chore: release 1.5.0

[github-actions]

Shipped changes on main since the last tag. For a fuller, narrative history (motivation and context), see CHANGELOG.md in the repo.

---

---

1.5.0 (2026-05-10)

Features

• ai: tighter product prompt + loading spinner on AI buttons (02744b4)
• collaborative group gift contributors with invite flow (#115) (ad321e4)
• in-app accept/decline for invited users + register flow for new users (#125) (d104d85)
• per-email-type from addresses with shared fallback (#121) (dde12a8)
• phase 8 — group gifts (#111) (1247ec3)
• phase 8 — group gifts + bundled enhancements (#108 #109 #110 #112) (#113) (a72d112)
• Phase 8 group gifts (#130) (dde9a44)

Bug Fixes

• address Codacy security findings and esbuild advisory (bf475e4)
• address CodeRabbit comprehensive feedback (1865c61)
• address final PR #130 review comments (Round 2) (a56c581)
• address PR #130 review comments from Codacy and CodeRabbit (5c5fc36)
• bump drizzle-orm to 0.45.2 (SQL injection security fix) (#61) (05d1db5)
• bump trivy-action to v0.36.0 — 0.31.0 tag does not exist (#86) (#87) (aa583f9)
• docker: drive drizzle-kit through an expect script (e1d2272)
• docker: give drizzle-kit a pseudo-TTY so piped newlines reach prompts (23feb35)
• docker: unblock migrator when drizzle-kit prompts despite --force (0604b68)
• docker: unblock migrator when drizzle-kit prompts despite --force (560ec6f)
• duplicate authorization header with create-pull-request (c665869)
• generate inviteToken in app code to guarantee invite emails are sent (#117) (8646566)
• harden gift-group contributor email edits (b887bc6)
• harden register, occasions, and gift-group review findings (ed64dec)
• include wishlist items in reminder email shortlist (#129) (bb33681), closes #128
• log email errors in gift group actions (#119) (609608e)
• re-apply: restore security fixes (c5b0fa3)
• remove from sync-gemini to unblock Actions on main (#70) (e7ed402), closes #69
• remove from sync-gemini to unblock Actions on main (#71) (818904c)
• resolve npm security vulnerabilities (Next.js CVEs + PostCSS XSS) (#102) (d83a9e9)
• resolve package-lock.json conflict markers and sync version to 1.3.5 (64320c5)
• restore missing occasionKind enum in schema (0e563c2)
• revert erroneous commits and restore stable 1865c61 (a6e7fda)
• revert server action arrow wrappers causing serialization crash (849cc8e)
• satisfy Codacy object-injection rule in parsePence (2840025)
• sender display name and digest promotional classification (#127) (aa87df1)
• strip esbuild binaries from runner image (CVE-2024-24790, CVE-2025-68121) (#91) (a8ec880)
• ui: move iCal URL onFocus handler into a client component (7489701)
• upgrade Next.js, next-auth, drizzle-kit to resolve CVEs (#93) (690833a)
• use PRs for bot branch updates and setup-node v6 (3dd9657)
• wrap useSearchParams in Suspense boundary on /login/register (27e919d)

Performance

• DB indexes, connection pool, request caching, SQL reminders filter (e05f11d)

