Alex
effcb8371c
NPM docs update
2026-04-10 21:01:40 +01:00
Alex
b3b8f34a13
Fix JSON script blocking behavior + tests ( #862 )
...
Fixes #859
2026-04-10 20:46:07 +01:00
Alex
8e78fea947
Add BasedPyright + Makefile commands ( #858 )
2026-04-10 17:12:54 +01:00
Alex
7bc6a9f8c6
Switch dev builds to nightly schedule ( #856 )
...
- `dev` images generated on a nightly schedule if new commits exist
- lite container smoke test added to PR CI checks
2026-04-10 15:12:23 +01:00
Alex
962e0ec68b
Regenerate frontend lockfile ( #855 )
2026-04-10 14:33:47 +01:00
Alex
3d68b5eb2f
Bump Vite to 8.0.8 + Typescript to 6.0.2 ( #854 )
2026-04-10 14:26:14 +01:00
dependabot[bot]
ba4090aee2
Bump ruff from 0.15.9 to 0.15.10 ( #848 )
...
Bumps [ruff](https://github.com/astral-sh/ruff ) from 0.15.9 to 0.15.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/releases ">ruff's
releases</a>.</em></p>
<blockquote>
<h2>0.15.10</h2>
<h2>Release Notes</h2>
<p>Released on 2026-04-09.</p>
<h3>Preview features</h3>
<ul>
<li>[<code>flake8-logging</code>] Allow closures in except handlers
(<code>LOG004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24464 ">#24464</a>)</li>
<li>[<code>flake8-self</code>] Make <code>SLF</code> diagnostics robust
to non-self-named variables (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24281 ">#24281</a>)</li>
<li>[<code>flake8-simplify</code>] Make the fix for
<code>collapsible-if</code> safe in <code>preview</code>
(<code>SIM102</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24371 ">#24371</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Avoid emitting multi-line f-string elements before Python 3.12 (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24377 ">#24377</a>)</li>
<li>Avoid syntax error from <code>E502</code> fixes in f-strings and
t-strings (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24410 ">#24410</a>)</li>
<li>Strip form feeds from indent passed to <code>dedent_to</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24381 ">#24381</a>)</li>
<li>[<code>pyupgrade</code>] Fix panic caused by handling of octals
(<code>UP012</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24390 ">#24390</a>)</li>
<li>Reject multi-line f-string elements before Python 3.12 (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24355 ">#24355</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>ruff</code>] Treat f-string interpolation as potential side
effect (<code>RUF019</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24426 ">#24426</a>)</li>
</ul>
<h3>Server</h3>
<ul>
<li>Add support for custom file extensions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24463 ">#24463</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document adding fixes in CONTRIBUTING.md (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24393 ">#24393</a>)</li>
<li>Fix JSON typo in settings example (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24517 ">#24517</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/dylwil3 "><code>@dylwil3</code></a></li>
<li><a
href="https://github.com/silverstein "><code>@silverstein</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a
href="https://github.com/shizukushq "><code>@shizukushq</code></a></li>
<li><a href="https://github.com/zanieb "><code>@zanieb</code></a></li>
<li><a
href="https://github.com/AlexWaygood "><code>@AlexWaygood</code></a></li>
</ul>
<h2>Install ruff 0.15.10</h2>
<h3>Install prebuilt binaries via shell script</h3>
<pre lang="sh"><code>curl --proto '=https' --tlsv1.2 -LsSf
https://releases.astral.sh/github/ruff/releases/download/0.15.10/ruff-installer.sh
| sh
</code></pre>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md ">ruff's
changelog</a>.</em></p>
<blockquote>
<h2>0.15.10</h2>
<p>Released on 2026-04-09.</p>
<h3>Preview features</h3>
<ul>
<li>[<code>flake8-logging</code>] Allow closures in except handlers
