chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49 by dependabot[bot] · Pull Request #540 · Serph91P/StreamVault

dependabot · 2026-04-06T11:19:44Z

Bumps sqlalchemy from 2.0.48 to 2.0.49.

Release notes

2.0.49

Released: April 3, 2026

orm

[orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

References: #13176

[orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

References: #13193

[orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

References: #13202

[orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

References: #13209

typing

[typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.48 to 2.0.49. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-version: 2.0.49 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

* ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts * ci(deps): bump release-drafter/release-drafter from 6 to 7 (#513) Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6 to 7. - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](https://github.com/release-drafter/release-drafter/compare/v6...v7) --- updated-dependencies: - dependency-name: release-drafter/release-drafter dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump uvicorn[standard] from 0.41.0 to 0.42.0 (#514) Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0) --- updated-dependencies: - dependency-name: uvicorn[standard] dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @vue/tsconfig from 0.9.0 to 0.9.1 in /app/frontend (#528) Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.0 to 8.0.3 in /app/frontend (#527) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.0 to 8.0.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#525) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue from 3.5.30 to 3.5.31 in /app/frontend (#524) Bumps [vue](https://github.com/vuejs/core) from 3.5.30 to 3.5.31. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.30...v3.5.31) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.31 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fastapi from 0.135.1 to 0.135.2 (#523) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.135.1...0.135.2) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aiohttp from 3.13.3 to 3.13.4 (#521) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump codecov/codecov-action from 5 to 6 (#520) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump apprise from 1.9.8 to 1.9.9 (#515) Bumps [apprise](https://github.com/caronc/apprise) from 1.9.8 to 1.9.9. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.8...v1.9.9) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-router from 5.0.3 to 5.0.4 in /app/frontend (#519) Bumps [vue-router](https://github.com/vuejs/router) from 5.0.3 to 5.0.4. - [Release notes](https://github.com/vuejs/router/releases) - [Commits](https://github.com/vuejs/router/compare/v5.0.3...v5.0.4) --- updated-dependencies: - dependency-name: vue-router dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump eslint from 10.0.3 to 10.1.0 in /app/frontend (#517) Bumps [eslint](https://github.com/eslint/eslint) from 10.0.3 to 10.1.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.3...v10.1.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-tsc from 3.2.5 to 3.2.6 in /app/frontend (#518) Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 3.2.5 to 3.2.6. - [Release notes](https://github.com/vuejs/language-tools/releases) - [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md) - [Commits](https://github.com/vuejs/language-tools/commits/v3.2.6/packages/tsc) --- updated-dependencies: - dependency-name: vue-tsc dependency-version: 3.2.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend (#522) Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.1.0 to 8.1.1. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.1.1/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.1.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Seraph91P <github@mebert-server.de> * chore(deps): update Streamlink 8.1.2 → 8.2.1 (#529) * chore(deps): bump rollup in /app/frontend Bumps and [rollup](https://github.com/rollup/rollup). These dependencies needed to be updated together. Updates `rollup` from 4.57.0 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Develop (#512) * ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update Streamlink 8.1.2 → 8.2.1 Key changes in Streamlink 8.2.1: - Twitch: Switched to Usher v2 API endpoints (internal plugin change) - HLS stream names with pixels format now include framerate data Code changes: - Replace deprecated --hls-segment-queue-threshold with --stream-segmented-queue-deadline (deprecated since 8.1.0) Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/62ff8929-e85d-47ca-a72a-e9cb1595ddd5 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Seraph91P <github@mebert-server.de> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * chore(deps): bump eslint from 10.1.0 to 10.2.0 in /app/frontend (#542) Bumps [eslint](https://github.com/eslint/eslint) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.1.0...v10.2.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.2.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/node from 25.5.0 to 25.5.2 in /app/frontend (#541) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.5.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49 (#540) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.48 to 2.0.49. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-version: 2.0.49 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sass from 1.98.0 to 1.99.0 in /app/frontend (#539) Bumps [sass](https://github.com/sass/dart-sass) from 1.98.0 to 1.99.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.98.0...1.99.0) --- updated-dependencies: - dependency-name: sass dependency-version: 1.99.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump uvicorn from 0.42.0 to 0.44.0 (#538) Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](https://github.com/Kludex/uvicorn/compare/0.42.0...0.44.0) --- updated-dependencies: - dependency-name: uvicorn dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump python-multipart from 0.0.22 to 0.0.24 (#535) Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.24. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.24) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.24 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aiohttp from 3.13.4 to 3.13.5 (#534) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump pillow from 12.1.1 to 12.2.0 (#531) Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to 12.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump esbuild from 0.27.4 to 0.28.0 in /app/frontend (#532) Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue from 3.5.31 to 3.5.32 in /app/frontend (#533) Bumps [vue](https://github.com/vuejs/core) from 3.5.31 to 3.5.32. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.31...v3.5.32) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.3 to 8.0.4 in /app/frontend (#536) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.3 to 8.0.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fastapi from 0.135.2 to 0.135.3 (#537) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.2 to 0.135.3. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.135.2...0.135.3) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend (#526) * chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix(frontend): fix TypeScript 6.0.2 compatibility issues in tsconfig and source files - Remove deprecated `baseUrl` option from tsconfig.json (TS5101) - Add explicit `rootDir: "."` to tsconfig.json (TS5011) - Replace `process.env.NODE_ENV` with `import.meta.env?.DEV` in browser code - Replace `NodeJS.Timeout` with `ReturnType<typeof setTimeout>` for browser compatibility Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * chore: revert unrelated vite.config.js style change Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>

* ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts * ci(deps): bump release-drafter/release-drafter from 6 to 7 (#513) Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6 to 7. - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](https://github.com/release-drafter/release-drafter/compare/v6...v7) --- updated-dependencies: - dependency-name: release-drafter/release-drafter dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump uvicorn[standard] from 0.41.0 to 0.42.0 (#514) Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0) --- updated-dependencies: - dependency-name: uvicorn[standard] dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @vue/tsconfig from 0.9.0 to 0.9.1 in /app/frontend (#528) Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.0 to 8.0.3 in /app/frontend (#527) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.0 to 8.0.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#525) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue from 3.5.30 to 3.5.31 in /app/frontend (#524) Bumps [vue](https://github.com/vuejs/core) from 3.5.30 to 3.5.31. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.30...v3.5.31) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.31 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fastapi from 0.135.1 to 0.135.2 (#523) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.135.1...0.135.2) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aiohttp from 3.13.3 to 3.13.4 (#521) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump codecov/codecov-action from 5 to 6 (#520) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump apprise from 1.9.8 to 1.9.9 (#515) Bumps [apprise](https://github.com/caronc/apprise) from 1.9.8 to 1.9.9. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.8...v1.9.9) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-router from 5.0.3 to 5.0.4 in /app/frontend (#519) Bumps [vue-router](https://github.com/vuejs/router) from 5.0.3 to 5.0.4. - [Release notes](https://github.com/vuejs/router/releases) - [Commits](https://github.com/vuejs/router/compare/v5.0.3...v5.0.4) --- updated-dependencies: - dependency-name: vue-router dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump eslint from 10.0.3 to 10.1.0 in /app/frontend (#517) Bumps [eslint](https://github.com/eslint/eslint) from 10.0.3 to 10.1.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.3...v10.1.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-tsc from 3.2.5 to 3.2.6 in /app/frontend (#518) Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 3.2.5 to 3.2.6. - [Release notes](https://github.com/vuejs/language-tools/releases) - [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md) - [Commits](https://github.com/vuejs/language-tools/commits/v3.2.6/packages/tsc) --- updated-dependencies: - dependency-name: vue-tsc dependency-version: 3.2.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend (#522) Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.1.0 to 8.1.1. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.1.1/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.1.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Seraph91P <github@mebert-server.de> * chore(deps): update Streamlink 8.1.2 → 8.2.1 (#529) * chore(deps): bump rollup in /app/frontend Bumps and [rollup](https://github.com/rollup/rollup). These dependencies needed to be updated together. Updates `rollup` from 4.57.0 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Develop (#512) * ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update Streamlink 8.1.2 → 8.2.1 Key changes in Streamlink 8.2.1: - Twitch: Switched to Usher v2 API endpoints (internal plugin change) - HLS stream names with pixels format now include framerate data Code changes: - Replace deprecated --hls-segment-queue-threshold with --stream-segmented-queue-deadline (deprecated since 8.1.0) Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/62ff8929-e85d-47ca-a72a-e9cb1595ddd5 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Seraph91P <github@mebert-server.de> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * chore(deps): bump eslint from 10.1.0 to 10.2.0 in /app/frontend (#542) Bumps [eslint](https://github.com/eslint/eslint) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.1.0...v10.2.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.2.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/node from 25.5.0 to 25.5.2 in /app/frontend (#541) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.5.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49 (#540) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.48 to 2.0.49. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-version: 2.0.49 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sass from 1.98.0 to 1.99.0 in /app/frontend (#539) Bumps [sass](https://github.com/sass/dart-sass) from 1.98.0 to 1.99.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.98.0...1.99.0) --- updated-dependencies: - dependency-name: sass dependency-version: 1.99.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump uvicorn from 0.42.0 to 0.44.0 (#538) Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](https://github.com/Kludex/uvicorn/compare/0.42.0...0.44.0) --- updated-dependencies: - dependency-name: uvicorn dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump python-multipart from 0.0.22 to 0.0.24 (#535) Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.24. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.24) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.24 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aiohttp from 3.13.4 to 3.13.5 (#534) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump pillow from 12.1.1 to 12.2.0 (#531) Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to 12.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump esbuild from 0.27.4 to 0.28.0 in /app/frontend (#532) Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue from 3.5.31 to 3.5.32 in /app/frontend (#533) Bumps [vue](https://github.com/vuejs/core) from 3.5.31 to 3.5.32. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.31...v3.5.32) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.3 to 8.0.4 in /app/frontend (#536) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.3 to 8.0.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fastapi from 0.135.2 to 0.135.3 (#537) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.2 to 0.135.3. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.135.2...0.135.3) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend (#526) * chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix(frontend): fix TypeScript 6.0.2 compatibility issues in tsconfig and source files - Remove deprecated `baseUrl` option from tsconfig.json (TS5101) - Add explicit `rootDir: "."` to tsconfig.json (TS5011) - Replace `process.env.NODE_ENV` with `import.meta.env?.DEV` in browser code - Replace `NodeJS.Timeout` with `ReturnType<typeof setTimeout>` for browser compatibility Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * chore: revert unrelated vite.config.js style change Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * fix(security): resolve gitleaks secrets and npm vulnerability alerts (#544) - Replace realistic example tokens with obvious placeholders in docs (README.md, copilot-instructions.md, agent files) - Add .gitleaks.toml to allowlist historical commits with rotated tokens - Fix all npm dependency vulnerabilities via npm audit fix: flatted, picomatch, yaml, lodash, brace-expansion (0 vulns remaining) - Dismiss CodeQL py/path-injection false positives (validated before use) - Dismiss Dockerfile lint, esbuild Go CVEs, container image alerts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>

* ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts * ci(deps): bump release-drafter/release-drafter from 6 to 7 (#513) Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6 to 7. - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](https://github.com/release-drafter/release-drafter/compare/v6...v7) --- updated-dependencies: - dependency-name: release-drafter/release-drafter dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump uvicorn[standard] from 0.41.0 to 0.42.0 (#514) Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0) --- updated-dependencies: - dependency-name: uvicorn[standard] dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @vue/tsconfig from 0.9.0 to 0.9.1 in /app/frontend (#528) Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.0 to 8.0.3 in /app/frontend (#527) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.0 to 8.0.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#525) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue from 3.5.30 to 3.5.31 in /app/frontend (#524) Bumps [vue](https://github.com/vuejs/core) from 3.5.30 to 3.5.31. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.30...v3.5.31) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.31 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fastapi from 0.135.1 to 0.135.2 (#523) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.135.1...0.135.2) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aiohttp from 3.13.3 to 3.13.4 (#521) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump codecov/codecov-action from 5 to 6 (#520) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump apprise from 1.9.8 to 1.9.9 (#515) Bumps [apprise](https://github.com/caronc/apprise) from 1.9.8 to 1.9.9. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.8...v1.9.9) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-router from 5.0.3 to 5.0.4 in /app/frontend (#519) Bumps [vue-router](https://github.com/vuejs/router) from 5.0.3 to 5.0.4. - [Release notes](https://github.com/vuejs/router/releases) - [Commits](https://github.com/vuejs/router/compare/v5.0.3...v5.0.4) --- updated-dependencies: - dependency-name: vue-router dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump eslint from 10.0.3 to 10.1.0 in /app/frontend (#517) Bumps [eslint](https://github.com/eslint/eslint) from 10.0.3 to 10.1.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.3...v10.1.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-tsc from 3.2.5 to 3.2.6 in /app/frontend (#518) Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 3.2.5 to 3.2.6. - [Release notes](https://github.com/vuejs/language-tools/releases) - [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md) - [Commits](https://github.com/vuejs/language-tools/commits/v3.2.6/packages/tsc) --- updated-dependencies: - dependency-name: vue-tsc dependency-version: 3.2.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend (#522) Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.1.0 to 8.1.1. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.1.1/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.1.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Seraph91P <github@mebert-server.de> * chore(deps): update Streamlink 8.1.2 → 8.2.1 (#529) * chore(deps): bump rollup in /app/frontend Bumps and [rollup](https://github.com/rollup/rollup). These dependencies needed to be updated together. Updates `rollup` from 4.57.0 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Develop (#512) * ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update Streamlink 8.1.2 → 8.2.1 Key changes in Streamlink 8.2.1: - Twitch: Switched to Usher v2 API endpoints (internal plugin change) - HLS stream names with pixels format now include framerate data Code changes: - Replace deprecated --hls-segment-queue-threshold with --stream-segmented-queue-deadline (deprecated since 8.1.0) Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/62ff8929-e85d-47ca-a72a-e9cb1595ddd5 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Seraph91P <github@mebert-server.de> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * chore(deps): bump eslint from 10.1.0 to 10.2.0 in /app/frontend (#542) Bumps [eslint](https://github.com/eslint/eslint) from 10.1.0 to 10.2.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](https://github.com/eslint/eslint/compare/v10.1.0...v10.2.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.2.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/node from 25.5.0 to 25.5.2 in /app/frontend (#541) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.5.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49 (#540) Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.48 to 2.0.49. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy dependency-version: 2.0.49 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sass from 1.98.0 to 1.99.0 in /app/frontend (#539) Bumps [sass](https://github.com/sass/dart-sass) from 1.98.0 to 1.99.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.98.0...1.99.0) --- updated-dependencies: - dependency-name: sass dependency-version: 1.99.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump uvicorn from 0.42.0 to 0.44.0 (#538) Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](https://github.com/Kludex/uvicorn/compare/0.42.0...0.44.0) --- updated-dependencies: - dependency-name: uvicorn dependency-version: 0.44.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump python-multipart from 0.0.22 to 0.0.24 (#535) Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.24. - [Release notes](https://github.com/Kludex/python-multipart/releases) - [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md) - [Commits](https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.24) --- updated-dependencies: - dependency-name: python-multipart dependency-version: 0.0.24 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aiohttp from 3.13.4 to 3.13.5 (#534) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump pillow from 12.1.1 to 12.2.0 (#531) Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to 12.2.