Review

[canincarlos]

Note

Introduces site-wide theme customizations and supporting build updates.

• Adds new templates/pages (index.hbs, emails.hbs, projects.hbs, enhanced tag.hbs, author.hbs) and partials (content.hbs, content-cta.hbs, cover.hbs, featured-posts.hbs, loop*.hbs, social icon partials)
• Updates default.hbs layout: includes Umami analytics, search/menu tweaks, mobile "Join" floating CTA, jQuery script, and asset wiring for built/main.min.js
• Refreshes bundled JS (assets/built/main.min.js) and adds Gulp build for JS/CSS (gulpfile.js); updates package.json (name/version, dev deps) and adds zip/dev scripts
• Adjusts README and LICENSE copyright years to 2013–2023

^{Written by Cursor Bugbot for commit 0091a4f. This will update automatically on new commits. Configure here.}

[coderabbitai]

Walkthrough

This pull request performs a substantial stylesheet and template restructuring. It updates copyright year ranges in LICENSE and README from 2025 to 2023. The changes systematically remove CSS styling across multiple files including built assets, blog components, general utilities, animations, dark theme rules, and page layouts. JavaScript initialization code for a featured carousel is deleted. Multiple Handlebars templates are modified: author.hbs simplifies social media links, default.hbs introduces an analytics script and join button while commenting out featured posts and footer sections, index.hbs replaces the post loop with a filtered featured posts query and adds a CTA block, and a new emails.hbs template is introduced for tagged content rendering.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Key observations

Scope and heterogeneity: The diff spans 30+ files across CSS, JavaScript, and Handlebars templates, representing diverse change patterns rather than repetitive modifications.

CSS deletions: While individual CSS file removals are straightforward to verify, the cumulative scale (approximately 20 files with hundreds of lines removed) requires confirming that styling dependencies are resolved elsewhere.

Template logic changes: Modifications to default.hbs involve commenting out conditional blocks and feature toggles; index.hbs introduces a filtered post query with a new partial reference that requires validation.

Impact assessment needed: The wholesale removal of styles and commented-out template logic suggests feature deprecation or migration; reviewers should verify that removal doesn't introduce broken references or unintended visual/functional regressions.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Review' is vague and generic, providing no meaningful information about the changeset's primary purpose or scope.	Use a more descriptive title that clearly indicates the main change, such as 'Update copyright year and remove CSS assets' or 'Simplify theme by removing built CSS and updating dates'.
Description check	❓ Inconclusive	The description mentions updating copyright years and refreshing bundles, which relates to some changes (LICENSE, README.md), but significantly misses the extensive removal of CSS files, JavaScript functionality, and template modifications that constitute the bulk of the changeset.	Expand the description to accurately reflect all major changes, including the removal of CSS stylesheets, JavaScript features, and template modifications beyond just copyright and bundle updates.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

🤖 Fix all issues with AI agents

In `@author.hbs`:
- Around line 27-35: The template currently hardcodes Facebook/Twitter base URLs
for the author links (the blocks that check {{`#if` facebook}} and {{`#if` twitter}}
and render anchors with class author-social-item); replace those hardcoded href
attributes with the social_url helper so Ghost preserves normalization/encoding
— e.g. call the social_url helper with the proper type for each platform (use
type="facebook" with the facebook value and type="twitter" with the twitter
value) in the href for the anchors that render the author social items.

In `@default.hbs`:
- Around line 13-48: The join CTA loses accessible text on small screens because
.join-hover-button span is hidden; update the anchor inside .join-hover-button
(the element containing the SVG and span, e.g., the link rendered with class
hover-button-inner) to always include an accessible name by adding an aria-label
(e.g., aria-label="Join" or the site's join CTA text) and mark the decorative
SVG as aria-hidden="true" or role="presentation" so screen readers ignore the
image; ensure the aria-label is present regardless of CSS so the CTA remains
accessible when .join-hover-button span is display:none.
- Line 69: The burger button lost its accessible label making it invisible to
screen readers; update the <button class="gh-burger"> element to include a
descriptive aria-label (for example aria-label="Open menu" / "Toggle
navigation") and ensure it reflects state if needed (consider aria-expanded on
toggle), i.e., add the aria-label attribute to the gh-burger button and, if the
button toggles a menu, add or update aria-expanded to keep assistive tech
informed.
- Line 9: The Umami cloud script tag (https://cloud.umami.is/script.js with
data-website-id) requires CSP and privacy checks: add cloud.umami.is to your
Content-Security-Policy script-src and connect-src directives, confirm whether
the Umami instance or event payloads capture IPs, persistent IDs, or any PII
and, if so, implement consent gating (e.g., opt-in banner) before loading the
script and/or anonymize data, update your privacy notice to document analytics
collection, retention period, and processors, and ensure CCPA opt-out/disclosure
flows are implemented for California residents before deploying.

