The middleware only passed requests through without modification. Password lock protection is handled client-side via PasswordLockGuard.
Add DOMPurify to sanitize user-generated HTML in the preferences section before rendering with dangerouslySetInnerHTML.
- Upgrade @lexical/* packages from 0.38.2 to 0.39.0 - Upgrade drizzle-orm from 0.44.7 to 0.45.1 - Upgrade react and react-dom from 19.2.0 to 19.2.3 - Upgrade sharp from 0.33.5 to 0.34.5 - Sync eslint-config-next with next@16.1.1
