v0.16.5 - Signaling URL validation, FCM watchdog observability, Dependabot
Promotes the 0.16.5 beta line to stable.
Fixed
- Signaling URL domain validation — the
SocketUrlfrom FCM push is now validated against*.fermax.iobefore opening the WebSocket signaling connection, so a spoofed/compromised push can't redirect signaling to an attacker server and leak OAuth/FCM tokens. Untrusted URLs are logged and replaced with the default. Contributed by @aitoraznar (#18). - FCM watchdog observability (#16) — demote the spurious "restart scheduled" WARNING to INFO (transient
is_started()False states no longer cry wolf), log previously-swallowed restart errors with traceback, and fixensure_running()to return the start-call result per its contract. No behavior change to the restart state machine.
Added
- Dependabot — weekly automated dependency update PRs for the Python dev toolchain and GitHub Actions (#18).
Full changelog: https://github.com/bvis/fermax-blue-hass/blob/main/CHANGELOG.md