ci: unify versioning with conventional commits auto-bump#46
Merged
Conversation
Owner
Serph91P
commented
Mar 15, 2026
Serph91P
commented
- Rewrite version determination to use highest tag across all branches
- Auto-detect bump type from conventional commits (feat->minor, fix->patch, breaking->major)
- Add copilot-instructions.md with commit message convention
- Add .vscode/settings.json for commit message generation
- Update .gitignore to track .vscode/settings.json
- Rewrite version determination to use highest tag across all branches - Auto-detect bump type from conventional commits (feat->minor, fix->patch, breaking->major) - Add copilot-instructions.md with commit message convention - Add .vscode/settings.json for commit message generation - Update .gitignore to track .vscode/settings.json
Serph91P
added a commit
that referenced
this pull request
Mar 15, 2026
* feat: Complete Phase 2 - Users, Activity & Library Detail Views
- Add PlaybackActivity model for detailed playback session tracking
- Add activity API routes (/api/activity/) with list, stats, active sessions
- Add users API routes (/api/users/) with list, detail, activity endpoints
- Extend Emby sync with _sync_active_sessions() for real-time session tracking
- Add Users.tsx page with search, pagination, user stats
- Add UserDetail.tsx page with Overview/Activity tabs and time-based stats
- Add Activity.tsx page with global activity log, active sessions, stats cards
- Add LibraryDetail.tsx with Overview/Media/Activity tabs
- Extend libraries API with /details, /media, /activity endpoints
- Update navigation with Users and Activity menu items
- Library cards now link to detail view
Completes Phase 2 of PLANNED_FEATURES.md roadmap (Jellystat-style features)
* feat: Add PostgreSQL support and fix sync issues
Database:
- Add PostgreSQL support via POSTGRES_* environment variables
- Add asyncpg driver to requirements
- Create docker-compose.postgres.yml for PostgreSQL setup
- Keep SQLite as default for simple deployments
- Add connection pooling for PostgreSQL
Bug Fixes:
- Fix MediaItem.parent_id AttributeError by using series_id (external_id)
- Add parent_id column to MediaItem model for future use
- Fix Users API to fallback to UserWatchHistory when PlaybackActivity is empty
- Fix deprecation warning: regex -> pattern in Query parameters
- Remove 'Jellystat-style' comments from codebase
Improvements:
- Sync jobs now visible in Jobs view with execution logs
- Manual sync shows progress/errors in Jobs history
- Users page shows last watched from UserWatchHistory fallback
* chore: Update PostgreSQL to version 18 (latest stable)
* fix: Add PostgreSQL support to database migrations
- Add column_exists() helper for SQLite/PostgreSQL compatibility
- Add table_exists() helper for SQLite/PostgreSQL compatibility
- Use information_schema for PostgreSQL column/table checks
- Use pragma_table_info for SQLite column checks
- Add IF NOT EXISTS for PostgreSQL ALTER TABLE commands
- Use SERIAL PRIMARY KEY for PostgreSQL auto-increment
* chore: Remove ARM64 build to speed up CI
- Build only linux/amd64 for faster builds
- Remove QEMU setup (not needed without cross-platform builds)
- Update release notes to reflect single architecture
- Add note about opening feature request for ARM support
* refactor: Remove Jellystat service type
- MediaCurator now has built-in watch statistics tracking
- Jellystat integration no longer needed
- Removed from frontend ServiceType, service options
- Removed from backend models and schemas
* feat: Add individual service sync jobs in Jobs tab
- Add separate sync jobs for each enabled service
- Show service sync status with running indicator
- Add manual 'Sync Now' button per service
- Display last sync result and duration
- Auto-refresh job status every 5 seconds
- New API endpoint POST /jobs/sync/service/{id}
- Service sync jobs show in job history
* fix: Emby sync creates MediaItems and populates watch statistics
- Sync libraries, movies, series, episodes directly from Emby
- Path-based library association for proper linking
- Track user total_plays and total_watch_time_seconds
- Use external_id for watch data matching
- Include RunTimeTicks for watch time calculation
* refactor(sync): Emby now matches existing items by PATH instead of creating duplicates
BREAKING CHANGE: Emby sync architecture completely redesigned
The core insight:
- Sonarr/Radarr CREATE MediaItems with file paths and metadata
