Pull Request Explorer

Summary

Added regression test pinning post URL through comment notifications

Adds a unit test that ensures comment notification emails correctly include the post URL, preventing regressions when refactoring URL helpers.

Health Assessment

• • Quick cycle time of 16 hours, single review comment, small scope of 141 lines in one test file, indicating low risk and efficient process.

Summary

Polished Portal Gift Card Design

Improved gift card UI with gradients, shine effect, and real expiry handling, enhancing user experience.

Health Assessment

• • Quick review and merge with minimal rework, indicating a straightforward UI enhancement.

Summary

Remove redundant Vite plugin declarations

Eliminates duplicate dependencies, shrinks lockfile, and removes risk of conflicting plugin versions, improving build stability and reliability.

Health Assessment

• • Fast, single-commit change with minimal code churn and no review or test failures reported.

Summary

Update Vite and Vitest across workspaces

This PR bumps Vite and Vitest to newer versions, aligning dependencies and fixing test failures across multiple packages, improving build stability and compatibility.

Health Assessment

• • Fast cycle time of 3 hours with minimal review friction; single commit with automated tests passing indicates low risk and efficient process.

Summary

Added eslint plugin direct declarations

Adds explicit devDependencies for eslint plugins and parsers across workspaces to enforce strict isolation and avoid brittle transitive resolution, improving build stability and reducing dependency drift.

Health Assessment

• • Single commit, quick merge within 25 minutes, minimal changes, indicating low complexity and high confidence.

Summary

Fix linting binary resolution for workspaces

Ensures local lint runs use the correct ESLint version, improving developer experience and preventing build failures.

Health Assessment

• • Quick, targeted change that resolved a local linting issue with minimal code churn and fast review turnaround.

Summary

Improved admin-x settings test request waits

Adds a helper to wait for API requests in Playwright acceptance tests, reducing flakiness in CI by ensuring tests wait for route-handler captures before asserting request bodies/URLs.

Health Assessment

• • Fast cycle time and minimal review comments indicate a straightforward, low-risk change.

Summary

Cleaned workspace dependency declarations

Ensures accurate dependency declarations, preventing build failures and improving maintainability.

Health Assessment

• • Fast cycle time of 0.4h with minimal rework indicates a smooth, low-risk refactor.

Summary

Made admin API middleware test more realistic

Improves realism of admin API middleware tests by removing stubs, ensuring tests reflect actual middleware behavior.

Health Assessment

• • Quick, single-file test improvement with minimal review needed.

Summary

Fixed pre-commit lint hook routing for all workspaces

Ensures linting runs correctly across all workspaces, preventing build failures and improving developer experience.

Health Assessment

• • Quick, single‑commit fix with minimal review; AI review comments helped identify issues early.

Summary

Remove TODO from request ID middleware

This PR removes a placeholder comment from the request ID middleware, improving code clarity and reducing maintenance overhead.

Health Assessment

• • Quick fix with minimal changes, merged within 1.4 hours, indicating a smooth review process.

Summary

Made queue request middleware tests more realistic

By making the tests more realistic, we increase confidence that the queue request middleware behaves correctly under real-world conditions, reducing potential runtime errors.

Health Assessment

• • Quick merge with minimal changes indicates straightforward test improvement.

Summary

Made locals middleware test more realistic

Improved test reliability by removing stubs and using Supertest to exercise the middleware in a realistic environment, ensuring accurate behavior under production-like conditions.

Health Assessment

• • Quick turnaround with minimal changes indicates straightforward test improvement.

Summary

Made request ID middleware more realistic

Adds realistic test coverage for request ID middleware, ensuring accurate request tracking.

Health Assessment

• • Fast merge with no review, minimal code changes.

Summary

Bumped i18next-parser to 9.4.0

Updated the translation extraction tool to address a security advisory and improve lexer stability, ensuring the build pipeline remains secure and reliable.

Health Assessment

• • Quick merge with minimal review, indicating low complexity and high confidence in the change.

Summary

Removed unused dependencies surfaced by knip

Cleaned up package.json files and lockfile, removing ~390 lines of unused dependencies, reducing bundle size and improving maintainability.

Health Assessment

• • Fast review cycle, minimal changes, low risk, quick merge.

Summary

Move Docker registry mirror before Buildx in CI

Reorders CI steps to route Docker pulls through GCR mirror, eliminating Docker Hub auth timeouts and stabilizing e2e tests.

Health Assessment

• • Quick CI tweak that resolved intermittent Docker Hub failures with minimal code changes.

Summary

Update fast-xml-parser to patch XML injection advisory

Ensures Ghost's AWS SDK usage is secure by upgrading to the latest patch of fast-xml-parser, removing a moderate XML comment/CDAT injection vulnerability.

Health Assessment

• • Fast turnaround with minimal changes; quick review and merge indicates low complexity and high confidence in the patch.

