fix: update dependencies to address security vulnerabilities

.github/workflows/build-and-publish.yml

@@ -49,7 +49,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -61,25 +61,32 @@ jobs:
         id: jsdoc_lint
         continue-on-error: true
         run: |
-          set -e
           output=$(npm run lint:jsdoc || true)
           echo "$output" | tee jsdoc-lint-output.txt
 
-          count=$(echo "$output" | wc -l)
+          count=$(echo "$output" | grep -cve '^\s*$')
           echo "jsdoc_count=$count" >> "$GITHUB_OUTPUT"
 
-      - name: ✅ Pass
-        if: steps.jsdoc_lint.outputs.jsdoc_count == '0'
-        run: echo "JSDoc lint passed successfully!"
+      - name: PASS
+        if: ${{ steps.jsdoc_lint.outputs.jsdoc_count == 0 }}
+        run: echo "✅ JSDoc lint passed successfully!"
 
-      - name: ⚠️ JSDoc violations detected (non-blocking)
-        if: steps.jsdoc_lint.outputs.jsdoc_count != '0'
+      - name: JSDoc violations detected (non-blocking)
+        if: ${{ steps.jsdoc_lint.outputs.jsdoc_count != 0 }}
         run: |
           echo "⚠️ JSDoc lint check failed with ${{ steps.jsdoc_lint.outputs.jsdoc_count }} violations (non-blocking)"
           echo "--- JSDoc Violations ---"
           cat jsdoc-lint-output.txt
 
-      # Test to ensure the package is working
+      - name: Upload JSDoc results
+        if: ${{ steps.jsdoc_lint.outputs.jsdoc_count != 0 }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: jsdoc-lint-results
+          path: jsdoc-lint-output.txt
+          if-no-files-found: error
+
+      # Build to ensure the package is functional
       - name: Build Node.js project
         run: npm run build
 
@@ -128,7 +135,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -189,7 +196,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -201,7 +208,7 @@ jobs:
 
       - name: Update package name for GPR
         run: |
-          sed -i 's/"name": ".*"/"name": "@netwk-pro\/web"/' package.json
+          sed -i 's/"name": "[^"]*"/"name": "@netwk-pro\/web"/' package.json
 
       - name: Verify version not already published
         run: |

.github/workflows/lighthouse.yml

@@ -51,7 +51,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Clean previous Lighthouse reports
         run: |

.github/workflows/meta-check.yml

@@ -0,0 +1,34 @@
+# .github/workflows/meta-check.yml
+#
+# Copyright © 2025 Network Pro Strategies (Network Pro™)
+# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
+# This file is part of Network Pro
+
+name: Metadata Check
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  meta:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v5
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: 24
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Run meta tests
+        run: npx vitest run tests/meta/meta.test.js --reporter=verbose

.github/workflows/playwright.yml

@@ -12,9 +12,9 @@ on:
     branches: [master]
   workflow_dispatch:
 
-# ✅ Least-privilege access
+# Required for actions/checkout
 permissions:
-  contents: read # Required for actions/checkout
+  contents: read
 
 jobs:
   test:
@@ -41,7 +41,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci

.github/workflows/publish-test.yml

@@ -47,7 +47,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -126,7 +126,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -187,7 +187,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci

.github/workflows/templates/publish.template.yml

@@ -57,7 +57,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -136,7 +136,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci
@@ -197,7 +197,7 @@ jobs:
       - name: Upgrade npm
         run: |
           corepack enable
-          npm install -g npm@11.5.2
+          npm install -g npm@11.6.0
 
