v1.0.0

What's Changed

• ci: add semantic-release workflow and conventional commit enforcement by @chriscarrollsmith in #203

Full Changelog: v0.1.30...v1.0.0

v0.1.30

Summary

• Add InstrumentedAttribute[Any] casts on all selectinload chains in utils/core/organizations.py per the SQLModel typing rule.
• Introduce clear_all_rate_limiters() and a session-wide autouse fixture in tests/conftest.py that resets limiters before and after every test.
• Remove duplicate module-local rate limiter reset fixtures from tests/test_htmx.py and tests/routers/core/test_account.py.

Closes #201

Test plan

• uv run ty check .
• uv run pytest tests

Made with Cursor

v0.1.29

Summary

Resolves #196 by upgrading the full dependency lockfile to latest resolved versions, addressing Dependabot security alerts across runtime, dev, and transitive packages.

Key runtime upgrades:

• fastapi 0.136.1 → 0.138.0 (starlette 1.0.0 → 1.3.1)
• pyjwt 2.12.1 → 2.13.0
• python-multipart 0.0.29 → 0.0.32

Key dev/tooling upgrades:

• pytest 8.4.2 → 9.1.1 (widened constraint from <9.0.0 to >=8.3.3)
• pytest-jinja-check 1.0.2 → 1.1.0 (Starlette 1.x _IncludedRouter route discovery)
• jupyter-server 2.18.2 → 2.20.0
• tornado 6.5.5 → 6.5.7
• bleach 6.3.0 → 6.4.0

Test plan

• uv run pytest tests — 421 passed
• uv run ty check . — passes
• Confirm Dependabot alerts are cleared after merge (one bleach alert may remain if no upstream patch exists: GHSA-g75f-g53v-794x)

Made with Cursor

v0.1.28

Summary

Two small, related cleanups to the communication-preferences feature added in #195:

1. Restore the confirm-password autocomplete regression test. #195 accidentally deleted the def line for test_register_page_confirm_password_has_autocomplete, collapsing its body into test_register_page_shows_password_requirements and demoting its docstring to a no-op string statement. The issue #156 autocomplete check is restored as its own test. The comm-preference assertions remain in test_register_page_shows_password_requirements, where they correctly verify the register page renders the new fields.

2. Drop the syncSubPreferences helper. In communication_preferences_fields.html the helper was only ever called from the master checkbox's change handler (disable branch) and never on init — initial visibility is already set server-side via the Jinja style="display: none;" guard. Inlining it removes the indirection and the enable/disable asymmetry. Behavior is preserved exactly: enabling reveals the sub-preferences and checks comm_updates; disabling hides them and clears both sub-preferences.

Test plan

• uv run pytest tests/routers/core/test_account.py (91 passed)
• uv run pytest tests/test_templates.py (30 passed)
• Both test_register_page_shows_password_requirements and test_register_page_confirm_password_has_autocomplete are collected as separate tests
• uv run ty check . clean

v0.1.27

Invalidates old invitation when prompted to send one to the same member within or after expiry without requiring cron jobs supporting cleanup.

Resolves #192

v0.1.26

Added a cancel button to delete pending invitations.

Resolves #190

v0.1.25

Wires the login “Remember Me” checkbox into auth cookie lifetime: unchecked logins get session cookies with a 12-hour refresh token, while checked logins get persistent cookies aligned to the existing 30-day refresh TTL. Cookie handling is centralized in set_auth_cookies() / clear_auth_cookies(), and the persistent flag is preserved through token rotation on /refresh and silent refresh via NeedsNewTokens. All auth paths keep httponly, secure, and samesite settings unchanged.

Resolves #187

v0.1.24

Summary

• Adds a modal-only conflict resolver to the propagate workflow for pyproject.toml and uv.lock conflicts.
• Preserves the Modal branch dependency overlay, regenerates uv.lock, and pushes the merge when only those known files conflict.
• Keeps the fallback PR path for all other conflicts.

Test plan

• Simulated the current origin/main into origin/modal merge locally.
• Verified the resolver clears pyproject.toml and uv.lock conflicts.
• Verified the resolved pyproject.toml keeps modal>=0.73.162 and uv.lock still contains the modal package.

Made with Cursor

v0.1.23

Summary

• Disables matrix fail-fast for the propagate workflow so a conflict or fallback failure on one deployment branch does not cancel the other branch's propagation job.
• Leaves the existing GitHub App token flow in place; the app now has PR read/write permissions for fallback PR creation.

Test plan

• Not run; workflow-only change.

Made with Cursor

v0.1.22

Confirm field re-validates against the current password; error clears when they match.

Resolves #182