Skip to content
GiftWrapt

Changelog
All versions All versions forward View on GitHub

Version v0.18.0

0.18.0 (2026-04-29)

Features

  • addons: refresh off-list gifts section UI (dcd7b03)
  • admin: add storage browser for image objects (ddc9b7b)
  • admin: add user permissions matrix to admin/users (af2ffec)
  • admin: delete user from edit page (97dbd37)
  • admin: show Guardian badge on users with guardianship (b96c6f9)
  • claim: tint gift icon green on claim button hover (1850b5d)
  • cron: cleanup-verification cron to purge expired tokens (4bac914)
  • items: admin toggle to mirror external images into storage on save (3ac1ad1)
  • items: celebrate successful claims with a check-morph flourish (ecf0fd2)
  • items: copy item to your own list (f520b2c)
  • items: move list items into React Query (9b5a106)
  • items: optimistic updates for group assign, delete, and bulk ops (531e21e)
  • items: optimistic updates with row-level saving indicator (98b00a4)
  • items: render internal-list links as in-app navigation badges (7cdb12e)
  • items: use UrlBadge in rows and reorganize storybook (b72fc02)
  • lists: add back-to-parent affordance on internal-list nav (3fe596a)
  • lists: refresh list header avatar and empty-state alignment (39b0e29)
  • notes: autolink bare URLs in rendered markdown notes (7901141)
  • purchases: stack priority icon under type icon in detail row (f04d18c)
  • recent: redesign recent items and comments pages (7376813)
  • recent: widen recent items and comments window to 60 days (dee1fb4)
  • scraping: per-entry timeout overrides + tier-aware progress alert (6dc1b32)
  • storybook: wrap Pages stories in a centered page-frame decorator (2b6fd5f)
  • test: add pglite integration harness and fix user-delete cascade ordering (cc6aca8)

Bug Fixes

  • admin: also skip R2 .emptyFolderPlaceholder in storage list (82ab1ef)
  • admin: cap admin storage walk + refuse bulk-delete when truncated (28984d3)
  • admin: hide S3 folder placeholders and open thumbnails in lightbox (4d4f9d5)
  • auth: cap cookieCache.maxAge at 24h instead of 7d (4191601)
  • auth: drop empty-string fallback for BETTER_AUTH_SECRET (057dde8)
  • auth: refuse INSECURE_COOKIES on HTTPS deployments (4d1e692)
  • auth: use generic sign-in error message (226b45d)
  • backup: require typed confirm + auto pre-wipe snapshot + audit log (9438dc3)
  • cron: fail-closed without CRON_SECRET, timing-safe bearer compare (deb7ca3)
  • deps: cap better-auth override to 1.4.x to avoid 1.6 admin-plugin bundle break (0240607)
  • deps: cap vite override below 8 to avoid rolldown bundler regression (4dc13b6)
  • files: add nosniff and Vary headers to file proxy (865e742)
  • filters: show vendor filter when any vendor is present (d3f1f12)
  • gifts: remove unused getGiftsForItems server function (016d600)
  • health: drop verbose mode from /api/health (3e8ced7)
  • image-picker: hide candidates whose img element fails to load (3573629)
  • items: client-side resize, upload on add, no-image picker option (5821b5d)
  • items: extract *Impl into server-only sibling to unbreak client build (5fbd7a6)
  • lists: refresh listing pages on query-cache invalidation (415be3d)
  • lists: shrink edit-page actions on smallest screens (4afd0a3)
  • lists: structured error for child gift-ideas attempts (6bd2fa8)
  • permissions: unify owner-or-viewer check with canViewListAsAnyone (8bbbd4a)
  • rate-limit auth, scrape, file proxy, comments, claims (b759976)
  • scrape: block SSRF via private-IP check and manual redirect walk (f4c9200)
  • scrape: bump default timeouts to 20s/45s (be8b20a)
  • scrape: harden AI extractor against prompt injection (b2eb5e6)
  • settings: migrate legacy wish-list-scraper type on read (aa6bb86)
  • settings: redact decrypted scraper secrets from public reads (8216f5a)
  • skeletons: drop red bg from loading skeleton (566c7a4)
  • storage: default GARAGE_ADMIN_URL to compose service name (9b3d71b)
  • uploads: validate magic bytes and cap sharp pixel input (c794e5f)
  • urls: lowercase unknown-vendor display names (8fc0508)