Highlights
Fixed
- Bouncer-blocked state in container detail views — Full-page and side panel detail views now show a red "Blocked" button with lock icon when a container's target image is blocked by the security bouncer, replacing the misleading green "Update" button. Force-update flow with confirmation dialog wired through all four detail components.
Changed
- Clean-tree gate in pre-push pipeline — New priority-0 lefthook step rejects pushes when the working tree has untracked files, uncommitted changes, or stashed changes. Prevents qlty from hanging on interactive "Format these files?" prompts and catches the common case where local tests pass against uncommitted changes that CI will never see.
QA / DevEx
- Cosign signature verification disabled in QA —
DD_SECURITY_VERIFY_SIGNATURES=falsein qa-compose.yml allows update flow testing without cosign-signed images. - Mosquitto broker and icon test labels — QA environment expanded with MQTT broker container and icon display label coverage.
- Snyk removed from lefthook — Snyk scans are now CI-only (release workflow) to preserve the 200/month API quota.
Full changelog: https://github.com/CodesWhat/drydock/blob/main/CHANGELOG.md