dbf0ba45cdbfa88aa4280a811bf46784ea7cdcdb
57100 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
dbf0ba45cd |
feat(wekan): update image docker.io/wekanteam/wekan v9.53 → v9.54 (#49240)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) | minor | `529fb26` → `0600ca3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>wekan/wekan (docker.io/wekanteam/wekan)</summary> ### [`v9.54`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v954-2026-06-18-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.53...v9.54) This release adds the following updates: - [Updated dependencies](https://redirect.github.com/wekan/wekan/commit/ebc0f017bf2d0a6183a35cdd2b829a0cfff436ed). Merged Dependabot dependency updates: mongodb 6.21.0 → 7.3.0 in the tests/playwright e2e harness ([#​6393](https://redirect.github.com/wekan/wekan/pull/6393)), [@​aws-sdk/client-s3](https://redirect.github.com/aws-sdk/client-s3) 3.1054.0 → 3.1071.0 ([#​6390](https://redirect.github.com/wekan/wekan/pull/6390)), [@​google-cloud/storage](https://redirect.github.com/google-cloud/storage) 7.19.0 → 7.21.0 ([#​6391](https://redirect.github.com/wekan/wekan/pull/6391)), [@​typescript-eslint/eslint-plugin](https://redirect.github.com/typescript-eslint/eslint-plugin) 8.60.1 → 8.61.1 ([#​6392](https://redirect.github.com/wekan/wekan/pull/6392)), and [@​tweedegolf/sab-adapter-google-cloud](https://redirect.github.com/tweedegolf/sab-adapter-google-cloud) 1.0.10 → 3.0.2 ([#​6389](https://redirect.github.com/wekan/wekan/pull/6389)). Thanks to xet7. - [Updated docs](https://redirect.github.com/wekan/wekan/commit/85909d08cc8cb86299bf69b1c22cbded47f4c8c9). Thanks to xet7. and adds the following features: - [Added a "Show at Minicard" option for the Card Settings "Mark as complete" toggle](https://redirect.github.com/wekan/wekan/commit/d6a8f4386671630468fa61a8e98c4435c2c97803). The "Mark as complete" row in Board Settings → Card Settings now has its own "Show at Minicard" checkbox (new board setting `allowsDueCompleteOnMinicard`), unchecked by default — so the complete toggle is no longer shown on the current board's minicards unless it is explicitly enabled. Thanks to xet7. and fixes the following bugs: - [Updated tests](https://redirect.github.com/wekan/wekan/commit/6d6c26dd9bb2cac2c1660bf885078b1ae396fae6). Thanks to xet7. - [Explain to Dependabot to not complain about rspack](https://redirect.github.com/wekan/wekan/commit/d09b72670cf07e358738717093ad138c33c9fd2c). Thanks to xet7. - [Fixed Card Settings toggles (e.g. "Mark as complete") could not be reversed without refreshing the page](https://redirect.github.com/wekan/wekan/issues/6385). The Board Settings → Card Settings popup (`boardCardSettingsPopup`) cached the board once in `onCreated` as a non-reactive snapshot, but its toggle handlers computed the new value from that snapshot (`!tpl.currentBoard.allowsX`). So the first toggle worked, but reversing it recomputed `!oldValue` from the stale snapshot and set the same value again — it only "reset" after a page refresh re-took the snapshot. Fixed by re-reading the board reactively in an `autorun`, so every Card Settings toggle works both ways without a refresh. The same fix was applied to the Subtask Settings popup, which had the identical pattern. Thanks to xet7. Thanks to above GitHub users for their contributions and translators for their translations. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
2d660deb98 |
fix(ollama): update image docker.io/ollama/ollama 0.30.9 → 0.30.10 (#49239)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/ollama/ollama | patch | `be22e46` → `3c54a1a` | | docker.io/ollama/ollama | patch | `1a72f12` → `bfc9c6d` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9vbGxhbWEiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
17c8fd94b0 |
chore(resilio-sync): update image ghcr.io/linuxserver/resilio-sync digest to 58b0906 (#49236)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/resilio-sync](https://redirect.github.com/linuxserver/docker-resilio-sync/packages) ([source](https://redirect.github.com/linuxserver/docker-resilio-sync)) | digest | `dee75fd` → `58b0906` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yZXNpbGlvLXN5bmMiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
1492d2eb93 |
chore(synclounge): update image ghcr.io/linuxserver/synclounge digest to c2b157c (#49237)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/synclounge](https://redirect.github.com/linuxserver/docker-synclounge/packages) ([source](https://redirect.github.com/linuxserver/docker-synclounge)) | digest | `d036a37` → `c2b157c` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9zeW5jbG91bmdlIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
40c34a2fc4 |
fix(metube): update image ghcr.io/alexta69/metube 2026.06.16 → 2026.06.18 (#49238)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/alexta69/metube | patch | `bdb6992` → `9bb4b82` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tZXR1YmUiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
6cc533402a |
feat(wekan): update image docker.io/wekanteam/wekan v9.49 → v9.53 (#49235)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) | minor | `d632b48` → `529fb26` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>wekan/wekan (docker.io/wekanteam/wekan)</summary> ### [`v9.53`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v953-2026-06-18-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.52...v9.53) This release fixes the following bugs: - [Fixed Playwright e2e tests all failing because `Meteor` was not a browser global](https://redirect.github.com/wekan/wekan/commit/640d8ddadba64fde43c49a28b0fa39e30fbed105). Every Playwright end-to-end test (all 183, across Chromium, Firefox and WebKit) failed at the `waitForMeteor` step with `TimeoutError: page.waitForFunction`, because `typeof Meteor` was `undefined` in the browser `window` scope. Under the Meteor 3.5 + rspack build, bare `Meteor` references in app code are rewritten by rspack's ProvidePlugin into per-module imports, so `Meteor` is no longer placed on `window` the way the classic Meteor linker did. The tests call `Meteor.loginWithToken` / `Meteor.userId` / `Meteor.subscribe` etc. via `page.evaluate` (which runs in `window` scope), so they could never proceed past login. Fixed by re-exposing `window.Meteor = Meteor` early in `client/00-startup.js`, restoring the long-standing classic-Meteor behaviour where `Meteor` is a global (also handy in the browser console). Thanks to xet7. Thanks to above GitHub users for their contributions and translators for their translations. ### [`v9.52`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v952-2026-06-18-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.51...v9.52) This release fixes the following CRITICAL SECURITY ISSUE of [InputBleed](https://wekan.fi/hall-of-fame/inputbleed/): - [Fixed InputBleed](https://redirect.github.com/wekan/wekan/commit/8dfb54d9d5d68f120e3aa710c3521a9e9ac9670c): incomplete multi-character HTML sanitization in card dependency import allowed HTML/script element injection]\(<https://github.com/wekan/wekan/blob/main/client/lib/importDependencies.js>) (CWE-79 Cross-site Scripting, CWE-80 Improper Neutralization of Script-Related HTML Tags, CWE-116 Improper Encoding or Escaping of Output; GitHub CodeQL code scanning alert [#​421](https://redirect.github.com/wekan/wekan/issues/421), rule `js/incomplete-multi-character-sanitization`, severity High). `stripHtml()` in `client/lib/importDependencies.js` removed HTML tags with a single pass of `/<[^>]*>/g`. That is an incomplete multi-character sanitization in two ways: removing one match can splice surrounding text into a new match (so the replacement must be looped to a fixed point), and a dangling, unclosed tag that has no closing `>` (for example a trailing `<script` or `<svg/onload=...`) is never matched by the regex at all and survives untouched — leaving `<script` in the output, exactly as the scanner warned. A crafted card-dependency ("Red Strings") import file (the WeKan/generic JSON or Miro item titles and connector captions that pass through `stripHtml`) could therefore smuggle an HTML/script fragment past the sanitizer. Fixed by looping the tag-stripping replacement to a fixed point and then removing any remaining stray `<`/`>` characters, so neither a complete nor a partial tag can remain. Thanks to GitHub CodeQL, xet7 and Claude. and fixes the following bugs: - [Card Details popup](https://redirect.github.com/wekan/wekan/commit/15fcde99e2105075fe75ed4164a8b116b91d5606): removed the redundant empty second popup that appeared at the top of the page when a card was opened as a popup (for example from the Board Table view Edit link or from search results). The card details content is always position:fixed, so it renders as its own framed box and escapes the generic popup wrapper, leaving that wrapper (with its "Card Details" title header, border and background) visible as an empty box. The wrapper is now collapsed and made invisible so only the card itself shows. The card's own close button now closes the popup (in addition to clicking outside or pressing Escape). Thanks to xet7. Thanks to above GitHub users for their contributions and translators for their translations. ### [`v9.51`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v951-2026-06-17-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.50...v9.51) This release adds the following improvements: - [Board Table view](https://redirect.github.com/wekan/wekan/commit/73b4a97aaafc00baba260cfd16526d78e6372dee): the table now has the columns Card, List, Swimlane, Assignees, Members, Labels, Received, Start, Due and End. The Received, Start, Due and End dates are formatted and styled the same way as on the opened card details and the Gantt view (reusing the cardReceivedDate / cardStartDate / cardDueDate / cardEndDate badge templates), and can be sorted by clicking their column headers. Clicking a date opens the date-select popup so it can be changed, and an add (+) button is shown for empty dates — both only for board roles that have permission to change the card (the same `canModifyCard` check used on card details). A Received, Start, Due or End column is hidden when both its "Show at Card" and "Show at Minicard" Card Settings are unchecked for the board. The Labels cell now word-wraps so long label names no longer overflow across the other columns. Each row also has a leftmost "Edit" link (pencil icon + text) styled like the one on the Admin Panel / People page; clicking it opens the Card Details popup on top of the Board Table view. Thanks to xet7. Thanks to above GitHub users for their contributions and translators for their translations. ### [`v9.50`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v950-2026-06-17-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.49...v9.50) This release adds the following improvements: - [Board Table view](https://redirect.github.com/wekan/wekan/commit/a5d7e45200628e3112fd4fa297e26a381b985156): render markdown with `+viewer` in the Card, List, Swimlane and Labels cells, so emoji shortcodes and markdown (for example `👍`) display rendered instead of as literal text, and word-wrap the Card, List and Swimlane cells so long text no longer overflows across the other columns. Thanks to xet7. Thanks to above GitHub users for their contributions and translators for their translations. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
571ed4e8b8 |
