v0.9.1 — Self-update: 403 on trigger mismatch + reliability

webhook returns 200 even when a trigger rule isn't satisfied, which would let
the app's res.ok check falsely report success if the secret drifted. Set
trigger-rule-mismatch-http-response-code: 403 so unauthorized triggers are
clearly rejected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-15 22:44:36 -05:00
parent 4e02339f59
commit 98cabc514d
8 changed files with 172 additions and 2 deletions

View File

@@ -8,6 +8,13 @@ export type ChangelogEntry = {
};
export const CHANGELOG: ChangelogEntry[] = [
{
version: "0.9.1",
date: "2026-06-15",
changes: [
"Made the one-click update reliable and locked down its trigger so only the app itself can start an update.",
],
},
{
version: "0.9.0",
date: "2026-06-15",