readCards now throws on fetch/parse failures instead of returning []
so a broken read can never trigger an overwrite of valid data.
Added a write lock to serialize card mutations within a single instance.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Disables submit buttons after first click to prevent race conditions
that could corrupt card data via concurrent writes.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The get() function doesn't work with relative paths on public stores.
Use list() to find the blob URL, then fetch it directly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Clicking a card image now opens it full-screen in an overlay.
Click anywhere or press Escape to close.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Cards now load dynamically on each page visit instead of at build time,
so new cards appear immediately without redeploying the site.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The new Vercel Blob store is public, so private access is not allowed.
Switch cards read/write to public access.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Show inline error banners when card save/delete fails instead of
crashing. Prevent writes to local filesystem on Vercel where it would
silently fail by validating BLOB_READ_WRITE_TOKEN presence.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Updated dependencies to fix Next.js and React CVE vulnerabilities.
The fix-react2shell-next tool automatically updated the following packages to their secure versions:
- next
- react-server-dom-webpack
- react-server-dom-parcel
- react-server-dom-turbopack
All package.json files have been scanned and vulnerable versions have been patched to the correct fixed versions based on the official React advisory.
Co-authored-by: Vercel <vercel[bot]@users.noreply.github.com>
dexx