v20.1.0

Compare Source

👟 Runtime

• Added support for Node.js 26.x
• Replaced native libxmljs2 with WASM-based libxml2-wasm to remove native build dependency

🎯 Challenges

• Added ⭐⭐⭐-challenge: System Prompt Extraction (prompt injection against chatbot) (kudos to @​JohannesR0essler)
• Added "Fix It"-phase for NFT Takeover coding challenge

🎨 UI

• Fixes heading overflow into product table by adjusting padding

🅰️ Frontend

• Refactored Scoreboard to use Angular Signals for improved performance
• Upgraded Cypress to v15

🐳 Docker

• Optimized encoding of some more pictures and videos to bring down the size of the container image down even more than before

🐛 Bugfixes

• #​1788: Fixes issue preventing (properly) forged JWTs from being accepted in some endpoints
• #​3433: Fixes some translation string from being properly displayed
• d95b385: Fixes welcome banner from not being properly scrollable & dismissable on certain mobile screen sizes

🧹 Housekeeping

• Migrated server unit tests from Mocha & Chai to the Node.js test runner
• Upgraded TypeScript to v6
• Rewrote ZIP upload handler to use async/await and updated unzipper library
• Replaced FormSubmitService with native form submission in frontend

🔧 Configuration

• Migrated configuration validation from YAML schema to zod
• Added overwriteUrlForCsrfChallenge option to allow customizing the attack origin for the CSRF challenge

🌐 I18N

• Updated various translations