feat(ghostfolio): update image docker.io/ghostfolio/ghostfolio 3.11.0 → 3.12.0 (#49234)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/ghostfolio/ghostfolio](https://redirect.github.com/ghostfolio/ghostfolio) | minor | `deac12f` → `f8728e6` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>ghostfolio/ghostfolio (docker.io/ghostfolio/ghostfolio)</summary> ### [`v3.12.0`](https://redirect.github.com/ghostfolio/ghostfolio/blob/HEAD/CHANGELOG.md#3120---2026-06-17) [Compare Source](https://redirect.github.com/ghostfolio/ghostfolio/compare/3.11.0...3.12.0) ##### Changed - Improved the styling of the checkboxes to consistently use the primary color in their states - Improved the account name display in the accounts table - Improved the name display in the activities table - Improved the last activity display in the users table of the admin control panel - Improved the registration display in the users table of the admin control panel - Improved the user id display in the users table of the admin control panel - Deprecated `SymbolProfile` in favor of `assetProfile` in the endpoint `GET api/v1/portfolio/holding/:dataSource/:symbol` - Improved the language localization for German (`de`) - Upgraded `svgmap` from version `2.19.3` to `2.21.0` ##### Fixed - Fixed a chart error on interaction by registering the annotation plugin early - Fixed an issue on the allocations page where clicking an account in the *By Account* chart did not open the detail dialog - Restricted the maximum height of the import activities dialog - Fixed the dark mode styling of the safe withdrawal rate selector in the *FIRE* section (experimental) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9naG9zdGZvbGlvIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==--> |
||
|
|
a72a5d9181 |
fix(unpoller): update image ghcr.io/unpoller/unpoller v3.3.0 → v3.3.1 (#49233)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/unpoller/unpoller](https://unpoller.com) ([source](https://redirect.github.com/unpoller/unpoller)) | patch | `1c03bc2` → `9dcccdc` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>unpoller/unpoller (ghcr.io/unpoller/unpoller)</summary> ### [`v3.3.1`](https://redirect.github.com/unpoller/unpoller/releases/tag/v3.3.1) [Compare Source](https://redirect.github.com/unpoller/unpoller/compare/v3.3.0...v3.3.1) #### Changelog - [`df0baba`](https://redirect.github.com/unpoller/unpoller/commit/df0baba630d9f79f3939970ffa3e8f96f2b538cf) feat(promunifi): add band label to per-VAP and per-radio metrics - [`9fd23b6`](https://redirect.github.com/unpoller/unpoller/commit/9fd23b66e7560859d525f57122b89e97191aec7d) build(deps): bump the all group with 3 updates </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC91bnBvbGxlciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
5f71f3a472 |
fix(kubernetes-reflector): update image ghcr.io/emberstack/kubernetes-reflector 10.0.49 → 10.0.50 (#49232)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/emberstack/kubernetes-reflector](https://redirect.github.com/emberstack/kubernetes-reflector) | patch | `1dd3b43` → `060c0b5` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>emberstack/kubernetes-reflector (ghcr.io/emberstack/kubernetes-reflector)</summary> ### [`v10.0.50`](https://redirect.github.com/emberstack/kubernetes-reflector/releases/tag/v10.0.50) [Compare Source](https://redirect.github.com/emberstack/kubernetes-reflector/compare/v10.0.49...v10.0.50) The release process is automated. #### What's Changed - Bump the all-dependencies group with 8 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​666](https://redirect.github.com/emberstack/kubernetes-reflector/pull/666) **Full Changelog**: <https://github.com/emberstack/kubernetes-reflector/compare/v10.0.49...v10.0.50> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9rdWJlcm5ldGVzLXJlZmxlY3RvciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
9e722779b5 |
fix(kromgo): update image ghcr.io/home-operations/kromgo 0.14.8 → 0.14.9 (#49231)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/home-operations/kromgo](https://redirect.github.com/home-operations/kromgo) | patch | `fd5e133` → `2843fa3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>home-operations/kromgo (ghcr.io/home-operations/kromgo)</summary> ### [`v0.14.9`](https://redirect.github.com/home-operations/kromgo/blob/HEAD/CHANGELOG.md#0149-2026-06-17) [Compare Source](https://redirect.github.com/home-operations/kromgo/compare/0.14.8...0.14.9) ##### Features - **badge:** add for-the-badge style ([#​259](https://redirect.github.com/home-operations/kromgo/issues/259)) ([d15fe1f](https://redirect.github.com/home-operations/kromgo/commit/d15fe1f623c6084f93cd55b56b5e5ac782da78a7)) - **deps:** update module github.com/prometheus/common (v0.68.1 → v0.69.0) ([#​258](https://redirect.github.com/home-operations/kromgo/issues/258)) ([0472460](https://redirect.github.com/home-operations/kromgo/commit/047246024fa4e6c33487c7041dccea2f5ea554ca)) ##### Miscellaneous Chores - **mise:** update tool oxfmt (0.54.0 → 0.55.0) ([#​257](https://redirect.github.com/home-operations/kromgo/issues/257)) ([3a90072](https://redirect.github.com/home-operations/kromgo/commit/3a90072a2e032ed08b8fd402b7a10d508d08d6f6)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9rcm9tZ28iLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
8983cb051f | chore(anything-llm): update image ghcr.io/mintplex-labs/anything-llm digest to 16f75d1 (#49228) | ||
|
|
b88c82bdf4 |
chore(impostor-server): update image docker.io/aeonlucid/impostor digest to 6ac2a56 (#49229)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/aeonlucid/impostor | digest | `a6f1ae8` → `6ac2a56` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9pbXBvc3Rvci1zZXJ2ZXIiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
8e98aa813c |
feat(wekan): update image docker.io/wekanteam/wekan v9.47 → v9.49 (#49226)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) | minor | `70cc2d1` → `d632b48` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>wekan/wekan (docker.io/wekanteam/wekan)</summary> ### [`v9.49`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v949-2026-06-17-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.48...v9.49) This release fixes the following bugs: - Fix Board Table view not loading with "No such template: tableView" error. The `tableView.jade`, `tableView.js` and `tableView.css` files of the new Board Table view were never imported in `client/features/boards.js`, so the `tableView` template was not bundled and selecting the Table view threw a Tracker recompute exception. Added the missing imports. Thanks to xet7. Thanks to above GitHub users for their contributions and translators for their translations. ### [`v9.48`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v948-2026-06-17-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.47...v9.48) This release adds the following updates: - [Added non-experimental docker settings](https://redirect.github.com/wekan/wekan/commit/0944f2af472c30d4d464850399ed9f5ffcca3a0f). Thanks to xet7. and adds the following new features: - Board Table view. [Part 1](https://redirect.github.com/wekan/wekan/commit/e085e5bfeb7b1a00be6d39b413cec7078a20134b), [Part 2](https://redirect.github.com/wekan/wekan/commit/86bf48a626e2947836ae7dc5dda65c08d0174552). The board view menu (Swimlanes, Lists, Calendar, Gantt) gains a new "Table" entry below Gantt. It shows every card of the current board in a table — Card, List, Swimlane, Members, Labels and Due Date — using the same styling as the My Cards table view (the `.my-cards-board-table` CSS classes). Whereas My Cards' table spans all of the user's cards across boards, this is the per-board equivalent showing all of the current board's cards. The view is stored like the others as the user's `board-view-table` boardView. It also has a search box and previous/next pagination styled like the Admin Panel / People page, and Excel-like column sorting: click the Card, List, Swimlane or Due Date header to sort by it, click again to reverse, with an arrow showing the active column and direction. Search, sort and pagination run client-side over the board's already-loaded cards. Thanks to xet7 and Claude. and fixes the following bugs: - [List scrollbar disappeared after resizing a list width](https://redirect.github.com/wekan/wekan/commit/f621966f6143bb0d1c986507331d095ff81866d8): Fixes [#​6386](https://redirect.github.com/wekan/wekan/issues/6386). When changing the width of a list by dragging the resize handle between lists, the list's vertical scrollbar (used to scroll up and down through the cards in a list) disappeared. Cause: dragging the resize handle sets an inline `--list-width` property on the list, which made the resize CSS rules force `display: block` on the list permanently. That collapsed the flex-column layout so `.list-body` was no longer height-bounded and its `overflow-y: auto` scrollbar never appeared. Fixed by keeping the flex column layout (`display: flex; flex-direction: column`) instead of `display: block` during and after resize; the explicit inline width still pins the list width. Thanks to xet7 and Claude. - [Login and register pages are now scrollable to the bottom of the form](https://redirect.github.com/wekan/wekan/commit/ad2b969eb5aeea535e0392c9cf81d32a79f11657): Tall authentication forms (many login methods, legal notice, language selector, etc.) could overflow the viewport without a reliable way to scroll to all fields. The auth pages render directly into `<body>`, which already has `overflow-y: auto`, so the vertical scrollbar now appears whenever the form is taller than the viewport, with a real draggable thumb, placed on the right for LTR and on the left for RTL (since `<body>` inherits `direction` from the html `dir` attribute). Two `<br>` are added below the dialog so the bottom of the form scrolls fully into view. An earlier attempt forced `overflow-y: scroll`, which left a non-draggable empty scrollbar track in Chromium and no scrollbar at all in Firefox when the form fit the viewport; using the default `overflow-y: auto` shows the scrollbar only when there is something to scroll. Thanks to xet7 and Claude. - [Drag-to-scroll (dragscroll) now works on the All Boards, My Cards, Login and Register pages and in the board Lists view](https://redirect.github.com/wekan/wekan/commit/da93bfbca687e4ca9b1ed8798e9f07ec0d31bab7): Dragging empty space to scroll already worked on the board Swimlanes view but not on these pages. The dragscroll library scrolls whichever element carries the `dragscroll` class, and that element must be the actual scroll container. On All Boards, My Cards, Login and Register the page scroll container is `<body>` (the previous `dragscroll` class on `ul.board-list` only scrolled in mobile view), so a small shared helper (`client/lib/pageDragscroll.js`) now toggles the `dragscroll` class on `<body>` while those templates are mounted and calls `dragscroll.reset()`; the library has a dedicated `el == document.body` branch for whole-page scrolling. In the board Lists view the `.board-canvas` only received `dragscroll` when the board had swimlanes, so vertical drag-scroll failed on swimlane-less boards; the canvas now always carries the class. One-finger touch scrolling (client/lib/dragscrollTouch.js) covers these too. Thanks to xet7 and Claude. Thanks to above GitHub users for their contributions and translators for their translations. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
432b44bd0a |
fix(n8n): update image ghcr.io/n8n-io/n8n 2.27.0 → 2.27.1 (#49224)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/n8n-io/n8n](https://n8n.io) ([source](https://redirect.github.com/n8n-io/n8n)) | patch | `a5b4217` → `56f397b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9uOG4iLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
f85d39f975 | chore(comet): update image ghcr.io/g0ldyy/comet digest to cb7f5ff (#49220) | ||
|
|
22a039a846 |
feat(zwavejs2mqtt): update image docker.io/zwavejs/zwave-js-ui 11.19.1 → 11.20.0 (#49227)
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
|
[docker.io/zwavejs/zwave-js-ui](https://redirect.github.com/zwave-js/zwave-js-ui)
| minor | `944d39f` → `e6b829b` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.
Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.
---
### Release Notes
<details>
<summary>zwave-js/zwave-js-ui (docker.io/zwavejs/zwave-js-ui)</summary>
###
[`v11.20.0`](https://redirect.github.com/zwave-js/zwave-js-ui/blob/HEAD/CHANGELOG.md#11200-2026-06-17)
[Compare
Source](https://redirect.github.com/zwave-js/zwave-js-ui/compare/v11.19.1...v11.20.0)
##### ✨ Features
- bump zwave-js\@​15.24.3
([#​4670](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4670))
([ad1667e](https://redirect.github.com/zwave-js/zwave-js-ui/commit/ad1667ef2c6d5c3eb732f49b0774d20191b0ff22))
- support for multicast/broadcast groups
([#​4382](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4382))
([edf18e9](https://redirect.github.com/zwave-js/zwave-js-ui/commit/edf18e9cbe60280aa562e02399648c8925e9ccb8))
##### 🐛 Bug Fixes
- **api:** apply imported node metadata across wrapped and legacy
nodes.json formats
([#​4636](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4636))
([87c89da](https://redirect.github.com/zwave-js/zwave-js-ui/commit/87c89da15d3de69b9eeaa0cc9c99d4830018ea29))
- **api:** reduce default JSON request body size limit
([#​4663](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4663))
([b965182](https://redirect.github.com/zwave-js/zwave-js-ui/commit/b9651821cda5b763dc13535a0e00443be1d27d6e))
- **api:** require authentication for the snippet listing endpoint
([#​4661](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4661))
([dc129d3](https://redirect.github.com/zwave-js/zwave-js-ui/commit/dc129d33a02c46d519f4af41e80b950f6c25ca79))
- **config:** enforce a strong session secret
([#​4664](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4664))
([c570f60](https://redirect.github.com/zwave-js/zwave-js-ui/commit/c570f60b571a58a8506e6affe8118e42a3a6f224))
- **gateway:** apply numeric `postOperation` scaling directly
([#​4662](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4662))
([fb73508](https://redirect.github.com/zwave-js/zwave-js-ui/commit/fb73508efe459fa124ad8c9b4c1038a9762196d8))
- **hass:** add LZW45 to Inovelli RGBW Home Assistant discovery template
([#​4669](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4669))
([3c2d62f](https://redirect.github.com/zwave-js/zwave-js-ui/commit/3c2d62ffb5b9b76aa56a18911a1891c066ee65d8))
- **ui:** keep node index map consistent after node removal
([#​4667](https://redirect.github.com/zwave-js/zwave-js-ui/issues/4667))
([
|
||
|
|
57614c26fe |
fix(romm): update image ghcr.io/rommapp/romm 4.9.1 → 4.9.2 (#49225)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/rommapp/romm](https://redirect.github.com/rommapp/romm) | patch | `447850c` → `c81778a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>rommapp/romm (ghcr.io/rommapp/romm)</summary> ### [`v4.9.2`](https://redirect.github.com/rommapp/romm/releases/tag/4.9.2) [Compare Source](https://redirect.github.com/rommapp/romm/compare/4.9.1...4.9.2) #### What's Changed - fix: Crash on startup when no library by [@​zurdi15](https://redirect.github.com/zurdi15) in [#​3544](https://redirect.github.com/rommapp/romm/pull/3544) - build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 in /frontend by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​3525](https://redirect.github.com/rommapp/romm/pull/3525) - build(deps): bump tornado from 6.5.6 to 6.5.7 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​3528](https://redirect.github.com/rommapp/romm/pull/3528) - build(deps): bump python-multipart from 0.0.22 to 0.0.31 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​3527](https://redirect.github.com/rommapp/romm/pull/3527) - build(deps): bump aiohttp from 3.13.4 to 3.14.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​3530](https://redirect.github.com/rommapp/romm/pull/3530) - build(deps): bump markdown-it from 14.1.1 to 14.2.0 in /frontend by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​3533](https://redirect.github.com/rommapp/romm/pull/3533) - build(deps): bump ws and engine.io-client in /frontend by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​3532](https://redirect.github.com/rommapp/romm/pull/3532) **Full Changelog**: <https://github.com/rommapp/romm/compare/4.9.1...4.9.2> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yb21tIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> |
||
|
|
8b3c8c393f | chore(nitter): update image docker.io/zedeus/nitter digest to 6879f43 (#49223) | ||
|
|
a73f9b6105 |
chore(lyrion-music-server): update image docker.io/lmscommunity/lyrionmusicserver digest to 56c7d79 (#49221)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/lmscommunity/lyrionmusicserver | digest | `ecea361` → `56c7d79` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9seXJpb24tbXVzaWMtc2VydmVyIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
763034a805 | chore(mariadb): update image docker.io/bitnamisecure/mariadb digest to 4a3b3ac (#49222) | ||
|
|
39ea3a6186 |
fix(helm-deps): update chart mongodb 17.4.1 → 17.4.2 (#49217)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [mongodb](https://truecharts.org/charts/stable/mongodb) ([source](https://redirect.github.com/bitnami/bitnami-docker-mongodb)) | patch | `17.4.1` → `17.4.2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC95b3V0dWJlZGwtbWF0ZXJpYWwiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
57411c300a |
chore(cops): update image lscr.io/linuxserver/cops digest to 3a4f39a (#49214)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [lscr.io/linuxserver/cops](https://redirect.github.com/linuxserver/docker-cops/packages) ([source](https://redirect.github.com/linuxserver/docker-cops)) | digest | `f69e6c0` → `3a4f39a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9jb3BzIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
446168717f | feat(mend-renovate): update image ghcr.io/mend/renovate-ce 14.6.0 → 14.7.0 (#49219) | ||
|
|
306982446a |
chore(transmission): update image docker.io/linuxserver/transmission digest to 90ca607 (#49216)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/linuxserver/transmission](https://redirect.github.com/linuxserver/docker-transmission/packages) ([source](https://redirect.github.com/linuxserver/docker-transmission)) | digest | `ec464a7` → `90ca607` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90cmFuc21pc3Npb24iLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
e644ba640c | chore(dashy): update image ghcr.io/lissy93/dashy digest to 7c79a07 (#49215) | ||
|
|
332bf33b84 |
fix(maintainerr): update image docker.io/maintainerr/maintainerr 3.15.0 → 3.15.1 (#49218)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/maintainerr/maintainerr](https://redirect.github.com/Maintainerr/Maintainerr) | patch | `b510727` → `fc23686` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>Maintainerr/Maintainerr (docker.io/maintainerr/maintainerr)</summary> ### [`v3.15.1`](https://redirect.github.com/Maintainerr/Maintainerr/blob/HEAD/CHANGELOG.md#3151-2026-06-17) [Compare Source](https://redirect.github.com/Maintainerr/Maintainerr/compare/v3.15.0...v3.15.1) #### Highlights - Fixed Plex `sw_lastWatched` getter to correctly return `null` for shows never watched, resolving a `TypeError` when accessing empty watch history ([#​3102](https://redirect.github.com/Maintainerr/Maintainerr/issues/3102)). - Fixed Emby collection creation to include an initial item, avoiding HTTP 500 errors for empty collections ([#​3097](https://redirect.github.com/Maintainerr/Maintainerr/issues/3097)). - Fixed Radarr import-list exclusions to correctly handle "already excluded" HTTP 400 responses as success ([#​3096](https://redirect.github.com/Maintainerr/Maintainerr/issues/3096), [#​3099](https://redirect.github.com/Maintainerr/Maintainerr/issues/3099)). #### Fixes - Fixed Plex `sw_lastWatched` getter to correctly return `null` for shows never watched, resolving a `TypeError` when accessing empty watch history ([#​3102](https://redirect.github.com/Maintainerr/Maintainerr/issues/3102)). - Fixed Emby collection creation to include an initial item, avoiding HTTP 500 errors for empty collections ([#​3097](https://redirect.github.com/Maintainerr/Maintainerr/issues/3097)). - Fixed Emby collection creation to skip remote creation for empty collections, preventing HTTP 500 errors ([#​3098](https://redirect.github.com/Maintainerr/Maintainerr/issues/3098)). - Fixed Radarr import-list exclusions to correctly handle "already excluded" HTTP 400 responses as success ([#​3096](https://redirect.github.com/Maintainerr/Maintainerr/issues/3096), [#​3099](https://redirect.github.com/Maintainerr/Maintainerr/issues/3099)). - Fixed Radarr exclusion handling to avoid misreporting non-duplicate validation errors as success ([#​3099](https://redirect.github.com/Maintainerr/Maintainerr/issues/3099)). - Fixed Plex collections to self-heal when stale/corrupt records reject every item add ([#​3094](https://redirect.github.com/Maintainerr/Maintainerr/issues/3094)). - Fixed metadata resolution for movie/show IDs to correctly resolve from the item itself instead of its parent ([#​3100](https://redirect.github.com/Maintainerr/Maintainerr/issues/3100)). #### Performance - Increased timeout for `OverlayRenderService` render tests to avoid CI flakiness during sharp-based image processing ([#​3101](https://redirect.github.com/Maintainerr/Maintainerr/issues/3101)). #### Internal - Updated README feature wording. #### Dependencies - 23 dependency updates, including nodemailer, [@​typescript-eslint/parser](https://redirect.github.com/typescript-eslint/parser), axios, [@​nestjs/typeorm](https://redirect.github.com/nestjs/typeorm), sharp, and semantic-release. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tYWludGFpbmVyciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
fdbb9105d6 |
fix(helm-deps): update chart valkey 2.4.0 → 2.4.1 (#49212)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [valkey](https://truecharts.org/charts/stable/valkey) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/valkey)) | patch | `2.4.0` → `2.4.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWJsYXRlIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> |
||
|
|
a4bf330c39 | chore(mongodb): update image docker.io/bitnamisecure/mongodb digest to e69978e (#49209) | ||
|
|
af55e07a9e | chore(filestash): update image docker.io/machines/filestash digest to d083abd (#49208) | ||
|
|
3d02990ce0 |
chore(wordpress): update image docker.io/bitnamisecure/wordpress digest to 17408e3 (#49211)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/bitnamisecure/wordpress | digest | `334da5f` → `17408e3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93b3JkcHJlc3MiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
a57c26f53b |
chore(tubesync): update image ghcr.io/meeb/tubesync digest to fcdf065 (#49210)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/meeb/tubesync | digest | `721bfcb` → `fcdf065` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90dWJlc3luYyIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |
||
|
|
9148e0eb36 |
fix(ollama): update image docker.io/ollama/ollama 0.30.8 → 0.30.9 (#49213)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/ollama/ollama | patch | `19e10c4` → `be22e46` | | docker.io/ollama/ollama | patch | `05b6fe5` → `1a72f12` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9vbGxhbWEiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
ebdcfef016 |
Commit daily changes