       - name: Install Node.js dependencies
         run: npm ci

.node-version

@@ -1 +1 @@
-24.4.1
+24.8.0

.nvmrc

@@ -1 +1 @@
-24.4.1
+24.8.0

CHANGELOG.md

@@ -22,6 +22,76 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 ---
 
+## [1.17.0] - 2025-09-16
+
+### Security
+
+- Updated dependencies to address known vulnerabilities (notably `@sveltejs/kit`, `vite`, and related plugins).
+
+### Documentation
+
+- Clarified CSP reporting setup in `README.md`:
+  - Explained relationship with external CSP reporting endpoint (`csp-endpoint` repo).
+  - Documented use of both `report-uri` (legacy) and `report-to` (modern, recommended).
+  - Added example headers including `Report-To` definition.
+
+### Added
+
+- New `meta-check.yml` GitHub Actions workflow to validate `<title>` and `<meta>` descriptions using Vitest.
+  - Runs separately from Playwright to avoid hydration timing issues.
+  - Ensures SEO metadata is tested in CI without blocking other jobs.
+- New `meta.test.js` file in `tests/unit/meta` for testing in CI.
+- New `meta.test.js` file in `tests/unit/server` for local testing.
+
+### Changed
+
+- Cleaned up Playwright E2E tests:
+  - Removed brittle `toHaveTitle` assertions causing CI failures.
+  - Standardized footer checks to use helper function.
+  - Improved test readability and consistency in `app.spec.js` and `mobile.spec.js`.
+- Updated generator metadata in `app.html` to reflect `SvelteKit 2.42.1`.
+- Updated Node.js version in `.node-version` and `.nvmrc` to `24.8.0`.
+- Updated CSP endpoint section and footer in `README.md`.
+- Updated JSDoc linting step and `sed` syntax in `build-and-publish.yml` workflow.
+- Updated `npm` version to `11.6.0` in GitHub Actions workflow files:
+  - `build-and-publish.yml`
+  - `lighthouse.yml`
+  - `playwright.yml`
+  - `publish-test.yml`
+  - `templates/publish.template.yml`
+- Upgraded dependencies:
+  - `@eslint/compat` `^1.3.1` → `^1.3.2`
+  - `@eslint/js` `^9.32.0` → `^9.35.0`
+  - `@playwright/test` `^1.54.1` → `^1.55.0`
+  - `@sveltejs/adapter-netlify` `^5.1.0` → `^5.2.3`
+  - `@sveltejs/kit` `2.27.0` → `2.42.1`
+  - `@sveltejs/vite-plugin-svelte` `^6.1.0` → `^6.2.0`
+  - `@testing-library/jest-dom` `^6.6.4` → `^6.8.0`
+  - `browserslist` `^4.25.1` → `^4.26.2`
+  - `dompurify` `^3.2.6` → `^3.2.7`
+  - `eslint` `^9.32.0` → `^9.35.0`
+  - `eslint-plugin-jsdoc` `^52.0.2` → `^58.1.1`
+  - `eslint-plugin-svelte` `^3.11.0` → `^3.12.3`
+  - `globals` `^16.3.0` → `^16.4.0`
+  - `playwright` `^1.54.1` → `^1.55.0`
+  - `posthog-js` `^1.258.4` → `^1.266.0`
+  - `stylelint` `^16.23.0` → `^16.24.0`
+  - `svelte` `5.37.2` → `5.39.1`
+  - `svelte-check` `^4.3.0` → `^4.3.1`
+  - `svelte-eslint-parser` `^1.3.0` → `^1.3.2`
+  - `vite` `^7.0.6` → `^7.1.5`
+
+### Removed
+
+- Deleted `src/routes/example.svx`, which was unused and unneeded.
+- Removed `mdsvex` from package.json, as it is unlikely to be used.
+
+### Notes
+
+- Pinned `jsdom` to `26.1.0` due to build incompatibility in `27.x` (`cssstyle` parsing error with Vite/Rollup).
+
+---
+
 ## [1.16.0] - 2025-07-31
 
 ### Added
@@ -752,7 +822,8 @@ This project attempts to follow [Keep a Changelog](https://keepachangelog.com/en
 
 <!-- Link references -->
 
-[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.16.0...HEAD
+[Unreleased]: https://github.com/netwk-pro/netwk-pro.github.io/compare/v1.17.0...HEAD
+[1.17.0]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.17.0
 [1.16.0]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.16.0
 [1.15.4]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.15.4
 [1.15.3]: https://github.com/netwk-pro/netwk-pro.github.io/releases/tag/v1.15.3

README.md

@@ -309,18 +309,30 @@ https://netwk.pro/?debug=true
 
 ## 📣 CSP Report Handler
 
-To receive and inspect CSP violation reports in development or production, the repo includes a Netlify-compatible [Edge Function](https://docs.netlify.com/edge-functions/overview/) at:
+This project integrates with a dedicated CSP reporting endpoint, implemented as a [Netlify Edge Function](https://docs.netlify.com/edge-functions/overview/) and hosted separately at:
 
-```bash
-netlify/edge-functions/csp-report.js
-```
+- <https://csp.netwk.pro/.netlify/functions/csp-report>
+- Source: [netwk-pro/csp-endpoint](https://github.com/netwk-pro/csp-endpoint)
 
-This Edge Function receives Content Security Policy (CSP) violation reports at `/api/csp-report` and logs relevant details to the console. High-risk violations (e.g., `script-src`, `form-action`) also trigger real-time alerts via `ntfy`. You can further integrate with logging tools, SIEM platforms, or notification systems as needed.
+The endpoint receives Content Security Policy (CSP) violation reports and logs details for inspection. High-risk violations (e.g., `script-src`, `form-action`) also trigger real-time alerts via [`ntfy`](https://ntfy.sh/). You can extend this further by integrating with SIEM platforms, logging tools, or notification systems.
 
-Make sure to include the `report-uri` directive in your CSP header:
+### Usage
 
-```bash
-Content-Security-Policy: ...; report-uri /api/csp-report;
+To enable reporting, make sure your CSP headers include both the legacy `report-uri` and the modern `report-to` directives.  
+This project’s `hooks.server.js` already configures both, along with the required `Report-To` header:
+
+```http
+# Example response headers
+Content-Security-Policy: ...; report-uri https://csp.netwk.pro/.netlify/functions/csp-report; report-to csp-endpoint;
+
+Report-To: {
+  "group": "csp-endpoint",
+  "max_age": 10886400,
+  "endpoints": [
+    { "url": "https://csp.netwk.pro/.netlify/functions/csp-report" }
+  ],
+  "include_subdomains": true
+}
 ```
 
 </section>
@@ -494,7 +506,7 @@ _Designed for professionals. Hardened for privacy. Built with intent._
 Copyright &copy; 2025  
 **[Network Pro Strategies](https://netwk.pro) (Network Pro&trade;)**
 
-Network Pro&trade;, the shield logo, and the "Locking Down Networks&trade;" slogan are [trademarks](https://netwk.pro/license#trademark) of Network Pro Strategies.
+Network Pro&trade;, the shield logo, and the "Locking Down Networks...&trade;" slogan are [trademarks](https://netwk.pro/license#trademark) of Network Pro Strategies.
 
 Licensed under **[CC BY 4.0](https://netwk.pro/license#cc-by)** and the **[GNU GPL](https://netwk.pro/license#gnu-gpl)**, as published by the [Free Software Foundation](https://www.fsf.org), either version 3 of the License, or (at your option) any later version.