- Introduced `ValidGitRepositoryUrl` and `ValidGitBranch` validation rules to ensure safe and valid input for Git repository URLs and branch names.
- Updated relevant Livewire components and API controllers to utilize the new validation rules, enhancing security against command injection and invalid inputs.
- Refactored existing validation logic to improve consistency and maintainability across the application.
- Added authorization checks in Livewire components related to Docker and server management to ensure only authorized users can create, update, and manage Docker instances and server settings.
- Introduced new policies for StandaloneDocker and SwarmDocker to define access control rules based on user roles and team associations.
- Updated AuthServiceProvider to register the new policies, enhancing security and access control for Docker functionalities and server management operations.
- Modified error pages (400, 401, 402, 403, 404, 419, 429, 500, 503) to replace "Go back home" button with "Go back" and added a "Dashboard" button for improved navigation.
- Updated links to use `url()->previous()` for returning to the previous page and `route('dashboard')` for accessing the dashboard directly.
- Added authorization checks in the Create and Show Livewire components to ensure only authorized users can create, update, and delete PrivateKey instances.
- Introduced a new PrivateKeyPolicy to define access control rules for viewing, creating, updating, and deleting PrivateKey models based on user roles and team associations.
- Updated AuthServiceProvider to register the new PrivateKeyPolicy, enhancing security and access control for PrivateKey functionalities.
- Added authorization checks using the `authorize` method in various Livewire components to ensure only authorized users can update server settings.
- Updated `ServerPolicy` to restrict update permissions to admin users and their respective teams.
- Enhanced security and access control for server management functionalities.
- Introduced a new boolean setting `is_git_shallow_clone_enabled` to the application settings model.
- Updated the `Advanced` component to include a checkbox for enabling shallow cloning.
- Modified the `setGitImportSettings` and `generateGitImportCommands` methods to handle shallow clone logic.
- Created a migration to add the new setting to the database schema.
- Enhanced the deployment process to utilize shallow cloning for improved performance.
- Added logic to remove Alpine.js directives (x-*, @*, :*) from sanitized nodes to prevent potential XSS vulnerabilities.
- Maintained existing link sanitization to ensure safe handling of anchor elements.
- Introduced `ValidationPatterns` class to standardize validation rules and messages for various fields across multiple components.
- Updated components including `General`, `StackForm`, `Create`, and `Show` to utilize the new validation patterns, ensuring consistent validation logic.
- Enhanced error messages for required fields and added regex validation for names and descriptions to improve user feedback.
- Adjusted styling in the `create.blade.php` view for better visual hierarchy.
- Introduced `ValidationPatterns` class to standardize validation rules and messages for name and description fields across the application.
- Updated various components and models to utilize the new validation patterns, ensuring consistent sanitization and validation logic.
- Replaced the `HasSafeNameAttribute` trait with `HasSafeStringAttribute` to enhance attribute handling and maintain consistency in name sanitization.
- Enhanced the `CleanupNames` command to align with the new validation rules, allowing for a broader range of valid characters in names.
- Updated the `sanitizeHTML` function to include additional sanitization options for better security.
- Introduced a URL regex to validate links and added a hook to manage `rel` attributes for external links.
- Ensured that only safe attributes and tags are retained, further preventing XSS vulnerabilities.
- Introduced `CleanupNames` command to sanitize name fields by removing invalid characters, ensuring only letters, numbers, spaces, dashes, underscores, and dots are retained.
- Implemented options for dry run, model-specific cleaning, database backup, and forced execution.
- Updated `Init` command to call the new `cleanup:names` command.
- Enhanced project and environment validation to enforce name sanitization rules.
- Added `HasSafeNameAttribute` trait to relevant models for consistent name handling.
- Added DOMPurify library to sanitize HTML content in toast notifications and other components to prevent XSS vulnerabilities.
- Updated relevant components to use the new `sanitizeHTML` function for safe rendering of HTML content.
- Ensured that only allowed tags and attributes are permitted in sanitized output.
- Added functionality for users to request an email change, including generating a verification code and setting an expiration time.
- Implemented methods in the User model to handle email change requests, code validation, and confirmation.
- Created a new job to update the user's email in Stripe after confirmation.
- Introduced rate limiting for email change requests and verification attempts to prevent abuse.
- Added a new notification for email change verification.
- Updated the profile component to manage email change requests and verification UI.
