feat: Add publish pane hide feature and comprehensive security updates
Security & Compliance Updates: - Add MQTT_EXPLORER_HIDE_PUBLISH_PANE env var to hide publish pane in browser mode - Fix critical XSS vulnerabilities in UpdateNotifier and CodeDiff components with DOMPurify - Implement secure credential handling (memory-based instead of sessionStorage) - Add comprehensive audit logging system for security events - Fix GitHub API token exposure by using Authorization header - Enable certificate validation for TLS connections by default - Update dependencies to fix 26+ security vulnerabilities - Add privacy compliance notices and GDPR disclosures - Implement secure session management with auto-clearing credentials Features: - Conditional publish pane visibility in desktop and mobile views - Privacy policy and data processing transparency - Enhanced audit trail for compliance Breaking Changes: - Updated multiple dependencies for security - Changed credential storage mechanism - Added DOMPurify dependency for XSS protection Fixes #security-audit-2026
This commit is contained in:
timotheereausanofi
11013
app/package-lock.json
generated
Normal file
11013
app/package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user