What's New in v1.13.5

Highlights

This release introduces quality-of-life improvements and accessibility fixes, including:

• New /links and /posts redirect routes
• Expanded use of PAGE constants for consistent target behavior
• Revised image styles and QR code loading for better mobile performance
• Enhanced stylesheet organization and visited link handling
• Bootstrap script for local dev setup and a new Environment Requirements Wiki

See the full changelog for complete details.

What's New in v1.13.4

This patch release includes a minor update to signature handling for .well-known/security.txt:

• Replaced legacy detached signature file (security.txt.asc) with a new .sig version (security.txt.sig)
• Version bumped to v1.13.4 to reflect this change

👉 See the full changelog for details.

What's New in v1.13.3

This update includes dependency upgrades, cleanup of legacy assets, and refinements to improve maintainability and clarity:

• Upgraded core dependencies including SvelteKit, eslint, and @eslint/js
• Updated app.html metadata to reflect the latest SvelteKit version
• Removed unused stylesheets from /static/styles/ and the Service Worker cache
• Cleaned up deprecated header utility scripts (flattenHeaders.js, validateHeader.js)
• Added a detached signature note to .well-known/security.txt for improved transparency
• Refactored the README.md to link to a new “Development Reference” Wiki section

🔖 Version bumped to v1.13.3

👉 See the full changelog for details.

What's New in v1.13.2

This release refines link styling for accessibility and improved visual clarity:

• Enhanced visited and active link colors for better readability and WCAG AA compliance
• Minor polish to ensure visual consistency across link states

👉 Refer to the full changelog for details.

📦 v1.13.1 — Obtainium Integration + CSP Cleanup

This update introduces a modular ObtainiumBlock.svelte component for improved FOSS item management, integrates optimized Obtainium download support, and refines Content Security Policy (CSP) handling. We've also cleaned up types and improved internal structure.

🔧 Highlights:

• ✅ Modular Obtainium block and updated type definitions
• 🚀 Optimized image assets and structured Obtainium config integration
• 🔐 Refined CSP and removed unused preload script
• 📚 Documentation and repo structure improvements

👉 See the full changelog for more details: CHANGELOG.md

v1.13.0 – Privacy, Policy, and Polish

This release introduces OpenPGP publishing under the new /pgp route, expands .well-known/ disclosures, and applies a consistent formatting baseline across the project.

✨ Added

• /pgp Route: Displays PGP key data, QR codes, and download links for secure communication
• .well-known/security.txt: Official security contact, policy, and PGP fingerprint published in standard format
• .well-known/humans.txt: Minimal contributor acknowledgment for human-readable attribution
• GitHub Actions: check-security-txt-expiry.yml
  Warns when .well-known/security.txt is approaching expiration

🔧 Changed

• Prettier: Enforced "singleQuote": true across the codebase and reformatted all affected files
• Content Security Policy: Enabled clipboard-write to support “Copy fingerprint” UX
• Service Worker: Updated to exclude security.txt.asc from caching
• Proton Mail Disclosure: Added notes to SECURITY.md and security.txt indicating E2EE availability for s.neteng.pro addresses
• PGP UX: Improved fingerprint layout and accessibility in /pgp

📁 Internal

• Cleaned up outdated notes in SECURITY.md referencing future PGP additions (now live)
• Bumped version in package.json to 1.13.0

See the changelog for full details.

v1.12.9

🔐 v1.12.9 – PGP, Security, and Policy Enhancements

This release focuses on privacy, disclosure transparency, and improved user experience around PGP and .well-known/ metadata. Several infrastructure updates and workflow enhancements round out the changes.

---

✨ Highlights

• PGP UX Enhancements:

  • Copy-to-clipboard feedback for all PGP fingerprints
  • Mobile-friendly fingerprint formatting
  • New CodeBlock.svelte component for clean inline code styling

• Security & Disclosure Improvements:

  • Added .well-known/security.txt and .well-known/humans.txt
  • Detached ASCII signature file (security.txt.asc) now available and excluded from service worker caching
  • Clarified Proton Mail usage for s.neteng.pro addresses in /pgp, security.txt, and SECURITY.md

• Automation & Infrastructure:

  • GitHub Actions workflow added to check security.txt expiration weekly
  • CSP header updated to safely allow clipboard-write
  • Updated sitemap and service worker to reflect .well-known routes and PGP assets

• Documentation Revisions:

  • Finalized PGP section in .github/SECURITY.md
  • Removed “coming soon” placeholder
  • Tightened reporting instructions and encryption guidance

---

🛠 Changed

• Version bump to v1.12.9 in package.json
• Renamed dnt-policy-1.0.txt to dnt-policy.txt
• Updated src/service-worker.js:
  • New exclusions: security.txt.asc, revised dnt-policy reference
• Line breaks added to jsconfig.template.jsonc comment block
• Misc. styling refinements and layout fixes for /pgp display

---

📦 Dependency Updates

@eslint/compat         ^1.2.9   →   ^1.3.0
eslint-plugin-jsdoc    ^50.7.1  →   ^50.8.0
postcss                ^8.5.4   →   ^8.5.5
posthog-js             ^1.250.1 →   ^1.250.2
svelte                 5.33.19  →   5.34.1

See the changelog for full details.

v1.12.8

What's Changed

• Feature/pgp route by @SunDevil311 in #100

See the full changelog for full details.

v1.12.7

📦 v1.12.7 — 2025-06-09

Changed

• Reduced permissions in playwright.yml to contents: read to follow least-privilege principles.
• Renamed the Playwright upload step for consistency.
• Patch version bumped to reflect post-release adjustments.

Security

• Explicit GITHUB_TOKEN permissions added to build-and-publish.yml per GitHub policy.
• Verified and minimized permissions in workflows:
  • ✅ playwright.yml: reduced to contents: read
  • ✅ auto-assign.yml: scoped for correct issue/PR assignment
  • ✅ dependency-review.yml and backup-branch.yml: no changes needed

➡️ See the full changelog for details.

v1.12.6

What's Changed

• Revised README.md, _redirects, lighthouse.yml. Upgraded vitest, @vitest/v8-coverage… by @SunDevil311 in #98

See the CHANGELOG for full details.

Full Changelog: v1.12.5...v1.12.6