build(deps): bump the nestjs group with 2 updates#2785
Merged
maintainerr-automation[bot] merged 1 commit intoApr 27, 2026
Merged
Conversation
Bumps the nestjs group with 2 updates: [@nestjs/event-emitter](https://github.com/nestjs/event-emitter) and [@nestjs/swagger](https://github.com/nestjs/swagger). Updates `@nestjs/event-emitter` from 3.0.1 to 3.1.0 - [Commits](nestjs/event-emitter@3.0.1...3.1.0) Updates `@nestjs/swagger` from 11.4.1 to 11.4.2 - [Release notes](https://github.com/nestjs/swagger/releases) - [Commits](nestjs/swagger@11.4.1...11.4.2) --- updated-dependencies: - dependency-name: "@nestjs/event-emitter" dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nestjs - dependency-name: "@nestjs/swagger" dependency-version: 11.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nestjs ... Signed-off-by: dependabot[bot] <support@github.com>
maintainerr-automation Bot
added a commit
that referenced
this pull request
Apr 28, 2026
* build(deps): bump the nestjs group with 2 updates (#2785) Bumps the nestjs group with 2 updates: [@nestjs/event-emitter](https://github.com/nestjs/event-emitter) and [@nestjs/swagger](https://github.com/nestjs/swagger). Updates `@nestjs/event-emitter` from 3.0.1 to 3.1.0 - [Commits](nestjs/event-emitter@3.0.1...3.1.0) Updates `@nestjs/swagger` from 11.4.1 to 11.4.2 - [Release notes](https://github.com/nestjs/swagger/releases) - [Commits](nestjs/swagger@11.4.1...11.4.2) --- updated-dependencies: - dependency-name: "@nestjs/event-emitter" dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nestjs - dependency-name: "@nestjs/swagger" dependency-version: 11.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nestjs ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump nodemailer from 8.0.6 to 8.0.7 (#2786) Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.6 to 8.0.7. - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.6...v8.0.7) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 8.0.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump @typescript-eslint/parser from 8.58.2 to 8.59.1 (#2787) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.58.2 to 8.59.1. - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump prettier-plugin-tailwindcss from 0.7.3 to 0.8.0 (#2790) Bumps [prettier-plugin-tailwindcss](https://github.com/tailwindlabs/prettier-plugin-tailwindcss) from 0.7.3 to 0.8.0. - [Changelog](https://github.com/tailwindlabs/prettier-plugin-tailwindcss/blob/main/CHANGELOG.md) - [Commits](tailwindlabs/prettier-plugin-tailwindcss@v0.7.3...v0.8.0) --- updated-dependencies: - dependency-name: prettier-plugin-tailwindcss dependency-version: 0.8.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump react-hook-form from 7.72.1 to 7.74.0 (#2793) Bumps [react-hook-form](https://github.com/react-hook-form/react-hook-form) from 7.72.1 to 7.74.0. - [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md) - [Commits](react-hook-form/react-hook-form@v7.72.1...v7.74.0) --- updated-dependencies: - dependency-name: react-hook-form dependency-version: 7.74.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump jsdom from 29.0.2 to 29.1.0 (#2794) Bumps [jsdom](https://github.com/jsdom/jsdom) from 29.0.2 to 29.1.0. - [Commits](jsdom/jsdom@v29.0.2...v29.1.0) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump typescript-eslint from 8.59.0 to 8.59.1 (#2791) Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.59.0 to 8.59.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps-dev): bump @tanstack/eslint-plugin-query (#2795) Bumps [@tanstack/eslint-plugin-query](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query) from 5.99.0 to 5.100.5. - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/eslint-plugin-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/eslint-plugin-query@5.100.5/packages/eslint-plugin-query) --- updated-dependencies: - dependency-name: "@tanstack/eslint-plugin-query" dependency-version: 5.100.5 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump actions/github-script from 8 to 9 (#2788) Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. - [Commits](actions/github-script@v8...