- Emby PROVIDES watch statistics (plays, progress, favorites)
- Previous code created DUPLICATE items from Emby with different external_ids
New behavior:
- _sync_emby() no longer creates MediaItems
- Loads ALL existing items and builds path -> item mapping
- Matches Emby items to Sonarr/Radarr items by normalized PATH
- Updates library_id based on Emby library paths
- Applies watch data (play count, is_watched, favorites, progress) to matched items
- Updates user statistics and watch history
Key changes:
- Removed: external_id_to_item mapping (was causing duplicates)
- Added: path_to_item mapping with normalized paths (/ instead of \)
- track_watch_data() now uses paths, skips items not in database
- _sync_active_sessions() simplified to use only path_to_item
- currently_watching_ids -> currently_watching_paths
- Return value updated (Emby reports 0 added, only updated counts)
This fixes:
- Movies showing 0 plays (Emby data was on separate items)
- Libraries showing 0 counts
- Users showing no watch data
- Activity/history not tracking properly
* feat: WebSocket real-time job system + Setup Wizard
WebSocket System:
- Add ConnectionManager (backend/app/core/websocket.py)
- Add /api/ws/jobs endpoint with ping/pong support
- Add progress callbacks to Sonarr, Radarr, Emby sync
- Integrate WebSocket broadcasts in all scheduler jobs
- Add Zustand job store (frontend/src/stores/jobs.ts)
- Add global WebSocket hook with auto-reconnect & toasts
- Rewrite Jobs page with live progress bars & running panel
- Add animated job count badge in Layout sidebar
Setup Wizard:
- Add backend API: /api/setup/status, test-connection, add-service, complete, skip
- Add 5-step frontend wizard (Welcome → Arr → MediaServer → Sync → Complete)
- Add SetupGate redirect in App.tsx for first-time setup
- Enforce service order: Sonarr/Radarr before Emby/Jellyfin
Docs:
- Update DEVELOPMENT_STATUS.md with new features
* fix: resolve all priority 1-5 bugs from DEVELOPMENT_STATUS.md
BUG-001 (CRITICAL): LibraryDetail.tsx complete rewrite
- Fix double /api/ prefix causing 404 errors on all API calls
- Migrate from manual useState/useEffect to React Query (useQuery)
- Remove local formatBytes, formatDuration, formatDate, formatRelativeTime
- Import shared utilities from lib/utils.ts
- Add proper light/dark mode classes throughout
BUG-002 (HIGH): Fix Login.tsx & Register.tsx light-mode
- Replace hardcoded dark classes with light/dark pairs
- Fix: bg-dark-800 → bg-white dark:bg-dark-800
- Fix: text-white → text-gray-900 dark:text-white
- Fix: text-dark-200 → text-gray-700 dark:text-dark-200
- Fix: border-dark-700 → border-gray-200 dark:border-dark-700
- Fix inputs: bg-gray-50 dark:bg-dark-800, proper placeholder colors
BUG-003 (HIGH): Fix ConfirmDialog.tsx light-mode
- Modal background, title, message, footer, cancel button themed
BUG-004 (HIGH): Fix Skeleton.tsx light-mode
- Base skeleton: bg-gray-200 dark:bg-dark-700
- Card/Stats containers: bg-white dark:bg-dark-800
BUG-005 (MEDIUM): Fix Toast theming in main.tsx
- Replace hardcoded hex colors with Tailwind CSS classes
- Toasts now respect light/dark mode automatically
BUG-006 (MEDIUM): Fix German locale in utils.ts
- Change formatDate and formatDateTime from 'de-DE' to 'en-US'
- Add formatDuration utility function for shared use
BUG-008 (MEDIUM): Call fetchUser on app init
- ProtectedRoute now calls fetchUser() on mount when token exists
- Ensures fresh user data instead of potentially stale persisted state
BUG-009 (LOW): Remove duplicate formatBytes from Preview.tsx
- Import from shared lib/utils.ts instead
BUG-010 (LOW): Fix manual debounce in Users.tsx
- Replace setTimeout-based debounce with useDebounce hook
* docs: update DEVELOPMENT_STATUS.md with Session 3 bugfix results
* feat: UX improvements, recharts charts, code-splitting
- Layout.tsx: German strings → English (BUG-006 complete)
- ResponsiveTable: Add light mode classes (missing dark: variants)
- Activity.tsx: useDebounce hook, shared utils (formatDurationLong,
formatWatchTime), ResponsiveTable migration, 3× recharts charts
(Daily Plays area, Day-of-Week bar, Hour-of-Day bar)
- UserDetail.tsx: shared utils, ResponsiveTable migration
- Staging.tsx: ResponsiveTable migration
- Jobs.tsx: Executions table → ResponsiveTable
- App.tsx: React.lazy code-splitting for 13 pages with Suspense
- utils.ts: Add formatDurationLong and formatWatchTime shared functions
- DEVELOPMENT_STATUS.md: Update for Session 4