In `@emails.hbs`:
- Around line 15-23: The pagination helper is currently outside the {{`#get`
"posts"}} block so it reads top-level context instead of the query results; move
{{pagination}} inside the {{`#get`}} block and either pass the page parameter into
{{`#get`}} (e.g., page=page) or use the block parameter returned by {{`#get`}} (the
posts object) to render pagination from that object so the pager synchronizes
with the posts query; update the template around the {{`#get` "posts" ... as
|posts|}} block and the {{pagination}} call accordingly.

In `@index.hbs`:
- Around line 12-15: The external anchor element linking to
"https://calendly.com/dreamfreely/meet-n-speak" (the <a> tag that renders "Book
a Meet 'n' Speak" and uses target="_blank") is missing rel="noopener
noreferrer"; update that anchor to include rel="noopener noreferrer" alongside
target="_blank" to prevent reverse-tabnabbing and harden the external link.

In `@LICENSE`:
- Line 3: Replace the outdated copyright year in the LICENSE by updating the
line that currently reads "Copyright (c) 2013-2023 Ghost Foundation" to reflect
the current range "Copyright (c) 2013-2025 Ghost Foundation" so the legal
metadata is accurate for 2025.

In `@README.md`:
- Line 38: The README copyright line was reverted from 2025 back to 2023; locate
the exact line string "Copyright (c) 2013-2023 Ghost Foundation - Released under
the [MIT license](LICENSE)." in README.md and either restore it to the version
on main ("Copyright (c) 2013-2025 ...") or, if the change was intentional, add a
changelog/PR note explaining why the year was rolled back and confirm the merge
direction; also verify git history (commit 45c962e8) and ensure the branch merge
is corrected so main's 2025 value is retained unless explicitly approved to
change.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find author.hbs file
find . -name "author.hbs" -type f

Repository: TryGhost/Dawn

Length of output: 69

---

🏁 Script executed:

# Search for social_url references in the codebase
rg "social_url" --type hbs --type js --type json -i

Repository: TryGhost/Dawn

Length of output: 3048

---

🏁 Script executed:

# Look for the file structure and examine author.hbs
git ls-files | grep -i "author\|social" | head -20

Repository: TryGhost/Dawn

Length of output: 427

---

🏁 Script executed:

cat -n author.hbs | sed -n '20,40p'

Repository: TryGhost/Dawn

Length of output: 1012

---

🏁 Script executed:

# Check if there's documentation or examples of social_url helper usage
rg "social_url" --type hbs -B2 -A2 | head -40

Repository: TryGhost/Dawn

Length of output: 3814

---

🏁 Script executed:

# Look for any tests or documentation that shows the correct syntax
find . -path ./node_modules -prune -o -name "*.md" -type f -print | xargs rg "social_url" 2>/dev/null | head -20

Repository: TryGhost/Dawn

Length of output: 39

---

🏁 Script executed:

# Look at the full context of social_url usage in shared-theme-assets
cat node_modules/@tryghost/shared-theme-assets/partials/author-header.hbs | grep -A1 -B1 "social_url"

Repository: TryGhost/Dawn

Length of output: 1733

---

🏁 Script executed:

# Check if there's a README or documentation about social_url
find . -path ./node_modules -prune -o -name "README*" -type f -print | xargs rg "social_url\|facebook\|twitter" 2>/dev/null | grep -i "social_url" | head -10

Repository: TryGhost/Dawn

Length of output: 39

---

🏁 Script executed:

# Check if there are any other usages of social_url in the main source (not node_modules)
find . -path ./node_modules -prune -o -name "*.hbs" -type f -print | xargs rg "social_url" 2>/dev/null

Repository: TryGhost/Dawn

Length of output: 41

---

🏁 Script executed:

# Verify the Ghost documentation references for the helper syntax
cat node_modules/gscan/lib/specs/v6.js | grep -A5 "social_url"

Repository: TryGhost/Dawn

Length of output: 1210

---

🏁 Script executed:

# Let me verify the exact parameter name for social_url helper
rg "social_url" node_modules/@tryghost/shared-theme-assets/ -A2 -B2 | head -50

Repository: TryGhost/Dawn

Length of output: 3814

---

Use {{social_url type="..."}} helper to preserve URL normalization.