Summary

Added knip for unused-dep detection

Adds a dependency‑analysis tool to identify and remove unused packages, improving code quality and reducing bundle size.

Health Assessment

• • Fast cycle time and minimal review rounds indicate smooth integration; the PR adds a large number of lines but only config changes, so risk is low.

Summary

Add GET automations/:id endpoint with static payload

Provides a placeholder endpoint for reading a single automation, enabling frontend development while the schema is finalized.

Health Assessment

• • Fast review and merge with minimal changes; static payload indicates early‑stage feature scaffolding.

Summary

Remove unused rollup-plugin-node-builtins devDep

Eliminates an unnecessary dev dependency, reducing bundle size, removing security advisories, and streamlining the build process.

Health Assessment

• • M
• • e
• • r
• • g
• • e
• • d
• •
• • w
• • i
• • t
• • h
• • i
• • n
• •
• • 1
• • .
• • 6
• •
• • h
• • o
• • u
• • r
• • s
• •
• • w
• • i
• • t
• • h
• •
• • n
• • o
• •
• • r
• • e
• • v
• • i
• • e
• • w
• • ,
• •
• • i
• • n
• • d
• • i
• • c
• • a
• • t
• • i
• • n
• • g
• •
• • m
• • i
• • n
• • i
• • m
• • a
• • l
• •
• • f
• • r
• • i
• • c
• • t
• • i
• • o
• • n
• •
• • a
• • n
• • d
• •
• • l
• • o
• • w
• •
• • r
• • i
• • s
• • k
• • .

Summary

Hide billing section for gift members

Improves user experience by removing the dead‑end billing section for gift members, preventing confusion and support tickets.

Health Assessment

• • Fast turnaround with minimal changes; low risk to production.

Summary

Refresh Portal Gift Tier Picker and Card Design

Improves user experience by redesigning gift selection and card display, enhancing visual consistency across portal pages.

Health Assessment

• • Quick review and merge within an hour, minimal rework, indicating a straightforward UI update.

Summary

Fix newsletter reply-to verification link after signin

Ensures customers can verify newsletter reply-to addresses without needing to click twice after signing in, improving user experience and reducing support tickets.

Health Assessment

• • Quick review and approval with minimal changes, indicating straightforward bug fix.

Summary

Exclude gift-to-paid upgrades from cancelled subscription count

Corrects subscription metrics by preventing gift-to-paid upgrades from being counted as cancellations, ensuring accurate retention reporting.

Health Assessment

• • Quick fix with minimal changes and fast review, indicating low complexity and high confidence in the change.

Summary

Fix blank setup done route after site setup

Ensures new owners land on onboarding page instead of a blank screen, improving the onboarding experience.

Health Assessment

• • Quick fix with minimal changes, resolved in under an hour with a single review comment.

Summary

Translate gift subscription Open Graph preview

Adds internationalized Open Graph metadata for gift subscription pages, ensuring social media previews display correct language for non‑English sites.

Health Assessment

• • Fast review cycle with AI‑assisted comments and minimal rework; the PR focuses on i18n updates across 20 files, adding 509 lines of localized strings.

Summary

Tolerate absolute and pre-prefixed paths in S3Storage

Fixes malformed S3 bucket keys caused by absolute or prefixed paths, ensuring correct storage and retrieval of files and preventing user-facing errors.

Health Assessment

• • Fast cycle time and minimal rework; AI-assisted review streamlined feedback and reduced friction.

Summary

Fix gift-to-paid member activity feed entry

Ensures accurate activity feed for gift members converting to paid subscriptions, improving user experience and data integrity.

Health Assessment

• • Quick resolution with a single review and minimal changes, adding comprehensive tests to prevent regression.

Summary

Fix TypeScript build error for ShareModal

Resolved a TypeScript build failure in the admin app by allowing data-* attributes in ShareModal contentProps, improving developer experience and preventing build errors.

Health Assessment

• • Quick fix with minimal changes, merged within 24 minutes, indicating smooth review and low complexity.

Summary

Add activity feed entry for ended gift subscriptions

Provides admins with visibility into when gift subscriptions expire, improving member lifecycle tracking.

Health Assessment

• • Quick review with single iteration, but long cycle time due to scheduling and testing.

Summary

Updated email filters on members page

Improves email filtering accuracy for members, enhancing engagement metrics.

Health Assessment

• • Quick fix with minimal changes, merged within minutes, indicating low complexity and high confidence.

Summary

Restore onboarding flow in React admin shell

Reintroduces the onboarding experience for new owners, improving user onboarding and reducing churn by ensuring all new accounts see the setup checklist.

Health Assessment

• • The PR involved a large number of changes across many files, yet the review cycle was short, indicating efficient review but a high potential for integration risk due to the scope of the changes.