* feat: Phase 2 enhancements - ResponsiveTable, filters, dashboard charts
- LibraryDetail.tsx: Migrate Media + Activity tabs to ResponsiveTable
- Activity.tsx: Add Library-Filter dropdown + Items-per-Page selector (10/25/50/100)
- UserDetail.tsx: Add Library-Filter on activity tab
- Dashboard.tsx: Add 3x recharts charts (Daily Plays, Day-of-Week, Hour-of-Day)
- PLANNED_FEATURES.md: Update Phase 2/3 status, add Implementation History
- DEVELOPMENT_STATUS.md: Update for Session 5
* fix: int32 overflow on position_ticks/runtime_ticks + expand-rows + accessibility
BUG-011: PlaybackActivity position_ticks/runtime_ticks Integer→BigInteger
- Emby tick values exceed int32 max (~2.1B), e.g. 70223183889
- Added PostgreSQL migration (ALTER COLUMN TYPE BIGINT)
- Added db.rollback() in _sync_active_sessions and services.py error handlers
ResponsiveTable: Expand-Row support
- New props: onRowClick, isExpanded, expandedContent
- Desktop: expanded content as extra <tr> with colSpan
- Mobile: expanded content as div below card
Preview.tsx: Migrated both tables (Series + Movies) to ResponsiveTable
- Series table with expandable season breakdown
- Last page to complete ResponsiveTable migration
Expand-Rows on Activity, UserDetail, LibraryDetail
- IP Address, Device, Play Method (color-coded), Progress bar
- Library Activity API: added ip_address, transcode_video, transcode_audio
ConfirmDialog accessibility
- role=dialog, aria-modal, aria-labelledby, focus trap, Escape key, click-outside
Documentation: DEVELOPMENT_STATUS.md + PLANNED_FEATURES.md updated
* docs: fix inconsistencies in DEVELOPMENT_STATUS.md
- Update commit hash from Pending to ea6e64c
- Mark Preview.tsx migration as complete in Priority 2
- Clean up strikethroughs in Priority 4 (Activity, Dashboard fully done)
- Update ResponsiveTable comment (now used on all pages)
- Consolidate Activity Features line (all items done)
* fix: movie watch stats + user last seen/watched/client
BUG-012: Radarr sync stored folder path instead of file path
- movie.get('path') returns '/movies/Title/' (folder)
- Emby returns '/movies/Title/Title.mkv' (file)
- Path matching in track_watch_data failed for ALL movies
- Fix: prefer movieFile.path over movie.path
- Existing movies auto-corrected on next Radarr sync
BUG-013: Users page Last Seen/Watched/Client broken
- last_activity_at relied on LastPlayedDate from Emby (often missing)
- Silent except:pass swallowed parsing errors → now logger.warning
- Fallback: set last_activity_at to sync time if user has plays
- UserWatchHistory fallback: filter on is_played instead of
last_played_at IS NOT NULL, sort by coalesce + play_count
Documentation: BUG-012 + BUG-013 added to DEVELOPMENT_STATUS.md
and PLANNED_FEATURES.md Implementation History
* docs: update commit hash to 0ac7124
* chore: update gitignore
* chore: remove unused files
* security: CORS lockdown and reject weak secret keys
* security: mask API keys, notification secrets, and enforce password complexity
* security: add security headers middleware, WebSocket auth, CORS, path traversal fix
* security: refresh token rotation and account lockout mechanism
* security: trusted proxy config and rate limit improvements
* security: allowlist system settings and auth for version endpoints
* security: rate-limit rule endpoints and limit import file size
* security: validate staging paths against allowed directories
* security: replace datetime.utcnow() with timezone-aware datetime.now(timezone.utc)
* fix: remove duplicate return statement in base service
* security: add account lockout columns to User model
* security: add database migration for account lockout columns
* security: add audit log data retention job
* security: enforce SECRET_KEY in docker-compose files
* security: frontend WebSocket auth and refresh token rotation support
* chore: add plan/ to .gitignore
* chore: configure dependabot to target develop branch
* chore(deps): bump npm minor dependencies in /frontend
* security: enhance release workflow with permissions and changelog generation improvements
* security: enhance request handling with body size limit and message rate limiting
* security: add refresh token cleanup job to purge expired and revoked tokens
* security: enhance activity API with request limiting and input sanitization
* security: update notification routes to require active admin for user actions and validate outbound URLs
