Conversation
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](vuejs/tsconfig@v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
dependabot
Bot
deleted the
dependabot/npm_and_yarn/app/frontend/develop/vue/tsconfig-0.9.1
branch
Serph91P
added a commit
that referenced
this pull request
Mar 31, 2026
* ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](PyCQA/bandit@1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](vuejs/tsconfig@v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](caronc/apprise@v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](tkem/cachetools@v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts * ci(deps): bump release-drafter/release-drafter from 6 to 7 (#513) Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6 to 7. - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](release-drafter/release-drafter@v6...v7) --- updated-dependencies: - dependency-name: release-drafter/release-drafter dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump uvicorn[standard] from 0.41.0 to 0.42.0 (#514) Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.41.0...0.42.0) --- updated-dependencies: - dependency-name: uvicorn[standard] dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump @vue/tsconfig from 0.9.0 to 0.9.1 in /app/frontend (#528) Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](vuejs/tsconfig@v0.9.0...v0.9.1) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite from 8.0.0 to 8.0.3 in /app/frontend (#527) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.0 to 8.0.3. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 8.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#525) Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@46.0.5...46.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue from 3.5.30 to 3.5.31 in /app/frontend (#524) Bumps [vue](https://github.com/vuejs/core) from 3.5.30 to 3.5.31. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.5.30...v3.5.31) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.31 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump fastapi from 0.135.1 to 0.135.2 (#523) Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.135.1...0.135.2) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump aiohttp from 3.13.3 to 3.13.4 (#521) --- updated-dependencies: - dependency-name: aiohttp dependency-version: 3.13.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump codecov/codecov-action from 5 to 6 (#520) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v5...v6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump apprise from 1.9.8 to 1.9.9 (#515) Bumps [apprise](https://github.com/caronc/apprise) from 1.9.8 to 1.9.9. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](caronc/apprise@v1.9.8...v1.9.9) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-router from 5.0.3 to 5.0.4 in /app/frontend (#519) Bumps [vue-router](https://github.com/vuejs/router) from 5.0.3 to 5.0.4. - [Release notes](https://github.com/vuejs/router/releases) - [Commits](vuejs/router@v5.0.3...v5.0.4) --- updated-dependencies: - dependency-name: vue-router dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump eslint from 10.0.3 to 10.1.0 in /app/frontend (#517) Bumps [eslint](https://github.com/eslint/eslint) from 10.0.3 to 10.1.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.0.3...v10.1.0) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.1.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vue-tsc from 3.2.5 to 3.2.6 in /app/frontend (#518) Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 3.2.5 to 3.2.6. - [Release notes](https://github.com/vuejs/language-tools/releases) - [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md) - [Commits](https://github.com/vuejs/language-tools/commits/v3.2.6/packages/tsc) --- updated-dependencies: - dependency-name: vue-tsc dependency-version: 3.2.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend (#522) Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.1.0 to 8.1.1. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.1.1/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.1.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Seraph91P <github@mebert-server.de> * chore(deps): update Streamlink 8.1.2 → 8.2.1 (#529) * chore(deps): bump rollup in /app/frontend Bumps and [rollup](https://github.com/rollup/rollup). These dependencies needed to be updated together. Updates `rollup` from 4.57.0 to 4.59.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.0...v4.59.0) Updates `rollup` from 2.79.2 to 2.80.0 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v4.57.0...v4.59.0) --- updated-dependencies: - dependency-name: rollup dependency-version: 4.59.0 dependency-type: indirect - dependency-name: rollup dependency-version: 2.80.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Develop (#512) * ci(deps): bump actions/upload-artifact from 6 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump bandit from 1.9.2 to 1.9.4 Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4. - [Release notes](https://github.com/PyCQA/bandit/releases) - [Commits](PyCQA/bandit@1.9.2...1.9.4) --- updated-dependencies: - dependency-name: bandit dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump fastapi from 0.133.1 to 0.135.1 Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.133.1...0.135.1) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump python-dotenv from 1.2.1 to 1.2.2 Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vite-plugin-vue-devtools in /app/frontend Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7. - [Release notes](https://github.com/vuejs/devtools/releases) - [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite) --- updated-dependencies: - dependency-name: vite-plugin-vue-devtools dependency-version: 8.0.7 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0. - [Release notes](https://github.com/vuejs/tsconfig/releases) - [Commits](vuejs/tsconfig@v0.8.1...v0.9.0) --- updated-dependencies: - dependency-name: "@vue/tsconfig" dependency-version: 0.9.