
React-19-compatible releases.

The code surface was the Next 15 async-request-API change: params and
searchParams are now Promises. All [id] route handlers (10 files) and the
four server pages that read them now await the resolved value, using a
uniform re-derive idiom that leaves handler bodies untouched. cookies()/
headers() were already awaited, so no other request-API changes were
needed; all routes stay dynamic, so the uncached-by-default change is a
no-op. next.config.js (static CSP) and the middleware matcher are
unchanged. No schema, no API contract change, no data migration.

Verified: tsc + lint clean, 209 tests pass, next build succeeds with the
standalone bundle tracing the Prisma engine.
2026-06-13 00:29:47 -05:00

86 lines
3.6 KiB
TypeScript
Raw Blame History

import { VersionGraph } from '@start9labs/start-sdk'
import { v_1_0_0_1 } from './v1.0.0.1'
import { v_1_0_0_2 } from './v1.0.0.2'
import { v_1_0_0_3 } from './v1.0.0.3'
import { v_1_0_0_4 } from './v1.0.0.4'
import { v_1_0_0_5 } from './v1.0.0.5'
import { v_1_0_0_6 } from './v1.0.0.6'
import { v_1_0_0_7 } from './v1.0.0.7'
import { v_1_1_0_1 } from './v1.1.0.1'
import { v_1_1_0_2 } from './v1.1.0.2'
import { v_1_1_0_3 } from './v1.1.0.3'
import { v_1_1_0_4 } from './v1.1.0.4'
import { v_1_1_0_5 } from './v1.1.0.5'
import { v_1_1_0_6 } from './v1.1.0.6'
import { v_1_1_0_7 } from './v1.1.0.7'
import { v_1_1_0_8 } from './v1.1.0.8'
import { v_1_1_0_9 } from './v1.1.0.9'
import { v_1_2_0_1 } from './v1.2.0.1'
/**
* Version graph for the `proof-of-work` package.
*
* 1.0.0 line — feature-complete logger + multi-user + library curation.
* 1.1.0 line — Programs (manual + AI) + AI integration.
* 1.2.0 line — platform upgrade (Next.js 15 / React 19).
*
* v1.0.0:1 — initial release, seeded cutover.
* v1.0.0:2 — CSP fix.
* v1.0.0:3 — post-cutover seed strip.
* v1.0.0:4 — removes default admin@local credentials.
* v1.0.0:5 — caloriesBurned raw-SQL workaround removed.
* v1.0.0:6 — paginate workout history (infinite scroll).
* v1.0.0:7 — exercise library cleanup, photo-import removal.
* v1.1.0:1 — Programs UI (manual create / save / follow).
* v1.1.0:2 — AI program generation, 5 providers (Claude / OpenAI /
* OpenAI-compatible / Gemini / Ollama).
* v1.1.0:3 — AI upgrades: history-as-context, test connection,
* cost estimator, streaming preview render.
* v1.1.0:4 — AI integration overhaul: multi-config persistence,
* background generation (survives navigation), Ollama
* auto-detect + installed-model dropdown, curated model
* dropdowns for Claude / OpenAI / Gemini with current
* 2026 model names, system-prompt overhaul forcing library
* exerciseIds + suggested weights, sidebar sub-navigation,
* history detail view.
* v1.1.0:5 — Gemini menu correctness: adds gemini-3.1-pro (short),
* gemini-3.1-flash, gemini-3.1-flash-lite, gemini-3-pro,
* gemini-3-flash + pricing entries.
* v1.1.0:6 — Exercise-history popup max-height bumped from ~320px
* (5 rows) to 70vh (~15+ rows). Users with deep history
* can scroll without fighting a tiny inner scrollbar.
* v1.1.0:7 — Exercise-history popup auto-loads more rows on scroll
* (switched from a flaky IntersectionObserver-in-popup to
* a plain scroll listener with 300px lookahead).
* v1.1.0:8 — Multi-user authz hardening: whole-instance DB export/import
* admin-only; custom-URL AI providers (Ollama / OpenAI-compatible)
* admin-only + SSRF guard; dead legacy /api/ai/config removed.
* v1.1.0:9 — P2 hardening: malformed-body/invalid-date/bad-pagination ->
* 400 (not 500); POST /api/auth rate-limited; rate-limiter XFF
* anti-spoof (rightmost entry); container drops root via su-exec.
* v1.2.0:1 — Next.js 14 -> 15 / React 18 -> 19 upgrade. Closes the Next
* framework RSC + middleware-bypass CVEs; async-params migration
* across all [id] routes + server pages. No schema/data change.
*/
export const versionGraph = VersionGraph.of({
current: v_1_2_0_1,
other: [
v_1_0_0_1,
v_1_0_0_2,
v_1_0_0_3,
v_1_0_0_4,
v_1_0_0_5,
v_1_0_0_6,
v_1_0_0_7,
v_1_1_0_1,
v_1_1_0_2,
v_1_1_0_3,
v_1_1_0_4,
v_1_1_0_5,
v_1_1_0_6,
v_1_1_0_7,
v_1_1_0_8,
v_1_1_0_9,
],
})
Reference in New Issue View Git Blame Copy Permalink