4ae0645208
Security & Compliance Updates: - Add MQTT_EXPLORER_HIDE_PUBLISH_PANE env var to hide publish pane in browser mode - Fix critical XSS vulnerabilities in UpdateNotifier and CodeDiff components with DOMPurify - Implement secure credential handling (memory-based instead of sessionStorage) - Add comprehensive audit logging system for security events - Fix GitHub API token exposure by using Authorization header - Enable certificate validation for TLS connections by default - Update dependencies to fix 26+ security vulnerabilities - Add privacy compliance notices and GDPR disclosures - Implement secure session management with auto-clearing credentials Features: - Conditional publish pane visibility in desktop and mobile views - Privacy policy and data processing transparency - Enhanced audit trail for compliance Breaking Changes: - Updated multiple dependencies for security - Changed credential storage mechanism - Added DOMPurify dependency for XSS protection Fixes #security-audit-2026
236 KiB
236 KiB