Merged
Conversation
- Deleted the pagespeed refresh route and its associated logic. - Removed the main pagespeed route and its caching mechanism. - Eliminated the PageSpeedInsights component and its related hooks. - Updated the home page to remove references to PageSpeed insights. - Cleaned up unused types and data related to PageSpeed metrics.
…logies components
…components and translations
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF ScorecardScorecard details
Scanned Files
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR represents a major version bump from 5.3.18 to 6.0.1, featuring significant architectural changes primarily focused on removing the PageSpeed Insights integration, migrating the chatbot from Gemini to Groq API, and implementing comprehensive security improvements across API routes.
Changes:
- Removed PageSpeed Insights feature (API routes, hooks, components, and types)
- Migrated chatbot from Google Gemini API to Groq API for AI responses
- Added comprehensive security headers (X-Content-Type-Options, Cache-Control) across all API routes
- Implemented rate limiting for blog and about API routes
- Enhanced error handling in chatbot with fallback messages
- Added new "Computer Science Expert" certification
- Removed email contact information from footer and contact sheet
- Improved SECURITY.md documentation with audit history
- Cleaned up temp/backup files
Reviewed changes
Copilot reviewed 46 out of 52 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Version bump to 6.0.1, Next.js upgrade to 16.1.6, removed email from author field |
| next.config.ts | Added CSP TODO comment and api.groq.com to connect-src |
| hooks/use-pageSpeed-data.ts | Deleted - PageSpeed feature removed |
| hooks/use-chatbot.ts | Improved error handling with fallback messages, silent error catching |
| components/pagespeed/* | Deleted - PageSpeed components removed |
| components/chatbot/* | Enhanced error handling, added fallback message constants |
| components/contact/ContactSheet.tsx | Removed email section, added position badges (Freelancer & Botgenossen GmbH) |
| components/footer/Footer.tsx | Removed email and social links from footer |
| app/api/chatbot/route.ts | Complete migration from Gemini to Groq API, removed fallback logic |
| app/api/pagespeed/* | Deleted - PageSpeed API routes removed |
| app/api/email-rewrite/* | Added X-Content-Type-Options headers, improved error responses |
| app/api/blog/* | Added rate limiting, X-Content-Type-Options headers, improved caching |
| app/api/about/route.ts | Added rate limiting and security headers |
| app/page.tsx | Removed PageSpeed section from homepage |
| data/main/certificationsData.ts | Added new "Computer Science Expert" certification with IHK issuer |
| messages/*.json | Added issuer translations, updated chatbot API naming from "gemini" to "api", added certification description |
| SECURITY.md | Enhanced with audit history, reporting guidelines, and resources |
| README.md | Updated chatbot description to show Groq API (but still lists PageSpeed endpoint) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -198,7 +198,7 @@ Comprehensive API endpoints with security-first design: | |||
| | `/api/blog` | Blog content management and retrieval | Prisma + Zod | | |||
| | `/api/github` | Fetches GitHub profile + repos (filtered) | Tokenized (env) | | |||
| | `/api/pagespeed` | Surfaces PageSpeed metrics | Enhanced caching + error handling | | |||
There was a problem hiding this comment.
The /api/pagespeed endpoint is still listed in the API surface table, but this endpoint has been removed in this PR. This entry should be deleted to match the actual API structure.
Suggested change
| | `/api/pagespeed` | Surfaces PageSpeed metrics | Enhanced caching + error handling | |
| "img-src 'self' data: blob: https://avatars.githubusercontent.com https://github.com", | ||
| "font-src 'self' data:", | ||
| "connect-src 'self' https://api.github.com https://www.googleapis.com https://generativelanguage.googleapis.com https://vercel.live https://vitals.vercel-analytics.com", | ||
| "connect-src 'self' https://api.github.com https://www.googleapis.com https://generativelanguage.googleapis.com https://vercel.live https://vitals.vercel-analytics.com https://api.groq.com", |
There was a problem hiding this comment.
The CSP policy still includes https://generativelanguage.googleapis.com in the connect-src directive. Since the chatbot has been migrated from Gemini to Groq API, this domain is no longer needed and should be removed from the CSP policy to follow the principle of least privilege.
Comment on lines
170
to
+181
| <div className="flex items-center justify-between"> | ||
| <span className="text-muted-foreground">Position:</span> | ||
| <Badge variant="outline" className="text-xs"> | ||
| Freelancer | ||
| </Badge> | ||
| </div> | ||
| <div className="flex items-center justify-between"> | ||
| <span className="text-muted-foreground">Position:</span> | ||
| <Badge variant="outline" className="text-xs"> | ||
| Botgenossen GmbH | ||
| </Badge> | ||
| </div> |
There was a problem hiding this comment.
Duplicate label "Position:" is used for both the "Freelancer" and "Botgenossen GmbH" badges. The second one should use a different label (e.g., "Company:" or "Employer:") to distinguish between freelance status and employment, or these should be combined into a single badge if they represent the same information.
Comment on lines
+176
to
+180
| <div className="flex items-center justify-between"> | ||
| <span className="text-muted-foreground">Position:</span> | ||
| <Badge variant="outline" className="text-xs"> | ||
| Botgenossen GmbH | ||
| </Badge> |
There was a problem hiding this comment.
The hardcoded label "Position:" should be extracted to translation keys for consistency with the i18n pattern used throughout the application. This would allow proper localization across all supported languages. Additionally, consider whether "Company:" or "Employer:" would be more appropriate for the second entry.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.