Summary

Expanded file upload allowlist with non-executable formats

Users can now upload a broader range of non-executable media files safely, improving content flexibility while maintaining security.

Health Assessment

• • The PR was reviewed and merged within 13 hours, indicating a smooth review process with minimal rework.

Summary

Add paid welcome email for existing members redeeming a gift

Existing free members who redeem a gift subscription now receive the paid welcome email, ensuring a consistent onboarding experience for all users.

Health Assessment

• • The PR introduced a small, well‑tested change that was reviewed quickly with minimal back‑and‑forth, indicating a low‑risk, high‑confidence update.

Summary

Pinned vitest pool to forks in createVitestConfig

Switches Vitest's default thread pool to forks for better process isolation in jsdom-heavy test suites, improving stability and avoiding cross-worker corruption.

Health Assessment

• • Quick turnaround with minimal changes and AI-assisted review, indicating low complexity and high confidence in stability improvements.

Summary

Fix flaky timeout tests in Ghost helpers

Ensures Ghost’s helper functions run reliably by eliminating race conditions in unit tests, preventing CI failures and maintaining consistent content rendering for users.

Health Assessment

• • Quick, single-commit fix with minimal code changes and no review iterations, indicating a low-risk, high-confidence update.

Summary

Fixed flaky OTC magic-link assertion matching token digits

Fixes false positives in magic-link email tests by stripping URLs before regex, reducing flakiness.

Health Assessment

• • Single commit, quick review, minimal scope, low risk.

Summary

Add ip-address override to fix XSS advisory

Updates the ip-address dependency to a patched version, eliminating a moderate XSS vulnerability in the build chain.

Health Assessment

• • Security fix merged within minutes with minimal changes and no review friction.

Summary

Add tough-cookie override to address security advisory

This PR updates the dependency resolution to use a patched version of tough-cookie, eliminating a moderate prototype‑pollution vulnerability that could affect any component importing @tryghost/logging.

Health Assessment

• • Security vulnerability addressed quickly with minimal code changes, merged within 0.7 hours.

Summary

Update nodemailer wrapper to latest version

Upgrades the email wrapper to use the latest, secure nodemailer library, eliminating known vulnerabilities without changing functionality.

Health Assessment

• • The PR was merged within 24 minutes of opening, with no review or comments, indicating a straightforward dependency update with minimal risk.

Summary

Moved member welcome email constants to TypeScript

Refactors member welcome email constants to TypeScript, improving type safety without affecting user-facing functionality.

Health Assessment

• • Fast cycle time of 0.5 hours, single review comment, minimal code changes, low risk.

Summary

Added Ember-chain transitive overrides

This PR removes seven vulnerable transitive dependencies in the Ember admin, ensuring security compliance without waiting for legacy tooling retirement. By applying overrides, the project clears critical advisories and maintains build stability.

Health Assessment

• • Fast cycle time and minimal review indicate a straightforward dependency update.

Summary

Add lodash-es override

Aligns lodash-es to the patched 4.18.1 version, eliminating security advisories and simplifying dependency management.

Health Assessment

• • Merged within 24 minutes with no review comments, indicating a straightforward dependency update.

Summary

Updated automations page with real content

Replaces placeholder data on the automations page with live API data, improves UI layout, and adds routing support for individual automations, enhancing user experience and content accuracy.

Health Assessment

• • Fast review cycle (22.5h) with minimal back‑and‑forth; AI review comments streamlined the process; small to medium code changes focused on UI and API integration.

Summary

Widen qs override to include patched versions

Ensures Ghost core uses secure qs package, mitigating DoS risk from memory exhaustion.

Health Assessment

• • PR merged within 36 minutes with minimal changes, quick review, low risk of regression.

Summary

Added trim override

Fixes a high‑severity ReDoS vulnerability in the trim dependency by overriding to a patched version, ensuring secure markdown parsing.

Health Assessment

• • Quick turnaround with minimal changes and a single review, indicating efficient handling of a critical security advisory.

Summary

Bumped moment override to 2.30.1

Updates the moment dependency to a non‑vulnerable version, eliminating two high‑severity security advisories while preserving API compatibility across Ghost core and admin.

Health Assessment

• • Security fix applied swiftly with minimal code changes and no significant review friction.

Summary

Cleaned up stale config files in the docker/ directory

Removed obsolete Docker configuration files that were no longer used, simplifying the container setup and reducing maintenance overhead.

Health Assessment

• • Quick cleanup of unused Docker configs, minimal risk, fast merge.

Summary

Update vite to 7.3.2 in admin workspace

Fixes three high‑severity security advisories by upgrading Vite, reducing local dev risk and cleaning lockfile dependencies. The update also removes vulnerable uuid versions, further tightening security.

Health Assessment

• • Rapid security fix with minimal changes, quick review and merge, low risk.