Skip to main content

BugPin v1.0.7

Features

  • Update notification banner
    • Show a dismissible banner in the Admin Console when a newer BugPin release is available on GitHub, with a link out to the release notes
    • Add a daily update-check service that polls the GitHub Releases API (24-hour TTL, 1-hour cooldown on failure) and caches the result in the settings store
    • Add an admin-only /api/version endpoint that exposes the current/latest version, release URL, last-checked timestamp, and effective check status
    • Add a System Settings toggle to enable or disable update checks

Security

  • Resolve all 67 npm vulnerabilities reported by bun audit (2 critical, 28 high, 34 moderate, 3 low)
  • Bump direct dependencies within compatible ranges across the server, Admin Console, and widget workspaces, including Hono (4.11 to 4.12), @aws-sdk/client-s3, axios, jspdf, react-router-dom, fabric, preact, nodemailer, and zod
  • Add root package.json overrides to pull patched versions of vulnerable transitive packages: fast-xml-parser, tar, dompurify, smol-toml, brace-expansion, follow-redirects, markdown-it, postcss, rollup, minimatch, and picomatch
  • Refresh the Alpine base image in both Docker build stages with apk upgrade so libssl3, libcrypto3, musl, musl-utils, and zlib pick up the latest security patches (e.g. libssl3 3.5.5 to 3.5.6, musl 1.2.5-r10 to 1.2.5-r12, zlib 1.3.1 to 1.3.2)

Fixes

  • Fix the widget screenshot crash on Firefox pages with locally injected @font-face rules (e.g. Vite-served apps) by detecting browser-exposed empty fontFamily on CSSFontFaceRule and skipping font embedding for that capture, falling back to system fonts in the screenshot
  • Update Hono server middleware (auth, validate, rate-limit, https-enforcement) to use the typed MiddlewareHandler signature so route-level path parameter type inference is preserved through the middleware chain after the Hono 4.12 upgrade
  • Stop label click-through for Switch controls in the Admin Console: clicking the descriptive text next to a Switch no longer toggles it; only the Switch handle (mouse) and keyboard activation (Space/Enter when focused) toggle the state, while screen-reader label association is preserved
  • Tighten secondary helper text size in Screenshot settings for visual consistency with other settings sections
  • Widen the global settings tab content area from max-w-3xl to max-w-4xl so wider forms and tables render without horizontal scroll
  • Reduce Admin Console polling noise: Dashboard stats and recent reports now refresh every 10 seconds (was 1 second), and the Reports list every 2 seconds (was 1 second)
  • Fix the broken LICENCE link in the README so it resolves to the actual LICENSE file

Docs

  • Add a "Create a Project" step to the README Quick Start so the origin of the widget API key is no longer skipped
  • Add a Widget showcase block with the widget dialog screenshot and a short list of widget capabilities: script-tag embed, Shadow DOM isolation, offline cache, annotation tools
  • Add an npm package install option (@arantic/bugpin-widget) alongside the <script> tag method in the Widget Integration section
  • Replace the single AGPL license badge with separate Admin Console (AGPL-3.0) and Widget (MIT) badges, each linking to the correct LICENSE file
  • Restructure the Admin Console and Widget showcase blocks for symmetric layout, with stacked light and dark mode dashboard screenshots

We use cookies for analytics to improve our website. More information in our Privacy Policy.