Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/setup-python@v5, astral-sh/setup-uv@e92bafb6253dcd438e0484186d7669ea7a8ca1cc. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

embed field value must be shorter than 1024, got 2697 [`3070826`](https://github.com/SimplicityGuy/discogsography/commit/3070826ceb98b35888d11c6cc7585a95d2189460) fix: 2FA recovery codes display, sync rate limit, taste strip gap, btn-danger (#302) * fix: 2FA recovery codes display, sync rate limit, taste strip gap, btn-danger - Recovery codes were read from /api/auth/2fa/confirm response which only returns {message}; now read from cached _setupData.recovery_codes returned by /api/auth/2fa/setup. Also fixes Copy Codes copying empty string. - Defined .btn-danger Tailwind component class so the Disable 2FA button picks up flex centering from btn-base. The class was used by settings.js but never defined. - Loosened sync rate limit from 2/10minute to 10/minute and cooldown from 600s to 60s. Frontend now reads 429 message body instead of showing a generic "Please try again later" alert. - Hide #tasteStrip when empty so taste-fingerprint timeouts/unavailability no longer leave a blank gap between the stats cards and the collection table. - Removed dead X-Mailin-Track headers from password reset email; Brevo's v3 transactional API rejects standard email headers per the SDK's own signature ("Standard email headers are not supported"), so per-message click tracking control is impossible. Click tracking has to be disabled in the Brevo dashboard. Added comment explaining why. - Settings test mocks now match real API contract (setup returns otpauth_uri + recovery_codes; confirm returns {message}). The wrong mocks let the recovery codes bug ship. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: set NLQ toggle to display:flex explicitly Clearing the inline `style="display: none;"` to '' should fall back to the Tailwind `flex` class via the cascade, but in some browsers the layout doesn't update until something else triggers a reflow. Setting display explicitly to 'flex' is unambiguous and removes the dependency on cascade ordering for elements with both inline-style hide and class-based show. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test: cover new triggerSync branches in user-panes Add 5 tests for the branches introduced by the sync 429 handling: - 503 returns the service-unavailable message - 429 with empty body falls back to the default cooldown message - generic non-ok with body.detail surfaces the detail text - generic non-ok with body.message surfaces the message text - ok:true success path schedules the four pane reloads via setTimeout Closes the codecov gap on PR #302. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Docker cache hit for brainztableinator