v0.1.4 — Security patches (Django, cryptography, requests, vite)

Security dependency upgrades flagged by Dependabot:

Backend:

• Django upgraded to 5.2.13 (DoS, header spoofing, privilege abuse fixes)
• cryptography upgraded to 46.0.7 (buffer overflow, DNS constraint fixes)
• requests upgraded to 2.33.0 (temp file reuse fix)

Frontend:

• vite upgraded to 6.4.2 (arbitrary file read, path traversal fixes)
• flatted, defu, uuid, picomatch upgraded (prototype pollution, bounds check fixes)

v0.1.2 — Fix Rubin schedule date format

This release fixes a bug in the Rubin schedule polling task where dates were being formatted in ISO format, which the Rubin
ObsLocTAP API could not parse. Dates are now formatted as 2026-03-13 19:45:00, which the API accepts correctly.

As a result, the dramatiq worker is now successfully writing Rubin planned pointings to the database on every polling cycle.

v0.1.1 — Security patches (cryptography, Django)

This release addresses security vulnerabilities flagged by GitHub Dependabot:

• Upgraded cryptography to v46.0.5
• Upgraded Django to v5.2.12

This release also served as the first full end-to-end test of the automatic
deployment pipeline for both the development and production servers.

For hobnob

Working enough for use by HOBNOB (HEROIC client used by NOIRLab).