- 🔥 Removed deprecated `placeholder-pattern` component.
- 🧹 Simplified and cleaned up Blade views by removing unused comments and sections.
- 🗂️ Extracted `SetsCreatedBy` concern for DRY and reused it across models.
- 🔧 Consolidated configuration for Horizon `authorized_nostr_keys`.
- 🧪 Migrated media conversion to use new Spatie enums for clarity.
- ♻️ Replaced repetitive link rendering with dynamic rendering in meetups and services views.
- Add 60 req/min throttle to the public API group and a stricter 10 req/min
throttle to POST /highscores.
- Replace mass-assigned $guarded=[] with explicit $fillable on User, Meetup,
Course, Lecturer, and SelfHostedService. created_by stays out of the
whitelist; the existing creating() hooks continue to populate it.
- Require authenticated user on Api/MeetupController::index instead of
trusting the user_id query parameter (IDOR).
- Constrain the /img and /img-public route paths to a safe character set
and reject any path containing ".." in ImageController.
- Add rel="noopener noreferrer" to every target="_blank" link on the meetup
and course landing pages.