(<code>LOG004</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24464 ">#24464</a>)</li>
<li>[<code>flake8-self</code>] Make <code>SLF</code> diagnostics robust
to non-self-named variables (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24281 ">#24281</a>)</li>
<li>[<code>flake8-simplify</code>] Make the fix for
<code>collapsible-if</code> safe in <code>preview</code>
(<code>SIM102</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24371 ">#24371</a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>Avoid emitting multi-line f-string elements before Python 3.12 (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24377 ">#24377</a>)</li>
<li>Avoid syntax error from <code>E502</code> fixes in f-strings and
t-strings (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24410 ">#24410</a>)</li>
<li>Strip form feeds from indent passed to <code>dedent_to</code> (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24381 ">#24381</a>)</li>
<li>[<code>pyupgrade</code>] Fix panic caused by handling of octals
(<code>UP012</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24390 ">#24390</a>)</li>
<li>Reject multi-line f-string elements before Python 3.12 (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24355 ">#24355</a>)</li>
</ul>
<h3>Rule changes</h3>
<ul>
<li>[<code>ruff</code>] Treat f-string interpolation as potential side
effect (<code>RUF019</code>) (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24426 ">#24426</a>)</li>
</ul>
<h3>Server</h3>
<ul>
<li>Add support for custom file extensions (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24463 ">#24463</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Document adding fixes in CONTRIBUTING.md (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24393 ">#24393</a>)</li>
<li>Fix JSON typo in settings example (<a
href="https://redirect.github.com/astral-sh/ruff/pull/24517 ">#24517</a>)</li>
</ul>
<h3>Contributors</h3>
<ul>
<li><a
href="https://github.com/charliermarsh "><code>@charliermarsh</code></a></li>
<li><a href="https://github.com/dylwil3 "><code>@dylwil3</code></a></li>
<li><a
href="https://github.com/silverstein "><code>@silverstein</code></a></li>
<li><a
href="https://github.com/anishgirianish "><code>@anishgirianish</code></a></li>
<li><a
href="https://github.com/shizukushq "><code>@shizukushq</code></a></li>
<li><a href="https://github.com/zanieb "><code>@zanieb</code></a></li>
<li><a
href="https://github.com/AlexWaygood "><code>@AlexWaygood</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="252f76102ahttps://redirect.github.com/astral-sh/ruff/issues/24519 ">#24519</a>)</li>
<li><a
href="37a1ec8bb8https://redirect.github.com/astral-sh/ruff/issues/24502 ">#24502</a>)</li>
<li><a
href="f518cc9ca0https://redirect.github.com/astral-sh/ruff/issues/24518 ">#24518</a>)</li>
<li><a
href="16c4090d0ahttps://redirect.github.com/astral-sh/ruff/issues/24517 ">#24517</a>)</li>
<li><a
href="99d97bd72fhttps://redirect.github.com/astral-sh/ruff/issues/2 ">#2</a>...</li>
<li><a
href="2714e345bdhttps://redirect.github.com/astral-sh/ruff/issues/24516 ">#24516</a>)</li>
<li><a
href="d8bc700722https://redirect.github.com/astral-sh/ruff/issues/24463 ">#24463</a>)</li>
<li><a
href="a45f96d65dhttps://redirect.github.com/astral-sh/ruff/issues/24514 ">#24514</a>)</li>
<li><a
href="87a0f01cfdhttps://redirect.github.com/astral-sh/ruff/issues/24426 ">#24426</a>)</li>
<li><a
href="e9ba8489b8https://redirect.github.com/astral-sh/ruff/issues/24354 ">#24354</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/ruff/compare/0.15.9...0.15.10 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-10 13:40:28 +01:00
dependabot[bot]
03ec7d1c06
Bump the gh-actions group across 1 directory with 2 updates ( #851 )
...
Bumps the gh-actions group with 2 updates in the / directory:
[docker/build-push-action](https://github.com/docker/build-push-action )
and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ).