Hardcoding the base URLs removes Ghost's normalization/encoding and breaks backwards compatibility for authors whose facebook/twitter fields already contain full URLs or platform-specific formats.

✅ Proposed fix

-                <a class="share-link share-link-facebook author-social-item" href="https://www.facebook.com/{{facebook}}" target="_blank" rel="noopener noreferrer">
+                <a class="share-link share-link-facebook author-social-item" href="{{social_url type="facebook"}}" target="_blank" rel="noopener noreferrer">
...
-                <a class="share-link share-link-twitter author-social-item" href="https://twitter.com/{{twitter}}" target="_blank" rel="noopener noreferrer">
+                <a class="share-link share-link-twitter author-social-item" href="{{social_url type="twitter"}}" target="_blank" rel="noopener noreferrer">

🤖 Prompt for AI Agents

In `@author.hbs` around lines 27 - 35, The template currently hardcodes
Facebook/Twitter base URLs for the author links (the blocks that check {{`#if`
facebook}} and {{`#if` twitter}} and render anchors with class
author-social-item); replace those hardcoded href attributes with the social_url
helper so Ghost preserves normalization/encoding — e.g. call the social_url
helper with the proper type for each platform (use type="facebook" with the
facebook value and type="twitter" with the twitter value) in the href for the
anchors that render the author social items.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Umami analytics privacy policy GDPR CCPA consent requirements

💡 Result:

Short answer

• Umami (the analytics tool) is privacy-focused and can run cookieless/without user profiles, but that alone does not automatically remove GDPR or ePrivacy consent obligations. Whether you must obtain consent depends on what data you collect/process (IP, persistent identifiers, device fingerprinting, any PII), how you store it, and whether any access/storage occurs on the user’s terminal. [1][2][3][4]

Key points and practical checklist

• Umami’s own documentation/privacy pages describe a privacy-first approach and configurable retention, but also note data‑subject rights and that features can process personal data. Review the exact Umami deployment/settings (self‑hosted vs Umami cloud) and which fields/events you send. [1][5]
• ePrivacy/GDPR: Article 5(3) ePrivacy (and EDPB guidance) requires prior consent for storing/accessing information on terminal equipment or using similar tracking techniques unless strictly necessary for the requested service. Server‑side analytics or short, non‑identifying logging may reduce consent needs, but if identifiers or IPs are retained or reidentification is possible, consent is likely required. [3][4]
• CCPA/CPRA (California): these laws require disclosure of categories of personal information collected and — if data are “sold” or “shared” for cross‑context behavioral advertising — an opt‑out (Do Not Sell/Share) right. If you operate Umami but do not sell/share personal data and minimize collection, you reduce CCPA exposure, but you must still provide required disclosures and honor Do‑Not‑Sell requests if applicable. (Also check CPRA added consumer rights.) [1][2]
• GitHub / community discussions: privacy‑first analytics vendors (Umami, Plausible, Matomo) often advertise lower compliance burden, but legal risk depends on implementation; community guidance warns documentation/examples that expose PII can make a deployment non‑compliant. Audit your events to ensure no PII is sent. [2]

Recommendations

1. Audit what you collect to confirm: IP addresses, user IDs, event payloads, persistent IDs, or fingerprints. If any personal data or persistent identifiers are present, treat processing as personal data under GDPR. [1][2]
2. If you target EU users: assume ePrivacy/GDPR consent is required unless you can reasonably demonstrate strict necessity or full, irreversible anonymization before storage. Use opt‑in CMP where required. [3][4]
3. If you target California residents: add/update privacy notice (categories, purposes, retention, sale/share disclosures) and implement Do‑Not‑Sell/Share if applicable.
4. Prefer self‑hosting + short retention + IP anonymization + no event PII to reduce consent/risk, and document your legal basis.
5. For final legal certainty, get a privacy lawyer to review your specific setup and privacy notice.

Sources

• Umami privacy / product docs and privacy pages. [1][5]
• Community discussion on Umami/GDPR compliance (GitHub discussion). [2]
• EU ePrivacy Directive / ePrivacy Regulation guidance and EDPB notes on storage/access (Article 5(3) / consent requirement). [3][4]

Would you like me to: (A) scan your current Umami config/what events you send and flag possible personal data, or (B) draft short text for your privacy notice and a CMP consent snippet tailored to Umami?

