Linking-Tool/CHANGELOG.md

Changelog

1.5.1 - 2025-12-29

Features

• Added HOST environment variable support for configuring server host binding

Security

• Fixed unhandled error in HTTP response writing (G104)
• Fixed file write permissions to use more restrictive 0600 instead of 0644 (G306)
• Fixed potential file inclusion vulnerability by adding path validation in file operations (G304)

Docker

• Added HOST environment variable to Dockerfile (defaults to 0.0.0.0, make sure to set it properly in production)

1.5.0 - 2025-12-29

Features

• Move to IndexedDB for saving graph data (from localStorage)
• Add multiple links support between nodes.
• Increase undo/redo history to 100 steps.
• Move undo/redo operations to IndexedDB instead of memory.
• Mass selection improvements (moving and linking multiple nodes at once).
• Codebase refactor to use Svelte 5 Runes.
• Mobile improvements
• Added SBOM generation, see /sbom/ for the generated SBOMs.

Dependency Updates

• @sveltejs/kit: ^2.49.1 -> ^2.49.2
• @typescript-eslint/eslint-plugin: ^8.50.1 -> ^8.51.0
• @typescript-eslint/parser: ^8.50.1 -> ^8.51.0
• svelte: ^5.45.6 -> ^5.46.1
• svelte-check: ^4.3.4 -> ^4.3.5
• vite: ^7.2.6 -> ^7.3.0
• Added eslint-plugin-security: ^3.0.1

Major Codebase Changes

• Moved from npm to pnpm
• Updated license from MIT to BSD-3-Clause
• Moved from Makefile to Taskfile
• Codebase organization and structure changes

CI/CD Updates

• Updated CI workflows to use task commands instead of bash scripts
• Added gosec security scanning to backend build pipeline

Security

• Overrode cookie package to latest version (1.1.1) due to low severity vulnerability in default version.