chores: add asunetwork.com and change spotify album

[LuaanNguyen]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
luannguyen-portfolio	Ready	Preview, Comment	Mar 11, 2026 9:17pm

[github-actions]

1. Findings (ordered by severity)

1. High – Potential secret leakage via committed env + Docker build context

   • .env:1 is committed to the repo.
   • .dockerignore:1 does not exclude .env/.env*.
   • Dockerfile:16 does COPY . ., so env files are copied into build layers.
   • Impact: accidental credential exposure in git history and/or container build artifacts.

2. Medium – Runtime image uses EOL Node major

   • Dockerfile:2, Dockerfile:13, Dockerfile:22 use node:18-alpine.
   • Impact: security patch gap and avoidable CVE exposure on an out-of-support runtime.

3. Low – Hydration mismatch risk from rendering current date in UI

   • OpenedProjects.tsx:27 computes new Date().toLocaleDateString(...) during render.
   • Impact: possible server/client mismatch around timezone/month boundaries.

4. Low – Missing automated test coverage

   • package.json:5 has no test script and no test framework dependencies.
   • Critical paths untested: markdown parsing/sanitization in src/lib/blog.ts, dynamic metadata/JSON-LD in src/app/blog/post/[slug]/page.tsx, and interactive sections (navigation/projects).

2. Suggested fixes

1. Remove tracked .env from git history/current tree; commit a .env.example instead.
2. Add .env, .env.*, and other secret files to .dockerignore and keep COPY scoped where possible.
3. Upgrade Docker base images to a supported Node LTS (currently Node 20/22), pin to a digest for reproducibility.
4. Make “Updated ” deterministic (derive from project metadata/build-time constant) or compute client-only after mount.
5. Add tests:
   • Unit tests for getSortedPostsData, getPostData, and HTML sanitization/styling transforms.
   • Route-level tests for blog metadata (generateMetadata) and 404 behavior.
   • Basic component tests for mobile nav/project toggles.

3. Risk summary

• Overall risk: Medium-High.
• Main concern is security hygiene (env handling + Docker context) plus runtime security posture (Node 18 EOL).
• Test confidence is low because there is no automated suite, and I could not run lint/build locally (npm ci failed in this environment with an npm CLI error).