@networkpro/web 1.26.18 → 1.26.20

package/.github/workflows/playwright.yml

@@ -34,7 +34,7 @@ jobs:
       - name: Set up Node.js
         uses: actions/setup-node@v6
         with:
-          node-version: 22
+          node-version: 24
           cache: npm
           cache-dependency-path: package-lock.json
 

package/CHANGELOG.md

@@ -24,11 +24,58 @@ version increments reflecting both user-visible and operational impact.
 
 ---
 
+## [1.26.20] - 2026-04-10
+
+### Changed
+
+- Bumped project version to `v1.26.20`.
+- Updated dependencies:
+  - `prettier` `3.8.1` → `3.8.2`
+  - `svelte` `5.55.2` → `5.55.3`
+
+### Fixed
+
+- Removed an unused `window` mock from the UTM unit test to better reflect the current `appendUTM` implementation.
+- Stabilized SPA navigation E2E helpers by relying on Playwright click actionability instead of a separate `scrollIntoViewIfNeeded()` call, with a single retry for transient no-op clicks.
+- Updated the navigation link assertion to compare the resolved `pathname` instead of the raw `href` attribute for better cross-browser consistency.
+
+---
+
+## [1.26.19] - 2026-04-09
+
+### Changed
+
+- Bumped project version to `v1.25.19`.
+- Modified Node.js version to `24` in `.github/workflows/playwright.yml`.
+- Updated generator metadata in `src/app.html` to reflect **SvelteKit 2.57.1**.
+- Updated dependencies:
+  - `@eslint/compat` `^2.0.3` → `^2.0.5`
+  - `@vitest/coverage-v8` `4.1.2` → `4.1.4`
+  - `browserslist` `^4.28.1` → `^4.28.2`
+  - `jsdom` `29.0.1` → `29.0.2`
+  - `postcss` `^8.5.8` → `^8.5.9`
+  - `svelte` `5.55.1` → `5.55.2`
+  - `vite` `^8.0.3` → `^8.0.8`
+  - `vitest` `4.1.2` → `4.1.4`
+  - `@playwright/test` `^1.58.2` → `^1.59.1`
+  - `@sveltejs/kit` `2.55.0` → `2.57.1`
+  - `eslint` `10.1.0` → `10.2.0`
+  - `eslint-plugin-jsdoc` `^62.8.1` → `^62.9.0`
+  - `eslint-plugin-svelte` `^3.16.0` → `^3.17.0`
+  - `playwright` `^1.58.2` → `^1.59.1`
+  - `posthog-js` `^1.364.2` → `^1.367.0`
+
+## Security
+
+- Added transitive dependency override for `lodash-es` `v4.18.1` in order to mitigate CVE-2026-4800 and CVE-2026-2950.
+- Updated transitive dependency override for `basic-ftp` to `v5.2.1` in order to mitigate CVE-2026-39983.
+
+---
+
 ## [1.26.18] - 2026-03-30
 
 ### Changed
 
-- Adjusted `engines.node` in `CHANGELOG.md` to allow only `>=24.0.0 <25`, as **Node.js** `v24` is now the current LTS release.
 - Bumped project version to `v1.26.18`.
 - Updated dependencies:
   - `svelte-check` `^4.4.5` → `^4.4.6`
@@ -2624,7 +2671,9 @@ This enables analytics filtering and CSP hardening for the audit environment.
 