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3. - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.27.2...v0.27.3) --- updated-dependencies: - dependency-name: esbuild dependency-version: 0.27.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): resolve serialize-javascript RCE vulnerability (GHSA) Override serialize-javascript to ^7.0.3 to fix code injection via RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix for CVE-2020-7660). Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser -> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x. Also fixes immutable prototype pollution (npm audit fix). * ci(deps): bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3. - [Release notes](https://github.com/eslint/eslint/releases) - [Commits](eslint/eslint@v10.0.2...v10.0.3) --- updated-dependencies: - dependency-name: eslint dependency-version: 10.0.3 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump apprise from 1.9.7 to 1.9.8 Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8. - [Release notes](https://github.com/caronc/apprise/releases) - [Commits](caronc/apprise@v1.9.7...v1.9.8) --- updated-dependencies: - dependency-name: apprise dependency-version: 1.9.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump cachetools from 7.0.1 to 7.0.4 Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4. - [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst) - [Commits](tkem/cachetools@v7.0.1...v7.0.4) --- updated-dependencies: - dependency-name: cachetools dependency-version: 7.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30. - [Release notes](https://github.com/vuejs/core/releases) - [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md) - [Commits](vuejs/core@v3.5.29...v3.5.30) --- updated-dependencies: - dependency-name: vue dependency-version: 3.5.30 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/metadata-action from 5 to 6 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48 Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48. - [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases) - [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst) - [Commits](https://github.com/sqlalchemy/sqlalchemy/commits) --- updated-dependencies: - dependency-name: sqlalchemy[postgresql] dependency-version: 2.0.48 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.5 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * ci(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Feature/glassmorphism unified UI (#507) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509) mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB, causing CI scans to fail with: FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2 Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all workflows: security-scan.yml, release.yml, test.yml. * Feature/glassmorphism unified UI (#508) * feat(frontend): unified glassmorphism UI rework with bug fixes - Create _glass-system.scss unified design system (~450 lines) - CSS custom properties for glass tokens (bg, blur, shadow, border) - Theme-aware variables (dark/light) eliminating manual overrides - Glass surface mixins (subtle/medium/strong variants) - Component classes, button system, form elements, utilities - Fix notification bell click-outside bug - Replace broken querySelector with Vue template refs - Add @click.stop modifier and onUnmounted cleanup - Make bell visible on all screen sizes (was hidden on mobile) - Fix login state refresh bug - LoginView now uses useAuth().login() composable - Replace window.location.href with router.push('/') - Auth state updates reactively via module-level singleton refs - Remove duplicate hamburger menu navigation - Delete mobile menu overlay, hamburger button, related functions - SidebarNav for desktop, BottomNav for mobile (clean separation) - Migrate 13 components to glass system variables - Replace hardcoded rgba/blur/shadow with glass tokens - Remove [data-theme] overrides (glass vars are theme-aware) - Add @supports fallbacks for backdrop-filter - Remove old _glass.scss import from main.scss (dead code) * feat: add .gitignore to exclude cache and project.local.yml * feat: update .gitignore to include .pytest_cache and .serena * feat(frontend): expand streamer settings, clean up settings UI - Add codec preferences, max concurrent recordings, and global cleanup policy toggle to streamer settings modal (StreamerDetailView) - Update backend API to handle new per-streamer settings fields (maxStreams, supportedCodecs, useGlobalCleanupPolicy) - Fix saveSettings to call working PUT endpoint directly instead of broken composable endpoint - Hide connection-status block when not connected (TwitchConnectionPanel) - Remove borders from steps-container and benefits-section - Hide duplicate section headers on mobile settings pages - Various glassmorphism UI polish: video controls, chapter seeking, notification panel, force-record visibility, responsive video wrapper, dashboard title cutoff, error overlay mobile fix * Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance. * fix: update copyright year in LICENSE file to 2026 * feat: add frontend development guide with quick start, dev scripts, and mock mode instructions * fix(lint): apply ruff formatting to streamers.py and metadata_service.py * chore(deps): upgrade to Vite 8, update all dependencies (#510) - Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown) - Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918) - Convert manualChunks from object to function (Rolldown requirement) - Update @vitejs/plugin-vue 6.0.4 -> 6.0.5 - Update @types/node 25.3.5 -> 25.5.0 - Update esbuild 0.27.3 -> 0.27.4 - Update sass 1.97.3 -> 1.98.0 - Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0 - Update Python cachetools 7.0.4 -> 7.0.5 * fix(recording): prevent ghost recordings from permanently blocking new recordings (#511) Recording 68 