chore: sync development to main#2802
Merged
Merged
Conversation
Bumps the nestjs group with 2 updates: [@nestjs/event-emitter](https://github.com/nestjs/event-emitter) and [@nestjs/swagger](https://github.com/nestjs/swagger). Updates `@nestjs/event-emitter` from 3.0.1 to 3.1.0 - [Commits](nestjs/event-emitter@3.0.1...3.1.0) Updates `@nestjs/swagger` from 11.4.1 to 11.4.2 - [Release notes](https://github.com/nestjs/swagger/releases) - [Commits](nestjs/swagger@11.4.1...11.4.2) --- updated-dependencies: - dependency-name: "@nestjs/event-emitter" dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nestjs - dependency-name: "@nestjs/swagger" dependency-version: 11.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nestjs ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [nodemailer](https://github.com/nodemailer/nodemailer) from 8.0.6 to 8.0.7. - [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md) - [Commits](nodemailer/nodemailer@v8.0.6...v8.0.7) --- updated-dependencies: - dependency-name: nodemailer dependency-version: 8.0.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#2787) Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.58.2 to 8.59.1. - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#2790) Bumps [prettier-plugin-tailwindcss](https://github.com/tailwindlabs/prettier-plugin-tailwindcss) from 0.7.3 to 0.8.0. - [Changelog](https://github.com/tailwindlabs/prettier-plugin-tailwindcss/blob/main/CHANGELOG.md) - [Commits](tailwindlabs/prettier-plugin-tailwindcss@v0.7.3...v0.8.0) --- updated-dependencies: - dependency-name: prettier-plugin-tailwindcss dependency-version: 0.8.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [react-hook-form](https://github.com/react-hook-form/react-hook-form) from 7.72.1 to 7.74.0. - [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md) - [Commits](react-hook-form/react-hook-form@v7.72.1...v7.74.0) --- updated-dependencies: - dependency-name: react-hook-form dependency-version: 7.74.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [jsdom](https://github.com/jsdom/jsdom) from 29.0.2 to 29.1.0. - [Commits](jsdom/jsdom@v29.0.2...v29.1.0) --- updated-dependencies: - dependency-name: jsdom dependency-version: 29.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.59.0 to 8.59.1. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: typescript-eslint dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@tanstack/eslint-plugin-query](https://github.com/TanStack/query/tree/HEAD/packages/eslint-plugin-query) from 5.99.0 to 5.100.5. - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/eslint-plugin-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/eslint-plugin-query@5.100.5/packages/eslint-plugin-query) --- updated-dependencies: - dependency-name: "@tanstack/eslint-plugin-query" dependency-version: 5.100.5 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. - [Commits](actions/github-script@v8...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: enoch85 <mailto@danielhansson.nu>
Bumps [peter-evans/find-comment](https://github.com/peter-evans/find-comment) from 3 to 4. - [Commits](peter-evans/find-comment@v3...v4) --- updated-dependencies: - dependency-name: peter-evans/find-comment dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: enoch85 <mailto@danielhansson.nu>
* feat: add custom collection poster support * style: format collection poster picker * fix: tolerate poster cleanup failures on collection delete * fix(collections): push poster on first rule-driven create, cap uploads at 500 KB - Push stored poster when addToCollectionInternal first creates the media-server collection, so brand-new rules apply the user's poster - Lower upload limit from 10 MB to 500 KB via shared contracts constants - Style the Clear button as buttonType=danger so it reads as a button * feat(collections): refresh server metadata on poster clear, move picker right - DELETE /poster now also calls refreshItemMetadata via the media-server abstraction; response carries refreshRequested so callers can adapt - Picker shows a softened best-effort message when a refresh is requested - Move the poster section into the right column of the rule-group modal to balance whitespace - Docs and Swagger describe the new contract and the no-guarantee semantics
…ers labels (#2801) - ExecutionLockService.acquire() stored the chained promise instead of `current`, so the release callback's `locks.get(key) === current` check never matched and the map entry leaked. tryAcquire then returned null forever after the first scheduled run, breaking manual Trigger Now until restart. Store `current` directly; FIFO chaining is preserved by `await prior`. - rule-executor-job-manager.executeJob now runs emitStatusUpdate inside the inner try/finally that owns release(), and emitStatusUpdate itself swallows listener throws at debug level so a misbehaving SSE client can't poison the executor. - Sharpen sw_watchers humanName to "Users that watched at least one episode" and sw_allEpisodesSeenBy to "Users that watched every episode" across all three servers; add semantic comments in the getters pointing at the alternative property. No behaviour change for the watchers data. Fixes #2798 Fixes #2799
* Cache jellyfin collections to avoid excessive repeat queries * Invalidate jellyfin collection caches on mutation Drops cached entries when collections are created, deleted, updated, or when items are added/removed, so reads within the TTL window can't serve pre-mutation state. Also skips caching empty results to avoid sticking a transient zero-collection response. --------- Co-authored-by: enoch85 <mailto@danielhansson.nu>
The safeLogFileRegex was unanchored, allowing any string containing a maintainerr-YYYY-MM-DD.log substring to pass validation. Combined with path.join, an attacker could read arbitrary files via URL-encoded traversal segments (e.g. maintainerr-2026-01-01.log%2F..%2F..%2Fetc%2Fpasswd). Anchor the regex and add a defense-in-depth canonical-path check that rejects symlinks and verifies the resolved path stays inside the logs directory.
enoch85
approved these changes
Apr 28, 2026
enoch85
left a comment
Collaborator
There was a problem hiding this comment.
3.9.0 Release Candidate.
Contributor
Author
📚 Docs drift reportComparing Rule glossary parity
Glossary is in sync with the code. New migrations on this branchNo new migrations. Rule constants
Public contracts (
|
Contributor
|
🚀
|
Contributor
Author
|
🎉 This PR is included in version 3.9.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Promotes
developmenttomainfor release. Squash-merge when approved; release automation continues on approval.Changes