Merge main: Preserve security features while adopting type improvements

[Copilot]

Merged main branch (unrelated histories) into feature branch, resolving conflicts to preserve XSS protections while adopting TypeScript type definitions.

Conflict Resolution Strategy

src/lib/cv.ts - Combined both branches:

• Kept: DOMPurify sanitization, security-focused Showdown config
• Adopted: Experience, Education, CvData interface definitions
• Result: Type-safe security implementation

src/components/CvPage.astro - Merged approaches:

• Kept: SRI integrity hash on external script
• Adopted: declare const html2pdf: any for type safety
• Adopted: Conditional rendering with optional chaining (experience.skills!.length)

package.json - Merged dependencies:

• Added: isomorphic-dompurify@^3.0.0-rc.2 (XSS protection)
• Updated: @astrojs/check@^0.9.6, typescript@^5.8.3 (from main)

pnpm-lock.yaml - Regenerated with --no-frozen-lockfile

Key Technical Decision

The cv.ts merge required combining two different approaches to the same file. Main branch added proper TypeScript interfaces for type safety, while feature branch added security hardening. Both were necessary, so the resolution layers them:

// Type definitions from main
export interface CvData {
  experiences: Experience[];
  // ...
}

// Security config from feature branch  
const converter = new showdown.Converter({
  encodeEmails: true,
  parseImgDimensions: false,
  // ... security-focused options
});

// Combined implementation
export function md(text: string): string {
  const html = converter.makeHtml(text ?? "");
  return DOMPurify.sanitize(html, { /* strict allowlist */ });
}

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• telemetry.astro.build
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/cv/cv/node_modules/.bin/../astro/astro.js build (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.