for Dhalucard became a ghost recording on March 2 after a PostgreSQL recovery mode outage prevented status updates. This ghost entry blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors. Root causes fixed: - _handle_recording_completion: 'file not found' path never called remove_active_recording, leaving ghost entries in state manager - _handle_recording_error: DB failures in mark_recording_failed caused the entire method to bail before remove_active_recording - stop_recording: EventSub handler's 5s timeout caused CancelledError before remove_active_recording was reached Changes: - Move remove_active_recording to finally blocks in _handle_recording_completion, _handle_recording_error, and stop_recording so cleanup always runs - Add stale recording detection in start_recording: if an 'active' recording has no running process, clean it up instead of blocking - Trigger post-processing for stale recordings that have files on disk - Move post-processing trigger to finally block in stop_recording so it survives handler timeouts --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): update Streamlink 8.1.2 → 8.2.1 Key changes in Streamlink 8.2.1: - Twitch: Switched to Usher v2 API endpoints (internal plugin change) - HLS stream names with pixels format now include framerate data Code changes: - Replace deprecated --hls-segment-queue-threshold with --stream-segmented-queue-deadline (deprecated since 8.1.0) Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/62ff8929-e85d-47ca-a72a-e9cb1595ddd5 Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Seraph91P <github@mebert-server.de> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Serph91P
added a commit
that referenced
this pull request
Apr 6, 2026
* ci(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump bandit from 1.9.2 to 1.9.4
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4)
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump fastapi from 0.133.1 to 0.135.1
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump python-dotenv from 1.2.1 to 1.2.2
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2)
---
updated-dependencies:
- dependency-name: python-dotenv
dependency-version: 1.2.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.0.7
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.27.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(deps): resolve serialize-javascript RCE vulnerability (GHSA)
Override serialize-javascript to ^7.0.3 to fix code injection via
RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix
for CVE-2020-7660).
Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser
-> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x.
Also fixes immutable prototype pollution (npm audit fix).
* ci(deps): bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/login-action from 3 to 4
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump apprise from 1.9.7 to 1.9.8
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump cachetools from 7.0.1 to 7.0.4
Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4)
---
updated-dependencies:
- dependency-name: cachetools
dependency-version: 7.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend
Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.30
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48
Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy[postgresql]
dependency-version: 2.0.48
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.5
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/setup-buildx-action from 3 to 4
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Feature/glassmorphism unified UI (#507)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509)
mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB,
causing CI scans to fail with:
FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2
Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use
the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all
workflows: security-scan.yml, release.yml, test.yml.
* Feature/glassmorphism unified UI (#508)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* feat(frontend): expand streamer settings, clean up settings UI
- Add codec preferences, max concurrent recordings, and global cleanup
policy toggle to streamer settings modal (StreamerDetailView)
- Update backend API to handle new per-streamer settings fields
(maxStreams, supportedCodecs, useGlobalCleanupPolicy)
- Fix saveSettings to call working PUT endpoint directly instead of
broken composable endpoint
- Hide connection-status block when not connected (TwitchConnectionPanel)
- Remove borders from steps-container and benefits-section
- Hide duplicate section headers on mobile settings pages
- Various glassmorphism UI polish: video controls, chapter seeking,
notification panel, force-record visibility, responsive video wrapper,
dashboard title cutoff, error overlay mobile fix
* Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance.
* fix: update copyright year in LICENSE file to 2026
* feat: add frontend development guide with quick start, dev scripts, and mock mode instructions
* fix(lint): apply ruff formatting to streamers.py and metadata_service.py
* chore(deps): upgrade to Vite 8, update all dependencies (#510)
- Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown)
- Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918)
- Convert manualChunks from object to function (Rolldown requirement)
- Update @vitejs/plugin-vue 6.0.4 -> 6.0.5
- Update @types/node 25.3.5 -> 25.5.0
- Update esbuild 0.27.3 -> 0.27.4
- Update sass 1.97.3 -> 1.98.0
- Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0
- Update Python cachetools 7.0.4 -> 7.0.5
* fix(recording): prevent ghost recordings from permanently blocking new recordings (#511)
Recording 68 for Dhalucard became a ghost recording on March 2 after a
PostgreSQL recovery mode outage prevented status updates. This ghost entry
blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors.