Signed-off-by: TrueCharts-Bot <bot@truecharts.org> |
||
|
|
677cf0c560 |
fix(plextraktsync): update image ghcr.io/taxel/plextraktsync 0.35.7 → 0.35.8 (#49203)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/taxel/plextraktsync](https://redirect.github.com/Taxel/PlexTraktSync) | patch | `d210acd` → `c7c1474` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>Taxel/PlexTraktSync (ghcr.io/taxel/plextraktsync)</summary> ### [`v0.35.8`](https://redirect.github.com/Taxel/PlexTraktSync/compare/0.35.7...0.35.8) [Compare Source](https://redirect.github.com/Taxel/PlexTraktSync/compare/0.35.7...0.35.8) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9wbGV4dHJha3RzeW5jIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> |
||
|
|
5e095c3180 |
feat(manyfold): update image ghcr.io/manyfold3d/manyfold 0.143.2 → 0.144.1 (#49206)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/manyfold3d/manyfold](https://redirect.github.com/manyfold3d/manyfold) | minor | `587bfdd` → `49071d6` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>manyfold3d/manyfold (ghcr.io/manyfold3d/manyfold)</summary> ### [`v0.144.1`](https://redirect.github.com/manyfold3d/manyfold/releases/tag/v0.144.1) [Compare Source](https://redirect.github.com/manyfold3d/manyfold/compare/v0.144.0...v0.144.1) A small bugfix for an error when using custom lists. #### What's Changed ##### 🐛 Bug Fixes 🐛 - Fix page errors caused by using default parameter in nested blocks by [@​Floppy](https://redirect.github.com/Floppy) in [#​6397](https://redirect.github.com/manyfold3d/manyfold/pull/6397) **Full Changelog**: <https://github.com/manyfold3d/manyfold/compare/v0.144.0...v0.144.1> ### [`v0.144.0`](https://redirect.github.com/manyfold3d/manyfold/releases/tag/v0.144.0) [Compare Source](https://redirect.github.com/manyfold3d/manyfold/compare/v0.143.2...v0.144.0) Been doing some digital kitbashing and lost track of which models are based on which? Now you can mark a model as a "remix" of other models, as many as you like! Just go to the edit page, add a relationship, and search for the model you want to link up. Remixes and sources are shown in the model page sidebar. We've also added thumbnail extraction from GCODE files, and added indexing for a number of new formats that F3D can create static renders of: DICOM, CityGML, Point clouds, VTK, OFF, DirectX, XBF, Quake MDL, IFC, MetaIO, NRRD, and Splat/Spz for 3D Gaussian Splatting. #### What's Changed ##### ✨ New Features ✨ - Add support for a whole load of new file types supported by F3D by [@​Floppy](https://redirect.github.com/Floppy) in [#​6337](https://redirect.github.com/manyfold3d/manyfold/pull/6337) - Use GCODE file thumbnails as preview images by [@​Floppy](https://redirect.github.com/Floppy) in [#​6379](https://redirect.github.com/manyfold3d/manyfold/pull/6379) - Link models together as remixes by [@​Floppy](https://redirect.github.com/Floppy) in [#​6377](https://redirect.github.com/manyfold3d/manyfold/pull/6377) ##### 🌍 Internationalization 🌏 - Translations updated: fr by [@​Floppy](https://redirect.github.com/Floppy) in [#​6361](https://redirect.github.com/manyfold3d/manyfold/pull/6361) - Translations updated: cs by [@​Floppy](https://redirect.github.com/Floppy) in [#​6360](https://redirect.github.com/manyfold3d/manyfold/pull/6360) - Translations updated: pl by [@​Floppy](https://redirect.github.com/Floppy) in [#​6359](https://redirect.github.com/manyfold3d/manyfold/pull/6359) - Translations updated: es by [@​Floppy](https://redirect.github.com/Floppy) in [#​6358](https://redirect.github.com/manyfold3d/manyfold/pull/6358) - Translations updated: zh-CN by [@​Floppy](https://redirect.github.com/Floppy) in [#​6357](https://redirect.github.com/manyfold3d/manyfold/pull/6357) - Translations updated: de by [@​Floppy](https://redirect.github.com/Floppy) in [#​6356](https://redirect.github.com/manyfold3d/manyfold/pull/6356) ##### 🛠️ Other Improvements 🛠️ - Break up edit forms with headings by [@​Floppy](https://redirect.github.com/Floppy) in [#​6352](https://redirect.github.com/manyfold3d/manyfold/pull/6352) - New UI layout for "add a link" button, and updates to similar layouts by [@​Floppy](https://redirect.github.com/Floppy) in [#​6353](https://redirect.github.com/manyfold3d/manyfold/pull/6353) - Add WASM and Rails plugins for Vite, and allow dev mode connections by [@​Floppy](https://redirect.github.com/Floppy) in [#​6354](https://redirect.github.com/manyfold3d/manyfold/pull/6354) - Extract model file relationship form and improve translation keys by [@​Floppy](https://redirect.github.com/Floppy) in [#​6355](https://redirect.github.com/manyfold3d/manyfold/pull/6355) - Remove explicit "it" block parameters by [@​Floppy](https://redirect.github.com/Floppy) in [#​6362](https://redirect.github.com/manyfold3d/manyfold/pull/6362) **Full Changelog**: <https://github.com/manyfold3d/manyfold/compare/v0.143.2...v0.144.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tYW55Zm9sZCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
03a6b5cae0 |
fix(metabase): update image docker.io/metabase/metabase v0.62.1 → v0.62.2 (#49200)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/metabase/metabase | patch | `b56a050` → `b2b2c69` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tZXRhYmFzZSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
c5e0623628 |
chore(grafana-image-renderer): update image docker.io/grafana/grafana-image-renderer digest to d88e6bf (#49192)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/grafana/grafana-image-renderer | digest | `5306343` → `d88e6bf` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9ncmFmYW5hLWltYWdlLXJlbmRlcmVyIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
be29da90c9 |
fix(ctfd): update image ghcr.io/ctfd/ctfd 3.8.5 → 3.8.6 (#49199)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/ctfd/ctfd | patch | `476211f` → `5b780b3` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9jdGZkIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> |
||
|
|
d06a463566 |
chore(redis): update image docker.io/bitnamisecure/redis digest to d842c43 (#49194)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.io/bitnamisecure/redis | digest | `4f041bf` → `d842c43` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9yZWRpcyIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |
||
|
|
979d927128 |
chore(tachidesk-docker): update image ghcr.io/suwayomi/tachidesk digest to afe6d68 (#49195)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/suwayomi/tachidesk | digest | `f088885` → `afe6d68` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC90YWNoaWRlc2stZG9ja2VyIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
3082e21529 |
feat(wekan): update image docker.io/wekanteam/wekan v9.46 → v9.47 (#49207)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/wekanteam/wekan](https://redirect.github.com/wekan/wekan) | minor | `2c4f3ec` → `70cc2d1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>wekan/wekan (docker.io/wekanteam/wekan)</summary> ### [`v9.47`](https://redirect.github.com/wekan/wekan/blob/HEAD/CHANGELOG.md#v947-2026-06-17-WeKan--release) [Compare Source](https://redirect.github.com/wekan/wekan/compare/v9.46...v9.47) This release adds the following updates: - [Developer test tooling: "Run ALL tests" now stops an existing dev server on port 3000 instead of aborting](https://redirect.github.com/wekan/wekan/commit/64aa784b2b2b9f96040aad066101aef3f8444da0): `rebuild-wekan.sh` menu option 9 ("Run ALL tests") previously errored out with "Port 3000 is already in use" when a dev server was already running, forcing the user to stop it manually. It now detects and stops the existing Meteor dev server before starting its own. Thanks to xet7 and Claude. Details: - When port 3000 is busy, option 9 finds the existing Meteor dev server (`pgrep -f 'meteor run --port 3000'`) and sends it a normal `kill`, which also tears down the node child it spawned. - It then polls the port for up to 30s, escalating to `SIGKILL` at the 15s mark and falling back to `lsof -ti tcp:3000` (or `fuser -k 3000/tcp`) to catch anything still holding the port whose command line does not match. - Only if the port is still occupied after all that does it print an error and abort; otherwise it reports "Port 3000 is now free" and starts its own server. - [Fix moving/copying a card silently failing with a 403 validation error](https://redirect.github.com/wekan/wekan/commit/7db02489202c560d227a476db24cd761c66a0a00): the move, copy, copy-many and convert-checklist-item card dialogs could leave a card in its original list instead of moving it. Thanks to xet7 and Claude. Details: - Root cause: the dialog's "Done" handler read the target board/swimlane/list by scraping the DOM `<select>` elements. The reactive `boards()` helper can transiently return `[]` while a `board` subscription re-resolves, leaving the board `<select>` momentarily option-less, so `selectedIndex` was `-1` and the scraped `boardId` was `undefined`. `card.move(undefined, …)` then failed server-side with `ValidationError: Not permitted. Untrusted code may only updateAsync documents by ID [403]`, and the card silently stayed put. This was a gap in the earlier dialog fix, which bound only the swimlane and list options to the live selection but left the board `<select>` on the (empty) last-confirmed option. - Fix: the Done handler now reads `boardId`/`swimlaneId`/`listId` from the dialog's live reactive selection (`selectedBoardId`/`selectedSwimlaneId`/ `selectedListId`), which stays correct across re-renders, and the board `<option selected>` attribute is bound to the live selection in all four dialogs for UI consistency. - Test hardening: three Playwright/Node E2E tests that flaked under the all-parallel run (move-list-right, add-to-top/add-to-bottom, and the Node E2E second-session list-order check) now wait for the board subscription to populate before acting, instead of reading once after a fixed delay. - [Developer test tooling: run all tests in parallel against a single dev server](https://redirect.github.com/wekan/wekan/commit/19fe2e2b6f21b5206e29dcd568576f001abbf37a): `rebuild-wekan.sh` and `rebuild-wekan.bat` now run all tests in parallel against a single dev server, and fix the WebKit/Docker permission fallout. Thanks to xet7 and Claude. Details: - "Run ALL tests" (menu option 9) now starts **one** WeKan server on <http://localhost:3000> (using `.meteor/local`) and runs every test job concurrently with a live, refreshing progress display: import regression, Node E2E, and Playwright Chromium + Firefox + WebKit all run against that one server, while the Mocha server-side suite runs at the same time in its own isolated Meteor build dir (`.meteor/local-test`, via `METEOR_LOCAL_DIR`) so the two Meteor builds never share `.meteor/local`. A per-job PASS/FAIL summary and per-job logs (`../wekan-alltests-<job>.log`) are written at the end. Previously these ran strictly one after another. - New menu option 16, "Test Playwright ALL browsers in parallel", runs Chromium + Firefox + WebKit at the same time against a server that is already running on :3000 (WebKit via the Playwright Docker image on Linux arm64, native elsewhere; the others run with `--workers=3` on Windows). - Each Playwright browser now writes to its own `test-results/<browser>` output dir so parallel runs do not clobber each other's artifacts, and the WebKit Docker