Updates `docker/build-push-action` from 7.0.0 to 7.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases ">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.0</h2>
<ul>
<li>Git context <a
href="https://docs.docker.com/build/concepts/context/#url-queries ">query
format</a> support by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1505 ">docker/build-push-action#1505</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.79.0 to 0.87.0 by
<a href="https://github.com/crazy-max "><code>@crazy-max</code></a> in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1505 ">docker/build-push-action#1505</a></li>
<li>Bump brace-expansion from 1.1.12 to 1.1.13 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1500 ">docker/build-push-action#1500</a></li>
<li>Bump fast-xml-parser from 5.4.2 to 5.5.7 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1489 ">docker/build-push-action#1489</a></li>
<li>Bump flatted from 3.3.3 to 3.4.2 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1491 ">docker/build-push-action#1491</a></li>
<li>Bump glob from 10.3.12 to 10.5.0 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1490 ">docker/build-push-action#1490</a></li>
<li>Bump handlebars from 4.7.8 to 4.7.9 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1497 ">docker/build-push-action#1497</a></li>
<li>Bump lodash from 4.17.23 to 4.18.1 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1510 ">docker/build-push-action#1510</a></li>
<li>Bump picomatch from 4.0.3 to 4.0.4 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1496 ">docker/build-push-action#1496</a></li>
<li>Bump undici from 6.23.0 to 6.24.1 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1486 ">docker/build-push-action#1486</a></li>
<li>Bump vite from 7.3.1 to 7.3.2 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1509 ">docker/build-push-action#1509</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0 ">https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bcafcacb16https://redirect.github.com/docker/build-push-action/issues/1509 ">#1509</a>
from docker/dependabot/npm_and_yarn/vite-7.3.2</li>
<li><a
href="18e62f1158https://redirect.github.com/docker/build-push-action/issues/1510 ">#1510</a>
from docker/dependabot/npm_and_yarn/lodash-4.18.1</li>
<li><a
href="46580d2c9d3f80b252caefeec9557chttps://redirect.github.com/docker/build-push-action/issues/1505 ">#1505</a>
from crazy-max/refactor-git-context</li>
<li><a
href="ddf04b08ebhttps://redirect.github.com/docker/build-push-action/issues/1511 ">#1511</a>
from docker/dependabot/github_actions/crazy-max-dot-...</li>
<li><a
href="db08d97a08ef1fb9688fhttps://redirect.github.com/docker/build-push-action/issues/1508 ">#1508</a>
from docker/dependabot/github_actions/docker/login-a...</li>
<li><a
href="2d8f2a1a37919ac7bd7dd08e5c354a...bcafcacb16https://github.com/astral-sh/setup-uv/releases ">astral-sh/setup-uv's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0 🌈 Immutable releases and secure tags</h2>
<h1>This is the first immutable release of <code>setup-uv</code> 🥳 </h1>
<p>All future releases are also immutable, if you want to know more
about what this means checkout <a
href="https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases ">the
docs</a>.</p>
<p>This release also has two breaking changes</p>
<h2>New format for <code>manifest-file</code></h2>
<p>The previously deprecated way of defining a custom version manifest
to control which <code>uv</code> versions are available and where to
download them from got removed. The functionality is still there but you
have to use the <a
href="https://github.com/astral-sh/setup-uv/blob/main/docs/customization.md#format ">new
format</a>.</p>
<h2>No more major and minor tags</h2>
<p>To increase <strong>security</strong> even more we will <strong>stop
publishing minor tags</strong>. You won't be able to use
<code>@v8</code> or <code>@v8.0</code> any longer. We do this because
pinning to major releases opens up users to supply chain attacks like
what happened to <a
href="https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/ ">tj-actions</a>.</p>
<blockquote>
<p>[!TIP]
Use the immutable tag as a version
<code>astral-sh/setup-uv@v8.0.0</code>
Or even better the githash
<code>astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57</code></p>
</blockquote>
<h2>🚨 Breaking changes</h2>
<ul>
<li>Remove update-major-minor-tags workflow <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/826 ">#826</a>)</li>
<li>Remove deprecrated custom manifest <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/813 ">#813</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Shortcircuit latest version from manifest <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/828 ">#828</a>)</li>
<li>Simplify inputs.ts <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/827 ">#827</a>)</li>
<li>Bump release-drafter to v7.1.1 <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/825 ">#825</a>)</li>
<li>Refactor inputs <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/823 ">#823</a>)</li>
<li>Replace inline compile args with tsconfig <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/824 ">#824</a>)</li>
<li>chore: update known checksums for 0.11.2 @<a
href="https://github.com/apps/github-actions ">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/821 ">#821</a>)</li>
<li>chore: update known checksums for 0.11.1 @<a
href="https://github.com/apps/github-actions ">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/817 ">#817</a>)</li>
<li>chore: update known checksums for 0.11.0 @<a
href="https://github.com/apps/github-actions ">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/815 ">#815</a>)</li>
<li>Fix latest-version workflow check <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/812 ">#812</a>)</li>
<li>chore: update known checksums for 0.10.11/0.10.12 @<a
href="https://github.com/apps/github-actions ">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/811 ">#811</a>)</li>
</ul>
<h2>v7.6.0 🌈 Fetch uv from Astral's mirror by default</h2>
<h2>Changes</h2>
<p>We now default to download uv from <code>releases.astral.sh</code>.
