[pull] main from TryGhost:main

.github/scripts/dependency-inspector.js

@@ -484,16 +484,6 @@ With a severity flag, shows all packages with that update type.
   displayResults(results) {
     console.log('\n🎯 DEPENDENCY ANALYSIS RESULTS\n');
 
-    // Summary
-    console.log('📈 SUMMARY:');
-    console.log(`   Total dependencies: ${this.directDeps.size}`);
-    console.log(`   Total outdated: ${results.stats.total}`);
-    console.log(`   Major updates: ${results.stats.major}`);
-    console.log(`   Minor updates: ${results.stats.minor}`);
-    console.log(`   Patch updates: ${results.stats.patch}`);
-    console.log(`   Direct deps: ${results.direct.length}`);
-    console.log(`   Transitive deps: ${results.transitive.length}\n`);
-
     // If filtering by severity, show filtered results
     if (this.filterSeverity) {
       this.displayFilteredResults(results);
@@ -595,6 +585,82 @@ With a severity flag, shows all packages with that update type.
       }
       console.log('');
     }
+
+    const generatedAt = new Date().toISOString();
+    const latestCommit = this.getLatestCommitRef();
+
+    // Summary at the end
+    console.log('📈 SUMMARY:');
+    console.log(`   Generated at: ${generatedAt}`);
+    console.log(`   Latest commit: ${latestCommit}`);
+    console.log(`   Total dependencies: ${this.directDeps.size}`);
+    console.log(`   Total outdated: ${results.stats.total}`);
+    console.log(`   Major updates: ${results.stats.major}`);
+    console.log(`   Minor updates: ${results.stats.minor}`);
+    console.log(`   Patch updates: ${results.stats.patch}`);
+    console.log(`   Direct deps: ${results.direct.length}`);
+    console.log(`   Transitive deps: ${results.transitive.length}\n`);
+  }
+
+  /**
+   * Get the latest commit reference for the current checkout
+   */
+  getLatestCommitRef() {
+    try {
+      return execSync("git log -1 --format='%h %ad %s' --date=iso-strict", {
+        encoding: 'utf8'
+      }).trim();
+    } catch (error) {
+      return 'Unavailable';
+    }
+  }
+
+  /**
+   * Run yarn audit and display a vulnerability summary
+   */
+  displayAuditSummary() {
+    console.log('🔒 SECURITY AUDIT:\n');
+
+    try {
+      let stdout = '';
+      try {
+        stdout = execSync('yarn audit --json 2>/dev/null', {
+          encoding: 'utf8',
+          maxBuffer: 10 * 1024 * 1024
+        });
+      } catch (error) {
+        // yarn audit exits with non-zero when vulnerabilities are found
+        stdout = error.stdout || '';
+      }
+
+      // Find the auditSummary line
+      const lines = stdout.trim().split('\n');
+      for (const line of lines) {
+        try {
+          const data = JSON.parse(line);
+          if (data.type === 'auditSummary' && data.data && data.data.vulnerabilities) {
+            const v = data.data.vulnerabilities;
+            const total = v.info + v.low + v.moderate + v.high + v.critical;
+            console.log(`   Total vulnerabilities: ${total}`);
+            console.log(`   🔴 Critical: ${v.critical}`);
+            console.log(`   🟠 High:     ${v.high}`);
+            console.log(`   🟡 Moderate: ${v.moderate}`);
+            console.log(`   🟢 Low:      ${v.low}`);
+            if (v.info > 0) {
+              console.log(`   ℹ️  Info:     ${v.info}`);
+            }
+            console.log(`   Total dependencies scanned: ${data.data.totalDependencies}\n`);
+            return;
+          }
+        } catch (e) {
+          // Skip non-JSON lines
+        }
+      }
+
+      console.log('   ⚠️  Could not parse audit summary\n');
+    } catch (error) {
+      console.log(`   ⚠️  Audit failed: ${error.message}\n`);
+    }
   }
 
     async run() {
@@ -615,6 +681,7 @@ With a severity flag, shows all packages with that update type.
 
       const results = this.processOutdatedPackages(outdatedData);
       this.displayResults(results);
+      this.displayAuditSummary();
 
     } catch (error) {
       console.error('❌ Error:', error.message);