run executes as the host user (`--user`) so it no longer leaves root-owned files behind. A guard repairs an already root-owned `test-results/` that caused `EACCES: permission denied, mkdir .../.playwright-artifacts-N`. - [Run ALL tests: start the :3000 server before Mocha so it boots fast again](https://redirect.github.com/wekan/wekan/commit/83963dce80909ae0c6dde512c297619e1213c502): the parallel "Run ALL tests" flow launched Mocha (in its own `.meteor/local-test` build) before the :3000 dev server, so two full Meteor builds competed for CPU/disk and the server took a long time to become ready — shown as a long line of dots during the readiness wait. Mocha and the import regression do not need the server, so they are now launched only after the server build is underway; the server builds alone and boots fast again, while they still run in parallel with the E2E and browser jobs. Applied to both `rebuild-wekan.sh` and `rebuild-wekan.bat`. Thanks to xet7 and Claude. - [Fix #​6380: login page missing username/password fields after upgrade](https://redirect.github.com/wekan/wekan/commit/8e70a2b6a95373125be222534cc2fd4da6c278e8): the password form is hidden by default in CSS and only revealed by JS when `isPasswordLoginEnabled` returns truthy; a slow/failed method call or a not-yet-rendered accounts form left the login without username and password fields. It now shows the form unless password login is explicitly disabled, and waits for the form element to appear before showing it. Thanks to xet7 and Claude. - [Fix #​6381: make the card "Mark as complete" toggle configurable, hidden by default](https://redirect.github.com/wekan/wekan/commit/67d9de32db8829ae11ad654fee621162368eed36): a new board setting `allowsDueComplete` (off by default) controls whether the "Mark as complete" toggle is shown on cards, with a checkbox in the board Card Settings popup to enable it per board. Thanks to xet7 and Claude. - [Fix #​6382: stop the client auto-creating thousands of empty swimlanes](https://redirect.github.com/wekan/wekan/commit/dd7306d8de1f8c49d2f80b6cb6b49994e7a5a94d): `getDefaultSwimline()` inserted a swimlane whenever none was found, but on the client it runs inside reactive renders — for a board whose swimlanes were not yet loaded (e.g. the default subtasks board viewed via "All boards") every re-render inserted another empty swimlane (2008 in the report), freezing the browser. The default swimlane is now auto-created only on the server. Thanks to xet7 and Claude. - [Move/Copy/Convert card dialogs: bind swimlane and list select to live selection](https://redirect.github.com/wekan/wekan/commit/758f320969ccdbe2026cf1acb9d361906da3f76a): the swimlane and list `<select>` `selected` option in the move, copy, copy-many and convert-checklist-item card dialogs now follows the live selection instead of the last-confirmed option, so a Blaze reactive re-render can no longer silently revert the user's in-progress choice. Thanks to xet7 and Claude. - [Playwright: probe browsers and skip ones that cannot launch on the host](https://redirect.github.com/wekan/wekan/commit/be44f9c3114fcef82847510058f8ccd014e32109): the test runner now probes each browser and skips any that cannot launch (e.g. the bundled WebKit needs old system libraries that newer Linux arm64 distros like Ubuntu 26.04 no longer ship), removing false WebKit failures locally while still running every browser on CI. Override with `WEKAN_PLAYWRIGHT_PROBE=1`/`0`. Thanks to xet7 and Claude. - [rebuild-wekan.sh: platform detection, Docker WebKit on Linux arm64, all browsers in ALL tests](https://redirect.github.com/wekan/wekan/commit/dac356ed061167cdf994bd9f82a849514922a92e): detect OS/arch (Linux amd64/arm64, macOS arm64); run the WebKit Playwright specs via the official Playwright Docker image on Linux arm64 where the bundled WebKit cannot launch natively; and run Chromium, Firefox and WebKit in the "Run ALL tests" option. Thanks to xet7 and Claude. - [rebuild-wekan.bat: Windows menu parity for building, running and testing WeKan](https://redirect.github.com/wekan/wekan/commit/d5e5df6549f0496e4eaa54675eee2392cbebdd8d): the Windows batch script now mirrors rebuild-wekan.sh's interactive menu so building, running and testing WeKan (Mocha, import regression, Node E2E and Playwright Chromium/Firefox/WebKit) works on Windows amd64/arm64 too. Thanks to xet7 and Claude. - [Bumped form-data from 2.5.5 to 2.5.6](https://redirect.github.com/wekan/wekan/pull/6375): security fix for the CRLF-injection issue (CVE-2026-12143, GHSA-hmw2-7cc7-3qxx) where CR/LF/`"` in multipart field names and filenames were not escaped. It is a transitive dependency (pulled in via `@google-cloud/storage`); lockfile-only change. Thanks to Dependabot, xet7 and Claude. - [Bumped launch-editor from 2.13.2 to 2.14.1](https://redirect.github.com/wekan/wekan/pull/6376): a dev-only dependency (used by `webpack-dev-server` / `@rsdoctor/sdk`, not in the production bundle); lockfile-only change. Thanks to Dependabot, xet7 and Claude. - [Bumped docker/setup-buildx-action from 3 to 4](https://redirect.github.com/wekan/wekan/pull/6377): GitHub Actions workflow action update used by the Docker image build. Thanks to Dependabot, xet7 and Claude. - [Bumped azure/setup-helm from 4 to 5](https://redirect.github.com/wekan/wekan/pull/6378): GitHub Actions workflow action update used by the Helm chart release workflow. Thanks to Dependabot, xet7 and Claude. - [Bumped dompurify from 3.4.6 to 3.4.9](https://redirect.github.com/wekan/wekan/pull/6379): update of the HTML sanitizer used to sanitize card descriptions, comments and other rendered markdown (XSS protection). Thanks to Dependabot, xet7 and Claude. and adds the following new features: - [Added card dependency "Red Strings" / PI program board](https://redirect.github.com/wekan/wekan/commit/5bd1d0ae742e118561b0e9e3170c1e44bd579ad8): visualize card-to-card dependencies as red, arrow-headed connection lines drawn on top of the board (for SAFe PI-planning program boards). A card now has a `cardDependencies` list edited from a new "Dependencies" section in the card detail (pick or remove other cards on the same board), and a board header toggle (`showDependencies`) renders an SVG overlay that draws a red curve from each card to each of its dependencies, following the live card positions on scroll/resize. The overlay is non-interactive (`pointer-events: none`) so cards stay clickable. Each dependency is now **typed and customizable**: a relation `type` (`related-to`, `blocks`, `is-blocked-by`, `fixes`, `is-fixed-by` — the type sets the arrow direction; `related-to` is undirected), a per-line `color` (any color, via a color picker, not just red) and an `icon` (FontAwesome). The card detail "Dependencies" section edits all three (relation type, color, icon picker), with a search-by-title picker to add one; a colored icon+count **badge** is shown on the minicard; and the board Filter sidebar can **filter cards by dependency relation type**. A **REST API** was added (tag `Dependencies`, documented in the OpenAPI docs and `api.py`): `GET /api/boards/:boardId/dependencies`, `GET/POST /api/boards/:boardId/cards/:cardId/dependencies` and `PUT/DELETE /api/boards/:boardId/cards/:cardId/dependencies/:targetId`, each accepting `type`/`color`/`icon`. Dependency lines can be **exported** (Board Settings → Export → Dependencies / JSON and / SVG; the SVG is a standalone, round-trippable diagram) and **imported** (All Boards → New → Import → Dependencies (JSON/SVG)) into a chosen board, matching cards by id, then card number, then title. Importing a **Jira** board now maps Jira `issuelinks` best-effort to dependency relations. Card dependencies and the board's `showDependencies` toggle are **preserved** through card/board copy and WeKan board export/import/migrate (target ids are remapped, dangling ones dropped), and a card **moved** to another board drops its now cross-board dependencies and cleans inbound references. Covered by tests ([Part 1](https://redirect.github.com/wekan/wekan/commit/536fc4913cab9b8fdbdf1cdd9827358a7d23a0b3), [Part 2](https://redirect.github.com/wekan/wekan/commit/d2e928bb113c51a293105bfc0d7465e4836363e3), [Part 3](https://redirect.github.com/wekan/wekan/commit/4152847483e168dd80d0f99b9a91c470765b6bc0)): e2e specs `27-red-strings` (overlay, toggle, typed lines, minicard badge, copyCard preservation, import matching) and `28-dependencies-rest` (REST CRUD + schema validation), plus mocha unit tests for the metadata helpers, the REST OpenAPI annotations, the filter selector, the cross-board move cleanup and the Jira issue-link mapping. [Fixed editing an existing dependency from the card detail throwing a client 403](https://redirect.github.com/wekan/wekan/commit/1db64f4ddeacb0f0ac130726a306df5dfce7fd19) ("Untrusted code may only updateAsync documents by ID") — changing a relation's type/color/icon or removing it now rewrites the `cardDependencies` array and updates by `_id` instead of using a forbidden positional-`$` selector update, and [fixed the dependency icon picker not applying the chosen icon](https://redirect.github.com/wekan/wekan/commit/e8a8007814d777f2c89d26cfdc878912c7072c9b) (the popup now edits the source card, not the dependency row), with an e2e test for editing a dependency's type/color/icon. Added a piplanning.io / Kendis / Miro-style **drag-to-connect** ([Part 1](https://redirect.github.com/wekan/wekan/commit/06bc92c200b93ff6d233ba5d2a40c4d939922cd3), [Part 2](https://redirect.github.com/wekan/wekan/commit/9fe9e6087899823df064cce7c640f88be43914a4)): when the overlay is on, each minicard shows a small **connect handle** (right edge, on hover) — **drag it onto another card to create a dependency** (a dashed guide line follows the cursor) — and a **connection line is clickable** to change its type/color/icon or delete it. It is **not** a mode: cards stay clickable and the rest of the overlay is click-through. The **Dependencies (JSON/SVG)** importer now also best-effort maps **Miro** REST API data (items + connectors, resolved to card titles; "block"/"fix" captions → relation type); Kendis/piplanning.io (and GitHub/GitLab) have no public dependency format, so a generic `{ "lines": [...] }` JSON interchange is documented for them. Documented in [Features/RedStrings](https://redirect.github.com/wekan/wekan/blob/main/docs/Features/RedStrings/RedStrings.md). Fixes [#​3392](https://redirect.github.com/wekan/wekan/issues/3392). Thanks to CodeFreezr, dbt4u, helioguardabaxo, xet7 and Claude. - [Added an Admin Panel "Shared templates" view grouped by Organization / Team / email Domain](https://redirect.github.com/wekan/wekan/commit/fc9e8674d89ec5b045f2e2c1b14fade9e92baf0d): a new admin-only "Shared templates" tab under Admin Panel → People lists users' shareable template boards, grouped by Organization, Team or email Domain. The three scope checkboxes are live view filters (default unchecked); checking one or more shows the matching groups, and only users whose Templates board is non-empty are listed. A new admin-only `adminSharedTemplates` method enumerates each user's linked template boards (the `cardType-linkedBoard` cards in their Board Templates swimlane) and returns them with the user's orgs/teams/email domains; the boards are shown as links into each template board. Covered by an e2e suite (`tests/playwright/specs/26-shared-templates.e2e.js`). Documented