fix(mobile): scope desktop scroll CSS to pointer:fine + guard reactive-glow scroll listener — v1.1.3 (#106)

Copilot · devakesu · Copilot · web-flow · commit af973fb30b53 · 2026-03-06T11:12:31.000+05:30
* Initial plan * fix: mobile scroll lag + bump to v1.1.3 - scope scroll-behavior/overscroll-behavior-y to @media (pointer: fine) - add touch device guard to reactive-glow.js scroll listener - bump version to 1.1.3 across package.json, README.md, SECURITY.md - update react-icons 5.5.0 → 5.6.0 - update GitHub Actions: harden-runner v2.15.1, setup-node v6.3.0, trivy-action v0.34.2, setup-buildx-action v4.0.0, login-action v4.0.0, build-push-action v7.0.0, sbom-action v0.23.0, upload-artifact v7.0.0, attest-build-provenance v4.1.0 Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> * Update .github/workflows/deploy.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Devanarayanan <fusion@devakesu.com> * Update app/globals.css Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Devanarayanan <fusion@devakesu.com> --------- Signed-off-by: Devanarayanan <fusion@devakesu.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com> Co-authored-by: Devanarayanan <fusion@devakesu.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -24,17 +24,17 @@ jobs:
       actions: read # Allow cache restore without high-privilege write access
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
       - name: Checkout Code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
-          node-version: '20'
+          node-version: '20.19.0'
 
       - name: Install dependencies
         run: npm ci
@@ -56,15 +56,15 @@ jobs:
       contents: read
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
       - name: Checkout Code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Node.js
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: '20'
 
@@ -107,7 +107,7 @@ jobs:
     steps:
       # 🛡️ HARDEN RUNNER: Monitor network traffic
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
@@ -116,7 +116,7 @@ jobs:
 
       # 🔍 TRIVY: Scan for known vulnerabilities in dependencies
       - name: Run Trivy Vulnerability Scanner
-        uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # v0.34.1
+        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -148,18 +148,18 @@ jobs:
       image: ${{ steps.image.outputs.image }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
       - name: Checkout Code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
 
       - name: Log in to GitHub Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -173,7 +173,7 @@ jobs:
           echo "started_on=$TIMESTAMP" >> $GITHUB_OUTPUT
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
         id: build
         with:
           context: .
@@ -220,14 +220,14 @@ jobs:
 
       # 📦 GENERATE SBOM
       - name: Generate SBOM
-        uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0.22.2
+        uses: anchore/sbom-action@17ae1740179002c89186b61233e0f892c3118b11 # v0.23.0
         with:
           image: ${{ steps.image.outputs.image }}
           format: cyclonedx-json
           output-file: sbom.json
 
       - name: Upload SBOM
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: sbom
           path: sbom.json
@@ -286,7 +286,7 @@ jobs:
 
       # 🏆 GITHUB ATTESTATION
       - name: Generate GitHub Attestation
-        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32 # v4.1.0
         with:
           subject-name: ghcr.io/${{ github.repository }}
           subject-digest: ${{ steps.build.outputs.digest }}
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 **Where code meets conscience.** A brutalist × cyberpunk portfolio built with Next.js 16.
 
-[![Version](https://img.shields.io/badge/version-1.1.2-cyan?logo=github)](package.json)
+[![Version](https://img.shields.io/badge/version-1.1.3-cyan?logo=github)](package.json)
 [![Security: SLSA Level 3](https://img.shields.io/badge/SLSA-Level%203-brightgreen)](https://github.com/devakesu/devakesu-web/attestations)
 [![Security Scan: Trivy](https://img.shields.io/badge/Security-Trivy%20Scanned-blue)](.github/workflows/deploy.yml)
 [![Attestations](https://img.shields.io/badge/Attestations-Enabled-success)](https://github.com/devakesu/devakesu-web/attestations)
@@ -414,4 +414,4 @@ _Love is the only way to rescue humanity from all evils._
 ---
 
 **Last Updated**: March 02, 2026  
-**Version**: 1.1.2
+**Version**: 1.1.3
diff --git a/SECURITY.md b/SECURITY.md
@@ -149,4 +149,4 @@ We appreciate security researchers who responsibly disclose vulnerabilities.
 ---
 