.github/workflows/ci.yml

@@ -738,11 +738,6 @@ jobs:
         image: tinybirdco/tinybird-local:latest
         ports:
           - 7181:7181
-    env:
-      TINYBIRD_HOST: ${{ secrets.TINYBIRD_HOST }}
-      TINYBIRD_TOKEN: ${{ secrets.TINYBIRD_TOKEN }}
-      TINYBIRD_HOST_STAGING: ${{ secrets.TINYBIRD_HOST_STAGING }}
-      TINYBIRD_TOKEN_STAGING: ${{ secrets.TINYBIRD_TOKEN_STAGING }}
     steps:
       - uses: actions/checkout@v6
       - name: Install Tinybird CLI
@@ -751,10 +746,43 @@ jobs:
         run: tb build
       - name: Test project
         run: tb test run
-      - name: Deployment check - Staging
-        run: tb --cloud --host ${{ env.TINYBIRD_HOST_STAGING }} --token ${{ env.TINYBIRD_TOKEN_STAGING }} deploy --check
-      - name: Deployment check - Production
-        run: tb --cloud --host ${{ env.TINYBIRD_HOST }} --token ${{ env.TINYBIRD_TOKEN }} deploy --check
+      - name: Trigger and watch traffic analytics infra Tinybird workflow
+        if: github.repository == 'TryGhost/Ghost'
+        env:
+          GH_TOKEN: ${{ secrets.TRAFFIC_ANALYTICS_GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+
+          REPO="TryGhost/traffic-analytics-infra"
+          WORKFLOW="tinybird.yml"
+          BRANCH="main"
+          DISPATCH_RESPONSE=$(gh api \
+            --method POST \
+            -H "Accept: application/vnd.github+json" \
+            "repos/$REPO/actions/workflows/$WORKFLOW/dispatches" \
+            --input - <<EOF
+          {
+            "ref": "$BRANCH",
+            "return_run_details": true,
+            "inputs": {
+              "ghost_ref": "${{ github.sha }}",
+              "caller_run_id": "${{ github.run_id }}",
+              "run_local_tests": false
+            }
+          }
+          EOF
+          )
+
+          RUN_ID=$(printf '%s' "$DISPATCH_RESPONSE" | jq -r '.workflow_run_id // empty')
+          RUN_URL=$(printf '%s' "$DISPATCH_RESPONSE" | jq -r '.html_url // .run_url // empty')
+
+          if [ -z "$RUN_ID" ]; then
+            echo "::error::Unable to find the triggered workflow run in $REPO"
+            exit 1
+          fi
+
+          echo "Watching remote workflow run: $RUN_URL"
+          gh run watch "$RUN_ID" --repo "$REPO" --exit-status
 
   job_ghost-cli:
     name: Ghost-CLI tests

apps/activitypub/package.json

@@ -33,11 +33,11 @@
     "@testing-library/react": "14.3.1",
     "@types/dompurify": "3.2.0",
     "@types/jest": "29.5.14",
-    "@types/react": "18.3.26",
+    "@types/react": "18.3.28",
     "@types/react-dom": "18.3.7",
     "jest": "29.7.0",
     "ts-jest": "29.4.9",
-    "vite": "5.4.20",
+    "vite": "5.4.21",
     "vitest": "1.6.1"
   },
   "nx": {

apps/admin-x-design-system/package.json

@@ -59,7 +59,7 @@
         "tailwindcss": "^4",
         "typescript": "5.8.3",
         "validator": "13.12.0",
-        "vite": "5.4.20",
+        "vite": "5.4.21",
         "vite-plugin-svgr": "3.3.0",
         "vitest": "1.6.1"
     },

apps/admin-x-framework/package.json

@@ -76,7 +76,7 @@
     "devDependencies": {
         "@testing-library/jest-dom": "5.17.0",
         "@testing-library/react": "14.3.1",
-        "@types/react": "18.3.26",
+        "@types/react": "18.3.28",
         "@types/react-dom": "18.3.7",
         "@vitejs/plugin-react": "4.7.0",
         "c8": "10.1.3",
@@ -85,7 +85,7 @@
         "jsdom": "28.1.0",
         "sinon": "18.0.1",
         "typescript": "5.8.3",
-        "vite": "5.4.20",
+        "vite": "5.4.21",
         "vite-plugin-css-injected-by-js": "3.5.2",
         "vite-plugin-svgr": "3.3.0",
         "vitest": "1.6.1"
@@ -98,7 +98,7 @@
         "@tryghost/shade": "0.0.0",
         "react": "18.3.1",
         "react-dom": "18.3.1",
-        "react-router": "7.9.4"
+        "react-router": "7.14.0"
     },
     "peerDependencies": {
         "react": "^18.2.0",

