* feat: add security.txt
Security.txt is a well-known (pun intended) file among security researchers, so they don't have to go scavenging for your security information. More information is available on [securitytxt.org](https://securitytxt.org/).
I've set the following values:
- The email to contact with issues, `jai@modrinth.com`. This is the email stated in the security policy. If you wish to not include it here due to spam, you should also not have it as a `mailto` link in the security policy.
- Expiry is set to 2030. By this time Modrinth has become the biggest Minecraft mod distributor, and having expanded into other games. By this time they should also have updated this file.
- English is the preferred language
- The file is located at modrinth.com/.well-known/security.txt
- The security policy is at https://modrinth.com/legal/security
The following values have been left unset:
- PGP key, not sure where this would be located, if there is one
- Acknowledgments. Modrinth does currently not have a site for thanks
- Hiring, as it wants security-related positions
- CSAF, a Common Security Advisory Framework ?
* fix(docs): reduce security.txt expiry
This addresses a concern where the security.txt has a long expiration date. Someone could treat this as "use this until then", which we don't want since it's a long time. The specification recommends no longer than one year, as it is to mark as stale.
From the RFC:
> The "Expires" field indicates the date and time after which the data contained in the "security.txt" file is considered stale and should not be used (as per Section 5.3). The value of this field is formatted according to the Internet profiles of [ISO.8601-1] and [ISO.8601-2] as defined in [RFC3339]. It is RECOMMENDED that the value of this field be less than a year into the future to avoid staleness.
Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
* fix(frontend): extend security.txt expiry
It takes so long to merge the PR :(
Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
* docs(frontend) careers link in security.txt
Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
---------
Signed-off-by: Erb3 <49862976+Erb3@users.noreply.github.com>
Co-authored-by: Erb3 <49862976+Erb3@users.noreply.github.com>
* chore: typo fix and formatting tidyups
* refactor(theseus): extend auth subsystem to fetch complete user profiles
* chore: fix new `prettier` lints
* chore: document differences between similar `Credentials` methods
* chore: remove dead `profile_run_credentials` plugin command
* feat(app): skin selector backend
* enh(app/skin-selector): better DB intension through deferred FKs, further PNG validations
* chore: fix comment typo spotted by Copilot
* fix: less racy auth token refresh logic
This may help with issues reported by users where the access token is
invalid and can't be used to join servers over long periods of time.
* tweak(app-lib): improve consistency of skin field serialization case
* fix(app-lib/minecraft_skins): fix custom skin removal from DB not working
* Begin skins frontend
* Cape preview
* feat: start on SkinPreviewRenderer
* feat: setting for nametag
* feat: hide nametag setting (sql)
* fix: positioning of meshes
* fix: lighting
* fix: allow dragging off-bounds
* fix: better color mapping
* feat: hide nametag setting (impl)
* feat: Start on edit modal + cape button cleanup + renderer fixes
* feat: Finish new skin modal
* feat: finish cape modal
* feat: skin rendering on load
* fix: logic for Skins.vue
* fix: types
* fix: types (for modal + renderer)
* feat: Editing?
* fix: renderer not updating variant
* fix: mojang username not modrinth username
* feat: batched skin rendering - remove vzge references (apart from capes, wip)
* feat: fix sizing on SkinButton and SkinLikeButton, also implement bust positioning
* feat: capes in preview renderer & baked renders
* fix: lint fixes
* refactor: Start on cleanup and polish
* fix: hide error notification when logged out
* revert: .gltf formatting
* chore(app-frontend): fix typos
* fix(app-lib): delay account skin data deletion to next reboot
This gives users an opportunity to not unexpectedly lose skin data in
case they log off on accident.
* fix: login button & provide/inject AccountsCard
* polish: skin buttons
* fix: imports
* polish: use figma values
* polish: tweak underneath shadow
* polish: cursor grab
* polish: remove green bg from CapeLikeTextButton when selected.
* polish: modal tweaks
* polish: grid tweaks + start on upload skin modal
* polish: drag and drop file flow
* polish: button positioning in SkinButton
* fix: lint issues
* polish: deduplicate model+cape stuff and fix layout
* fix: lint issues
* fix: camel case requirement for make-default
* polish: use indexed db to persist skin previews
* fix: lint issues
* polish: add skin icon sizing
* polish: theme fixes
* feat: animation system for skin preview renderer
* feat(app/minecraft_skins): save current custom external skin when equipping skins
* fix: cape button & dynamic nametag sizing
* feat(theseus): add `normalize_skin_texture` Tauri command
This command lets the app frontend opt in to normalizing the texture of
any skin, which may be in either the legacy 64x32 or newer 64x64 format,
to the newer 64x64 format for display purposes.
* chore: Rust build fixes
* feat: start impl of skin normalization on frontend
* feat(theseus): change parameter type of `normalize_skin_texture` Tauri command
* fix: normalization
* fix(theseus): make new `normalize_skin_texture` command usable
* feat: finish normalization impl
* fix: vueuse issue
* fix: use optimistic approach when changing skins/capes.
* fix: nametag cleanup + scroll fix
* fix: edit modal computedAsync not fast enough for skin preview renderer
* feat: classic player model animations
* chore: fix new Clippy lint
* fix(app-lib): actually delete custom skins with no cape overrides
* fix(app-lib): handle repeated addition of the same skin properly
* refactor(app-lib): simplify DB connection logic a little
* fix: various improvements
* feat: slim animations
* fix: z-fighting on models
* fix: shading + lighting improvements
* fix: shadows
* fix: polish
* fix: polish
* fix: accounts card not having the right head
* fix: lint issues
* fix: build issue
* feat: drag and drop func
* fix: temp disable drag and drop in the modal
* Revert "fix: temp disable drag and drop in the modal"
This reverts commit 33500c564e3f85e6c0a2e83dd9700deda892004d.
* fix: drag and drop working
* fix: lint
* fix: better media queries
* feat(app/skins): revert current custom external skin storing on equip
This reverts commit 0155262ddd081c8677654619a09e814088fdd8b0.
* regen pnpm lock
* pnpm fix
* Make default capes a little more clear
* Lint
---------
Co-authored-by: Alejandro González <me@alegon.dev>
Co-authored-by: Prospector <prospectordev@gmail.com>
* Add blog post: Pride Month 2025 campaign
* fix lint maybe
* Revert changes to other stuff
* run fix
* use local links
* re-run fix
---------
Co-authored-by: Prospector <prospectordev@gmail.com>
* tweak(pages/plus): update lack of ads perk desc to match latest changes
* tweak(pages/plus): more perks coming soon -> soon™
At this point it feels a bit fake for reasonable definitions of "soon"
to keep stating that more perks are coming "soon", even though it's not
something that has not been discarded altogether.
However, I think everyone can agree on a more playful and realistic
"soon™" deadline, because everyone likes memes and can relate to things
taking longer to come to fruition than planned :)
* Add quick server creation button, and dynamic pricing to custom server selection
* Remove test in compatibility card
* Lint + remove duplicate file
* Adjust z-index of popup
* $6 -> $5
* Dismiss prompt if the button is clicked
* Make "Create a server" disabled for now
* Use existing loaders type