* security: require active admin for service connection operations and validate outbound URLs
* security: validate outbound URLs in setup wizard service connection endpoints
* security: enhance API routes with request validation and rate limiting
* security: require active admin for system settings and cleanup operations
* security: enhance user API routes with request validation and rate limiting
* security: add CORS validation to warn against wildcard usage in production
* security: implement escape_like function to sanitize user input for database queries
* security: add Content-Security-Policy header to enhance response security
* security: implement SSRF-safe URL validation utility to prevent outbound request vulnerabilities
* security: enforce connection limits per IP in WebSocket manager to prevent abuse
* security: enhance notification channel validation and restrict system setting types
* security: enhance client IP extraction to trust forwarded headers from trusted proxies
* security: add outbound URL validation for Discord, Slack, and generic webhook notifications
* security: migrate JWT storage from localStorage to httpOnly cookies to mitigate XSS risks
* security: enhance authentication flow to prioritize httpOnly cookies for user validation
* security: implement httpOnly cookies for authentication tokens and enhance logout functionality
* security: restrict job management endpoints to admin users only
* security: restrict cleanup rule management to admin users only
* security: enhance setup status endpoint to return minimal info without auth
* security: restrict staging operations to admin users only
* security: enhance health check endpoint to return minimal info without auth
* security: add WebSocket token creation for short-lived authentication
* security: define SENSITIVE_CONFIG_KEYS as a ClassVar for better type safety
* security: improve error handling in directory cleanup process
* security: simplify authentication checks by removing token dependency
* security: replace token retrieval method for WebSocket connection and remove unused storage event listener
* security: remove localStorage token management and streamline WebSocket authentication process
* security: streamline authentication by removing token management and using cookies
* security: update status and date for JWT storage migration to httpOnly cookies
* security: add comprehensive security scanning workflow with SAST/DAST tools
* security: add GitHub Actions workflow for backend and frontend tests with linting
* security: remove deprecated GitHub Actions workflow for tests
* security: add CSRF middleware and update CORS headers to include CSRF token
* security: log security events for invalid tokens and inactive users in authentication flow
* security: enhance authentication flow with CSRF protection and detailed security event logging
* security: add request parameter to library API routes and enforce rate limits
* security: add request parameter and enforce rate limits for media API routes
* security: add request parameter and enforce rate limits for system API routes
* security: add request parameter and enforce rate limits for user activity and update routes
* security: implement CSRF protection middleware with token validation and logging
* security: log rate limit exceed events with detailed information
* security: implement structured logging for security events with severity levels
* security: add CSRF token handling in request interceptor
* security: configure pytest options for strict asyncio mode and test paths
* security: add initial test suite setup in __init__.py
* security: add smoke test for application settings loading
* feat: Genre Distribution Charts & Watch Patterns Heatmap (Phase 3)
Backend:
- Add GET /activity/genre-stats endpoint (genre aggregation from
PlaybackActivity + MediaItem genres, filterable by library_id/user_id/days)
- Add GET /activity/watch-heatmap endpoint (7x24 day-of-week x hour grid)
- Both endpoints follow security patterns (rate limiting, auth, CSRF)
Frontend:
- Activity.tsx: RadarChart (top 12 genres) + CSS grid heatmap (7x24)
- LibraryDetail.tsx: Genre RadarChart + BarChart (watch time) in Overview tab
- UserDetail.tsx: Favorite Genres horizontal BarChart (top 10, 365-day window)
- Dashboard.tsx: Genre Distribution BarChart (top 12, synced with period selector)
Documentation:
- Update DEVELOPMENT_STATUS.md: Phase 3 marked complete, Phase 4 partially started