apps/admin-x-settings/package.json

@@ -57,15 +57,15 @@
     "@tryghost/admin-x-framework": "0.0.0",
     "@tryghost/custom-fonts": "1.0.2",
     "@tryghost/shade": "0.0.0",
-    "@types/react": "18.3.26",
+    "@types/react": "18.3.28",
     "@types/react-dom": "18.3.7",
-    "@types/validator": "13.15.3",
+    "@types/validator": "13.15.10",
     "@vitejs/plugin-react": "4.7.0",
     "eslint-plugin-react-hooks": "4.6.2",
     "eslint-plugin-react-refresh": "0.4.24",
     "eslint-plugin-tailwindcss": "4.0.0-beta.0",
     "stylelint": "15.11.0",
-    "vite": "5.4.20",
+    "vite": "5.4.21",
     "vite-plugin-css-injected-by-js": "3.5.2",
     "vite-plugin-svgr": "3.3.0",
     "vitest": "1.6.1"

apps/admin/package.json

@@ -26,7 +26,7 @@
   "devDependencies": {
     "@eslint/js": "9.37.0",
     "@testing-library/react": "14.3.1",
-    "@types/react": "18.3.26",
+    "@types/react": "18.3.28",
     "@types/react-dom": "18.3.7",
     "@vitejs/plugin-react-swc": "4.1.0",
     "eslint": "9.37.0",

apps/announcement-bar/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tryghost/announcement-bar",
-  "version": "1.1.13",
+  "version": "1.1.14",
   "license": "MIT",
   "repository": "https://github.com/TryGhost/Ghost",
   "author": "Ghost Foundation",
@@ -82,7 +82,7 @@
   "devDependencies": {
     "@vitejs/plugin-react": "4.7.0",
     "jsdom": "28.1.0",
-    "vite": "5.4.20",
+    "vite": "5.4.21",
     "vite-plugin-svgr": "3.3.0",
     "vitest": "1.6.1"
   }

apps/comments-ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tryghost/comments-ui",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "license": "MIT",
   "repository": "https://github.com/TryGhost/Ghost",
   "author": "Ghost Foundation",
@@ -77,7 +77,7 @@
     "moment": "2.30.1",
     "postcss": "8.5.6",
     "tailwindcss": "3.4.18",
-    "vite": "5.4.20",
+    "vite": "5.4.21",
     "vite-plugin-css-injected-by-js": "3.5.2",
     "vite-plugin-svgr": "3.3.0",
     "vitest": "1.6.1"

apps/portal/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tryghost/portal",
-  "version": "2.67.6",
+  "version": "2.67.8",
   "license": "MIT",
   "repository": "https://github.com/TryGhost/Ghost",
   "author": "Ghost Foundation",
@@ -125,7 +125,7 @@
     "jsdom": "28.1.0",
     "react": "17.0.2",
     "react-dom": "17.0.2",
-    "vite": "5.4.20",
+    "vite": "5.4.21",
     "vite-plugin-css-injected-by-js": "3.5.2",
     "vite-plugin-svgr": "3.3.0",
     "vitest": "3.2.4"

apps/portal/src/actions.js

@@ -223,6 +223,24 @@ async function checkoutPlan({data, state, api}) {
     }
 }
 
+async function checkoutGift({data, state, api}) {
+    try {
+        const {tierId, cadence, email} = data;
+        await api.member.checkoutGift({tierId, cadence, email});
+        return {
+            action: 'checkoutGift:success'
+        };
+    } catch (e) {
+        return {
+            action: 'checkoutGift:failed',
+            popupNotification: createPopupNotification({
+                type: 'checkoutGift:failed', autoHide: false, closeable: true, state, status: 'error',
+                message: t('Failed to process checkout, please try again')
+            })
+        };
+    }
+}
+
 async function updateSubscription({data, state, api}) {
     try {
         const {plan, planId, subscriptionId, cancelAtPeriodEnd} = data;
@@ -678,6 +696,7 @@ const Actions = {
     editBilling,
     manageBilling,
     checkoutPlan,
+    checkoutGift,
     updateNewsletterPreference,
     showPopupNotification,
     removeEmailFromSuppressionList,