v1.9.0: Security Audit & Hardening

Security Audit — v1.9.0

Vulnerabilities Fixed via pnpm.overrides (8 CVEs → 0)

Severity	Package	CVEs	Fix
HIGH x3+MODERATE x4	undici <7.24.0	WebSocket crash, DoS, HTTP smuggling, CRLF injection	override >=7.24.0
HIGH	serialize-javascript ≤7.0.2	RCE via RegExp/Date	override >=7.0.3
HIGH	immutable <5.1.5	Prototype Pollution	sass updated to 1.98.0

Hardening Changes

• public/_headers — Netlify HTTP security headers (X-Frame-Options, CSP, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)
• index.html — CSP meta tag + security meta tags as browser-level fallback
• YouTubePlayerModal — iframe sandbox attribute with minimum permissions
• getFaviconUrl — HTTP origins upgraded to HTTPS (prevents mixed-content)
• backupService — hardcoded storage key replaced with STORAGE_KEYS.LANGUAGE constant
• Tests — updated getFaviconUrl tests to cover HTTPS upgrade behaviour

Testing

• pnpm audit: 0 vulnerabilities
• Unit tests: 182 passed
• Coverage: 99% statements

v1.8.0 — HU-09: Dedicated YouTube Videos section

What's new

YouTube Videos section

Resources with YouTube URLs are now automatically grouped in a dedicated collapsible section in every Dashboard view (Community, Your Resources, Favorites, Pending, Consumed, Category).

Videos sidebar filter

A new Videos navigation entry (red YouTube icon) in the sidebar shows only YouTube resources across community and personal collections.

Other Resources heading

When both YouTube and regular resources coexist in a view, an Other Resources sub-heading separates them visually.

---

Changes

Area	Detail
YouTubeSection component	Collapsible section with YouTube icon, video count badge, responsive grid
Sidebar	New Videos nav entry (YoutubeOutlined, red)
Dashboard	Splits filteredResources into YouTube + regular sections
resourceStore	Adds "videos" to ViewFilter and getFilteredResources()
i18n	New keys in Spanish and English for section title, count, collapse/expand, Other Resources

---

Tests

• +17 YouTubeSection unit tests (rendering, collapse/expand, delegated interactions)
• +6 Dashboard integration tests (section split, Other Resources heading, Videos filter)
• +2 Sidebar tests (Videos entry, filter activation)
• Fixed pre-existing flaky renders resource cards Dashboard test

Total: 251+ tests — 0 failing

---

Commits

docs: add HU-09 YouTube dedicated section user story (English)
i18n: add youtubeSection keys and Videos nav/filter translations (es + en)
feat(store): add 'videos' ViewFilter and getFilteredResources case for YouTube URLs
feat(components): add YouTubeSection collapsible section with count badge and ResourceCard grid
feat(sidebar): add Videos navigation entry with YoutubeOutlined icon
feat(dashboard): split resources into YouTubeSection and regular grid with Other Resources heading
test(YouTubeSection): add 17 unit tests — rendering, collapse/expand, delegated interactions
test(dashboard): add 6 YouTube-section integration tests and fix flaky resource-cards assertion
test(sidebar): add Videos navigation entry and filter tests
docs: update CHANGELOG to v1.8.0, README features and test count, business_context capabilities

Release v1.7.0: Code audit, test coverage, and quality improvements

Overview

This release includes comprehensive code quality improvements, extensive test coverage enhancements, and refactoring to follow SOLID, DRY, and functional programming principles.

Code Quality & Refactoring

• Pipeline: Updated CI workflow actions to v5 for enhanced security
• Constants: Extracted centralized STORAGE_KEYS constant to eliminate magic strings
• Immutability: Refactored storageService with immutable patterns (filter, spread, destructuring)
• SRP: Split backupService into focused functions (buildBackupData, downloadJSON, exportResourcesToJSON)
• DRY: Consolidated filter logic in useResources hook (45 → 18 lines)
• Dead Code Removal: Removed unused components (CategoryList, TagList), types (userState), utilities (date.ts)
• Unused Functions: Removed getResourceById, getResourcesByCategory, getResourcesByIds from resourceService
• i18n: Added localization for NotFound page and YouTubePlayerModal close button
• Code Cleanup: Removed unnecessary comments, improved code clarity

Test Coverage

• 16 New Test Files: Comprehensive test coverage for components, services, stores, hooks, and utilities
• Enhanced Tests: Expanded existing tests with edge cases and additional scenarios
• 234 Passing Tests: Across 25 test files
• Coverage Metrics:
  • Statements: 99.19%
  • Branches: 95.81%
  • Functions: 98.9%
  • Lines: 99.75%
• Stricter Thresholds: Raised requirements to 95/90/95/95 for consistent quality

Test Infrastructure

• Added window.matchMedia polyfill for consistent jsdom behavior
• Updated test setup with proper i18n configuration
• Comprehensive coverage excludes for generated and type-only files

Documentation

• Updated README.md with test statistics and project structure
• Enhanced architecture section documenting quality improvements
• Added comprehensive CHANGELOG.txt entry for v1.7.0

Technical Details

• Source: feat/hu-07-localization → develop → main
• Commits: 15 atomic commits with clear separation of concerns
• Status: All 234 tests passing, thresholds met on all coverage metrics

