Härtung (Code-Review): persistiertes Session-Secret statt Default-Fallback; timing-safe API-Token-Vergleich; Secure-Cookie auf HTTPS; HTML-Sanitizer für richtext/html-Blöcke + Seiten-Body (Stored-XSS); 14 Unit-Tests (Rabatt/MwSt/Versand/Sanitizer) + npm test

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "hd-commerce",
-  "version": "2.1.0",
+  "version": "2.2.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "hd-commerce",
-      "version": "2.1.0",
+      "version": "2.2.0",
       "dependencies": {
         "@astrojs/node": "^9.1.3",
         "@fontsource-variable/fraunces": "^5.1.0",