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0) --- updated-dependencies: - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump esbuild from 0.27.4 to 0.28.0 in /app/frontend (#532) Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.28.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue from 3.5.31 to 3.5.32 in /app/frontend (#533) Bumps [vue](https://github.com/vuejs/core) from 3.5.31 to 3.5.32. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/vuejs/core/compare/v3.5.31...v3.5.32) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.32 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.3 to 8.0.4 in /app/frontend (#536) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.3 to 8.0.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fastapi from 0.135.2 to 0.135.3 (#537) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.2 to 0.135.3. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](https://github.com/fastapi/fastapi/compare/0.135.2...0.135.3) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend (#526) * chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.2 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix(frontend): fix TypeScript 6.0.2 compatibility issues in tsconfig and source files - Remove deprecated `baseUrl` option from tsconfig.json (TS5101) - Add explicit `rootDir: "."` to tsconfig.json (TS5011) - Replace `process.env.NODE_ENV` with `import.meta.env?.DEV` in browser code - Replace `NodeJS.Timeout` with `ReturnType<typeof setTimeout>` for browser compatibility Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * chore: revert unrelated vite.config.js style change Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * fix(security): resolve gitleaks secrets and npm vulnerability alerts (#544) - Replace realistic example tokens with obvious placeholders in docs (README.md, copilot-instructions.md, agent files) - Add .gitleaks.toml to allowlist historical commits with rotated tokens - Fix all npm dependency vulnerabilities via npm audit fix: flatted, picomatch, yaml, lodash, brace-expansion (0 vulns remaining) - Dismiss CodeQL py/path-injection false positives (validated before use) - Dismiss Dockerfile lint, esbuild Go CVEs, container image alerts * chore(deps): update cryptography 46.0.6→46.0.7, greenlet 3.3.2→3.4.0, python-multipart 0.0.24→0.0.26 (#554) Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/998fb5e1-98a2-4211-ab76-9ff0fa2ff242 Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> * chore(deps): bump @vitejs/plugin-vue in /app/frontend (#553) Bumps [@vitejs/plugin-vue](https://github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue) from 6.0.5 to 6.0.6. - [Release notes](https://github.com/vitejs/vite-plugin-vue/releases) - [Changelog](https://github.com/vitejs/vite-plugin-vue/blob/main/packages/plugin-vue/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite-plugin-vue/commits/plugin-vue@6.0.6/packages/plugin-vue) --- updated-dependencies: - dependency-name: "@vitejs/plugin-vue" dependency-version: 6.0.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump softprops/action-gh-release from 2 to 3 (#546) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @types/node from 25.5.2 to 25.6.0 in /app/frontend (#552) Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.2 to 25.6.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump prettier from 3.8.1 to 3.8.2 in /app/frontend (#551) Bumps [prettier](https://github.com/prettier/prettier) from 3.8.1 to 3.8.2. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](https://github.com/prettier/prettier/compare/3.8.1...3.8.2) --- updated-dependencies: - dependency-name: prettier dependency-version: 3.8.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.5 to 8.0.8 in /app/frontend (#550) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.5 to 8.0.8. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.8 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(metadata): improve Plex/Emby NFO cast, plot and genres (#555) * feat(metadata): improve Plex/Emby NFO cast, plot and genres - Add 'description' column to streamers (Migration 036) and persist the Twitch 'About' bio on streamer create, EventSub stream.online and periodic refresh. - tvshow.nfo: use the streamer's Twitch bio as <plot> (falls back to the previous generic placeholder when the bio is empty). - tvshow.nfo: emit one <genre> per unique historical stream category so Plex/Emby display the full range of games the streamer has played (deduplicated, capped at 20 most recent, with 'Livestream' fallback). - Actor cast image: prefer the HTTPS Twitch CDN URL for <actor><thumb> in both tvshow.nfo and episode.nfo so Plex' new NFO scanner can resolve it reliably; fall back to the relative cached poster path when unavailable. - Create local .Actors/<name>/folder.jpg next to tvshow.nfo as an offline fallback for Emby/Jellyfin. - Tests: 12 new unit tests for the helpers (_series_plot_text, _pick_actor_thumb_url, _collect_streamer_genres). * test: add top-level conftest to ensure 'app' is importable in CI Without a pyproject.toml / pytest.ini, pytest's default rootpath algorithm inserts only the tests/ directory into sys.path (since tests/ has no __init__.py), which breaks module-level 'from app.xxx import ...' in test files - including existing tests like test_security.py and the new test_metadata_nfo.py. Adding a repo-level conftest.py that prepends the repo root to sys.path is the canonical fix: it is imported before any test module collection and works regardless of whether pytest is invoked as a script or via 'python -m pytest'. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 6, 2026

Serph91P merged commit e86d1ef into develop Apr 6, 2026
19 checks passed

Serph91P deleted the dependabot/pip/develop/sqlalchemy-2.0.49 branch April 6, 2026 12:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49#540

chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49#540
Serph91P merged 1 commit intodevelopfrom
dependabot/pip/develop/sqlalchemy-2.0.49

dependabot Bot commented on behalf of github Apr 6, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 6, 2026

2.0.49

orm

typing

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant