Releases: 686f6c61/gitpins
Releases · 686f6c61/gitpins
v3.9.6
Added
- Added
admin:accessCLI tooling to grant, revoke and inspect admin allowlist entries from the database. - Added audit identity snapshots to admin logs so admin actions remain traceable even after user deletion.
- Added versioned SQL migration for admin hardening in
prisma/migrations/20260323205246_m6_admin_hardening/migration.sql. - Added SonarQube project configuration for local static analysis runs.
- Added a visual before/after landing demo that simulates how GitHub ordering changes with GitPins.
- Added a dashboard status summary with saved state, pinned repo count, sync mode and last sync visibility.
- Added new public docs pages for API, admin, deployment and troubleshooting.
Changed
- Updated core dependencies including Next.js, Prisma, pg, Jest, ESLint and Tailwind-related packages.
- Switched runtime admin authorization to the
admin_accountsallowlist only. - Hardened admin mutations with shared authorization checks, CSRF/origin validation, rate limiting and sudo reauthentication.
- Linked pre-granted admin allowlist entries to users on login without relying on environment fallbacks.
- Improved privacy exports with admin allowlist metadata and audit snapshots.
- Replaced temporary sync tag suffix generation with
crypto.randomUUID(). - Improved repository filter sorting and accessibility behavior in the help demo.
- Expanded automated test coverage for security and sanitization helpers.
- Reworked the settings modal into clearer sections for ordering, scheduled sync, privacy and danger actions.
- Localized and polished the install, banned and admin surfaces for both Spanish and English.
- Replaced the admin-side inferred
gitpins-configlink with the real saved setup state to avoid pointing to repos that may not exist. - Refreshed README and docs to explain that GitPins exposes the sync API while scheduling can be handled by GitHub Actions or any external scheduler.
Security
- Removed runtime dependence on
ADMIN_GITHUB_IDas an authorization fallback. - Reworked HTML validation to avoid regex-based hotspot findings.
- Centralized plain-text sanitization for admin reasons and notes.
- Applied admin hardening migration to local and production databases without deleting existing data.
v3.9.5
Full Changelog: https://github.com/686f6c61/gitpins/commits/v3.9.5
v0.3.9.2: Filtros y seguridad
Cambios
Filtro de visibilidad en dashboard
- Nuevos tabs: Todos / Publicos / Privados
- Solo afecta visualizacion, no modifica el orden guardado
- Drag & drop funciona con cualquier filtro activo
Boton Ejecutar ahora mejorado
- Estilo mas visible con fondo destacado
- Mejor feedback visual durante sincronizacion
Seguridad admin
- Verificacion CSRF en rutas destructivas (ban/unban/delete)
- Eliminado campo isAdmin del JWT (redundante)
- Token CSRF enviado en headers desde frontend admin
v0.3.9.1: Fixes menores
Cambios
Fix: Ejecutar ahora ignora preferredHour
- El boton "Ejecutar ahora" siempre funciona, ignorando la hora preferida configurada
- La hora preferida (preferredHour) solo aplica a sincronizaciones automaticas desde GitHub Actions
- Añadido parametro
force=truepara ejecuciones manuales desde el dashboard
Notas
- Parche sobre v0.3.9 para corregir comportamiento del sync manual
v0.3.9: Historial unificado, página de ayuda y preferredHour
Novedades
Historial de Actividad Unificado
- Combinados "Histórico de cambios" y "Actividad de Sincronización" en un único componente
- Nueva API
/api/activitycon paginación - Exportación a CSV y JSON
- Funcionalidad de restauración desde snapshots
Implementación de preferredHour
- El endpoint de sync ahora respeta la hora preferida (UTC)
- Si la hora actual no coincide, la sincronización se salta y se registra
- Eliminado
preferredDayspara simplificar la configuración
Nueva Página de Ayuda
- Guía completa en
/helpcon secciones:- Quick Start
- Permisos de GitHub App
- Demo interactivo de ordenación
- Configuración de sincronización
- Estrategias de commit
- Historial y exportación
- Troubleshooting
Mejoras en Landing
- Añadido paso 4 "Sin rastro" en sección How it Works
- Sección "Coming Soon" actualizada a "Funcionalidades v0.3.5"
- Enlace a Help en header
Limpieza
- Eliminados scripts de cleanup obsoletos
- Corregidas fechas @created 2024 → 2025 en todos los archivos
Contributors
created
Assets 2
v0.3.8: Refactorización Prisma
Cambios en Schema
- Nueva tabla
UserToken: Tokens de autenticación separados de la tabla User - Nueva tabla
AdminLog: Auditoría completa de acciones administrativas (ban/unban/delete) - Schema actualizado de 4 a 6 tablas
Cambios en Código
- Auth callback almacena tokens en UserToken
- API repos lee tokens desde relación user.token
- ensureValidToken actualizado para usar UserToken
- Acciones de admin crean registros en AdminLog
Correcciones de Lint
any→unknowncon type casting apropiado<a href="proxy.php?url=https%3A%2F%2Fgithub.com%2F">→<Link>para navegación interna- Lazy initialization en theme-provider e i18n
- Eliminados imports no usados
- Corregidas dependencias de useMemo
Verificaciones
- ✅ Lint: 0 errores, 0 warnings
- ✅ Tests: 75/75 passed
- ✅ Build: Compilado correctamente
v0.3.7: Fix sync loop
Correcciones
- Fix bucle de sync: Añadido lock de 10 minutos entre syncs para evitar que se repita
- Cleanup mejorado: Movido al final de todos los commits para mantener el orden correcto
- Nuevo campo
lastSyncAtpara tracking de syncs
Este fix soluciona el problema donde el sync se repetía automáticamente después de terminar.
