v5.28.5 Redirect Sanitization Fix

Client

• Fix: Replace misused DOMPurify regex with a bespoke sanitization function for redirectTo parameters, allowing only TRUSTED_DOMAINS links and same domain redirects (@SabreCat with assistance from @Kwstubbs)

API

• Chore: Locale files updated (@weblate)

v5.28.4 Time Zone Fix

Client

• Fix: Remove moment-timezone library that was causing Dailies to be incorrectly scheduled in GMT+X timezones (@SabreCat)

v5.28.3 Subscriber Drops Hotfix

API

• Fix: Provide purchased.plan to task scoring again, to reenable expanded item drops for subscribers (@phillipthelen)
• Chore: Locale files updated (@weblate)

v5.28.2 Event Calendar Revisions

API

• Fix: Events calendar revised and updated (@CuriousMagpie) including adjustments to Fall and Spooky Gem Sales (@SabreCat)
• Fix: Handle subpaths in auth middleware for userFields requests -- addresses errors coming from some Google Scripts (@phillipthelen)
• Chore: Locale files updated (@weblate)

Repo

• Feature: New Node command npm start:simple that runs server without nodemon, necessary in some dev environments (@negue)
• Feature: Post build hook to send a message to Slack saying an environment has deployed (@phillipthelen)
• Fix: Remove hardcoded index references from some tests that were causing spurious failures based on presence or absence of NEW_MYSTERY_ITEMS notification (@phillipthelen)
• Chore: Security updates to webpack and micromatch packages (@dependabot)

v5.28.1 Fixes and Admin Panel

API

• Chore: Locale files updated (@weblate)

Client

• Feature: Beautify admin panel and add more editable fields (@phillipthelen)
• Fix: Await Orb of Rebirth API round trip before reloading the page (@CuriousMagpie)

v5.28.0 September 2024 Content

API

• Content: Upcoming releases for September 2024 (@CuriousMagpie)
• Fix: Prune __v and include id field even during API requests for completed To Do's (@SabreCat)
• Test: Correct an erroneously failing test related to premium hatching potion releases (@phillipthelen)

Client

• Chore: Updated axios (@dependabot)

v5.27.4 New Debug Route, Performance Fixes

API

• Feature: New route /debug/boss-rage, used to increment party Rage meter for testing (@CuriousMagpie)
• Performance: Request fewer fields when fetching user document, for better db roundtrip times (@phillipthelen)
• Chore: Locale files updated (@weblate)

Client

• Feature: Implementation of Rage increment button in debug tray (@CuriousMagpie)

v5.27.3 Performance Fixes and More

API

• Fix: Correct time zone calculation for turnover of item availability at the start of the month (@phillipthelen)
• Fix: Deprecate, and migrate to clean up, unused GROUP_INVITE_ACCEPTED notification type (@SabreCat)
• Fix: Make account creation more costly on rate limiting (@phillipthelen)
• Chore: Locale files updated (@weblate)

Client

• Performance: Don't load unnecessary data for non-logged-in static page visits (@phillipthelen)
• Performance: Trim unused JS from client bundles (@phillipthelen)
• Performance: Don't reload browser-script if client already has the appropriate language for the user's preference (@phillipthelen)
• Performance: Load static audio files from AWS asset storage instead of over Express server (@phillipthelen)

v5.27.2 Fixes and MongoDB Timeout

API

• Feature: New environment variable MONGODB_SOCKET_TIMEOUT to set when a database connection should be abandoned (@phillipthelen)
• Fix: Correct stat display of Basketball Uniform gear item to avoid string errors (@CuriousMagpie)
• Fix: Address various typos and revise some wordings in the FAQ (@CuriousMagpie)
• Chore: Locale files updated (@weblate)

Client

• Fix: Correct behavior and spacing of icons and other elements on nav bar, loading screen, etc. (@CuriousMagpie)

v5.27.1 The Return of Weekly Fixes

API

• Fix: Remove end dates from Steampunk "far future" gear for the Time Travelers shop (@phillipthelen)
• Fix: Correct availability data for irregularly keyed seasonal items from the very first Galas (@phillipthelen)
• Chore: Locale files updated (@weblate)

Client

• Feature: Implement more seasonal variations for the Customizations Shop NPC (@phillipthelen with art by @beffymaroo, @saraolson)
• Feature: Pets that can be hatched now show the potion+egg combo even if you've not raised them to a mount already (@phillipthelen)
• Refactor: Major overhaul of image CSS, moving pixel artwork elements to a Vue component (@phillipthelen)

Repo

• Chore: Update fast-xml-parser (@dependabot)