chore: release v1.5.0

[JoachimLK]

🤖 I have created a release beep boop

1.5.0 (2026-05-17)

✨ Features

• add pgDumpEnv utility to secure environment variable handling (6fe4900)
• enhance color mode functionality and improve UI responsiveness (8068e4e)
• implement nonce-based CSP middleware for enhanced security (bfb4483)
• implement nonce-based CSP middleware for enhanced security (6fe4900)

🐛 Bug Fixes

• enhance rate limiting logic and add tests (6fe4900)
• update comments for clarity and enhance rate limiting logic in production (921ea39)
• update overrides to resolve high-severity CVEs blocking dep PRs (a1edd32)

🧪 Testing

• add security tests for recent fixes (6fe4900)
• add unit tests for pgDumpEnv utility (6fe4900)

---

This PR was generated with Release Please. See documentation.

Summary by CodeRabbit

• New Features

  • Added secure environment variable handling
  • Enhanced color mode and UI responsiveness
  • Added CSP middleware enhancement

• Bug Fixes

  • Improved rate limiting logic
  • Resolved critical dependency vulnerabilities

• Tests

  • Added security tests
  • Added unit tests for new utilities

[railway-app]

🚅 Deployed to the reqcore-pr-172 environment in applirank

Service	Status	Web	Updated (UTC)
applirank	✅ Success (View Logs)		May 17, 2026 at 1:58 pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates release metadata and notes for v1.5.0: it increments the root package version in package.json and .release-please-manifest.json from 1.4.0 to 1.5.0 and adds a v1.5.0 (2026-05-17) entry under ## Unreleased in CHANGELOG.md.

Changes

Version Bump & Release Notes

Layer / File(s)	Summary
Version metadata .release-please-manifest.json, package.json	Root package version for "." changed from 1.4.0 to 1.5.0.
Release notes CHANGELOG.md	Added v1.5.0 (2026-05-17) section under ## Unreleased with bullets for Features (pgDumpEnv, color mode/UI responsiveness, nonce-based CSP middleware), Bug Fixes (rate limiting logic and dependency override updates), and Testing (security tests and pgDumpEnv unit tests).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• reqcore-inc/reqcore#76: Prior release-please update touching the same version fields and changelog.

Suggested labels

autorelease: tagged

Poem

🐰 A tiny hop, a tidy chore,
Bumped to 1.5.0 and notes galore.
Manifest, package, changelog bright,
Small edits made to set release right.
Rabbit nods — release bedtime light.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is auto-generated by Release Please and contains release notes but lacks the required template structure with Summary, Type of change, Validation, and DCO sections.	Add the required template sections including Summary, Type of change checkboxes, Validation checklist, and DCO sign-off checkbox as specified in the repository template.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore: release v1.5.0' clearly summarizes the main change and follows Conventional Commits format as required by the repository template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release-please--branches--main--components--reqcore

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CHANGELOG.md`:
- Around line 25-26: The CHANGELOG contains a duplicate entry for "implement
nonce-based CSP middleware for enhanced security" (shown with commits bfb4483
and 6fe4900); edit CHANGELOG.md to remove the redundant line so the 1.5.0 notes
list this feature only once (or, if the commits represent distinct changes,
replace one entry with a clarified/differentiated description referencing the
appropriate commit hash).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ffbce87e-3880-4cb4-b082-1b10072523c6

📥 Commits

Reviewing files that changed from the base of the PR and between bfb4483 and e6fbad3.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• .release-please-manifest.json
• CHANGELOG.md
• package.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove duplicated feature entry in the 1.5.0 notes.

CHANGELOG.md Line 25 and Line 26 describe the same nonce-based CSP middleware feature, which makes the release notes misleading/redundant. Keep only one entry (or differentiate if they are actually distinct changes).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CHANGELOG.md` around lines 25 - 26, The CHANGELOG contains a duplicate entry
for "implement nonce-based CSP middleware for enhanced security" (shown with
commits bfb4483 and 6fe4900); edit CHANGELOG.md to remove the redundant line so
the 1.5.0 notes list this feature only once (or, if the commits represent
distinct changes, replace one entry with a clarified/differentiated description
referencing the appropriate commit hash).

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

CHANGELOG.md (1)

25-26: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove the duplicated “nonce-based CSP middleware” entry.

Lines 25 and 26 contain the exact same feature description; this makes the release notes redundant/misleading. Either keep only one bullet or merge them into a single line (or differentiate the text if they truly represent distinct changes).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CHANGELOG.md` around lines 25 - 26, Remove the duplicate changelog entry for
"implement nonce-based CSP middleware for enhanced security" by keeping only one
bullet that references the two commits (bfb4483 and 6fe4900) or by merging them
into a single line that lists both commit hashes; update the single bullet to
include both commits or remove the redundant line so only one occurrence of the
phrase "implement nonce-based CSP middleware for enhanced security" remains.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CHANGELOG.md`:
- Around line 31-32: Update the two changelog entries containing the phrase
"rate limiting" to use the hyphenated compound adjective "rate-limiting" (i.e.,
change "enhance rate limiting logic and add tests" and "enhance rate limiting
logic in production" to "enhance rate-limiting logic and add tests" and "enhance
rate-limiting logic in production"); ensure both commits referenced in the two
bullets are edited so the changelog consistently uses "rate-limiting".