Principles Applied

• SOLID: Single Responsibility Principle (SRP) in services and components
• DRY: Don't Repeat Yourself - consolidated filter logic and storage keys
• KISS: Keep It Simple - removed dead code and unnecessary complexity
• YAGNI: You Aren't Gonna Need It - eliminated unused functions and components
• FP: Functional Programming patterns - immutable state transformations
• Clean Code: Improved readability and maintainability throughout

v1.6.0 — Localization: Spanish/English support (HU-07)

What's new in v1.6.0

Features

• Language support — switch between Spanish and English using the ES/EN toggle in the top bar
• LanguageSelector component — one click to switch languages; preference saved to localStorage
• Auto-detect browser language on first visit (defaults to English if browser language is not Spanish)
• Full UI translation — navigation, buttons, forms, empty states, modals, status labels, validation errors, and all confirmations translated in both languages

Dependencies

• Added i18next 25.8.18 and react-i18next 16.5.8

Tests

• Added 6 LanguageSelector tests (toggle behavior, localStorage persistence)
• Updated test setup to initialize i18n with Spanish locale so existing assertions continue to pass

Documentation

• Updated README with language support feature
• Updated docs/business_context.md with language switching capability
• Updated docs/HU-07-localization.md acceptance criteria to [done]
• Updated CHANGELOG to 1.6.0

v1.5.1 — HU-08 Refinements & UX Improvements

What's New

• Action buttons in Tus Recursos header: Move 'Crear recurso', 'Descargar respaldo', and 'Cargar respaldo' buttons from sidebar footer to the 'Tus Recursos' section header for better visibility and UX
• Conditional export: Export button only appears when at least one user resource exists
• Cross-filter user resources: Personal resources now appear alongside community resources in Favoritos, Pendientes, Consumidos, and Categoría filters
• Enhanced favorite star: Yellow star with glow effect (drop-shadow) and smooth scale-125 hover animation
• Security reminder: New localStorage persistence notice in 'Tus Recursos' informing users to download backups before clearing browser data
• Comprehensive testing: Added 10 new tests covering star styling and cross-filter user resource inclusion
• Improved documentation: Rewritten business context and docs with plain-language descriptions (no technical jargon)

Technical Details

Bug Fixes

• Fixed filter logic to include user resources in all cross-cutting filters (previously only shown in community/user view)

Features

• Star button styling: text-yellow-400 + drop-shadow on active, text-gray-400 with hover:text-yellow-400 on inactive
• Dashboard header action buttons visible only in 'Tus Recursos' view
• Export button conditional on userResources.length > 0

Tests Added

• ResourceCard: 2 new tests for yellow star styling
• useResources: 9 new tests for filter combinations with user resources

Documentation Updates

• CHANGELOG.txt: v1.5.1 patch entry
• README.md: Updated backup/restore and cross-filter descriptions
• business_context.md: Plain-language descriptions (no file paths, JSON, or technical terms)
• HU-08-backup-restore.md: Updated acceptance criteria with all v1.5.1 refinements

v1.4.0 YouTube video support

Full Changelog: v1.4.0...v1.4.0

v1.3.0 — Personal Resource CRUD

Features

• Create personal resources via modal form — title, URL (validated), description, category, tags
• Edit personal resources with pre-filled modal — edit button on user-created cards
• Delete personal resources with confirmation dialog — delete button on user-created cards
• 'Create resource' button in Sidebar footer and empty state

Infrastructure

• userResourceService: create, update, remove methods with UUID generation
• resourceStore: createUserResource, updateUserResource, deleteUserResource actions
• useUserResources: CRUD methods exposed

Verification

• Build: OK
• Tests: 49/49 passing

v1.2.0 — Tus Recursos

v1.2.0 — Add 'Tus Recursos' user resources view

Introduces a dedicated sidebar section for user-created resources,
stored in localStorage independently of the curated community catalog.

Changes:

• feat: UserResource type, userResourceService, useUserResources hook
• feat: 'Tus Recursos' (📌) nav item in Sidebar
• feat: 'user' ViewFilter in store with userResources state
• feat: Dashboard empty state with '¡Crea tu primero!'
• docs: business_context.md and README updated

v1.1.0 — Responsive UI & Business Context Docs

What's new in v1.1.0

📱 Responsive Design

The app is now fully optimised for mobile, tablet, and desktop screens.

Sidebar — mobile overlay drawer

• Hidden by default on small screens; slides in from the left when the hamburger button is tapped
• Backdrop overlay closes the sidebar on outside click
• Dedicated close button inside the drawer header
• On md+ breakpoints the sidebar remains always visible as a static panel

Topbar — hamburger menu

• New hamburger button (visible only on mobile) to toggle the sidebar
• Search bar now takes the full available width in the header
• Dark mode toggle retained with improved spacing

Dashboard — adaptive layout

• Page padding adapts: p-3 on mobile → p-6 on sm+
• Grid gap also adapts: gap-3 → gap-4 on wider screens
• Empty state message scales to screen size

ResourceCard — touch-friendly

• Status badge and open-link button have larger padding (py-1.5, px-4) and touch-manipulation CSS
• Favourite toggle button has a larger hit area on mobile

---

📄 Documentation

• Added docs/business_context.md — non-technical business context in Spanish explaining the app purpose, audience, features, limitations, and data storage
• Removed docs/ai/implementation-instructions.md — internal scaffolding reference no longer needed

---

🔧 Fixes

• Fixed ResourceCard unit test: aligned expected link text (Abrir) with actual component output

---

Test results

Test Files  6 passed (6)
Tests       49 passed (49)

---

Full changelog: CHANGELOG.txt

v1.0.0

Release v1.0.0 — Bookmark Manager PWA