1.0.0

Added

• PostgreSQL support (postgres:18) with compose service, example POSTGRES_* env vars and DATABASE_URL wiring.
• Database tooling and integration: Flask‑SQLAlchemy, Flask‑Migrate/Alembic and psycopg2.
• Alembic migration scaffolding and a migrations directory.
• Automatic DB migration run at container start.

Changed

• Docker: multi‑stage build; install build/runtime libs (libpq) and include migrations in the image.
• Docker Compose: app waits for db health, adds pg_data volume and healthcheck.
• App: initialize DB and migrate extensions; import models so migrations pick up metadata.
• Config/test: add SQLALCHEMY_DATABASE_URI and set tests to use in‑memory SQLite (and in‑memory rate limit) so unit tests don’t require Postgres.
• Tests updated to use the test config.
• Dependency updates: add/ pin alembic, sqlalchemy, flask‑migrate, flask‑sqlalchemy, psycopg2 and minor frontend dev dependency bumps.

0.10.0

Added

• New frontend toolchain and build:
  • Added web/ directory with Node + webpack config, package.json, package-lock.json and web/Dockerfile.
  • Webpack build produces main.min.css and main.min.js served by a static nginx container.
• Docker and runtime improvements:
  • Multi-stage Dockerfile with a wheel-build stage and non-root appuser.
  • Added docker-entrypoint.sh to start Gunicorn.
  • New nginx config under web/nginx.conf for serving static assets and proxying to the app.
• Compose and services:
  • Docker Compose configuration now includes separate app (Python), web (static/nginx) and cache (redis) services, plus healthchecks and a --watch option for development.
• Tests and CI:
  • Added unit/functional tests (tests/test_init.py, tests/test_main_routes.py).
  • Added/updated GitHub Actions workflows: webpack.yml, docker-publish.yml and updated python-app.yml (matrix for Python 3.10–3.14, mypy, pytest).
• Health endpoint:
  • Added /health route returning OK.
• New config/testing helpers:
  • Added TestConfig class in config.py with testing defaults and TESTING=True.

Changed

• Frontend & assets:
  • Replaced previous approach (build.sh / downloading prebuilt GOV.UK assets) with a webpack-based front-end build; templates now reference main.min.css / main.min.js.
  • Asset paths updated: static asset serving now expected from web/static (and referenced as /static).
• Application refactor:
  • app/__init__.py refactored: type hints added, create_app signature changed to accept config_class: Type[Config], extensions initialized differently, and flask-assets removed.
  • Many route and form functions updated with type hints.
  • Error handlers refactored to use make_response and streamline CSRF handling (redirects).
  • Set app.jinja_env globals (govukRebrand = True).
• Cookie handling:
  • Replaced single cookies_policy JSON cookie with individual cookies (functional and analytics); server routes updated to set cookies with Secure and SameSite attributes.
  • Cookie banner templates and logic updated to match new cookie scheme.
• CI / developer tooling:
  • Updated GitHub Actions to run on ubuntu-24.04 and added stricter checks (mypy, black, pytest).
  • Developer tooling versions bumped (mypy, pytest, black, bandit, flake8, python-dotenv).
• Documentation:
  • README updated with new startup and build instructions (use .env, docker compose up --build --watch).
• Python/runtime versions and dependencies:
  • .python-version updated to 3.14.
  • requirements.in / requirements.txt and dev requirements updated with many package version bumps and removals (e.g., Flask and extension upgrades; removal of flask-assets, jsmin, pyyaml from requirements.in).

Removed

• Demo content and blueprints:
  • Removed the demos blueprint, all demo routes, forms and templates (app/demos and app/templates/demos).
• Legacy Heroku/config:
  • Removed Procfile and app.json (Heroku specific files).
• Old frontend source and build scripts:
  • Removed build.sh and many app/static/src/js/* and app/static/src/css/* custom frontend source files replaced by web/.
• flask-assets and related asset bundling code removed from the app's codebase.

Fixed

• Error handler behavior and CSRF redirect improvements to better align with the refactor.
• Updated templates and flash messages for clarity and compliance with the new frontend approach.
• Added tests to catch regressions in app initialization and main routes.

Security

• Nginx configuration updated with improved security headers.
• Cookies are now set with Secure and SameSite attributes (where applicable).
• CI includes bandit and dependency-review workflows for security checks.

0.9.0

Added

• Integrated the Service navigation component, following the new navigation pattern

Changed

• Formatted GitHub Actions YAML files

Removed

• Breadcrumbs removed where no longer needed with new navigation pattern
• Removed deprecated Heroku runtime configuration file in favour of .python-version file

0.8.0

Added

• Uses NGINX as a reverse proxy server to:
  • Serve the application over HTTPS using TLS 1.3 and a self-signed SSL certificate
  • Serve static assets directly from disk with far-future expiry for effective HTTP caching
  • Set Content Security Policy, Permissions Policy, Strict Transport Security and other HTTP security headers
  • Compress all response MIME types with gzip
• Support for GOV.UK Frontend v5.6.0
• Service Navigation component demo page

Changed

• Updated requirements to latest at time of release
• Use pip-audit instead of safety for dependency scanning

Removed

• Dependencies on brotli, flask-compress, flask-talisman and safety

0.7.0

Added

• Support for GOV.UK Frontend v5.4.0
• Password Input component demo page

Changed

• Create Account demo uses new password input component
• Updated requirements to latest at time of release

0.6.0

Added

• Support for GOV.UK Frontend v5.1.0
• Python 3.12 support
• Default strict permissions policy

Changed

• Updated GitHub Actions workflows to latest versions
• Updated requirements to latest at time of release

0.5.0

Added

• Docker and Docker Compose support
• Served over HTTPS by default, using a self-signed cert for local development

Changed

• Updated GitHub actions to latest versions
• Upgraded dependencies, most notably
  • flask==3.0.0
• Added additional countries to the autocomplete demo, for more completion options.

0.4.0

Added

• Support for GOV.UK Frontend v4.7.0

0.3.0

Added

• Support for GOV.UK Frontend v4.6.0

Changed

• Upgraded dependencies, most notably
  • flask==2.3.1
  • govuk-frontend-jinja==2.6.0
  • govuk-frontend-wtf==2.4.0
• Default to Python 3.11 runtime
• Improved validation on conditional reveal demo

Removed

• Python 3.7 support

0.2.0

Added

• Upgrade dependencies and static assets to GOV.UK Frontend v4.5.0
• Incorporate demos from previous Jinja and WTForms demo apps as integration examples
• Add GOV.UK Design System community resource content to README