 <!-- Link references -->
 
-[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.26.18...HEAD
+[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.26.20...HEAD
+[1.26.20]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.20
+[1.26.19]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.19
 [1.26.18]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.18
 [1.26.17]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.17
 [1.26.16]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.26.16

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@networkpro/web",
   "private": false,
-  "version": "1.26.18",
+  "version": "1.26.20",
   "description": "Locking Down Networks, Unlocking Confidence™ | Security, Networking, Privacy — Network Pro Strategies",
   "keywords": [
     "advocacy",
@@ -90,38 +90,38 @@
   },
   "dependencies": {
     "dompurify": "^3.3.3",
-    "posthog-js": "^1.364.2",
+    "posthog-js": "^1.367.0",
     "semver": "^7.7.4",
-    "svelte": "5.55.1"
+    "svelte": "5.55.3"
   },
   "devDependencies": {
-    "@eslint/compat": "^2.0.3",
+    "@eslint/compat": "^2.0.5",
     "@eslint/js": "10.0.1",
     "@lhci/cli": "^0.15.1",
-    "@playwright/test": "^1.58.2",
+    "@playwright/test": "^1.59.1",
     "@sveltejs/adapter-netlify": "^6.0.4",
     "@sveltejs/adapter-vercel": "^6.3.3",
-    "@sveltejs/kit": "2.55.0",
+    "@sveltejs/kit": "2.57.1",
     "@sveltejs/vite-plugin-svelte": "^7.0.0",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/svelte": "^5.3.1",
-    "@vitest/coverage-v8": "4.1.2",
+    "@vitest/coverage-v8": "4.1.4",
     "autoprefixer": "^10.4.27",
-    "browserslist": "^4.28.1",
-    "eslint": "10.1.0",
+    "browserslist": "^4.28.2",
+    "eslint": "10.2.0",
     "eslint-config-prettier": "^10.1.8",
-    "eslint-plugin-jsdoc": "^62.8.1",
-    "eslint-plugin-svelte": "^3.16.0",
+    "eslint-plugin-jsdoc": "^62.9.0",
+    "eslint-plugin-svelte": "^3.17.0",
     "globals": "^17.4.0",
     "globby": "^16.2.0",
-    "jsdom": "29.0.1",
+    "jsdom": "29.0.2",
     "lightningcss": "^1.32.0",
     "markdownlint": "^0.40.0",
     "markdownlint-cli2": "0.22.0",
     "npm-run-all": "^4.1.5",
-    "playwright": "^1.58.2",
-    "postcss": "^8.5.8",
-    "prettier": "3.8.1",
+    "playwright": "^1.59.1",
+    "postcss": "^8.5.9",
+    "prettier": "3.8.2",
     "prettier-plugin-svelte": "^3.5.1",
     "simple-git-hooks": "^2.13.1",
     "stylelint": "^17.6.0",
@@ -132,17 +132,18 @@
     "svelte-eslint-parser": "^1.6.0",
     "svelte-preprocess": "^6.0.3",
     "typescript": "5.9.3",
-    "vite": "^8.0.3",
+    "vite": "^8.0.8",
     "vite-plugin-devtools-json": "^1.0.0",
     "vite-plugin-lightningcss": "^0.0.5",
-    "vitest": "4.1.2"
+    "vitest": "4.1.4"
   },
   "overrides": {
-    "basic-ftp": "^5.2.0",
-    "cookie": "^1.0.0",
+    "basic-ftp": "^5.2.1",
+    "cookie": "^1.1.1",
     "glob": "^11.1.0",
     "js-yaml": "^4.1.1",
-    "lodash": "^4.17.23",
+    "lodash": "^4.18.1",
+    "lodash-es": "^4.18.1",
     "minimatch": ">=10.2.1",
     "picomatch": ">=4.0.4",
     "qs": "^6.14.1",

package/playwright.config.js

@@ -56,12 +56,12 @@ export default defineConfig({
       },
     },
     // FIXME: Webkit and Safari consistently failing, disabled for now
-    //    {
-    //      name: "webkit",
-    //      use: {
-    //        ...devices["Desktop Safari"], // Use default WebKit settings
-    //      },
-    //    },
+    //{
+    //  name: 'webkit',
+    //  use: {
+    //    ...devices['Desktop Safari'], // Use default WebKit settings
+    //  },
+    //},
 