This means by default we don't hit the GitHub API at all and shouldn't
see any rate limits and timeouts any more.</p>
<h2>🚀 Enhancements</h2>
<ul>
<li>Fetch uv from Astral's mirror by default <a
href="https://github.com/zsol "><code>@zsol</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/809 ">#809</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Switch to ESM for source and test, use CommonJS for dist <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/806 ">#806</a>)</li>
<li>chore: update known checksums for 0.10.10 @<a
href="https://github.com/apps/github-actions ">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/804 ">#804</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="cec208311dhttps://redirect.github.com/astral-sh/setup-uv/issues/828 ">#828</a>)</li>
<li><a
href="4dd8ab4520https://redirect.github.com/astral-sh/setup-uv/issues/827 ">#827</a>)</li>
<li><a
href="7fdbe7cf0chttps://redirect.github.com/astral-sh/setup-uv/issues/826 ">#826</a>)</li>
<li><a
href="485abd05e5https://redirect.github.com/astral-sh/setup-uv/issues/825 ">#825</a>)</li>
<li><a
href="f82eb19c06https://redirect.github.com/astral-sh/setup-uv/issues/823 ">#823</a>)</li>
<li><a
href="868d1f74d9https://redirect.github.com/astral-sh/setup-uv/issues/824 ">#824</a>)</li>
<li><a
href="447e6d02b1https://redirect.github.com/astral-sh/setup-uv/issues/821 ">#821</a>)</li>
<li><a
href="5c62c59261https://redirect.github.com/astral-sh/setup-uv/issues/817 ">#817</a>)</li>
<li><a
href="e1a7373adbhttps://redirect.github.com/astral-sh/setup-uv/issues/815 ">#815</a>)</li>
<li><a
href="89709315bbhttps://redirect.github.com/astral-sh/setup-uv/issues/813 ">#813</a>)</li>
<li>Additional commits viewable in <a
href="5a095e7a20...cec208311dsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-10 13:40:18 +01:00
dependabot[bot]
71ee56b7b7
Bump the npm-deps group across 1 directory with 4 updates ( #852 )
...
Bumps the npm-deps group with 4 updates in the /src/frontend directory:
[react](https://github.com/facebook/react/tree/HEAD/packages/react ),
[react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom ),
[@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node )
and [postcss](https://github.com/postcss/postcss ).
Updates `react` from 19.2.4 to 19.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases ">react's
releases</a>.</em></p>
<blockquote>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236 ">#36236</a>
by <a href="https://github.com/eps1lon "><code>@eps1lon</code></a> and
<a
href="https://github.com/unstubbable "><code>@unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="23f4f9f30dhttps://github.com/facebook/react/commits/v19.2.5/packages/react ">compare
view</a></li>
</ul>
</details>
<br />
Updates `react-dom` from 19.2.4 to 19.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/facebook/react/releases ">react-dom's
releases</a>.</em></p>
<blockquote>
<h2>19.2.5 (April 8th, 2026)</h2>
<h2>React Server Components</h2>
<ul>
<li>Add more cycle protections (<a
href="https://redirect.github.com/facebook/react/pull/36236 ">#36236</a>
by <a href="https://github.com/eps1lon "><code>@eps1lon</code></a> and
<a
href="https://github.com/unstubbable "><code>@unstubbable</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="23f4f9f30dhttps://github.com/facebook/react/commits/v19.2.5/packages/react-dom ">compare
view</a></li>
</ul>
</details>
<br />
Updates `@types/node` from 25.5.0 to 25.6.0
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node ">compare
view</a></li>
</ul>
</details>
<br />
Updates `postcss` from 8.5.8 to 8.5.9
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases ">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md ">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.5.9</h2>
<ul>
<li>Speed up source map encoding paring in case of the error.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fe88ac29c0c55163249689a6b744066ceb8a46af02ccae6bc32c36658c7cb90600361f04d32cdc69df86cdfff082bec0dd8ehttps://github.com/postcss/postcss/compare/8.5.8...8.5.9 ">compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-10 13:40:08 +01:00
Alex
e3d5bd91fc
Bump node to 24 LTS ( #853 )
2026-04-10 13:29:48 +01:00
Alex
af38540991
Group dependabot PRs ( #849 )
2026-04-10 13:07:59 +01:00
Alex
3a3a3ce449
Add new python tooling + apply ruff linter cleanup ( #845 )
...
- Adds `uv`, `ruff`, `pyright`, `vulture` and `pytest-xdist`
- Move project, lockfile, docker build etc to uv
- Align python tooling on 3.14
- Huge bulk of ruff linter fixes applied. Still in progress but all the
core types are now enforced
- Update CI and test helpers
2026-04-10 13:03:25 +01:00
Alex
ff094bed56
Fix: Orchestrator timeout and exception handling ( #832 )
...
Fixes #823
2026-04-03 09:38:58 +01:00
Alex
c1143f808a
Batch dependency updates ( #831 )
...
- github/codeql-action 3.32.6 → 4.35.1
- seleniumbase 4.47.3 → 4.47.9
- react-router-dom 7.13.1 → 7.14.0
- docker/login-action 3.7.0 → 4.1.0
- tailwindcss 4.2.1 → 4.2.2
- @tailwindcss/vite 4.2.1 → 4.2.2
- @tailwindcss/postcss 4.2.1 → 4.2.2
- actions/setup-python 5.6.0 → 6.2.0
- docker/setup-buildx-action 3.12.0 → 4.0.0
2026-04-03 09:36:31 +01:00
Alex
9bfcf828ea
Fixes: Env variable config usage, retry availability, Entrypoint permissions ( #817 )
...
- Clean up a few uses of config options that may miss the env variable
if this is set
- Add enhanced retry availability utilising the DB to persist download
errors / retries across restarts, request failures, and pass Prowlarr
detail through the download task to maintain retry data.
- Strip back entrypoint permissions for less intensive chown operations.
Fixes #796
2026-03-29 16:39:40 +01:00
Alex
678c54cba2
Fixes: Entrypoint, seedtime, request policy flow ( #805 )
...
- Added a path for rootless permissions in the entrypoint script
- Routed prowlarr searches through torznab for seedtime info
- Added additional request flow for download permissions
2026-03-25 18:34:42 +00:00
Alex
019d36b27e
Rename Booklore to Grimmory 2 ( #792 )
2026-03-21 15:48:06 +00:00
Alex
698eb07e71
Rename Booklore to Grimmory ( #791 )
2026-03-21 15:38:38 +00:00
Alex
8f949a73d5
Remove audible provider ( #778 )
2026-03-18 18:29:13 +00:00
Alex
2c6f46fc88
Combined mode follow-up ( #777 )
2026-03-18 18:27:39 +00:00
Alex
3f90c3805f
Use title+author query for whitelisted indexers ( #774 )
2026-03-16 19:52:43 +00:00
Alex
cb093f61c6
Feature: Combined book+audiobook downloads ( #773 )
...
- Adds a combined search option in the search bar selector
- Choose both a book and audiobook file in a two-step release modal, and
download both simultaneously from a single search result.
- Works for requests. Request both a book+audiobook at once, or works
seamlessly with request policies that differ between book + audiobook
(E.g. automatically download the ebook portion, while the audiobook gets
sent as a request)
- Hidden for users who have book or audiobooks blocked.
Closes #611
2026-03-16 18:34:46 +00:00
Alex
b464d62672
Fix entrypoint gosu test write ( #772 )
...
- Let gosu run the full test write
- Delete stale compose
Fixes #771 - gosu pipe broken on Proxmox LXC installs
2026-03-15 18:04:41 +00:00
Alex
f3f26488b1
Fix TS error ( #770 )
2026-03-15 10:27:03 +00:00
Alex
fec9d31c8a
Frontend improvements for Audible provider ( #769 )
...
- Added square artwork support
- Added dedicated length and narrator icons
- Added audiobook info to release and details modals
- Moved search options button to accommodate larger Audible search
fields
2026-03-15 10:17:37 +00:00
cadric
3295be82a7
Add Audible metadata provider via Audimeta ( #762 )
...
Closes #515
## Summary
This adds a new `audible` metadata provider backed by the Audimeta API.