in [Features/Templates](https://redirect.github.com/wekan/wekan/blob/main/docs/Features/Templates.md#shared-templates-admin-view). Fixes [#​3313](https://redirect.github.com/wekan/wekan/issues/3313). Thanks to xet7 and Claude. and fixes the following bugs: - [Fixed duplicate `MONGO_URL` environment variable generated by the Helm chart](https://redirect.github.com/wekan/charts/commit/d1662fc3b91a6ce28d5ea92ec2ad06d0df3e0755), which made `helm install`/`upgrade` fail with `duplicate entries for key [name="MONGO_URL"]` when the default `env` list (which already includes `MONGO_URL`) was used. The chart now emits its computed `MONGO_URL` only when one is not already provided via `env` or `secretEnv`. Fixes [#​6289](https://redirect.github.com/wekan/wekan/issues/6289). Thanks to the reporter, xet7 and Claude. - [Fixed GFM strikethrough (`~~text~~`) no longer rendering in card descriptions](https://redirect.github.com/wekan/wekan/commit/92b0f96387c831839eb299a8feb00fe614419783): markdown-it renders `~~text~~` to `<s>…</s>`, but the DOMPurify allow-list did not include `s`/`del`/`strike`, so the sanitizer stripped the tag (keeping the bare text). Those inline tags are now allowed in both DOMPurify configs. Fixes [#​6008](https://redirect.github.com/wekan/wekan/issues/6008). Thanks to Buo-ren Lin, xet7 and Claude. - [Fixed the release pipeline's OpenAPI docs generator crashing on template-literal route paths](https://redirect.github.com/wekan/wekan/commit/17bb7c1264969a50f778452b37335599e3af0518), which failed the GitHub Actions "release-all" bump job (`AttributeError: 'NoneType' object has no attribute 'rstrip'`) when a REST route is registered with a backtick path such as `` `/api/boards/:boardId/export/${format}` ``. The generator now resolves such paths (a `${identifier}` becomes a `{identifier}` path parameter) and skips any route whose path cannot be resolved statically instead of aborting the whole release. Thanks to xet7 and Claude. - [Fixed the Member Settings "Change Avatar" entry rendering in a different (uppercase-looking) style than the other menu items](https://redirect.github.com/wekan/wekan/commit/d241f9d8f6b20fb9bdc0f829a9ffb5f595c3b8bd): its label was mis-nested inside the `<i class="fa fa-picture-o">` icon element instead of being a sibling of it, so it inherited the FontAwesome icon font styling. The label now sits directly under the menu link like every other entry. Thanks to xet7 and Claude. - [Hardened the reactive `DataCache` teardown to re-check for dependents before stopping a still-used entry](https://redirect.github.com/wekan/wekan/commit/82192d04703c3b4bc09b7f28b8923d979c3b8831): the 60s teardown timeout could stop the computation and delete a value that a dependent re-attached to during the window, surfacing as a transient `undefined` (a contributor to the "Board not found" flicker). Thanks to xet7 and Claude. - [Fixed board export error responses returning HTTP 200 with an empty body](https://redirect.github.com/wekan/wekan/commit/309425545ffa91747f1f8d7d8585ec04795e13bf): the export endpoints passed a bare number to `sendJsonResult`, which treats its argument as an options object, so 404/400/403/auth failures returned 200 with no body. They now return the correct status code and a JSON error body. Thanks to xet7 and Claude. - [Fixed the board create/delete REST handlers masking errors as success](https://redirect.github.com/wekan/wekan/commit/29631f6f4b61fcf19ec1517a2ce335f3de7ac4b0): `POST /api/boards` and `DELETE /api/boards/:boardId` caught errors and returned `code: 200` with the error as data; they now report the real status code (so e.g. an unauthorized delete returns a 4xx). Thanks to xet7 and Claude. - [Hardened board import against out-of-range swimlane/card colors](https://redirect.github.com/wekan/wekan/commit/5eeedf8744ce344e5258a2c26698b9af66c78142): like the earlier board-color fix, a card or swimlane color is now applied only when it is a recognized color value, so a foreign/old export carrying an unknown color can no longer fail collection2 validation and abort the import. Thanks to xet7 and Claude. - Fixed the GitHub Actions **Playwright E2E** workflow so the Firefox and WebKit browsers can actually run ([Firefox/WebKit](https://redirect.github.com/wekan/wekan/commit/351da691381c197d2fdb35c8d5a5da6e514a4085), [mongosh](https://redirect.github.com/wekan/wekan/commit/a3d4848c88956e588ce46672c103f266d072f969)): the test step now sets `WEKAN_PLAYWRIGHT_ALL=1` (so `--project=firefox`/`webkit` resolve instead of failing with "Project not found"), WebKit was added to the CI matrix (Playwright's bundled WebKit runs headless on the Linux runner), and `mongosh` is now installed in the Playwright and Puppeteer-regression jobs (the e2e DB helpers shell out to it, which was failing with `spawnSync mongosh ENOENT`). `npm run test:playwright:all` got the same `WEKAN_PLAYWRIGHT_ALL=1` fix. Thanks to xet7 and Claude. - [Translated the remaining untranslated English strings in the Finnish translation](https://redirect.github.com/wekan/wekan/commit/599687f507b5279156fe93c47a546ec74ba92fef) (`fi.i18n.json`) — the Shared Templates, card-dependency ("Red Strings") and dependency import/export strings — using the existing Finnish terminology. Thanks to xet7 and Claude. - [Fix flaky Playwright card/board tests under the parallel run](https://redirect.github.com/wekan/wekan/commit/19fe2e2b6f21b5206e29dcd568576f001abbf37a): the new 3-browser parallel run surfaced three load-induced (not product) failures that took DOM snapshots before the UI had settled. Thanks to xet7 and Claude. Details: - `03-cards-operations` "move does not create duplicate cards" read the card titles immediately after the move and could catch the card mid-flight (already removed from the source list, not yet rendered in the target). It now waits for the card to be visible in the target list and gone from the source list before snapshotting. - `03-cards-operations` "add-to-bottom places the card last" polls until the reactive re-sort places the new card last, since `submitNewCard` only waits for the card to exist, not for its final sort position. - `helpers/auth.js` `openBoard` now retries up to 5 times at 20s each so the slowest browser (WebKit) survives the contention of the 3-browser parallel run against one shared dev server, instead of failing in test setup. - [Build scripts: At tests option 9, run option 2 build if .build or node\_modules missing](https://redirect.github.com/wekan/wekan/commit/9f2a81349f6edafc4784bb508afe2df016deaa17). Thanks to xet7 and Claude. Thanks to above GitHub users for their contributions and translators for their translations. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC93ZWthbiIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
7db3197b65 |
fix(crafty-4): update image registry.gitlab.com/crafty-controller/crafty-4 4.10.6 → 4.10.7 (#49198)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [registry.gitlab.com/crafty-controller/crafty-4](https://craftycontrol.com/) ([source](https://gitlab.com/crafty-controller/crafty-4)) | patch | `2189f47` → `67c2cba` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>crafty-controller/crafty-4 (registry.gitlab.com/crafty-controller/crafty-4)</summary> ### [`v4.10.7`](https://gitlab.com/crafty-controller/crafty-4/blob/HEAD/CHANGELOG.md#----4107---20260616) [Compare Source](https://gitlab.com/crafty-controller/crafty-4/compare/v4.10.6...v4.10.7) ##### Bug fixes - Fix python `3.13+` specific notation to add support back for `3.10-12` ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/1043)) - Fix Bedrock server creation and updates due to static `FileHelpers.ssl_file_get()` call ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/1044)) - Fix Java server updates due to static `FileHelpers.ssl_file_get()` call ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/1044)) - Fix modded server installs failing on non-windows environments ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/1047)) - Fix Hytale server creation hanging on "Importing..." ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/1041)) - Fix CPU pinned at 100% after terminal buffer changes ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/1045)) <br><br> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9jcmFmdHktNCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvcGF0Y2giXX0=--> |
||
|
|
4a5030a92d |
chore(freshrss): update image ghcr.io/linuxserver/freshrss digest to 699594b (#49191)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/freshrss](https://redirect.github.com/linuxserver/docker-freshrss/packages) ([source](https://redirect.github.com/linuxserver/docker-freshrss)) | digest | `b24ddde` → `699594b` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9mcmVzaHJzcyIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |
||
|
|
4f1b533cd9 |
chore(babybuddy): update image ghcr.io/linuxserver/babybuddy digest to 8f86cc0 (#49188)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/babybuddy](https://redirect.github.com/linuxserver/docker-babybuddy/packages) ([source](https://redirect.github.com/linuxserver/docker-babybuddy)) | digest | `e3db38f` → `8f86cc0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9iYWJ5YnVkZHkiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL2RpZ2VzdCJdfQ==--> |
||
|
|
593d58364a |
chore(boinc): update image ghcr.io/linuxserver/boinc digest to b356147 (#49189)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/linuxserver/boinc | digest | `c6773f0` → `b356147` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9ib2luYyIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |
||
|
|
90e9a34667 |
fix(mstream): update image ghcr.io/linuxserver/mstream 6.11.0 → 6.11.1 (#49202)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/linuxserver/mstream](https://redirect.github.com/linuxserver/docker-mstream/packages) ([source](https://redirect.github.com/linuxserver/docker-mstream)) | patch | `f74951f` → `ce2f683` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tc3RyZWFtIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9wYXRjaCJdfQ==--> |
||
|
|
e38dcd81f7 |
