LibreKAT/Ocideck
LibreKAT/Ocideck
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

feature/meldingen-hardening #6

Merged
brenno merged 5 commits from feature/meldingen-hardening into main 2026-06-11 20:40:08 +00:00
Conversation 0 Commits 5 Files changed 57 +7610 -6710
brenno commented 2026-06-11 20:39:49 +00:00
Owner
Copy link

Summary

Changes

Checklist

  • make check passes (format-check, analyze, full test suite).
  • Added/updated tests for the behaviour I changed.
  • New UI strings go through context.l10n.d('…') and are translated in
    every supported language (nl/en/it/de/fr/es/fy/pap).
  • If I changed how anything is stored, I updated
    docs/FILE_FORMAT.md.
  • Docs updated where relevant (README / docs/).

Notes for reviewers

## Summary <!-- What does this change do, and why? Link any related issue (e.g. "Closes #123"). --> ## Changes <!-- Bullet the notable changes. --> - ## Checklist - [x] `make check` passes (format-check, analyze, full test suite). - [x] Added/updated tests for the behaviour I changed. - [x] New UI strings go through `context.l10n.d('…')` **and** are translated in every supported language (nl/en/it/de/fr/es/fy/pap). - [x] If I changed how anything is stored, I updated [`docs/FILE_FORMAT.md`](../docs/FILE_FORMAT.md). - [x] Docs updated where relevant (README / docs/). ## Notes for reviewers <!-- Anything that needs extra attention, screenshots, or manual test steps (e.g. dual-screen presenting or drawing, which need real hardware). -->
brenno added 5 commits 2026-06-11 20:39:49 +00:00 
Upgrade the JavaScript bundles inlined into the offline HTML export:
DOMPurify 3.1.7 -> 3.4.9 (clears 10 OSV advisories), marked 12.0.2 -> 18.0.5,
highlight.js 11.9.0 -> 11.11.1. mermaid 10.9.6 and MathJax 3.2.2 are kept
(no known CVEs) and now guarded rather than chased.

Pin every bundle in assets/web_export/MANIFEST.json (npm name, version, source,
sha256, licence) and add tool/check_bundled_js.dart: it verifies each file
still matches the manifest hash and queries the OSV database for known
vulnerabilities. Wired as `make deps-check`, into `check-full`, and into CI
next to the licence check. THIRD_PARTY_NOTICES.md updated for the now-standalone
DOMPurify bundle.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Introduce lib/utils/log.dart (logError / logWarning over dart:developer) and
route all 53 previously-bare `catch (_)` blocks through it. Behaviour is
unchanged: every fallback still fails soft (a broken sidecar, unreadable file
or unsupported platform must never crash a presentation) but the cause is now
observable. logError is used for unexpected parse/IO failures, logWarning for
expected best-effort fallbacks; no deck or file contents are ever logged.

Note: file_service, markdown_service, marp_html_service, fullscreen_presenter,
image_carousel_picker and url_launcher_util also carried pre-existing local
changes, bundled here.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Break the two largest widget files into part/part-of libraries grouped by
concern, with no public API or behaviour change (private widgets keep working
because parts share the library namespace; all imports stay in the main file).

  slide_preview.dart  4748 -> 426 lines + slides/previews/{text,bullets,
                      checklist,table,media,code,chart,overlays}.dart
  app_shell.dart      1930 -> 996 lines + shell/{shell_actions,tab_bar,
                      welcome_screen,status_bar,shell_overlays}.dart

fullscreen_presenter.dart is intentionally left as-is: ~1.6k of its lines are a
single interactive _FullscreenPresenterState (38 setState calls), which a
mechanical split cannot reduce and extensions can't host (protected setState).
Shrinking it needs a behaviour-affecting sub-widget extraction, tracked
separately.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
In-progress local work that predated this branch, committed alongside it:
localization updates (app_localizations.dart), consent/deck/tabs providers,
the Android Gradle build config, and their accompanying tests. Grouped here so
the structural changes on this branch stay separable.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Apply repo formatter across the tree
Some checks failed
CI / Format · Analyze · Test (push) Has been cancelled
Details
CI / Format · Analyze · Test (pull_request) Has been cancelled
Details
b270e71755 
Run `make format` so the whole repo is consistent under the project formatter.
Whitespace only; no logic changes. Touches a few widgets and tests that were
unformatted on main (dart-format version drift), so `make check` is fully green.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
brenno merged commit 0b3d0be30f into main 2026-06-11 20:40:08 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: LibreKAT/Ocideck#6
No description provided.
Delete branch "feature/meldingen-hardening"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?