v0.3.6: Nuevas funcionalidades
Nuevas funcionalidades
- Filtros avanzados: búsqueda por nombre, lenguaje, propietario y estrellas mínimas
- Histórico de cambios: ver y restaurar órdenes anteriores (últimos 20)
- Programación horaria: elegir hora y días preferidos para sincronización
- Soporte para organizaciones: filtrar repos personales vs organizaciones
- Sección "Nuevas funcionalidades" en landing page
Correcciones
- Fix crítico: branches de backup (
gitpins-backup-*) ahora se eliminan automáticamente después del cleanup - Corregido fecha en página legal (2024 → 2025)
- Corregidos errores de tipos TypeScript en rutas de API
Cambios técnicos
- Nuevo modelo
OrderSnapshoten Prisma para historial - Nuevos campos
preferredHourypreferredDaysenRepoOrder - Campo
ownereisOrgen tipoRepo - Nueva ruta
/api/repos/history
v0.3.1: dependencias vercel y cambio de timeout
Cambios
- Añadido @vercel/speed-insights para métricas de rendimiento
- Configurado maxDuration=800 en sync API para evitar timeouts
v0.3.0 - Simplified Architecture & Detailed Sync Logs
Major Release: Simplified Architecture
This release represents a significant simplification of GitPins' architecture. We've eliminated the need for the gitpins-config repository, making the system more straightforward and easier to use.
What's New
No More Config Repository
- Removed: The
gitpins-configrepository is no longer created or required - Simplified: Direct API-based synchronization without additional repos
- Cleaner: Your GitHub profile stays clean - only your actual projects are visible
Real-time Sync Activity Logs
- New Component: Sync Activity Log displays detailed progress for each sync operation
- Step-by-step tracking: See exactly what's happening during sync:
[1/10] Ordering owner/repo...- Creating commit for position 1/10...- Reverting commit...- Cleaning GitPins commits...- Cleaned 2 commit(s)[1/10] owner/repo - SUCCESS
- Expandable details: Click on any sync log to see full operation details
- Better troubleshooting: Identify exactly which repos succeeded or failed
Improved User Experience
- No setup complexity: Save your order and sync immediately
- Transparent operations: See what GitPins is doing in real-time
- Better error visibility: Failed operations are clearly marked with detailed messages
Removed Features
Config Repository System
- Removed automatic creation of
gitpins-configrepository - Removed GitHub Actions workflow generation
- Removed repository secrets management
- Removed config repo settings and UI
- Removed disclaimer modals
Note: If you have an existing gitpins-config repository, you can safely delete it. It's no longer used.
Technical Changes
Database Schema
- Removed
configRepoNamefield - Removed
configRepoCreatedfield - Removed
configRepoPrivatefield - Streamlined
RepoOrdermodel for better performance
API Changes
- Removed
/api/config/createendpoint - Added
/api/sync-logsendpoint for fetching sync activity - Simplified
/api/reposresponse (no config repo fields) - Cleaner
/api/repos/orderpayload
Architecture Improvements
- Reduced codebase complexity by ~300 lines
- Eliminated unnecessary GitHub App permissions
- Improved error handling and logging
- Better separation of concerns
Breaking Changes
-
Existing Config Repos: The
gitpins-configrepository in your account is no longer used. You can delete it if you wish. -
API Response Changes: The
/api/reposendpoint no longer returnsconfigRepoName,configRepoCreated, orconfigRepoPrivatefields. -
Sync Method: Synchronization now works entirely through the API without creating any additional repositories.
Migration Guide
For Existing Users
- Your repo order is preserved - No action needed
- Delete old config repo (optional):
# You can safely delete your gitpins-config repo # It's no longer needed
- Continue using GitPins - Everything works the same, just simpler!
What Still Works
- Drag and drop ordering
- Automatic synchronization
- Sync frequency settings
- Commit strategies (branch/revert)
- Private repo support
- Post-commit cleanup
Bug Fixes
- Fixed admin dashboard config repo metrics (removed obsolete field)
- Fixed settings modal default values (now 7 days default frequency)
- Improved error messages in sync logs
- Fixed import paths in sync-logs API route
- Removed obsolete config repo visibility settings
Statistics
- Code removed: ~300 lines
- New features: Sync Activity Log component
- Files changed: 18
- Database schema updates: 3 fields removed
Full Changelog: v0.2.5...v0.3.0