The provider supports:
- Audible/Audimeta metadata lookup without authentication
- region selection (`us`, `ca`, `uk`, `au`, `fr`, `de`, `jp`, `it`,
`in`, `es`, `br`)
- ASIN book lookup
- ISBN lookup with fallback search
- series suggestions and series-order browsing
- richer audiobook metadata such as narrators, runtime, rating,
subtitle, cover, publisher, and series info
- configurable Audimeta base URL, timeout, cache usage, default sort,
and unreleased filtering
## Notes
A few Audimeta-specific integration details were needed:
- send a meaningful `User-Agent`, otherwise Audimeta rejects requests
with `403`
- send the `cache` parameter in the format Audimeta expects
- use `keywords` for general search instead of `query`, which gave
poor/irrelevant results for title-style
searches
## Validation
Tested locally with:
- `python -m py_compile shelfmark/metadata_providers/audible.py`
- `python -m pytest tests/metadata/test_audible.py -v`
- `python -m pytest
tests/metadata/test_metadata_provider_capabilities.py -v`
Also verified manually in a Podman test container:
- searching for `Discount Dan` returns Audible title `B0DXLXRNGG`
- book details and series metadata load correctly
## Scope
This PR intentionally keeps the change localized to the provider layer
and docs:
- new Audible provider
- provider registration
- provider docs
- generated environment variable docs
2026-03-15 10:09:24 +00:00
Alex
fff0fd07a1
Fix stale activity dismiss handling ( #768 )
...
Fixes #764
2026-03-15 10:08:45 +00:00
Alex
3f1a14843b
Update to React 19 ( #766 )
...
Supersedes the React dependabot patches
- `react`
- `react-dom`
- `@types/react`
- `@types/react-dom`
Left out Vite / tooling updates
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 18:46:56 +00:00
Alex
21a11b06b9
Dependency updates roll-up ( #765 )
...
Supersedes the dependabot PRs after testing:
- `actions/attest-build-provenance`
- `docker/build-push-action`
- `actions/checkout`
- `seleniumbase`
- `docker/metadata-action`
- `actions/setup-node`
- `python:3.14-slim`
- `@types/node`
- `postcss`
- `react-router-dom`
Left out for now:
- `node:25-alpine`
- `vite@8`
- `@vitejs/plugin-react@6`
---------
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-13 18:41:02 +00:00
Alex
0d856a3ef5
CodeQL fixes ( #763 )
...
- Block SSRF in image cover proxy (validate URL scheme and reject
private IPs)
- Sanitize settings tab name to prevent path traversal
2026-03-13 17:47:34 +00:00
Alex
ebf4312174
Repo spring cleaning ( #746 )
...
- Add CI workflow (pytest + frontend typecheck/tests) on PRs
- Add CodeQL static analysis for Python and JS/TS
- Add Dependabot for pip, npm, Docker, and GitHub Actions
- Tighten workflow permissions
2026-03-13 17:09:49 +00:00
Alex
685c35d552
Hardcover list separation + Browser download fix ( #745 )
...
- Added full Hardcover reading status types into the list selector
- Split reading status entries from dedicated lists
- Added option to disable the automatic removal of books when downloaded
from a Hardcover list
- Fixed browser download not firing when the completed state was
triggered in specific cases
2026-03-13 14:33:10 +00:00
Alex
3d72f9e258
Various requested small features ( #741 )
...
- Added torrent removal option
- Pass Prowlarr seedtimes to download clients (excluding rTorrent)
- Split default release source option by content type
- Split download to browser option by content type
- Add "hide links" option
2026-03-12 17:36:07 +00:00
Alex
7f79da11e6
Activity routes logging ( #736 )
...
- Added specific logging for activity routes errors
- Fixed scrollbars
2026-03-11 19:59:12 +00:00
Alex
c59ea46540
Frontend update + Misc fixes ( #735 )
...
- Updated frontend CSS to Tailwind v4
- Reverted socket IO origin restriction
- Fixed search queries not persisting after auth redirect
- Move advanced search options to left UI selector
- Unlock IRC source to be used for audiobook content_type
- Tweaked security settings env var syncing to be prioritised
- Fix AA "all languages" query generation
- Added language-free AA query as second fallback in case of no results
- Testing moving SeleniumBase scratch files to /tmp via symlink
- Added enhanced logging for activity dismissals and other events
- Removed iFrame restrictions
2026-03-11 18:16:34 +00:00
Alex
a2a5a22324
Fix theming bug ( #722 )
2026-03-07 19:13:28 +00:00
Alex
a7db7f04e9
Hardcover tweaks ( #720 )
2026-03-07 18:16:40 +00:00
Alex
9d08bb3ef1
Expanded Hardcover list features ( #719 )
...
- Adds full interaction with Hardcover lists, including adding and
removing from lists + want to read status
- List selection exposed in search results, details modal and release
modal
- Added automatic list dropdown when selecting "list" search
- Added auto-removal of books from a list when downloading from that
specific list page
- Changed search selector to hover-activated
2026-03-07 15:33:46 +00:00
Alex
80aa289a64
Misc fixes ( #718 )
...
- Update file movement to prefer copy
- Improved mirror config overwriting on app updates
- Request / user DB hardening
2026-03-07 10:30:47 +00:00
Alex
edb437e905
Fix sorting + update readme ( #715 )
...
- Harden default sort preference use + fix series ordering use
- Update readme with contribution and project scope disclaimers
2026-03-06 17:06:20 +00:00
Alex
72464e32b8
Update makefile test ( #713 )
2026-03-06 15:00:05 +00:00
Alex
60893b19c6
Search UI revamp, series search and search suggestions ( #712 )
...
- Restructured search field options into the left-hand selector.
Includes dynamic options for each provider.
- Moved Hardcover list and manual search mode into the left hand
selector
- Added search mode and metadata provider into the search options area
- Added new Hardcover series API query and live series suggestions
- Added live Hardcover author and title suggestions
2026-03-06 14:44:55 +00:00
Alex
8bb188c903
Refactor direct source to use universal API ( #711 )
2026-03-06 12:59:37 +00:00
Alex
d6d10a450e
Enhance Hardcover lists ( #710 )
2026-03-06 10:45:15 +00:00
Alex
4b0d1aef13
Download history refactor pt3 ( #706 )
...
- Added canonical per-user visibility of requests and downloads via new
activity view table. Users get fully independent activity and history
views, while admins still see all.
- Replaces janky frontend + backend combination
2026-03-05 19:53:22 +00:00
Giovanni Scieri
447ed1a924
fix(search): include default language in search query filters ( #704 )
...
## Bug description
When a default language was configured, it was **not passed as a search
filter**.
This occurred regardless of configuration via UI or environment
variables.
## Fix
Updated filter logic so that the default language is always applied when
no explicit filter is provided:
```python
for value in filters.lang if filters.lang else config.BOOK_LANGUAGE or []:
if value and value != "all":
filters_query += f"&lang={quote(value)}"
```
This ensures:
- the default language is used when available
- empty or invalid values are ignored
- "all" does not apply a language filter
## Testing
- default language via UI → search filters correctly
- default language via environment variable → search filters correctly
- "all" value → no language filter applied
2026-03-05 16:25:19 +00:00
Alex
ba92ad90bc
Refine UI and adjust content type settings ( #705 )
...
- Tweak manual search toggle position
- Refinements to the Hardcover list dropdown behavior
- Hide the content type dropdown when a content type is blocked for a
user
- Fixes to Hardcover author parsing to strip out initialed names
- Remove `env_supported=false` for security config options.
2026-03-05 16:24:03 +00:00
Alex
cce2c10704
Download history refactor pt.2 ( #703 )
...
Two-phase download history: downloads are now recorded in the DB at
queue time (not just at terminal time), eliminating the need to
reconstruct metadata in the terminal hook and removing the
`_is_graduated_request_download()` request-scan mess
2026-03-05 13:06:34 +00:00
Alex
fbe25725d3
Download history refactor ( #700 )
...
- Much simpler handling of downloads in the activity sidebar, and
improved storage, persistence and UI behavior.
- Replace `ActivityService` with direct storage on
`DownloadHistoryService` and `download_requests` and removes the
activity_log/activity_dismissals tables
- Simplify no-auth mode by removing the fake user row pattern, handled
internally
- Add local download fallback so history entries can still serve files
after tasks leave the queue
- Downloads, requests and history are now entirely persistent between
updates / restarts, and correctly tied to each user.
2026-03-04 19:10:06 +00:00
Alex
bd65bccf52
Fix: Refresh mirrors ( #695 )
2026-03-03 22:14:18 +00:00