 **Last Updated**: March 02, 2026  
-**Version**: 1.1.2
+**Version**: 1.1.3
diff --git a/app/globals.css b/app/globals.css
@@ -1,17 +1,23 @@
 @import 'tailwindcss';
 
 html {
-  scroll-behavior: smooth;
   scroll-padding-top: 0px;
-  /* Improve mouse wheel scrolling smoothness */
-  overscroll-behavior-y: contain;
-  scroll-snap-type: none;
   /* Mobile optimization */
   -webkit-font-smoothing: antialiased;
   -moz-osx-font-smoothing: grayscale;
   text-rendering: optimizeLegibility;
 }
 
+/* Desktop-only scroll behavior — avoids killing iOS momentum / rubber-band scrolling */
+@media (pointer: fine) {
+  html {
+    scroll-behavior: smooth;
+    /* Improve mouse wheel scrolling smoothness */
+    overscroll-behavior-y: contain;
+    scroll-snap-type: none;
+  }
+}
+
 body {
   /* Enable smooth momentum scrolling on all platforms */
   -webkit-overflow-scrolling: touch;
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "devakesu-web",
-  "version": "1.1.2",
+  "version": "1.1.3",
   "private": true,
   "engines": {
     "node": ">=20.19.0"
@@ -18,7 +18,7 @@
     "next": "16.1.6",
     "react": "19.2.4",
     "react-dom": "19.2.4",
-    "react-icons": "5.5.0"
+    "react-icons": "5.6.0"
   },
   "devDependencies": {
     "@tailwindcss/postcss": "4.2.1",
diff --git a/public/js/reactive-glow.js b/public/js/reactive-glow.js
@@ -47,35 +47,42 @@
       { passive: true }
     );
 
-    // Scroll velocity → pulse strength (throttled with rAF)
-    window.addEventListener(
-      'scroll',
-      () => {
-        if (!scrollTicking) {
-          window.requestAnimationFrame(() => {
-            const delta = Math.abs(window.scrollY - lastScrollY);
-            scrollSpeed = Math.min(delta / 100, 2.5);
-            lastScrollY = window.scrollY;
+    // Skip scroll pulse effect on touch devices (causes jank during mobile scroll)
+    const isTouchDevice =
+      typeof window.matchMedia === 'function' &&
+      window.matchMedia('(pointer: coarse)').matches;
 
-            // Update current scale and apply with cursor position to avoid jumps
-            currentScale = 1 + scrollSpeed * 0.3;
-            glow.style.transform = `translate3d(${lastCursorX}px, ${lastCursorY}px, 0) translate(-50%, -50%) scale(${currentScale})`;
-            glow.style.opacity = Math.min(0.4 + scrollSpeed * 0.25, 1);
+    // Scroll velocity → pulse strength (throttled with rAF)
+    if (!isTouchDevice) {
+      window.addEventListener(
+        'scroll',
+        () => {
+          if (!scrollTicking) {
+            window.requestAnimationFrame(() => {
+              const delta = Math.abs(window.scrollY - lastScrollY);
+              scrollSpeed = Math.min(delta / 100, 2.5);
+              lastScrollY = window.scrollY;
 
-            clearTimeout(cooldownId);
-            cooldownId = setTimeout(() => {
-              currentScale = 1;
+              // Update current scale and apply with cursor position to avoid jumps
+              currentScale = 1 + scrollSpeed * 0.3;
               glow.style.transform = `translate3d(${lastCursorX}px, ${lastCursorY}px, 0) translate(-50%, -50%) scale(${currentScale})`;
-              glow.style.opacity = 0.4;
-            }, 200);
+              glow.style.opacity = Math.min(0.4 + scrollSpeed * 0.25, 1);
 
-            scrollTicking = false;
-          });
-          scrollTicking = true;
-        }
-      },
-      { passive: true }
-    );
+              clearTimeout(cooldownId);
+              cooldownId = setTimeout(() => {
+                currentScale = 1;
+                glow.style.transform = `translate3d(${lastCursorX}px, ${lastCursorY}px, 0) translate(-50%, -50%) scale(${currentScale})`;
+                glow.style.opacity = 0.4;
+              }, 200);
+
+              scrollTicking = false;
+            });
+            scrollTicking = true;
+          }
+        },
+        { passive: true }
+      );
+    }
 
     // Click Burst + Haptic Feedback
     document.addEventListener(