---

🌐 Web query:

Umami analytics CSP Content Security Policy requirements

💡 Result:

Short answer — if you run Umami (self‑hosted) you must allow the Umami host in your site’s Content‑Security‑Policy so the browser can load the tracker script and send analytics back. Concretely:

• Add your Umami instance origin (e.g. https://analytics.example.com) to:
  • script-src (so umami.js can be loaded)
  • connect-src (so the tracking XHR/fetch requests to /api/* are allowed)
• Optionally allow the Umami origin in img-src if you use image beacons or accept img responses.
• Keep your normal policies for style-src, frame-ancestors, etc.; Umami itself sends a CSP on its endpoints so the Umami server’s responses may include CSP headers.

Example CSP snippet for a site that uses a self‑hosted Umami at https://analytics.example.com:
Content-Security-Policy: default-src 'self'; script-src 'self' https://analytics.example.com; connect-src 'self' https://analytics.example.com; img-src 'self' https://analytics.example.com data:; style-src 'self' 'unsafe-inline';

Sources: community how‑tos and docs showing you must add the Umami domain to script-src/connect-src, and examples of Umami CSP headers. [1][2][3]

References

• Umami usage / CSP note. [1]
• Practical guide + example (blog post). [2]
• Umami repo / issue showing Umami responses include CSP header. [3]

---

Verify Umami analytics implementation meets GDPR/CCPA and CSP requirements.

Third-party analytics—even privacy-focused ones like Umami—require compliance review. Umami's cloud-hosted script at https://cloud.umami.is/ needs explicit CSP allowance (add to script-src and connect-src). Additionally, confirm:

• Whether your Umami setup collects/retains personally identifiable data (IPs, persistent IDs, event payloads with PII). If yes, GDPR consent is likely required.
• Privacy notice is updated to disclose analytics collection, retention period, and data processing.
• CCPA opt-out/disclosure requirements are addressed if you serve California residents.

Review Umami's deployment configuration and audit what data you send before deploying.

🤖 Prompt for AI Agents

In `@default.hbs` at line 9, The Umami cloud script tag
(https://cloud.umami.is/script.js with data-website-id) requires CSP and privacy
checks: add cloud.umami.is to your Content-Security-Policy script-src and
connect-src directives, confirm whether the Umami instance or event payloads
capture IPs, persistent IDs, or any PII and, if so, implement consent gating
(e.g., opt-in banner) before loading the script and/or anonymize data, update
your privacy notice to document analytics collection, retention period, and
processors, and ensure CCPA opt-out/disclosure flows are implemented for
California residents before deploying.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Provide an accessible name for the join CTA on small screens.

When the span is hidden at narrow widths, the link has no accessible text (image alt is empty). Add an aria-label (and optionally hide the decorative image).

♿ Proposed fix

-{{`#unless` `@member`}}
-    <a href="#/portal/" class="join-hover-button">
+{{`#unless` `@member`}}
+    <a href="#/portal/" class="join-hover-button" aria-label="{{`@site.portal_button_signup_text`}}">
        <div class="hover-button-inner ">
           {{!-- {{>"icons/star"}} --}}
-          <img src="https://canin.dreamfreely.org/content/images/2025/10/DFDollarSign.Transparent-real.png" alt="" style="width: 26px; height: 26px;">
+          <img src="https://canin.dreamfreely.org/content/images/2025/10/DFDollarSign.Transparent-real.png" alt="" aria-hidden="true" style="width: 26px; height: 26px;">
           <span>&nbsp;{{`@site.portal_button_signup_text`}}</span>
         </div></a>
 {{/unless}}  

Also applies to: 148-154

🤖 Prompt for AI Agents

In `@default.hbs` around lines 13 - 48, The join CTA loses accessible text on
small screens because .join-hover-button span is hidden; update the anchor
inside .join-hover-button (the element containing the SVG and span, e.g., the
link rendered with class hover-button-inner) to always include an accessible
name by adding an aria-label (e.g., aria-label="Join" or the site's join CTA
text) and mark the decorative SVG as aria-hidden="true" or role="presentation"
so screen readers ignore the image; ensure the aria-label is present regardless
of CSS so the CTA remains accessible when .join-hover-button span is
display:none.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restore the burger button’s accessible label.