feat(dispatcharr): update image docker.io/dispatcharr/dispatcharr 0.26.0 → 0.27.0 (#49205)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/dispatcharr/dispatcharr](https://redirect.github.com/Dispatcharr/Dispatcharr) | minor | `9275b0c` → `4251290` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>Dispatcharr/Dispatcharr (docker.io/dispatcharr/dispatcharr)</summary> ### [`v0.27.0`](https://redirect.github.com/Dispatcharr/Dispatcharr/blob/HEAD/CHANGELOG.md#0270---2026-06-16) [Compare Source](https://redirect.github.com/Dispatcharr/Dispatcharr/compare/v0.26.0...v0.27.0) ##### Added - **Manual Server Groups for shared M3U connection limits.** The existing `ServerGroup` model and account FK are now wired into live and VOD playback. Accounts assigned to the same group share a credential-scoped Redis counter when their provider logins match (hashed fingerprint); unrelated logins in the same group keep separate counters. Enforcement uses each profile's `max_streams` - not a group-wide cap - and profiles with `max_streams=0` skip credential pooling for that profile while still rotating on their own per-profile counter. New `apps/m3u/connection_pool.py` centralizes reserve/release, profile rotation, and credential moves on profile switch. (Closes [#​1137](https://redirect.github.com/Dispatcharr/Dispatcharr/issues/1137)) — Thanks [@​Goldenfreddy0703](https://redirect.github.com/Goldenfreddy0703) - **Server Groups manager UI** on the M3U Accounts page: create, rename, and delete groups with account counts and delete confirmation. Groups load on login via a new Zustand store and REST helpers (`/api/m3u/server-groups/`). - **M3U account form** adds a Server Group picker (including inline “add group”), reorganized into three columns (source/auth, connection limits, sync/content), and a Manage server groups shortcut. - **VOD profile selection** uses `pool_has_capacity_for_profile()` so grouped accounts respect shared credential limits before a profile is chosen (non-grouped accounts behave as before). - **Live profile switches** move the shared credential counter when the new profile uses a different provider login; same-login switches leave the credential counter unchanged. - **Credential release keys** stored at reserve time allow counters to be released even if the M3U profile row is deleted afterward. - **PostgreSQL `application_name` tagging by process role.** Pool connections now set `application_name` at connect time (e.g. `Dispatcharr-uwsgi-{pid}`, `Dispatcharr-celery-worker-{pid}`, `Dispatcharr-celery-dvr-{pid}`) so `pg_stat_activity` shows which Dispatcharr process owns each backend instead of a generic client label. ##### Changed - **Plugin repo manifests support split download and metadata base URLs.** `download_base_url` and `metadata_base_url` are optional alternatives to `root_url` in the plugin repository manifest, so repo authors can serve metadata (manifests, icons) and release zips from different origins without absolute URLs everywhere. Manifest and icon URLs resolve via `metadata_base_url` then `root_url`; latest/download URLs resolve via `download_base_url` then `root_url`. When `metadata_base_url` is set and a plugin entry has `manifest_url` but no `icon_url`, the icon defaults to `logo.png` in the same directory as the per-plugin manifest. Manifests using only `root_url` behave identically to before. — Thanks [@​sethwv](https://redirect.github.com/sethwv) - **Live and VOD connection slot logic now routes through `connection_pool`.** `Channel.get_stream()`, direct `Stream.get_stream()`, VOD profile selection, and the multi-worker VOD connection manager all call `reserve_profile_slot()` / `release_profile_slot()` instead of inline Redis INCR/DECR. VOD profile selection also checks `pool_has_capacity_for_profile()` before choosing a profile. - **Live XC upstream URLs use current credentials.** `_resolve_live_stream_url()` builds `/live/{user}/{pass}/{stream_id}.ts` from transformed account credentials and the stream's provider `stream_id`, so playback stays aligned with the active login after credential or profile changes instead of reusing a stale `stream.url` from sync. - **Channel stream switches check pooled capacity.** `get_stream_info_for_switch()` uses `profile_available_for_channel_switch()` when targeting a specific stream, and releases a reserved slot if URL assembly fails after `get_stream()` allocated one. - **Live proxy init reads Redis assignment once.** After `generate_stream_url()` reserves a slot, the stream handler reads `channel_stream` / `stream_profile` from Redis instead of calling `get_stream()` again, avoiding double INCR under concurrent release. - **Centralized Dispatcharr User-Agent construction in `core.utils`.** Outbound HTTP calls (Schedules Direct API, update checks, logo/VOD fallbacks, DVR recording clients) now use `dispatcharr_user_agent()`, `dispatcharr_dvr_user_agent()`, and `dispatcharr_http_headers()` instead of ad-hoc `Dispatcharr/{version}` strings and stale `Dispatcharr/1.0` fallbacks. - **EPG auto-match overhaul** — matching logic moved to `apps/channels/epg_matching.py`; Celery tasks in `tasks.py` are thin wrappers. - Single-channel auto-match is now asynchronous: the API returns `202 Accepted` and pushes the result over WebSocket (`single_channel_epg_match`), so large EPG libraries no longer hit the previous 30-second HTTP timeout. - Progress, bulk completion, and single-channel results use `send_websocket_update` instead of `async_to_sync(channel_layer.group_send)`, so notifications work reliably under gevent-patched uWSGI and Celery workers. - Single-channel and selected-channel auto-match always run, even when the channel already has EPG assigned; match-all (no channel IDs) still only processes channels without EPG. - Rematching to the same EPG no longer re-saves the channel or queues program-parse tasks; only assignments that actually change are written and refreshed. - **Easier EPG search when editing a channel.** The filter in the EPG picker now works more like a normal search box. You can type several words at once (e.g. `sky uk`) and it finds channels where every word appears somewhere in the name or TVG-ID, the order doesn't matter, and a word in the name can pair with one in the ID. Accents are ignored too, so `decale` matches `Décalé` and the other way around. — Thanks [@​FiveBoroughs](https://redirect.github.com/FiveBoroughs) ##### Performance - **XC live refresh releases bulk catalog data sooner during batch processing.** After filtering the single `get_all_live_streams` response, the full provider catalog list is dropped before batch DB work. `process_m3u_batch_direct` (the path XC refreshes use) now runs `gc.collect()` after each batch and clears batch slice references as thread futures complete. Large structures are still `del`'d in the refresh `finally` block before Celery's `task_postrun` runs `cleanup_memory()`. - **VOD movie/series batch matching no longer scans the full no-ID catalog.** `process_movie_batch` and `process_series_batch` previously loaded every `Movie`/`Series` row without TMDB or IMDB IDs on each 1000-item chunk to resolve name+year duplicates. Lookup is now scoped to the names in the current batch via `lookup_by_name_year()`, which reduces memory and DB time per chunk. `refresh_vod_content` and `batch_refresh_series_episodes` are registered for Celery post-task memory cleanup (one GC pass at task end, not per chunk). - **EPG programme parse now streams through PostgreSQL staging instead of holding the full catalogue in Python.** `parse_programs_for_source` writes parsed rows into a session-scoped temp table in batches (`_EPG_PARSE_BATCH_SIZE=2500`), then atomically swaps them into `ProgramData` with batched `DELETE ... RETURNING` + `INSERT` (`_EPG_SWAP_BATCH_SIZE=5000`) so Postgres never materializes the entire guide in one statement. Peak Celery memory during large XMLTV refreshes drops sharply compared with building a monolithic in-memory list before bulk insert. The byte-offset programme index build is deferred until after the swap completes so index construction no longer competes with parse for memory and I/O. `refresh_epg_data` closes its DB connection in `finally`, and `build_programme_index_task` is registered as a memory-intensive Celery task. SQLite/dev installs keep an in-memory fallback path. - **Pooled PostgreSQL connections now rotate on a bounded lifetime.** psycopg3 client-side cache grows on handles kept open indefinitely by `django-db-geventpool`; recycling uWSGI workers would interrupt live streams. A thin custom backend (`dispatcharr.db.backends.postgresql_psycopg3`) closes and replaces pool connections after `DATABASE_POOL_CONN_MAX_LIFETIME` seconds (default 600, env-overridable; set `0` to disable) on checkout and return while preserving warm-pool reuse within the window. (Fixes [#​1343](https://redirect.github.com/Dispatcharr/Dispatcharr/issues/1343)) - **Schedules Direct refresh only fetches guide data for mapped channels.** Schedule MD5 checks and schedule downloads now target mapped lineup stations instead of the entire lineup, and schedule MD5 cache for unmapped stations is pruned each refresh. Unmapped lineup entries no longer trigger wasted schedule API calls when their MD5 changes. - **EPG auto-match memory and throughput improvements.** - Single-channel matching streams active EPG rows and keeps only the best match plus the top 20 candidates in memory; ML validates at most 21 names per channel instead of embedding the full catalog. - Strong fuzzy matches (≥75% single channel, ≥80% bulk) skip ML entirely, avoiding a \~500MB PyTorch load when the fuzzy result is already reliable. - Bulk matching uses a single fuzzy pass per channel instead of scanning the full catalog twice for best match and top candidates. - Bulk exact `tvg_id` / Gracenote matching uses an in-memory index built alongside the EPG catalog (`build_epg_matching_catalog()`), giving O(1) lookups with no extra database queries. - Bulk match apply uses batched queries (two fetches plus `bulk_update`) instead of one `EPGData.objects.get()` per matched channel. - EPG normalization settings are cached once per matching run, avoiding repeated `CoreSettings` reads when normalizing thousands of names. ##### Fixed - **Live proxy channels could remain running with no clients after disconnect.** `stop_channel` called `log_system_event('channel_stop')` synchronously before local cleanup and Redis key deletion; Connect integrations or DB event writes on that path could block teardown indefinitely while the cleanup thread kept refreshing metadata TTL for a stale `stream_buffers` entry. Teardown now signals shutdown (`buffer.stopping`), runs model `release_stream()` and Redis key deletion, releases ownership, stops ffmpeg/output managers and local buffers, and only then logs the stop event asynchronously. Metadata TTL refresh skips channels mid-shutdown and non-owned channels; a stuck-stop watchdog forces cleanup if `stop_channel` does not return within \~10s (or 2× `channel_shutdown_delay`, whichever is greater). Stream buffers ignore late `add_chunk()` writes once shutdown begins (`buffer.stopping` set at teardown start). - **Client reconnect during channel teardown could wedge the channel across uWSGI workers.** The disconnect path called `proxy_server.stop_channel()` directly, so other workers were not notified and reconnecting clients could attach while ownership was released on the owner worker. The cleanup thread then re-acquired expired ownership and looped on orphaned clients while the upstream connection stayed open. All lifecycle stops now go through coordinated Redis teardown (`channel_stopping` flag, metadata `stopping` state, and `CHANNEL_STOP` pubsub). New stream requests are rejected with `503 Retry-After` only during active teardown (not during the post-disconnect shutdown delay grace period); `initialize_channel()` and ownership re-acquisition refuse to proceed in those states; non-owner workers clean local resources only on pubsub; and orphaned-client sweeps force cleanup when teardown is already active. (Fixes [#​1342](https://redirect.github.com/Dispatcharr/Dispatcharr/issues/1342)) - **Orphaned upstream threads kept writing Redis after teardown.** Partial cleanup could remove a channel from `stream_managers` while the `stream-{uuid}` OS thread kept running, so orphan metadata sweeps only deleted Redis keys and chunks/metadata were immediately recreated (bare `total_bytes` hash with TTL -1). Stream managers now stop upstream when ownership is lost, orphan cleanup stops local ffmpeg/stream threads even when registry entries are gone (`_live_stream_managers` tracks managers until the thread exits), and forced recovery stops processes before Redis deletion instead of dropping dict entries without calling `stop()`. - **Rapid channel switching could leave bare `buffer:index` keys in Redis.