* fix(servarr): add timeout to Radarr/Sonarr API requests to prevent infinite loading
Adds a 5-second timeout to all Radarr/Sonarr API requests and displays a warning banner when
services are unreachable. This prevents the Recent Requests section and request list pages from
hanging indefinitely when a configured service has connection issues.
fix#2374
* fix(requests): only show service error banner to users with advanced permissions
* chore(deps): update dependencies and fix security vulnerabilities
Update TypeScript 4.9 → 5.4. Update Zod 3 → 4. Update nodemailer 6 → 7. Update @typescript-eslint
packages to v7. Update xml2js, undici, lodash, axios, swr, winston- Add pnpm.overrides for
transitive dependency vulnerabilities
* chore: fix import ordering for TypeScript 5.4 compatibility
prettier-plugin-organize-imports behaves differently with TypeScript 5.4 vs 4.9, causing CI
formatting checks to fail. This reformats imports to match the ordering expected by the plugin with
the upgraded TS version.
PR #1543 introduced resolution checking to check 4k from non4k media when users have both server
types configured with the same service. Howerver, this causes false deletions for users with only a
single non4k service when radarr upgrades file to 4k resolution. This fix only applies resolution to
checking when both 4k and non4k servers are configured. Otherwise then if file exists then it counts
as available
Removes plex-api dependency and its type declarations. Then extends the ExternalApi class for
PlexAPI implementation to mimick the exact same old behaviour. This should resolve the security
vulnerabilities in transitive dependencies: form-data(critical), request (moderate, deprecated),
tough-cookie (moderate), xml2js (moderate). Plex-api itself is also no longer maintained.
Upgrade typeorm from 0.3.12 to 0.3.28 to resolve multiple security vulnerabilities. Fixes high
severity SQL injection vulnerability in typeorm (CVE present in <0.3.26). Removes Windows-specific
postinstall workaround that's no longer needed.The fix for #478 was a workaround and is now resolved
upstream see (https://github.com/typeorm/typeorm/issues/9766). The issue was specifically with
TypeORM 0.3.12's glob pattern handling on Windows.
fix#478
Migrates from `react-tailwindcss-datepicker-sct` to `@seerr-team/react-tailwindcss-datepicker`, our
own fork published on npm. This fork includes a fix for keyboard input not working in single date
mode (typing a date and pressing enter now properly applies the filter).
fix#1585
* fix(mediarequest): explicitly set mediaId when creating
Intermittent issue where media_request records were created with mediaId = NULL,causing TypeError
when accessing request.media.tmdbId on the profile page. TypeORM's implicit relation-to-foreign-key
mapping was failing intermittently. This sets the mediaId column explicitly and adds a guard to
check to fail fast if media.id is not populated after save.
fix#2315
* refactor: better logging when media id not found
* fix: configure axios proxy agent socket limits to prevent connection leaks
Add socket pool configuration to HttpProxyAgent and HttpsProxyAgent to
prevent connection leaks.
fix#2297
* fix(proxy): pass forceIpv4First option to custom proxy agent
* fix(proxy): add connection limits and IPv4 support to undici agents
* fix: prevent the delete status from changing unless a new request is made"
refactor: remove parent remove change until later date
refactor: remove console log
* fix: add download progress for deleted badge
fix: check if not processing first for movies
* fix: add season pack change
Uses setValues instead of setFieldValue calls to properly trigger the validation and also added a
validateOnMOunt to ensure form validity is checked on initial render.
fix#2287
* fix: sanitize disallowed characters in arr tags
Updates the tag creation to normalize diacritics, replace spaces with hyphens and stip any
non-alphanumeric characters from display name
fix#2229, fix#1897
* refactor: improve display name sanitization in tag creation
* fix: include displayName in user selection for tag migration
* fix(migrator): retrieve all user fields in tag migration
This is a one time migration so performance is neglible. This should trigger the @AfterLoad hooks
which sets the `displayName`
* refactor(jellyfin-scanner): extend BaseScanner for jellyfin scanner
Refactors JellyfinScanner to extend BaseScanner class to align the jellyfin scanner architecture
with the plex scanner and reduce code duplication.
* fix(jellyfin-scanner): add imdbId handling back to fix a regression from original behaviour
* fix: add imdbId assignment for existing media entries
* fix: include imdbId in processed 4k media items and improve 4k detection
* fix(jellyfin-scanner): filter seasons based on settings for special episodes (regression)
Removed redundant Plex user discovery logic that applies to all media servers currently. This is now
handled explicitly via linked accounts settings page. Also changed the successful logout log level
from info to debug since its routine behaviour
* fix(jellyfin scanner): reduce jellyfin API calls during recently added scan
Significantly reduce number of API calls, addressing CPU spikes on Jellyfin 10.10+ servers.- Move
getSeasons() call outside the seasons loop (N calls to 1)- Request MediaSources via getEpisodes()
field parameter instead of individual getItemData() calls per episode (N calls to 1 per season)
Performance improvements (tested on library with 12 TV shows):- Scan duration: 43.7s to 9.1s - Peak
CPU: 277% to 115% - CPU spike duration: 36s to 2s Functionality is unchanged, all availability
statuses identicalbefore and after.
* fix: add getEpisodes overloads to remove unsafe type assertion
* refactor(jellyfin): use generics instead of overloads
---------
Co-authored-by: patrick-acland <patrick.acland@kraken.tech>
Replace X-Emby-Authorization with Authorization header to fix authentication failures when users
have <EnableLegacyAuthorization>false</EnableLegacyAuthorization> in their Jellyfin system.xml.
