Updated version

CHANGELOG.md

@@ -7,6 +7,62 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [4.0.0-rc6] - 2025-12-08
+
+### Security
+
+- **Fixed 4 Security Vulnerabilities:** Resolved all npm audit security issues
+  - Fixed high severity reflected XSS vulnerability in Astro server islands
+  - Fixed moderate severity authentication bypass via url.pathname in Astro
+  - Fixed moderate severity stored XSS in Astro Cloudflare adapter /_image endpoint
+  - Fixed moderate severity unsanitized class attribute in mdast-util-to-hast
+  - All vulnerabilities resolved by updating to Astro 5.16.4+
+
+### Added
+
+- **Sidebar State Persistence:** New feature to remember sidebar collapsed/expanded state
+  - Sidebar state now persists across page refreshes using localStorage
+  - Configurable via `enablePersistence` option (default: `true`)
+  - SSR-safe implementation with proper environment checks
+  - Mobile-aware: doesn't restore state on small screens (respects responsive breakpoints)
+  - Graceful error handling for private browsing mode
+  - Storage key: `lte.sidebar.state`
+
+### Changed
+
+- **GitHub Actions:** Updated all workflows to Node.js 22 (from Node.js 18)
+  - Node.js 18 reached End-of-Life on April 30, 2025
+  - Node.js 22 is the current Active LTS (supported until April 2027)
+  - Updated `setup-node` action from v3 to v4 across all workflows
+  - Updated CodeQL actions from v2 to v3
+  - Added `FORCE_COLOR: 2` environment variable to codeql.yml for consistency
+
+### Fixed
+
+- **Release Workflow:** Fixed zip command in release.yml
+  - Corrected `-d` flag to `-r` for recursive directory zipping
+  - Fixed filename inconsistency in release artifacts
+
+### Updated
+
+- **Dependencies:** Updated 15+ packages to latest versions
+  - @astrojs/check: 0.9.5 → 0.9.6
+  - @astrojs/mdx: 4.3.9 → 4.3.12
+  - @rollup/plugin-typescript: 12.1.3 → 12.3.0
+  - @typescript-eslint/eslint-plugin: 8.46.2 → 8.48.1
+  - @typescript-eslint/parser: 8.46.2 → 8.48.1
+  - astro: 5.15.6 → 5.16.4 (includes security fixes)
+  - autoprefixer: 10.4.21 → 10.4.22
+  - eslint: 9.39.0 → 9.39.1
+  - eslint-plugin-astro: 1.4.0 → 1.5.0
+  - nodemon: 3.1.10 → 3.1.11
+  - prettier: 3.5.3 → 3.7.4
+  - rimraf: 6.1.0 → 6.1.2
+  - rollup: 4.52.4 → 4.53.3
+  - sass: 1.93.2 → 1.94.2
+  - stylelint: 16.25.0 → 16.26.1
+  - terser: 5.44.0 → 5.44.1
+
 ## [4.0.0-rc5] - 2025-10-14
 
 ### Updated

README.md

@@ -9,28 +9,27 @@
 **AdminLTE** is a fully responsive administration template. Based on **[Bootstrap 5](https://getbootstrap.com/)** framework and also the JavaScript plugins.
 Highly customizable and easy to use. Fits many screen resolutions from small mobile devices to large desktops.
 
-## What's New in v4.0.0-rc5
+## What's New in v4.0.0-rc6
 
-**Latest Release with Major Dependency Updates & Security Fixes** - Fresh improvements for better development experience:
+**Security & Feature Release** - Important security fixes and new sidebar persistence feature:
 
-- **Major Dependency Updates** - 17+ npm packages updated to latest versions
-- **Security Enhancements** - Fixed 2 critical vulnerabilities (axios DoS, form-data random function)
-- **Latest Tooling** - Updated to TypeScript 5.9.3, ESLint 9.37.0, Astro 5.14.4, and more
-- **Bootstrap 5.3.8** - Updated to the latest stable Bootstrap release
-- **ESLint 9.x Compatibility** - Removed deprecated `.eslintignore` file
-- **Zero Vulnerabilities** - All security issues resolved
+- **Security Fixes** - Resolved 4 vulnerabilities (XSS in Astro, auth bypass, unsanitized attributes)
+- **Sidebar State Persistence** - Sidebar now remembers collapsed/expanded state across page refreshes
+- **Node.js 22** - Updated all GitHub Actions workflows to Node.js 22 LTS (supported until 2027)
+- **Latest Dependencies** - 15+ packages updated including Astro 5.16.4, Prettier 3.7.4, Rollup 4.53.3
+- **CI/CD Improvements** - Updated CodeQL actions to v3, fixed release workflow bugs
 
 **Key Improvements:**
-- ✅ All dependencies updated to their absolute latest versions
-- ✅ Two major version bumps: cross-env 10.x and eslint-config-xo-typescript 9.x
-- ✅ Enhanced security with vulnerability fixes
-- ✅ Cleaner linting without deprecation warnings
-- ✅ Production-ready with enhanced stability
-- ✅ Faster builds with latest Rollup, Sass, and Terser
+
+- ✅ Zero security vulnerabilities - all npm audit issues resolved
+- ✅ Sidebar state persists in localStorage (configurable, SSR-safe, mobile-aware)
+- ✅ GitHub Actions use Node.js 22 (Active LTS until April 2027)
+- ✅ CodeQL security scanning updated to latest v3 actions
+- ✅ Release workflow fixed for proper asset packaging
 
 **Install the latest:**
 ```bash
-npm install admin-lte@4.0.0-rc5
+npm install admin-lte@4.0.0-rc6
 ```
 
 See the [CHANGELOG.md](CHANGELOG.md) for complete details.

package.json

@@ -1,7 +1,7 @@
 {
   "name": "admin-lte",
   "description": "Responsive open source admin dashboard and control panel.",
-  "version": "4.0.0-rc5",
+  "version": "4.0.0-rc6",
   "type": "module",
   "license": "MIT",
   "author": "Colorlib <https://colorlib.com>",