** `buffer.stop()` flushed a final partial chunk via `INCR` during teardown, creating a persistent index key (TTL -1) after chunk keys expired; under load overlapping disconnect and cleanup-thread stops could race on `_stop_local_stream_activity`, blocking on ffmpeg stderr join before `_clean_redis_keys` ever ran. Teardown no longer writes to Redis from `buffer.stop()`, disconnect uses coordinated stop only (no duplicate upstream stop), model `release_stream()` runs before Redis keys are scanned/deleted (so `profile_connections` counters are not left stuck), ownership is released after Redis cleanup but before the blocking local ffmpeg stop, and a `finally` block guarantees Redis cleanup if local teardown raises. - **Live proxy could leak geventpool DB checkouts outside HTTP requests.** With `django-db-geventpool`, `connection.close()` returns handles to the per-worker pool (`MAX_CONNS=8`); without it, greenlets and OS threads keep connections checked out until the pool blocks on `pool.get()`. Proxy paths that touch the ORM outside Django's request cycle now call `close_old_connections()` after work completes: `_clean_redis_keys()`, profile lookup in `_establish_transcode_connection()` before spawning ffmpeg, and fMP4 client disconnect cleanup when releasing streams (TS disconnect relies on `log_system_event()`). (Fixes [#​1345](https://redirect.github.com/Dispatcharr/Dispatcharr/issues/1345)) - **System events could block callers on Connect and plugin handlers.** `log_system_event()` ran Connect subscriptions and plugin `"events"` hooks synchronously after the DB write, so slow integrations could stall live-proxy and streaming paths even when inserting the event row was fast. Connect/plugin dispatch now runs on a separate gevent when the hub is available (synchronously in Celery workers without a hub). `log_system_event()` and `dispatch_event_system()` also call `close_old_connections()` in `finally` blocks so integration work does not leave pool slots checked out on the caller or dispatch greenlet. - **Plugins could leak geventpool DB checkouts after UI or Connect event runs.** Third-party plugins run inline on uWSGI greenlets (manual actions and Connect `"events"` hooks) with no guaranteed connection cleanup at the plugin boundary. `PluginManager.run_action()` and `stop_plugin()` now call `close_old_connections()` in a `finally` block so each action returns its pool slot whether the plugin succeeds or raises. - **Connect events repeatedly queried the full plugin catalog during streaming.** `trigger_event()` called `list_plugins()` on every `client_connect` / `client_disconnect`, loading all `PluginConfig` rows and sometimes hitting plugin-repo work even when no plugin subscribed to the event. Dispatch now walks the in-memory registry via `iter_actions_for_event()`, returns immediately when no handlers exist, and runs a single batched `enabled` lookup for matching plugins only. Failed plugin actions are logged per handler instead of aborting the rest. - **Plugin discovery left idle Postgres backends after worker boot.** `discover_plugins()` runs outside Django's request cycle during uWSGI and Celery startup; it now calls `close_old_connections()` in a `finally` block so bootstrap `PluginConfig` queries return their pool slot instead of appearing as long-lived idle connections in `pg_stat_activity`. - **VOD proxy could leak geventpool DB checkouts during playback and stats updates.** `stream_vod()` ran ORM lookups for content and M3U profiles, then returned a long-lived `StreamingHttpResponse` without releasing the checkout, so each movie/episode stream could hold a pool slot for its full duration. Background VOD stats refresh (`build_vod_stats_data()`, triggered on start/stop and by the admin stats API) also queried movie, episode, and profile rows from daemon threads with no cleanup. `stream_vod()` now calls `close_old_connections()` before handing off to the streaming generator, and `build_vod_stats_data()` releases its checkout in a `finally` block. - **Channel shutdown delay did not reset after a reconnect within the grace period.** `handle_client_disconnect()` used a fixed `gevent.sleep(shutdown_delay)` from the first last-client disconnect. If a client reconnected and disconnected again during the delay, an earlier disconnect handler could still stop the channel on the original timer instead of waiting the full delay from the latest disconnect. Shutdown now polls Redis (`last_client_disconnect` timestamp and client count) so concurrent disconnect handlers and multi-worker reconnects always honour the latest disconnect time. - **Zombie ffmpeg could survive owner-lock expiry and orphan Redis sweeps.** When the 30s owner lock lapsed under single-worker load, disconnect handling treated the worker as non-owner so coordinated stop never ran, while ffmpeg kept writing and the orphan sweeper only deleted Redis keys (recreating them immediately). Disconnect now re-acquires ownership when local upstream is still active, stops locally when the last client leaves without a lock, orphan cleanup stops local ffmpeg before Redis deletion via `_has_local_upstream_activity`, re-init stops lingering upstream before starting a duplicate thread, and `is_channel_teardown_active` includes channels mid-`stop_channel` on this worker so rapid reconnect gets 503 during teardown. - **Stale `channel_stream` Redis keys after a channel stopped could skip connection accounting on retune.** On `dev`, `get_stream()` reused any existing `channel_stream` / `stream_profile` assignment without reserving a new slot. If those keys were left behind after a stop, the next tune-in could reach the provider without incrementing Redis counters. `get_stream()` now releases stale assignments when proxy metadata shows the channel is inactive, then reserves fresh slots. - **EPG auto-match reliability fixes.** - Memory could spike to multiple GB on large EPG sources when building a full in-memory catalog before fuzzy matching; single-channel matching now streams rows and bounds ML work to a small candidate set. - Wrong channel assignments from global ML similarity; ML validation now checks the fuzzy best match (or top fuzzy candidates as a last resort) instead of scoring the entire catalog. - Channel form auto-match spinner could stick after errors or early task exits; all single-channel outcomes now push a WebSocket result, and the UI clears loading state after a 3-minute timeout. - Bulk auto-match completion no longer calls `batch-set-epg` from the WebSocket handler, which had been re-applying every match and queueing redundant `parse_programs_for_tvg_id` tasks even when assignments were unchanged. - **Schedules Direct lineup search country dropdown.** The country list was fetched directly from the SD API in the browser, which failed due to CORS and silently fell back to a 14-country hardcoded list. Countries are now included in the `GET sd-lineups` response (server-side fetch with proper User-Agent) so the full SD country list populates correctly. — Thanks [@​sethwv](https://redirect.github.com/sethwv) - **Schedules Direct program poster proxy omitted User-Agent on image requests.** The poster endpoint authenticated with SD correctly but fetched images with only the `token` header, which violates SD's API requirements (error 1003). Image requests now include the standard `Dispatcharr/{version}` User-Agent via `dispatcharr_http_headers()`. - **Schedules Direct guide data missing after mapping a channel.** Lineup refreshes cached schedule MD5s for all stations, but `ProgramData` was only written for mapped channels. Mapping a channel later could leave MD5s looking unchanged so schedules were skipped and the channel had no guide until dates rolled outside the cached window. Refreshes now backfill fetch-window dates that lack `ProgramData` (including newly mapped stations with stale cache), fetch program metadata when no local `ProgramData` exists for a `programID`, and clean up orphaned `ProgramData` on unmapped `EPGData` entries. — Thanks [@​sethwv](https://redirect.github.com/sethwv) - **Schedules Direct guide fetch on channel map.** Mapping a channel (or bulk-assigning EPG) now triggers a targeted guide fetch for that `EPGData` entry—mirroring XMLTV's `parse_programs_for_tvg_id` flow—without waiting for the next full source refresh. Skips the fetch when `ProgramData` already exists so additional channels sharing the same `tvg-id` do not trigger redundant API calls. Bulk assignment of three or more SD stations without guide data on the same source queues one batched mapped-station fetch instead of separate per-station API sessions. Concurrent batch and single-EPG fetches coordinate via source-level locks with deferred retries so mappings are not dropped and overlapping SD API sessions are avoided when possible. - **Auto-sync numbering modes now read only the fields each mode's UI exposes.** After the auto-sync overhaul, switching between Provider, Next Available, and Fixed modes left stale `auto_sync_channel_start` / `auto_sync_channel_end` values in the database while each mode's UI only edits a subset of those fields. Sync treated the hidden values as authoritative in every mode, which discarded valid provider numbers (floored at an auto-computed start), capped Next Available at a stale End, and ran range-enforcement deletes against provider- and next-available-numbered channels. Provider mode now honors `stream_chno` verbatim when free (Start/End bound only the fallback for numberless streams); Next Available ignores End; overflow-delete runs in Fixed mode only. Duplicate or already-taken provider numbers fall back to a free slot instead of being dropped or overwriting an existing channel. Provider mode's Start # field now drops End when it would invert the fallback range (matching Fixed mode). (Closes [#​1273](https://redirect.github.com/Dispatcharr/Dispatcharr/issues/1273)) — Thanks [@​CodeBormen](https://redirect.github.com/CodeBormen) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9kaXNwYXRjaGFyciIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=--> |
||
|
|
7a9f7909f2 |
chore(adminer): update image adminer digest to 9ead7e1 (#49187)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | adminer | digest | `af4b73d` → `9ead7e1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9hZG1pbmVyIiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9kaWdlc3QiXX0=--> |
||
|
|
f0431430b2 |
fix(metube): update image ghcr.io/alexta69/metube 2026.06.13 → 2026.06.16 (#49201)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/alexta69/metube | patch | `b182059` → `bdb6992` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9tZXR1YmUiLCJhdXRvbWVyZ2UiLCJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19--> |
||
|
|
5b2c8b1ab8 |
chore(kdenlive): update image lscr.io/linuxserver/kdenlive digest to e87b6d5 (#49193)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | lscr.io/linuxserver/kdenlive | digest | `d7ff6d0` → `e87b6d5` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9rZGVubGl2ZSIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvZGlnZXN0Il19--> |