Miscellaneous

• add app health check endpoint and Docker healthcheck (#89) (cf413ed)
• add CODEOWNERS, Dependabot, CodeQL, SECURITY.md, CONTRIBUTING.md (f726f11)
• add concurrency groups to pr-checks and docker-publish (#95) (90b34b7)
• add Dependabot auto-merge for patch and minor updates (#81) (1f451dd)
• add Docker memory limits and wire Sentry env vars (#85) (19b5719)
• add husky + lint-staged + commitlint pre-commit enforcement (#77) (26ff8d3)
• add PR auto-labeller (area from file paths, type from title prefix) (a639a36)
• add release helper workflow (#97) (ffadf14)
• add Release Please and Codecov automation (#105) (063d7a3)
• add Sentry error tracking (#79) (8660a23)
• add Trivy container image vulnerability scan (#83) (04a6508)
• add Vitest unit tests (repo advisory item 1) (#75) (a62dca4)
• allow Release Please to use optional PAT for PR creation (6ca0401)
• archive old CHANGELOG entries [changelog-archive] (#132) (99d856c)
• bump version to 1.3.2 for CI and Docker registry fixes (5b9cb0c)
• bump version to 1.3.2 for CI and Docker registry fixes (#72) (9418805)
• bump version to 1.3.3 (a088869)
• bump version to 1.3.4 and compact CHANGELOG (ebc1629)
• bump version to 1.3.5 (85aee71)
• Compact CHANGELOG.MD to legacy file (#139) (85fdef9)
• Development → main (v1.3.3) (#73) (b984d14)
• Development → main (v1.3.4) (#98) (15149f8)
• Development → main (v1.3.5) (#103) (1a04ec6)
• disable auto-delete branches; clean up dependabot branches on merge (94e0c38)
• migrate Docker registry to GHCR with docs-only skip (#63) (ffe52f5), closes #62
• migrate Docker registry to GHCR with docs-only skip (#65) (27b19b9)
• phase 8 docs and changelog archive workflow (d965bd7)
• release 1.4.0 (#131) (f983acc)
• replace Closes with Related to in PR template to prevent auto-close (e148ae5)
• revert all PR review fixes to restore stable 4bcb6fc (87b9c46)
• sync Development → main (v1.3.5) (#106) (b3ba051)
• sync GEMINI.md from CLAUDE.md (abbc322)
• sync GEMINI.md from CLAUDE.md (95b2a74)
• sync GEMINI.md from CLAUDE.md [gemini-sync] (#135) (747e958)
• tune Release Please (skip root changelog, sync Dev, docs) (e2c5f0d)
• wire Release Please manifest config in workflow (47e19ec)

Documentation

• add bot-comment review step to PR workflow memory (3b43e47)
• add MIT licence (93adf22)
• add version numbers to V2 phase table (f07742b)
• overhaul CLAUDE.md, memory files, CI checks, and GEMINI mirror (a27190d)
• refresh README for public launch (#68) (c1497cb)
• refresh README for public launch with screenshots and badges (#67) (66f2a93)
• releases only required for code changes, not docs-only pushes (9229760)

---

This PR was generated with Release Please. See documentation.

Summary by CodeRabbit

• Chores
  • Version updated to 1.5.0

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 1996d508-42b4-4037-83e6-cdc3cdc60511

📥 Commits

Reviewing files that changed from the base of the PR and between 85fdef9 and aee0fba.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (2)

• .github/release-please-manifest.json
• package.json

---

📝 Walkthrough

Walkthrough

Project version is updated from 1.4.0 to 1.5.0 in both .github/release-please-manifest.json and package.json to maintain version consistency across release tooling and package metadata.

Changes

Version Bump Synchronization

Layer / File(s)	Summary
Version Synchronization .github/release-please-manifest.json, package.json	Version field bumped from 1.4.0 to 1.5.0 in both release manifest and package configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~1 minute

Possibly related PRs

• dbwg2009/Noted#105: Both PRs modify the same Release Please manifest for the repository root.
• dbwg2009/Noted#106: Both PRs update the same version fields across package.json and release manifest.

Suggested labels

chore

Poem

🐰 From one-point-four to five we go,
Version bumps that steal the show,
Manifest and package dance,
In sync they prance—
Release-please gets the flow! 🎉

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch release-please--branches--main--components--noted

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric	Results
Complexity	0
Duplication	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This PR executes a version bump to 1.5.0. Codacy analysis indicates the changes are up to standards. No critical issues or security flaws were detected.

Test suggestions

• Verify consistency of version 1.5.0 across all package configuration and manifest files.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify consistency of version 1.5.0 across all package configuration and manifest files.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}