chrisvel/tududi v1.1.0

on GitHub

What's Changed

• Fix: Resolve 20 security vulnerabilities in dependencies by @chrisvel in #983
• Fix: Prevent subtasks from disappearing when updating parent task by @chrisvel in #984
• Fix: Bi-weekly recurring task scheduling for multi-day patterns by @chrisvel in #1005
• fix: add missing i18next dependency to package.json by @chrisvel in #1006
• fix: exclude cancelled tasks from Overdue and Due Today sections by @chrisvel in #1007
• fix: use correct InboxItem model name in MCP inbox tools by @oritromax in #986
• Bump hono from 4.12.8 to 4.12.12 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1012
• Bump @hono/node-server from 1.19.11 to 1.19.13 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1011
• Bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1010
• Bump nodemailer from 8.0.4 to 8.0.5 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1009
• feat: Add OIDC/SSO authentication support by @chrisvel in #1008
• fix: allow Sunday selection in monthly weekday recurring tasks by @chrisvel in #1014
• fix: correct Sequelize alias case for OIDCIdentity-User association by @chrisvel in #1015
• fix: resolve inbox project creation bugs by @chrisvel in #1018
• fix: prevent Telegram polling errors from blocking container startup by @chrisvel in #1019
• fix: prevent task name truncation when creating from inbox by @chrisvel in #1020
• fix: resolve OIDC authentication error with existing identities by @chrisvel in #1021
• fix: resolve OIDC session loss and migration failures by @chrisvel in #1023
• build(deps): bump follow-redirects from 1.15.11 to 1.16.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1024
• fix: add CSRF token support to frontend requests by @chrisvel in #1025
• build(deps): bump hono from 4.12.12 to 4.12.14 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1034
• feat(caldav): Add CalDAV Synchronization Support (Issue #978) by @chrisvel in #1030
• fix(search): Handle touch events to prevent input blur on mobile when saving views by @chrisvel in #1039
• fix(mcp): Include subtasks in get_task API response by @chrisvel in #1040
• fix(ui): Auto-focus project search field when opened (Issue #992) by @chrisvel in #1038
• fix(inbox): Fix tag/project autocomplete selection by @chrisvel in #1043
• fix(notifications): Add missing test notification endpoint (Issue #1002) by @chrisvel in #1047
• feat(task-content): make markdown checkboxes interactive in task description view by @TastyPi in #1046
• fix: add missing CSRF token to today settings PUT request by @TastyPi in #1044
• fix(migration): Correctly migrate password column from v1.0.0 (Issue #1051) by @chrisvel in #1052
• fix: restore password migration COALESCE and add trust proxy diagnostics by @chrisvel in #1057
• fix(migration): resolve v1.0.0 password column migration causing login failures by @chrisvel in #1059
• fix(oidc): normalize OIDC_SCOPE to handle whitespace issues by @chrisvel in #1060
• build(deps-dev): bump i18next-http-backend from 3.0.2 to 3.0.5 in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1058
• fix(admin): add CSRF token to admin user management operations by @chrisvel in #1065
• test: add comprehensive user isolation tests for tasks by @chrisvel in #1067
• fix: add copy button to note details page by @chrisvel in #1068
• fix: wire CalendarToken model into models/index.js to prevent MCP crashes by @chrisvel in #1069
• fix: use CALDAV_ENABLED for calendar feature flag by @chrisvel in #1070
• fix(tasks): fix projectless task visibility leak in dashboard metrics (#1063) by @alimuratgymn in #1066
• fix: replace 6-word limit with 150-character limit for project names by @chrisvel in #1077
• fix: make password_digest migration compatible with all schema versions by @chrisvel in #1078
• feat: add configurable file upload limit via environment variable by @chrisvel in #1080
• Added Kanidm to the documentation of OIDC SSO by @meszolym in #1095
• fix: use auto-detect for session cookie secure flag to support reverse proxies by @chrisvel in #1101
• fix: initialize email service on startup to enable user registration by @chrisvel in #1102
• fix: correct Note model field from 'name' to 'title' in MCP search tool by @chrisvel in #1103
• fix: register session middleware before CalDAV routes to enable session auth by @chrisvel in #1106
• fix: increase HTTP keep-alive timeout for persistent MCP connections by @chrisvel in #1111
• fix: cascade delete tasks and attachments when deleting project by @chrisvel in #1114
• fix: add max-width constraint to completion chart tooltip on mobile by @chrisvel in #1107
• Fix: Enable subtask expansion on Today page by @chrisvel in #1097
• Feat/mcp tests by @jax0m in #1093
• fix(lint): Use backend eslint config in lint-staged for backend files by @TastyPi in #1089
• fix: ensure notification_preferences are initialized for all users by @chrisvel in #1115
• fix: Update task count display when tasks are created or deleted by @chrisvel in #1116
• fix: Add CSRF token to project image upload request by @chrisvel in #1119
• feat(oauth): Add OAuth2 resource server support (RFC 9728) by @TastyPi in #1042
• fix(caldav): Add missing encryption keys and repository methods by @chrisvel in #1127
• fix(tasks): Preserve task name when changing recurring task status by @chrisvel in #1128
• fix(tasks): Fix timezone handling for recurring task day-of-week display by @chrisvel in #1130
• fix(caldav): Add CalDAV discovery endpoints for client connection by @chrisvel in #1131
• fix(caldav): Add error handling to CalDAV API routes by @chrisvel in #1132
• fix(project): Add CSRF token to task status update in ProjectDetails by @chrisvel in #1143
• fix(tasks): Enforce project permissions in Today screen queries by @chrisvel in #1148
• fix(caldav): Validate Bearer tokens in CalDAV auth middleware by @chrisvel in #1155
• fix(caldav): Handle calendar-multiget REPORT so iOS tasks appear by @chrisvel in #1156
• fix(caldav): serialize DUE and DTSTART as VALUE=DATE to prevent iOS midnight reminders by @chrisvel in #1157
• fix(caldav): exclude CalDAV routes from compression middleware by @chrisvel in #1158
• fix(caldav): use prefix-agnostic XML node lookup to support iOS clients by @chrisvel in #1159
• fix(caldav): make iOS autodiscovery RFC-compliant end-to-end by @chrisvel in #1160
• Updated OIDC docs for Authentik by @hickey in #1150
• Include CSRF token when setting project task to in progress by @emptynick in #1126
• fix(migration): Parse JSON string before property access in notification preferences migration by @TastyPi in #1120
• fix(notifications): include CSRF token in test notification request by @damjanZGB in #1091
• fix(oidc): make OIDC_ENABLED check case-insensitive by @chrisvel in #1163
• fix(modals): prevent discard dialog mouse clicks from closing parent modal by @chrisvel in #1164
• fix(caldav): preserve VALARM on round-trip and fix defer_until UTC offset display by @chrisvel in #1165

New Contributors

• @oritromax made their first contribution in #986
• @dependabot[bot] made their first contribution in #1012
• @TastyPi made their first contribution in #1046
• @alimuratgymn made their first contribution in #1066
• @meszolym made their first contribution in #1095
• @jax0m made their first contribution in #1093
• @hickey made their first contribution in #1150
• @emptynick made their first contribution in #1126
• @damjanZGB made their first contribution in #1091

Full Changelog: v1.0.0...v1.1.0