This release fixes a security devDependency (removed source-map-explorer), improves webhook handling across providers, and makes the Notifications UI Test button functional end-to-end.
Highlights:
- Security: removed vulnerable transitive dependency introduced via
source-map-explorer. - Webhooks: NTFY, Telegram, Pushover, Pushbullet, Slack, and generic/Zapier payloads handled correctly.
- UX: Token-first webhook configuration and stable trigger badge ordering.
- Diagnostics: temporary redacted request/response logging added to aid verification (will be removed after confirmation).
Fixed
- Removed vulnerable devDependency (
source-map-explorer) to address a transitiveejsDependabot alert. - Fixed notification "Test" action so the UI sends a diagnostics test payload to the API.
- Corrected NTFY semantics: now POSTs
text/plainand includesTitle,Priority, andTagsheaders. (Fixes #264) - Fixed Telegram payload format: sendMessage JSON now contains
chat_id,text,disable_notification, andparse_mode. (Fixes #209) - Fixed Pushover flow: UI accepts token + user key and backend posts
application/x-www-form-urlencoded. (Fixes #280) - Ensured trigger badges render in a stable, fixed order.
- Generic/Zapier webhooks now receive the full rich JSON payload.
Changed
- Streamlined the solution and moved to slnx format. (Thanks @MarkCiliaVincenti. Cherrypicked and closes #327)
- UI: Token-first webhook UX for Telegram, Pushover, and Pushbullet; generic webhook URL hidden when token-only.
- Backend: Notification sending logic extended to support Pushbullet and Slack, plus provider-specific payload formats.
- Added temporary redacted request/response logging to help diagnose webhook delivery during verification.
Removed
source-map-explorerfrom frontend devDependencies and lockfile entries.
Automated canary build