     // Mobile Browsers
     {
@@ -72,12 +72,12 @@ export default defineConfig({
       },
     },
     // FIXME: Webkit and Safari consistently failing, disabled for now
-    //    {
-    //      name: "Mobile Safari",
-    //      use: {
-    //        ...devices["iPhone 14"], // Use the iPhone 14 device profile
-    //      },
-    //    },
+    //{
+    //  name: 'Mobile Safari',
+    //  use: {
+    //    ...devices['iPhone 14'], // Use the iPhone 14 device profile
+    //  },
+    //},
   ],
 
   /* Run your local preview server before starting the tests */

package/src/app.html

@@ -53,7 +53,7 @@
       content="bx4ham0zkpvzztzu213bhpt76m9siq" />
     <!-- cspell:enable -->
 
-    <meta name="generator" content="SvelteKit 2.55.0" />
+    <meta name="generator" content="SvelteKit 2.57.1" />
 
     <!-- Temporary banner -->
     <script

package/src/hooks.server.js

@@ -142,7 +142,7 @@ export async function handle({ event, resolve }) {
   if (!isTest) {
     response.headers.set(
       'Strict-Transport-Security',
-      'max-age=31536000; includeSubDomains;',
+      'max-age=31536000; includeSubDomains',
     );
   }
 

package/tests/e2e/app.spec.js

@@ -36,7 +36,7 @@ test.describe('Desktop Tests', () => {
 
     const aboutLink = nav.getByRole('link', { name: 'about' });
     await expect(aboutLink).toBeVisible();
-    await expect(aboutLink).toHaveAttribute('href', '/about');
+    await expect(aboutLink).toHaveJSProperty('pathname', '/about');
   });
 
   // Root route should display the footer properly

package/tests/e2e/shared/helpers.js

@@ -101,17 +101,23 @@ export function getFooter(page) {
  */
 export async function clickAndWaitForNavigation(page, locator, options = {}) {
   const { urlPattern = /\/.*/, timeout = 60000 } = options;
-
-  await locator.scrollIntoViewIfNeeded();
-  await locator.waitFor({ state: 'visible', timeout });
-
   const previousURL = page.url();
+  let lastError;
+
+  for (let attempt = 1; attempt <= 2; attempt += 1) {
+    await expect(locator).toBeVisible({ timeout });
+    await locator.click({ timeout });
+
+    try {
+      // SPA-stable URL wait (polling) - does not depend on navigation lifecycle
+      await expect(page).toHaveURL(urlPattern, { timeout: timeout / 2 });
+      const newURL = page.url();
+      console.log(`Navigation from ${previousURL} to ${newURL}`);
+      return;
+    } catch (error) {
+      lastError = error;
+    }
+  }
 
-  await locator.click();
-
-  // SPA-stable URL wait (polling) — does not depend on navigation lifecycle
-  await expect(page).toHaveURL(urlPattern, { timeout });
-
-  const newURL = page.url();
-  console.log(`✅ Navigation from ${previousURL} → ${newURL}`);
+  throw lastError;
 }

package/tests/unit/client/lib/utils/utm.test.js

@@ -11,11 +11,11 @@ This file is part of Network Pro.
  * @description Unit test for UTM parameters
  * @module tests/unit/client/lib/utils
  * @author Scott Lopez
- * @updated 2026-01-15
+ * @updated 2026-04-10
  */
 
 import { writable } from 'svelte/store';
-import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+import { describe, expect, it, vi } from 'vitest';
 
 // Mock SvelteKit environment and store
 vi.mock('$app/environment', () => ({ browser: true }));
@@ -36,16 +36,6 @@ vi.mock('$app/stores', () => {
 import { appendUTM } from '$lib/utils/utm.js';
 
 describe('appendUTM', () => {
-  const originalWindow = globalThis.window;
-
-  beforeEach(() => {
-    globalThis.window = { location: { search: '' } };
-  });
-
-  afterEach(() => {
-    globalThis.window = originalWindow;
-  });
-
   it('should return URL with utm parameters for /contact', () => {
     const url = 'https://example.com';
     const result = appendUTM(url);