Switchbordswitchbord
Sign inGet started
All releases
v0.16.04

v0.16.04

Harden the public launch path with enforced secret scanning, fail-closed compatibility webhook auth, safer token handling, current repo metadata, and a Next.js advisory patch.

What's improved


  • Enforced OSS gitleaks scanning now runs on pull requests and main pushes, replacing the disabled optional workflow.
  • Emarsys compatibility webhooks now require x-emarsys-webhook-secret, reject query-string secrets, and fail closed when the server secret is missing.
  • Internal API middleware now compares the shared API key through hashed constant-time comparison instead of raw string equality.
  • Meta Graph settings validation now sends the workspace access token in the Authorization header instead of the URL.
  • Public package/docs/security links now point to the Switchbord organization, and Next.js is upgraded to 16.2.6 across the workspace.

Verification


  • pnpm --filter api test -- __tests__/compatibility.test.ts
  • pnpm --filter api typecheck
  • pnpm --filter app typecheck
  • pnpm lint
Olderv0.16.05Newerv0.16.08