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: enoch85 <mailto@danielhansson.nu> * build(deps): bump peter-evans/find-comment from 3 to 4 (#2789) Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment) from 3 to 4. - [Commits](peter-evans/find-comment@v3...v4) --- updated-dependencies: - dependency-name: peter-evans/find-comment dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: enoch85 <mailto@danielhansson.nu> * feat: add custom collection poster support (#2784) * feat: add custom collection poster support * style: format collection poster picker * fix: tolerate poster cleanup failures on collection delete * fix(collections): push poster on first rule-driven create, cap uploads at 500 KB - Push stored poster when addToCollectionInternal first creates the media-server collection, so brand-new rules apply the user's poster - Lower upload limit from 10 MB to 500 KB via shared contracts constants - Style the Clear button as buttonType=danger so it reads as a button * feat(collections): refresh server metadata on poster clear, move picker right - DELETE /poster now also calls refreshItemMetadata via the media-server abstraction; response carries refreshRequested so callers can adapt - Picker shows a softened best-effort message when a refresh is requested - Move the poster section into the right column of the rule-group modal to balance whitespace - Docs and Swagger describe the new contract and the no-guarantee semantics * fix(rules,tasks): unstick rules-collections lock and clarify sw_watchers labels (#2801) - ExecutionLockService.acquire() stored the chained promise instead of `current`, so the release callback's `locks.get(key) === current` check never matched and the map entry leaked. tryAcquire then returned null forever after the first scheduled run, breaking manual Trigger Now until restart. Store `current` directly; FIFO chaining is preserved by `await prior`. - rule-executor-job-manager.executeJob now runs emitStatusUpdate inside the inner try/finally that owns release(), and emitStatusUpdate itself swallows listener throws at debug level so a misbehaving SSE client can't poison the executor. - Sharpen sw_watchers humanName to "Users that watched at least one episode" and sw_allEpisodesSeenBy to "Users that watched every episode" across all three servers; add semantic comments in the getters pointing at the alternative property. No behaviour change for the watchers data. Fixes #2798 Fixes #2799 * feat: cache jellyfin collections (#2800) * Cache jellyfin collections to avoid excessive repeat queries * Invalidate jellyfin collection caches on mutation Drops cached entries when collections are created, deleted, updated, or when items are added/removed, so reads within the TTL window can't serve pre-mutation state. Also skips caching empty results to avoid sticking a transient zero-collection response. --------- Co-authored-by: enoch85 <mailto@danielhansson.nu> * fix(logs): block path traversal in log file download endpoint The safeLogFileRegex was unanchored, allowing any string containing a maintainerr-YYYY-MM-DD.log substring to pass validation. Combined with path.join, an attacker could read arbitrary files via URL-encoded traversal segments (e.g. maintainerr-2026-01-01.log%2F..%2F..%2Fetc%2Fpasswd). Anchor the regex and add a defense-in-depth canonical-path check that rejects symlinks and verifies the resolved path stays inside the logs directory. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: enoch85 <mailto@danielhansson.nu> Co-authored-by: Nathan Spencer <natekspencer@gmail.com>
Contributor
|
🎉 This PR is included in version 3.9.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the nestjs group with 2 updates: @nestjs/event-emitter and @nestjs/swagger.
Updates
@nestjs/event-emitterfrom 3.0.1 to 3.1.0Commits
35b9313chore(): release v3.1.053d3b82Merge pull request #1708 from nestjs/renovate/cimg-node-24.xeb7bde2Merge pull request #1715 from kyungseopk1m/feat/inherit-request-context-idc06defefeat(loader): inherit request context id in request-scoped listenersf711eb5chore(deps): update dependency@commitlint/clito v20.5.2 (#1714)e684d68chore(deps): update dependency release-it to v20.0.1 (#1713)85f0265chore(deps): update dependency vite to v8.0.10 (#1712)770cc24chore(deps): update dependency vitest to v4.1.5 (#1711)85bb425chore(deps): update dependency oxlint to v1.61.0 (#1710)6be695cchore(deps): update dependency vite to v8.0.9 (#1709)Updates
@nestjs/swaggerfrom 11.4.1 to 11.4.2Release notes
Sourced from
@nestjs/swagger's releases.Commits
3f58449chore(): release v11.4.2b0a35f3Merge pull request #3867 from PeterTheOne/fix-error-only-response-decorators-...f01f6aarefactor(plugin): make isSuccessOrRedirectApiResponseArg a private method7999f78test: inspect@ApiResponsestatus arg and extend fixture with redirect/500 cases977a139fix(plugin): keep auto-inferred default response when only error Api*Response...a51cf09Merge pull request #3876 from y-hsgw/fix/plugin-string-literal-union-typea8acf7achore(deps): update dependency@commitlint/clito v20.5.2 (#3878)e054058chore(deps): update dependency release-it to v20.0.1 (#3877)9a3745bfix(plugin): enhance enum handling for literal union types in schema generation6e1bb8fMerge pull request #3875 from nestjs/renovate/vite-8.x-lockfileDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions