* chore(deps): update dependencies and fix security vulnerabilities
Update TypeScript 4.9 → 5.4. Update Zod 3 → 4. Update nodemailer 6 → 7. Update @typescript-eslint
packages to v7. Update xml2js, undici, lodash, axios, swr, winston- Add pnpm.overrides for
transitive dependency vulnerabilities
* chore: fix import ordering for TypeScript 5.4 compatibility
prettier-plugin-organize-imports behaves differently with TypeScript 5.4 vs 4.9, causing CI
formatting checks to fail. This reformats imports to match the ordering expected by the plugin with
the upgraded TS version.
Removes plex-api dependency and its type declarations. Then extends the ExternalApi class for
PlexAPI implementation to mimick the exact same old behaviour. This should resolve the security
vulnerabilities in transitive dependencies: form-data(critical), request (moderate, deprecated),
tough-cookie (moderate), xml2js (moderate). Plex-api itself is also no longer maintained.
Upgrade typeorm from 0.3.12 to 0.3.28 to resolve multiple security vulnerabilities. Fixes high
severity SQL injection vulnerability in typeorm (CVE present in <0.3.26). Removes Windows-specific
postinstall workaround that's no longer needed.The fix for #478 was a workaround and is now resolved
upstream see (https://github.com/typeorm/typeorm/issues/9766). The issue was specifically with
TypeORM 0.3.12's glob pattern handling on Windows.
fix#478
Migrates from `react-tailwindcss-datepicker-sct` to `@seerr-team/react-tailwindcss-datepicker`, our
own fork published on npm. This fork includes a fix for keyboard input not working in single date
mode (typing a date and pressing enter now properly applies the filter).
fix#1585
* refactor(adds package): this adds the validator package and removes email-validator from dependencys
* refactor(auth.ts and email.ts): migrates from EmailValidator to validator
* feat(ci): tidy up workflows and implement a consistent style
all workflows now use ubuntu-24.04 as the runner type to match the release workflows
codeql.yml
- bump actions to v3
- add least-privilege perms + concurrency to stop duplicate runs
- ignore docs only changes
conflict_labeler.yml
- run on opened, reopened, and synchronize
- bump action version
- add concurrency group to avoid duplicate labeling
cypress.yml
- skip docs-only changes; don’t run on draft PRs
- add concurrency to stop duplicate runs + 10m timeout
docs-deploy.yml
- add configure-pages@v5 and bump upload-pages-artifact to v4
- set explicit pages/id-token perms + concurrency
- minor cleanups (working-directory, ubuntu-24.04)
helm.yml
- switch oras discover to oras manifest fetch
- add concurrency to stop duplicate runs
lint-helm-charts.yml
- bump action versions
- enforce version bumps (--check-version-increment=true)
- add least-privilege perms + concurrency to stop duplicate runs
support.yml
- add least-privilege perms
test-docs-deploy.yml
- add least-privilege perms + concurrency to stop duplicate runs
* fixed line 5 syntax error
* Updated based on comments from @M0NsTeRRR in PR-1905 discussion
* updated based on 2nd review from @M0NsTeRRR in PR-1905
* Merge of PR-1904 and PR-1905
* chore(pnpm-lock.yaml): updated the pnpm-lockfile
* ci(release.yml): fix the latest tag to use context labels
* ci: fix new lines at eof, removed cypress timeout, removed legacy qemu actions
* @M0NsTeRRR self review
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
* fix: support workflow
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
* fix: newline
---------
Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Co-authored-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Co-authored-by: Ludovic Ortega <github@mail.adminafk.fr>
* fix: ensure dnsCache is checked for when its enabled before initialization
previously dnsCache was being initialized even if it was disabled because the previous check was
always returning truthy.
fix#1857
* chore: update dns-caching to 0.2.6
This will allow dns-caching to respect forceIpv4 flag.
* chore: update dns-caching to 0.2.7
