trypostit/trypost

v1.0.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 12d Productivity & Wikis

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

content-scheduling creators facebook instragram laravel linkedin

+13 more

marketing php pinterest self-hosted social-media social-media-management social-media-marketing social-media-scheduler threads tiktok twitter vuejs youtube

Affected surfaces

auth

ReleasePort's take

Moderate signal

editorial:auto 4d

The upcoming v1.0.0 release resolves critical npm audit vulnerabilities and introduces several important fixes, features, and refactors across the platform.

Why it matters: Addressing high‑severity (90) npm audit vulnerabilities eliminates potential supply‑chain risks; multiple bugfixes with severity ≥ 40 prevent crashes or misbehaviors in OAuth flows, Redis handling, scheduling, and upload pipelines.

Summary

AI summary

Broad release touches feat, fix, facebook, and posts.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Resolve npm audit vulnerabilities in the codebase Resolve npm audit vulnerabilities in the codebase Source: llm_adapter@2026-05-30 Confidence: high	—
Feature
Feature	Low	Add YouTube Analytics integration Add YouTube Analytics integration Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Introduce Google Auth toggle via TRYPOST_GOOGLE_AUTH_ENABLED environment variable Introduce Google Auth toggle via TRYPOST_GOOGLE_AUTH_ENABLED environment variable Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Implement complete create and publish post flow via MCP and REST API Implement complete create and publish post flow via MCP and REST API Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Add multipart media upload endpoint and split URL flow for uploads Add multipart media upload endpoint and split URL flow for uploads Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Capture signup UTM parameters and IP address; add GitHub OAuth login option Capture signup UTM parameters and IP address; add GitHub OAuth login option Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Add GTM dataLayer context with checkout/purchase events Add GTM dataLayer context with checkout/purchase events Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Polish design system (in-page headers, indie tabs, remove sidebar collapse) Polish design system (in-page headers, indie tabs, remove sidebar collapse) Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Enable end‑to‑end PostHog tracking with reactive group metrics Enable end‑to‑end PostHog tracking with reactive group metrics Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Overhaul AI image generation, post creation flow, and add realtime broadcast Overhaul AI image generation, post creation flow, and add realtime broadcast Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Add TikTok photo carousel support and comply with Content Sharing API UX Add TikTok photo carousel support and comply with Content Sharing API UX Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Provide single‑command Docker stack for local development Provide single‑command Docker stack for local development Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Implement media upload via signed‑URL flow in MCP Implement media upload via signed‑URL flow in MCP Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Add multi‑select label filter on the posts list view Add multi‑select label filter on the posts list view Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Feature	Low	Offer no‑card 7‑day trial on the Starter plan during signup Offer no‑card 7‑day trial on the Starter plan during signup Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Dependency	High	Upgrade to Laravel 13 and Inertia v3 Upgrade to Laravel 13 and Inertia v3 Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix
Bugfix	Medium	Correct Google OAuth config key during token refresh Correct Google OAuth config key during token refresh Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Fix nullable content handling across all social publishers Fix nullable content handling across all social publishers Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Cast cached post count to integer to prevent Redis serializer crash Cast cached post count to integer to prevent Redis serializer crash Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Medium	Block scheduling when post content exceeds platform character limit Block scheduling when post content exceeds platform character limit Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Distinguish platform‑down errors from token‑expired errors across social publishers Distinguish platform‑down errors from token‑expired errors across social publishers Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Ensure proactive token refresh actually refreshes tokens, not just verifies them Ensure proactive token refresh actually refreshes tokens, not just verifies them Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Use upload_url and file_url for Facebook reel transfer phase Use upload_url and file_url for Facebook reel transfer phase Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Split CSV/space‑joined OAuth scopes before saving for LinkedIn and Pinterest Split CSV/space‑joined OAuth scopes before saving for LinkedIn and Pinterest Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Medium	Persist OAuth scopes through LinkedIn page‑picker flow Persist OAuth scopes through LinkedIn page‑picker flow Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Allow authenticated users to connect Google/GitHub from Settings Allow authenticated users to connect Google/GitHub from Settings Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Fix post show layout to match editor and enable navigation in lightbox Fix post show layout to match editor and enable navigation in lightbox Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Always chunk uploads in GalleryBrowser Always chunk uploads in GalleryBrowser Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Bugfix	Low	Reduce chunked upload chunk size from 5 MB to 1 MB Reduce chunked upload chunk size from 5 MB to 1 MB Source: granite4.1:30b@2026-05-30-audit Confidence: low	—
Refactor	Medium	Implement single-domain routing, actions, policies, Google login, PostHog, and full test coverage Implement single-domain routing, actions, policies, Google login, PostHog, and full test coverage Source: granite4.1:30b@2026-05-30-audit Confidence: low	—

Full changelog

What's Changed

fix: correct Google OAuth config key in token refresh by @niravsutariya in https://github.com/trypostit/trypost/pull/1
Fix deprecated timezone validation on registration by @paulocastellano in https://github.com/trypostit/trypost/pull/6
Remove docs directory by @paulocastellano in https://github.com/trypostit/trypost/pull/7
Fix nullable content across all social publishers by @paulocastellano in https://github.com/trypostit/trypost/pull/5
Move helpers to app/Helpers/upload.php by @paulocastellano in https://github.com/trypostit/trypost/pull/8
Upgrade to Laravel 13 and Inertia v3 by @paulocastellano in https://github.com/trypostit/trypost/pull/9
refactor: single-domain routing, actions, policies, Google login, PostHog, full test coverage by @paulocastellano in https://github.com/trypostit/trypost/pull/10
feat: add YouTube Analytics by @paulocastellano in https://github.com/trypostit/trypost/pull/13
feat: Google Auth toggle — TRYPOST_GOOGLE_AUTH_ENABLED by @paulocastellano in https://github.com/trypostit/trypost/pull/11
feat: complete create + publish post flow via MCP and REST API by @paulocastellano in https://github.com/trypostit/trypost/pull/14
feat: add multipart media upload endpoint and split URL flow by @paulocastellano in https://github.com/trypostit/trypost/pull/15
feat: capture signup UTMs/IP and add GitHub OAuth login by @paulocastellano in https://github.com/trypostit/trypost/pull/16
fix: let authenticated users connect Google/GitHub from Settings by @paulocastellano in https://github.com/trypostit/trypost/pull/17
feat: GTM dataLayer context + checkout/purchase events by @paulocastellano in https://github.com/trypostit/trypost/pull/18
feat: design system polish (in-page headers, indies tabs, sidebar collapse removal) by @paulocastellano in https://github.com/trypostit/trypost/pull/19
feat: end-to-end PostHog tracking with reactive group metrics by @paulocastellano in https://github.com/trypostit/trypost/pull/20
fix: cast cached post count to int (Redis serializer crash) by @paulocastellano in https://github.com/trypostit/trypost/pull/21
feat: AI image generation overhaul + post creation flow + realtime broadcast by @paulocastellano in https://github.com/trypostit/trypost/pull/22
fix: post show layout matches editor and lightbox supports navigation by @paulocastellano in https://github.com/trypostit/trypost/pull/23
feat(tiktok): photo carousel support + Content Sharing API UX compliance by @paulocastellano in https://github.com/trypostit/trypost/pull/25
fix(posts): block scheduling when content exceeds platform char limit by @paulocastellano in https://github.com/trypostit/trypost/pull/26
chore: remove unused PlatformRules registry and rule classes by @paulocastellano in https://github.com/trypostit/trypost/pull/27
feat(tracking): push Google Ads conversion data to dataLayer on purchase by @paulocastellano in https://github.com/trypostit/trypost/pull/28
fix(social): unify token-expired handling across all publishers by @paulocastellano in https://github.com/trypostit/trypost/pull/29
fix(social): proactive token refresh actually refreshes (not just verifies) by @paulocastellano in https://github.com/trypostit/trypost/pull/30
fix(x): drop chunked upload chunk size from 5MB to 1MB by @paulocastellano in https://github.com/trypostit/trypost/pull/31
fix(facebook): use upload_url + file_url for reel transfer phase by @paulocastellano in https://github.com/trypostit/trypost/pull/32
feat(posts): multi-select label filter on the posts list by @paulocastellano in https://github.com/trypostit/trypost/pull/34
fix(linkedin,pinterest): split CSV/space-joined OAuth scopes before saving by @paulocastellano in https://github.com/trypostit/trypost/pull/35
fix(linkedin-page): persist OAuth scopes through the page-picker flow by @paulocastellano in https://github.com/trypostit/trypost/pull/36
feat(signup): no-card 7-day trial on Starter plan by @paulocastellano in https://github.com/trypostit/trypost/pull/38
fix(pinterest): restore board picker + require board_id in validation by @paulocastellano in https://github.com/trypostit/trypost/pull/39
fix(posts): drop redundant 'publishing' toast on publish by @paulocastellano in https://github.com/trypostit/trypost/pull/40
feat(mcp): media upload via signed-URL flow by @paulocastellano in https://github.com/trypostit/trypost/pull/42
feat(docker): single-command Docker stack for local development by @andrefrd in https://github.com/trypostit/trypost/pull/24
fix(assets): always chunk uploads in GalleryBrowser by @paulocastellano in https://github.com/trypostit/trypost/pull/45
fix(social): distinguish platform-down from token-expired by @paulocastellano in https://github.com/trypostit/trypost/pull/49
feat(auth): self-hosted registration gate + admin seeder by @paulocastellano in https://github.com/trypostit/trypost/pull/51
fix(profile): member delete must not destroy the shared account by @paulocastellano in https://github.com/trypostit/trypost/pull/52
Fix: JSON columns with default('[]') fail on MySQL 8 by @sebastian-works in https://github.com/trypostit/trypost/pull/47
feat(storage): DigitalOcean Spaces disk + env documentation by @paulocastellano in https://github.com/trypostit/trypost/pull/53
fix(facebook): empty-message rejection + state consistency + no re-publish on terminal by @paulocastellano in https://github.com/trypostit/trypost/pull/41
feat(posthog): keep social_accounts_count and posts_count fresh on account group by @paulocastellano in https://github.com/trypostit/trypost/pull/43
chore(cursor): add Cursor project rules by @paulocastellano in https://github.com/trypostit/trypost/pull/54
fix(billing): require card-backed trial again by @paulocastellano in https://github.com/trypostit/trypost/pull/56
feat: regenerate AI post images with brand palette by @paulocastellano in https://github.com/trypostit/trypost/pull/57
fix(security): resolve npm audit vulnerabilities by @paulocastellano in https://github.com/trypostit/trypost/pull/58
fix(facebook): multi-image posts publish as text-only by @paulocastellano in https://github.com/trypostit/trypost/pull/59
fix(facebook): restrict Page Stories to video-only by @paulocastellano in https://github.com/trypostit/trypost/pull/60
chore(release): add /release slash command for weekly ritual by @paulocastellano in https://github.com/trypostit/trypost/pull/62

New Contributors

@niravsutariya made their first contribution in https://github.com/trypostit/trypost/pull/1
@paulocastellano made their first contribution in https://github.com/trypostit/trypost/pull/6
@andrefrd made their first contribution in https://github.com/trypostit/trypost/pull/24
@sebastian-works made their first contribution in https://github.com/trypostit/trypost/pull/47

Full Changelog: https://github.com/trypostit/trypost/commits/v1.0.0

Breaking Changes

Remove docs directory

Security Fixes

fix(security): resolve npm audit vulnerabilities

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track trypostit/trypost

Get notified when new releases ship.

About trypostit/trypost

All releases →