Removing the aria-label makes the control unlabeled for screen readers.

♿ Proposed fix

-                <button class="gh-burger"></button>
+                <button class="gh-burger" aria-label="Open menu"></button>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<button class="gh-burger"></button>
	<button class="gh-burger" aria-label="Open menu"></button>

🤖 Prompt for AI Agents

In `@default.hbs` at line 69, The burger button lost its accessible label making
it invisible to screen readers; update the <button class="gh-burger"> element to
include a descriptive aria-label (for example aria-label="Open menu" / "Toggle
navigation") and ensure it reflects state if needed (consider aria-expanded on
toggle), i.e., add the aria-label attribute to the gh-burger button and, if the
button toggles a menu, add or update aria-expanded to keep assistive tech
informed.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

Ghost theme {{get}} helper pagination page parameter

💡 Result:

Short answer: use the get helper's page attribute with a literal number (page="2") or use the pagination object provided by Ghost (block parameter or top-level {{pagination}}) to read the current page. You cannot directly pass a Handlebars route variable named "page" into {{#get}} because Ghost does not expose a route variable for that — instead read the page from the pagination object.

Examples + notes

• Fixed page in a get query:
  {{#get "posts" limit="5" page="4"}}...{{/get}} — returns posts 16–20. [1]

• Read the current page from the get helper's pagination block parameter:
  {{#get "posts" limit="5" as |articles pages|}}
  {{#foreach articles}}...{{/foreach}}
  Page: {{pages.page}} (pages contains page, prev, next, pages, total, limit).
  {{/get}}. [1]

• Use the top-level pagination helper/context on list pages:
  {{pagination}} and the pagination context helpers ({{page}}, {{pages}}, {{page_url prev}}). [2][3]

If your custom route uses /collection/page/:page/, Ghost will populate the pagination object for that list context — read pages.page (from {{#get}} block params) or use the top-level {{page}} from {{pagination}}. See Ghost docs on the get helper and pagination. [1][2]

Sources:
[1] Ghost get helper docs: https://ghost.org/docs/themes/helpers/get/
[2] Ghost pagination helper/docs: https://ghost.org/docs/themes/helpers/pagination/
[3] Ghost Content API / pagination (meta.pagination): https://ghost.org/docs/content-api/

---

🌐 Web query:

Ghost handlebars {{pagination}} helper {{get}} context interaction

💡 Result:

Short answer: {{pagination}} reads the top-level pagination object produced for the current page (index/tag/author contexts). {{#get}} returns its own paginated collection and exposes a separate pagination object only via block parameters (e.g. {{#get "posts" as |items pages|}}). That means the global {{pagination}} helper will not automatically pick up a {{#get}} query — you must use the pagination object returned by {{#get}} (pages) and render links yourself (or pass values into a partial). See the docs for details and examples. [1][2]

References:

• {{#get}} helper docs (shows block-parameter pagination: as |collection pages|). [1]
• {{pagination}} helper docs (explains it uses the top-level pagination object and page_url/page/prev/next helpers). [2]

---

🌐 Web query:

Ghost CMS email tag filter template pagination

💡 Result:

Short answer — two ways:

1. Use the built-in tag context (recommended). Create tag.hbs (or tag-:slug.hbs). Ghost provides the posts list and pagination automatically so you can loop posts and render {{pagination}}. Example:
   {{#tag}}
   {{#foreach posts}}

   {{title}}

{{/foreach}}
{{/tag}}
{{pagination}}
(See tag context + pagination docs.) [1][2]

2. Use the {{#get}} helper with filter + page if you need a custom/email template. {{#get}} accepts filter, limit and page and can return a pagination object as a block parameter. Example:
   {{#get "posts" filter="tags:hash-newsletter" limit="5" page="1" as |articles pages|}}
   {{#foreach articles}}

   {{title}}

{{/foreach}}
Page {{pages.pagination.page}} of {{pages.pagination.pages}}
{{/get}}
Note: pagination from {{#get}} is separate from the site-level {{pagination}} helper; if you want site-style page links use tag context or route/collection filtering. [3][4][5]

References:
[1] Tag context — Ghost Themes docs.
[2] {{pagination}} helper — Ghost docs.
[3] {{#get}} helper (filter, page, limit, block params) — Ghost docs.
[4] get helper (block params & pages object) — Ghost developer docs.
[5] Ghost Content API pagination (page/limit semantics).

---

Move {{pagination}} inside {{#get}} block and pass page parameter.

{{pagination}} reads the top-level context and won't sync with {{#get}} results. Either use a tag context template with built-in posts, or pass the page parameter into {{#get}} and render pagination from the block-parameter object:

Suggested fix (custom route with pagination from {{`#get`}})

     <div class="post-feed gh-feed gh-canvas">
-        {{`#get` "posts" filter="tag:['emails']" as |posts|}}
+        {{`#get` "posts" filter="tag:['emails']" limit="12" page=page as |posts pages|}}
             {{`#foreach` posts}}
                 {{> "loop"}}
             {{/foreach}}
+            {{`#if` pages.pages}}
+            <nav class="pagination">
+                {{`#if` pages.prev}}<a href="{{page_url pages.prev}}">← Previous</a>{{/if}}
+                {{`#if` pages.next}}<a href="{{page_url pages.next}}">Next →</a>{{/if}}
+            </nav>
+            {{/if}}
         {{/get}}
     </div>
-
-    {{pagination}}

🤖 Prompt for AI Agents

In `@emails.hbs` around lines 15 - 23, The pagination helper is currently outside
the {{`#get` "posts"}} block so it reads top-level context instead of the query
results; move {{pagination}} inside the {{`#get`}} block and either pass the page
parameter into {{`#get`}} (e.g., page=page) or use the block parameter returned by
{{`#get`}} (the posts object) to render pagination from that object so the pager
synchronizes with the posts query; update the template around the {{`#get` "posts"
... as |posts|}} block and the {{pagination}} call accordingly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add rel="noopener noreferrer" for external links opened in a new tab.

This prevents reverse‑tabnabbing and is a standard security hardening for target="_blank" links.

🔒 Proposed fix

-            <a href="https://calendly.com/dreamfreely/meet-n-speak" target="_blank">
+            <a href="https://calendly.com/dreamfreely/meet-n-speak" target="_blank" rel="noopener noreferrer">

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<div class="cover-cta" style="display:block;">
	<center>
	<a href="https://calendly.com/dreamfreely/meet-n-speak" target="_blank">
	<b><u>Book a Meet 'n' Speak</u></b>
	<div class="cover-cta" style="display:block;">
	<center>
	<a href="https://calendly.com/dreamfreely/meet-n-speak" target="_blank" rel="noopener noreferrer">
	<b><u>Book a Meet 'n' Speak</u></b>

🤖 Prompt for AI Agents

In `@index.hbs` around lines 12 - 15, The external anchor element linking to
"https://calendly.com/dreamfreely/meet-n-speak" (the <a> tag that renders "Book
a Meet 'n' Speak" and uses target="_blank") is missing rel="noopener
noreferrer"; update that anchor to include rel="noopener noreferrer" alongside
target="_blank" to prevent reverse-tabnabbing and harden the external link.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check current state of LICENSE file
echo "=== Current LICENSE file ==="
cat LICENSE

# Check git history for LICENSE file
echo -e "\n=== Recent commits affecting LICENSE ==="
git log --oneline -10 -- LICENSE

# Show the diff for LICENSE in the current state
echo -e "\n=== Git diff for LICENSE (last commit) ==="
git diff HEAD~1 HEAD -- LICENSE 2>/dev/null || echo "No previous commit available"

# Show full git status
echo -e "\n=== Git status ==="
git status LICENSE 2>/dev/null || echo "File not staged"

# Check if there are unstaged changes
echo -e "\n=== All changes to LICENSE ==="
git diff -- LICENSE 2>/dev/null || echo "No unstaged changes"

Repository: TryGhost/Dawn

Length of output: 1416

---

🏁 Script executed:

#!/bin/bash
# Get more detailed git history
echo "=== Git log with patches for LICENSE ==="
git log --oneline --all -20 -- LICENSE

echo -e "\n=== Show the Production commit details ==="
git show aa719640:LICENSE | head -5

echo -e "\n=== Check parent commit ==="
git show aa719640~1:LICENSE 2>/dev/null | head -5 || echo "No parent commit"

echo -e "\n=== Full diff of aa719640 ==="
git show aa719640 -- LICENSE 2>/dev/null | head -30 || echo "Cannot show diff"

echo -e "\n=== All branches and commits ==="
git log --all --oneline -30 -- LICENSE

Repository: TryGhost/Dawn

Length of output: 1714

---

🏁 Script executed:

#!/bin/bash
# Check what's in the 2025 commit
echo "=== LICENSE in 2025 commit (45c962e8) ==="
git show 45c962e8:LICENSE 2>/dev/null | grep "Copyright" || echo "File not found in that commit"

# Check what's in the 2023 commit
echo -e "\n=== LICENSE in 2023 commit (6ca74e4b) ==="
git show 6ca74e4b:LICENSE 2>/dev/null | grep "Copyright" || echo "File not found in that commit"

# Compare the two
echo -e "\n=== Diff between 2025 and Production commits ==="
git diff 45c962e8 aa719640 -- LICENSE 2>/dev/null | grep -A2 -B2 "Copyright" || echo "No diff"

# Show the full diff in a more readable way
echo -e "\n=== Full diff 45c962e8 vs aa719640 ==="
git show 45c962e8:LICENSE 2>/dev/null > /tmp/license_2025.txt
git show aa719640:LICENSE 2>/dev/null > /tmp/license_prod.txt
echo "Differences:"
diff /tmp/license_2025.txt /tmp/license_prod.txt || true

Repository: TryGhost/Dawn

Length of output: 599

---

License copyright year regression: 2025 changed to 2023.

The LICENSE file's copyright year is being reverted from 2025 to 2023, which moves backwards despite the current date being January 2026. This represents outdated legal metadata that should reflect the current or most recent copyright year.

Update the copyright year to 2025 to maintain current legal accuracy.

🤖 Prompt for AI Agents

In `@LICENSE` at line 3, Replace the outdated copyright year in the LICENSE by
updating the line that currently reads "Copyright (c) 2013-2023 Ghost
Foundation" to reflect the current range "Copyright (c) 2013-2025 Ghost
Foundation" so the legal metadata is accurate for 2025.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check recent changes to README.md copyright year
echo "=== Recent README.md changes involving copyright ==="
git log --oneline --all -- README.md | head -20

echo -e "\n=== Detailed history of copyright line changes ==="
git log -p --all -S "2013-" -- README.md | head -150

echo -e "\n=== Current README.md line 38 ==="
sed -n '38p' README.md

echo -e "\n=== Branch comparison: main vs prod ==="
echo "Commits in prod but not in main:"
git log --oneline prod..main 2>/dev/null | head -20

echo "Commits in main but not in prod:"
git log --oneline main..prod 2>/dev/null | head -20

echo -e "\n=== Show current HEAD and branches ==="
git branch -v
git log --oneline -5

Repository: TryGhost/Dawn

Length of output: 755

---

🏁 Script executed:

#!/bin/bash
echo "=== Commit 45c962e8 (2025) ==="
git show 45c962e8:README.md | sed -n '35,45p'

echo -e "\n=== Commit 6ca74e4b (2023) ==="
git show 6ca74e4b:README.md | sed -n '35,45p'

echo -e "\n=== Current HEAD (aa719640 Production) ==="
git show aa719640:README.md | sed -n '35,45p'

echo -e "\n=== Main branch version ==="
git show main:README.md | sed -n '35,45p'

echo -e "\n=== Detailed commit info ==="
git log --format=fuller 45c962e8 -1
echo "---"
git log --format=fuller 6ca74e4b -1

Repository: TryGhost/Dawn

Length of output: 1192

---

Critical: Copyright year moved backwards from 2025 to 2023.

The copyright end year is being changed from 2025 to 2023. Git history confirms that commit 45c962e8 (January 6, 2025) updated it to 2025, but the current change reverts it to 2023. Since the main branch retains the 2025 copyright while the Production branch shows 2023, this indicates:

• The code is reverting a recent update from the main branch
• Production and main have diverged with main being ahead on this change
• Current date is January 2026, making 2025 the expected current year for the copyright

Verify whether this backward change is intentional and whether the merge direction is correct.

🤖 Prompt for AI Agents

In `@README.md` at line 38, The README copyright line was reverted from 2025 back
to 2023; locate the exact line string "Copyright (c) 2013-2023 Ghost Foundation
- Released under the [MIT license](LICENSE)." in README.md and either restore it
to the version on main ("Copyright (c) 2013-2025 ...") or, if the change was
intentional, add a changelog/PR note explaining why the year was rolled back and
confirm the merge direction; also verify git history (commit 45c962e8) and
ensure the branch merge is corrected so main's 2025 value is retained unless
explicitly approved to change.