From d687b154124bba90900b66366103ba7cb7bec746 Mon Sep 17 00:00:00 2001 From: James Date: Sun, 22 Feb 2026 04:01:50 -0500 Subject: [PATCH] Preserve .gitkeep in web directory and improve build process - Update .gitignore to allow .gitkeep file in web directory while excluding built artifacts - Modify build-release target to preserve .gitkeep content during web UI rebuild - Add editable install configuration to pyproject.toml for development workflows - Bump version to 1.3.2 - Ensures web directory structure is maintained across clean builds and editable installs --- .gitignore | 3 ++- CHANGELOG.md | 14 ++++++++++++-- Makefile | 2 +- pyproject.toml | 4 ++++ src/SVG2DrawIOLib/__about__.py | 2 +- src/SVG2DrawIOLib/web/.gitkeep | 2 ++ 6 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 src/SVG2DrawIOLib/web/.gitkeep diff --git a/.gitignore b/.gitignore index 5f24fc7..96ce8f0 100644 --- a/.gitignore +++ b/.gitignore @@ -40,7 +40,8 @@ debug/ /test_*.py # Bundled web UI (built artifact — not source) -src/SVG2DrawIOLib/web/ +src/SVG2DrawIOLib/web/* +!src/SVG2DrawIOLib/web/.gitkeep # web-ui (Next.js) web-ui/node_modules/ diff --git a/CHANGELOG.md b/CHANGELOG.md index 60986b1..5552d42 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,11 +5,22 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [1.3.1] - 2026-02-22 +## [1.3.2] - 2026-02-22 ### Fixed +- **Editable install compatibility**: Added `.gitkeep` placeholder file in `src/SVG2DrawIOLib/web/` directory to enable editable installs (`pip install -e .`) to work before the web UI is built. This fixes CI/CD workflows that install in editable mode for testing before building the web UI. - **Web UI packaging**: Fixed `pyproject.toml` hatchling configuration to properly include the web UI static files in the built wheel and sdist. Changed from `artifacts` to `force-include` configuration for both wheel and sdist targets. The web UI directory (`src/SVG2DrawIOLib/web/`) is now correctly included in PyPI releases, ensuring `pip install SVG2DrawIOLib[web]` followed by `svg2drawiolib web` works out of the box. + +### Changed + +- **`.gitignore`**: Updated web directory exclusion pattern to allow `.gitkeep` placeholder file while still ignoring all build artifacts. +- **`Makefile`**: Updated `build-release` target to preserve `.gitkeep` file when copying web UI build artifacts. + +## [1.3.1] - 2026-02-22 + +### Fixed + - **Security: Data URI sanitization** (Bug #27): Updated SVG sanitization to only block dangerous data: URIs (`data:text/html`, `data:text/javascript`, `data:application/javascript`, `data:application/x-javascript`) while allowing safe image data: URIs (`data:image/png`, `data:image/jpeg`, `data:image/svg+xml`, etc.) for legitimate embedded images. - **Security: Case-insensitive element filtering** (Bug #28): Made dangerous element checking case-insensitive to prevent sanitization bypass via case variants like `