fix: allowlist new components in security audit, fix flaky date test

Add smart-announcement.tsx and next/index.ts to dangerouslySetInnerHTML
allowlist (JSON script injection and feature description rendering).

Fix relative date test to also match "last week" and "last month".

Co-Authored-By: Glinr <bot@glincker.com>

Author: thegdsks

scripts/security-audit.mjs

@@ -36,8 +36,10 @@ const RULES = [
       /^src\/react\/components\/banner\.tsx$/,
       /^src\/react\/components\/changelog-page\.tsx$/,
       /^src\/react\/components\/changelog-widget\.tsx$/,
+      /^src\/react\/components\/smart-announcement\.tsx$/,
       /^src\/react\/components\/spotlight\.tsx$/,
       /^src\/react\/components\/toast\.tsx$/,
+      /^src\/next\/index\.ts$/,
     ],
   },
 ];

src/__tests__/react-components.test.tsx

@@ -129,7 +129,7 @@ describe("ChangelogWidget", () => {
       </Wrapper>,
     );
     await userEvent.click(screen.getByText("What's New"));
-    expect(screen.getAllByText(/ago|yesterday|today/i).length).toBeGreaterThan(0);
+    expect(screen.getAllByText(/ago|yesterday|today|last week|last month/i).length).toBeGreaterThan(0);
   });
 
   it("disables widget enter animation when preset is none", async () => {