---

Duplicate comments:
In `@CHANGELOG.md`:
- Around line 25-26: Remove the duplicate changelog entry for "implement
nonce-based CSP middleware for enhanced security" by keeping only one bullet
that references the two commits (bfb4483 and 6fe4900) or by merging them into a
single line that lists both commit hashes; update the single bullet to include
both commits or remove the redundant line so only one occurrence of the phrase
"implement nonce-based CSP middleware for enhanced security" remains.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c453ce9c-3492-4113-af3f-19b49cea0d7a

📥 Commits

Reviewing files that changed from the base of the PR and between e6fbad3 and 516e353.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• .release-please-manifest.json
• CHANGELOG.md
• package.json

✅ Files skipped from review due to trivial changes (2)

• package.json
• .release-please-manifest.json

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Hyphenate “rate-limiting” (compound adjective).

Static analysis suggests the changelog phrasing “rate limiting” should be “rate-limiting” as a compound adjective. Consider updating Lines 31-32 accordingly for consistency and correctness.

As per coding guidelines, “If applicable, propose fixes … without fixing an immediate user-visible problem.” This is a low-risk documentation polish backed by static analysis hints.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~31-~31: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...5bdbcf9)) ### 🐛 Bug Fixes * enhance rate limiting logic and add tests ([6fe4900](https://...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~32-~32: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...update comments for clarity and enhance rate limiting logic in production ([921ea39](https://...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@CHANGELOG.md` around lines 31 - 32, Update the two changelog entries
containing the phrase "rate limiting" to use the hyphenated compound adjective
"rate-limiting" (i.e., change "enhance rate limiting logic and add tests" and
"enhance rate limiting logic in production" to "enhance rate-limiting logic and
add tests" and "enhance rate-limiting logic in production"); ensure both commits
referenced in the two bullets are edited so the changelog consistently uses
"rate-limiting".

[coderabbitai]

♻️ Duplicate comments (2)

CHANGELOG.md (2)

31-32: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Hyphenate "rate-limiting" as a compound adjective.

Both entries use "rate limiting logic" where "rate limiting" modifies the noun "logic". Standard grammar requires hyphenation for compound adjectives: "rate-limiting logic".

📝 Suggested fix

-* enhance rate limiting logic and add tests ([6fe4900](https://github.com/reqcore-inc/reqcore/commit/6fe490000487779ad008277ee650ded375bdbcf9))
-* update comments for clarity and enhance rate limiting logic in production ([921ea39](https://github.com/reqcore-inc/reqcore/commit/921ea399bc35fbb006274d98faf7433fedf88aa5))
+* enhance rate-limiting logic and add tests ([6fe4900](https://github.com/reqcore-inc/reqcore/commit/6fe490000487779ad008277ee650ded375bdbcf9))
+* update comments for clarity and enhance rate-limiting logic in production ([921ea39](https://github.com/reqcore-inc/reqcore/commit/921ea399bc35fbb006274d98faf7433fedf88aa5))

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CHANGELOG.md` around lines 31 - 32, Update the two changelog entries that
read "rate limiting logic" to use the compound adjective form "rate-limiting
logic" so both bullets read "* enhance rate-limiting logic and add tests
([6fe4900]...)" and "* update comments for clarity and enhance rate-limiting
logic in production ([921ea39]...)" — edit the exact text in CHANGELOG.md where
the phrases "rate limiting logic" appear.

---

25-26: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove duplicated feature entry in the 1.5.0 notes.

Lines 25 and 26 describe the same nonce-based CSP middleware feature with different commit hashes. Keep only one entry, or if these commits represent distinct changes, differentiate the descriptions to clarify what each commit contributed.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@CHANGELOG.md` around lines 25 - 26, The CHANGELOG contains two identical
entries for "implement nonce-based CSP middleware for enhanced security" with
different commit hashes; remove the duplicate or make them distinct: keep a
single bullet for the feature (remove one of the two lines referencing bfb4483
or 6fe4900) or update the text to differentiate what each commit changed (e.g.,
"initial implementation" vs "bugfix/perf/opt" and include the corresponding
commit hash). Locate the two bullets mentioning "nonce-based CSP middleware" in
CHANGELOG.md and either delete the redundant line or rewrite both bullets to
clearly state separate contributions.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@CHANGELOG.md`:
- Around line 31-32: Update the two changelog entries that read "rate limiting
logic" to use the compound adjective form "rate-limiting logic" so both bullets
read "* enhance rate-limiting logic and add tests ([6fe4900]...)" and "* update
comments for clarity and enhance rate-limiting logic in production
([921ea39]...)" — edit the exact text in CHANGELOG.md where the phrases "rate
limiting logic" appear.
- Around line 25-26: The CHANGELOG contains two identical entries for "implement
nonce-based CSP middleware for enhanced security" with different commit hashes;
remove the duplicate or make them distinct: keep a single bullet for the feature
(remove one of the two lines referencing bfb4483 or 6fe4900) or update the text
to differentiate what each commit changed (e.g., "initial implementation" vs
"bugfix/perf/opt" and include the corresponding commit hash). Locate the two
bullets mentioning "nonce-based CSP middleware" in CHANGELOG.md and either
delete the redundant line or rewrite both bullets to clearly state separate
contributions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 33f29821-6a44-4222-8506-93d5c8a973ff

📥 Commits

Reviewing files that changed from the base of the PR and between 07b323b and d076e00.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• .release-please-manifest.json
• CHANGELOG.md
• package.json

✅ Files skipped from review due to trivial changes (2)

• .release-please-manifest.json
• package.json