- Update PLANNED_FEATURES.md: Genre/Heatmap/Favorites marked implemented, history updated
* feat: complete Phase 2 - Timeline, Image Proxy, Grid View, Activity Filters
Phase 2 Completion (Session 10):
Backend:
- GET /users/{id}/timeline: Calendar heatmap (per-day play counts) +
session grouping (30-min gap detection), last 50 sessions with items
- GET /media/{id}/image: Poster image proxy from Emby/Jellyfin with
in-memory cache (200 items, 1hr TTL), episode→series fallback
Frontend - UserDetail.tsx:
- New Timeline tab with 90-day GitHub-style calendar heatmap
- Recent Watch Sessions viewer (grouped by 30-min gaps)
- Activity tab: Type filter (Movies/Episodes) + search input
Frontend - LibraryDetail.tsx:
- Table/Grid view toggle on Media tab
- Grid view with poster images (2:3 aspect ratio cards)
- Poster cards show title, year, file size, play count badge
- Fallback icon when poster unavailable
Documentation:
- Updated DEVELOPMENT_STATUS.md and PLANNED_FEATURES.md
- Phase 2 marked as fully complete
* feat: Phase 4 - Advanced Analytics (5 new endpoints + Analytics page)
Phase 4 - Advanced Analytics (Session 10):
Backend - activity.py:
- GET /activity/concurrent-streams: Historical concurrent stream peaks,
daily peaks chart data, hourly average concurrency
- GET /activity/duration-stats: Session length distribution,
avg/median duration, movies vs series comparison
- GET /activity/completion-rates: Content completion pie chart
(completed >90% / partial / abandoned), by-type breakdown,
most frequently abandoned content
- GET /activity/binge-stats: Binge-watch detection (3+ episodes
of same series), top binged series, top bingers leaderboard
Backend - media.py:
- GET /media/content-reach: Shared vs Solo vs Unwatched content
analysis with viewer counts, top shared content, largest
solo files (cleanup candidates)
Frontend:
- New Analytics.tsx page with 5 tabs:
1. Concurrent Streams (daily peak area chart + hourly avg bar)
2. Duration Stats (distribution histogram + by-type cards)
3. Completion Rates (donut chart + stacked bars + abandoned list)
4. Binge Watch (top series, top users, recent sessions)
5. Content Reach (shared/solo/unwatched pie + lists)
- Route /analytics added to App.tsx
- ChartPieIcon nav item added to Layout.tsx sidebar
Documentation:
- Phase 4 marked as fully complete in both doc files
- Implementation history updated
* feat: Phase 5 - Smart Cleanup Integration
Backend:
- Add per-user rule conditions to RuleConditions schema:
- no_user_watched_days: Delete only if NO user watched in X days
- exclude_if_user_favorited: Protect favorites of specific users
- exclude_active_sessions: Never delete items being watched
- min_unique_viewers: Only delete if fewer than X unique viewers
- Update CleanupEngine.evaluate_rule() with UserWatchHistory/PlaybackActivity queries
- Update CleanupEngine._evaluate_item_for_preview() with detailed per-user reasoning
- Add GET /media/cleanup-suggestions endpoint with 5 suggestion categories:
unwatched, abandoned, low engagement, stale, storage hog
Score-based ranking with composite scoring algorithm
Frontend:
- Add CleanupSuggestions.tsx page with category filters and score display
- Update Rules.tsx with Smart Cleanup (Per-User) section in rule form
- Add condition summary badges for new fields on rule cards
- Update RuleConditions TypeScript interface
- Add Suggestions nav item with LightBulbIcon
- Add /suggestions route
* docs: remove i18n from roadmap, fix changelog formatting
- Remove item 27 (i18n / Lokalisierung) from Priorität 7 - not planned
- Fix concatenated changelog rows (Sessions 10, 11, initial) into separate lines
- Fix literal \u2013 → actual en-dash in Session 10 entry
* fix(ci): make Trivy scan resilient to Docker Hub outages
- Add trivy-fs job: filesystem scan (no Docker build needed)
- Rename trivy -> trivy-image: container image scan now optional
- Docker build has continue-on-error: true
- Subsequent steps skip gracefully if build fails
- Emits ::warning annotation instead of failing the workflow
- SARIF uploads conditioned on file existence (hashFiles check)
* feat: add actionable cleanup suggestions with direct user actions
* feat: add planned features documentation for statistics and analytics
* feat: Add comprehensive DEVELOPMENT_STATUS document for MediaCurator
- Introduced a detailed development status and handoff document to track ongoing progress and provide context for future development.
- Included sections on project overview, tech stack, architecture, implementation status, known bugs, UX/UI issues, code quality problems, and next steps.
- Document serves as a reference for developers and contributors to understand the current state and future direction of the project.
* feat: Remove DEVELOPMENT_STATUS document as it is no longer needed
* feat: remove Planned Features document as it is no longer needed
* feat: add endpoints for flagging and staging cleanup suggestions
* feat: add suggestion_flagged and suggestion_staged actions to AuditActionType
* feat: implement flagging and staging actions for cleanup suggestions with confirmation dialogs
* feat: update .env.example with structured sections and additional configuration options
* feat: add CORS and proxy configuration options to Docker Compose files
* feat: remove docker-compose configuration file
* fix: ensure SECRET_KEY environment variable is properly quoted in Docker Compose
* fix: properly quote SECRET_KEY environment variable in Docker Compose
* fix: add params support to BaseServiceClient.post() and delete()
The post() and delete() methods did not accept a params keyword argument,
causing staging to fail with 'unexpected keyword argument' when creating
or deleting Emby libraries.
* fix: use params kwarg instead of manual query strings in service clients
- RadarrClient.delete_movie(): use params= instead of manual query string
- SonarrClient.delete_series(): use params= instead of manual query string
- BaseServiceClient.put(): add params support for consistency with other methods
* fix: invalidate library cache after create/delete to prevent duplicate staging libraries
* fix: use collectionType query parameter for Emby library creation
- Move collectionType from JSON body to query parameter (Emby API requirement)
- Pass library_type through ensure_staging_library chain
- Remove redundant refresh call (handled by refreshLibrary param)
- Log library type on creation for debugging
* fix: inherit library type from source library for staging
- Determine library_type (movies/tvshows) from source library's media_type
- Pass correct library_type to ensure_staging_library
- Emby will now correctly recognize content in staging libraries
* chore(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@v5...v6)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v6...v7)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump docker/setup-qemu-action from 3 to 4
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump the npm-minor group across 1 directory with 17 updates
Bumps the npm-minor group with 15 updates in the /frontend directory:
| Package | From | To |
| --- | --- | --- |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.1.18` | `4.2.1` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.90.20` | `5.90.21` |
| [axios](https://github.com/axios/axios) | `1.13.3` | `1.13.6` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.3` | `19.2.4` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.9` | `19.2.14` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.3` | `19.2.4` |
| [react-hook-form](https://github.com/react-hook-form/react-hook-form) | `7.71.1` | `7.71.2` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.13.0` | `7.13.1` |
| [recharts](https://github.com/recharts/recharts) | `3.7.0` | `3.8.0` |
| [zustand](https://github.com/pmndrs/zustand) | `5.0.10` | `5.0.11` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.53.1` | `8.56.1` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `5.1.2` | `5.1.4` |
| [autoprefixer](https://github.com/postcss/autoprefixer) | `10.4.23` | `10.4.27` |
| [eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh) | `0.4.26` | `0.5.2` |
| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.8` |
Updates `@tailwindcss/vite` from 4.1.18 to 4.2.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.1/packages/@tailwindcss-vite)
Updates `@tanstack/react-query` from 5.90.20 to 5.90.21
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.90.21/packages/react-query)
Updates `axios` from 1.13.3 to 1.13.6
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.13.3...v1.13.6)
Updates `react` from 19.2.3 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react)
Updates `@types/react` from 19.2.9 to 19.2.14
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)
Updates `react-dom` from 19.2.3 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom)
Updates `react-hook-form` from 7.71.1 to 7.71.2
- [Release notes](https://github.com/react-hook-form/react-hook-form/releases)
- [Changelog](https://github.com/react-hook-form/react-hook-form/blob/master/CHANGELOG.md)
- [Commits](react-hook-form/react-hook-form@v7.71.1...v7.71.2)
Updates `react-router-dom` from 7.13.0 to 7.13.1
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.13.1/packages/react-router-dom)
Updates `recharts` from 3.7.0 to 3.8.0
- [Release notes](https://github.com/recharts/recharts/releases)
- [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md)
- [Commits](recharts/recharts@v3.7.0...v3.8.0)
Updates `zustand` from 5.0.10 to 5.0.11
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@v5.0.10...v5.0.11)
Updates `@types/react` from 19.2.9 to 19.2.14
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)
Updates `@typescript-eslint/eslint-plugin` from 8.53.1 to 8.56.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/eslint-plugin)
Updates `@typescript-eslint/parser` from 8.53.1 to 8.56.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.56.1/packages/parser)
Updates `@vitejs/plugin-react` from 5.1.2 to 5.1.4
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@5.1.4/packages/plugin-react)
Updates `autoprefixer` from 10.4.23 to 10.4.27
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@10.4.23...10.4.27)
Updates `eslint-plugin-react-refresh` from 0.4.26 to 0.5.2
- [Release notes](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases)
- [Changelog](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md)
- [Commits](ArnaudBarre/eslint-plugin-react-refresh@v0.4.26...v0.5.2)
Updates `postcss` from 8.5.6 to 8.5.8
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.8)
Updates `tailwindcss` from 4.1.18 to 4.2.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.1/packages/tailwindcss)
---
updated-dependencies:
- dependency-name: "@tailwindcss/vite"
dependency-version: 4.2.1
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: npm-minor
- dependency-name: "@tanstack/react-query"
dependency-version: 5.90.21
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: axios
dependency-version: 1.13.6
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: react
dependency-version: 19.2.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: "@types/react"
dependency-version: 19.2.14
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: react-dom
dependency-version: 19.2.4
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: react-hook-form
dependency-version: 7.71.2
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: react-router-dom
dependency-version: 7.13.1
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: recharts
dependency-version: 3.8.0
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: npm-minor
- dependency-name: zustand
dependency-version: 5.0.11
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: "@types/react"
dependency-version: 19.2.14
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: "@typescript-eslint/eslint-plugin"
dependency-version: 8.56.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-minor
- dependency-name: "@typescript-eslint/parser"
dependency-version: 8.56.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-minor
- dependency-name: "@vitejs/plugin-react"
dependency-version: 5.1.4
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: autoprefixer
dependency-version: 10.4.27
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: eslint-plugin-react-refresh
dependency-version: 0.5.2
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-minor
- dependency-name: postcss
dependency-version: 8.5.8
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: npm-minor
- dependency-name: tailwindcss
dependency-version: 4.2.1
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: npm-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump actions/upload-artifact from 6 to 7 (#39)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump docker/setup-buildx-action from 3 to 4 (#38)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.35.0 (#37)
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.1 to 0.35.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@0.34.1...0.35.0)
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.35.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update safe frontend dependencies (#44)
- @vitejs/plugin-react 5.1.4 -> 5.2.0 (adds vite 8 future support)
- @typescript-eslint/eslint-plugin 8.56.1 -> 8.57.0
- @typescript-eslint/parser 8.53.1 -> 8.57.0
- Fix 3 vulnerabilities (rollup, minimatch, ajv) via npm audit fix
Skipped major bumps due to peer dep conflicts:
- vite 8: @tailwindcss/vite only supports ^5/^6/^7
- eslint 10: eslint-plugin-react-hooks only supports up to ^9
Co-authored-by: Serph91P <Serph91P@users.noreply.github.com>
* ci: unify versioning with conventional commits auto-bump (#46)
- Rewrite version determination to use highest tag across all branches
- Auto-detect bump type from conventional commits (feat->minor, fix->patch, breaking->major)
- Add copilot-instructions.md with commit message convention
- Add .vscode/settings.json for commit message generation
- Update .gitignore to track .vscode/settings.json
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Serph91P <Serph91P@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.