Root causes fixed:
- _handle_recording_completion: 'file not found' path never called
remove_active_recording, leaving ghost entries in state manager
- _handle_recording_error: DB failures in mark_recording_failed caused
the entire method to bail before remove_active_recording
- stop_recording: EventSub handler's 5s timeout caused CancelledError
before remove_active_recording was reached
Changes:
- Move remove_active_recording to finally blocks in _handle_recording_completion,
_handle_recording_error, and stop_recording so cleanup always runs
- Add stale recording detection in start_recording: if an 'active' recording
has no running process, clean it up instead of blocking
- Trigger post-processing for stale recordings that have files on disk
- Move post-processing trigger to finally block in stop_recording so it
survives handler timeouts
* ci(deps): bump release-drafter/release-drafter from 6 to 7 (#513)
Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6 to 7.
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](https://github.com/release-drafter/release-drafter/compare/v6...v7)
---
updated-dependencies:
- dependency-name: release-drafter/release-drafter
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump uvicorn[standard] from 0.41.0 to 0.42.0 (#514)
Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0)
---
updated-dependencies:
- dependency-name: uvicorn[standard]
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @vue/tsconfig from 0.9.0 to 0.9.1 in /app/frontend (#528)
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.9.0...v0.9.1)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.1
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite from 8.0.0 to 8.0.3 in /app/frontend (#527)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.0 to 8.0.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 8.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#525)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6)
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue from 3.5.30 to 3.5.31 in /app/frontend (#524)
Bumps [vue](https://github.com/vuejs/core) from 3.5.30 to 3.5.31.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.30...v3.5.31)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.31
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump fastapi from 0.135.1 to 0.135.2 (#523)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.135.1...0.135.2)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump aiohttp from 3.13.3 to 3.13.4 (#521)
---
updated-dependencies:
- dependency-name: aiohttp
dependency-version: 3.13.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* ci(deps): bump codecov/codecov-action from 5 to 6 (#520)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump apprise from 1.9.8 to 1.9.9 (#515)
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.8 to 1.9.9.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.8...v1.9.9)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue-router from 5.0.3 to 5.0.4 in /app/frontend (#519)
Bumps [vue-router](https://github.com/vuejs/router) from 5.0.3 to 5.0.4.
- [Release notes](https://github.com/vuejs/router/releases)
- [Commits](https://github.com/vuejs/router/compare/v5.0.3...v5.0.4)
---
updated-dependencies:
- dependency-name: vue-router
dependency-version: 5.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump eslint from 10.0.3 to 10.1.0 in /app/frontend (#517)
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.3 to 10.1.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.3...v10.1.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.1.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue-tsc from 3.2.5 to 3.2.6 in /app/frontend (#518)
Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/vuejs/language-tools/releases)
- [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vuejs/language-tools/commits/v3.2.6/packages/tsc)
---
updated-dependencies:
- dependency-name: vue-tsc
dependency-version: 3.2.6
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend (#522)
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.1.0 to 8.1.1.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.1.1/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.1.1
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Seraph91P <github@mebert-server.de>
* chore(deps): update Streamlink 8.1.2 → 8.2.1 (#529)
* chore(deps): bump rollup in /app/frontend
Bumps and [rollup](https://github.com/rollup/rollup). These dependencies needed to be updated together.
Updates `rollup` from 4.57.0 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0)
Updates `rollup` from 2.79.2 to 2.80.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0)
---
updated-dependencies:
- dependency-name: rollup
dependency-version: 4.59.0
dependency-type: indirect
- dependency-name: rollup
dependency-version: 2.80.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Develop (#512)
* ci(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump bandit from 1.9.2 to 1.9.4
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4)
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump fastapi from 0.133.1 to 0.135.1
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump python-dotenv from 1.2.1 to 1.2.2
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2)
---
updated-dependencies:
- dependency-name: python-dotenv
dependency-version: 1.2.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.0.7
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.27.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(deps): resolve serialize-javascript RCE vulnerability (GHSA)
Override serialize-javascript to ^7.0.3 to fix code injection via
RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix
for CVE-2020-7660).
Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser
-> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x.
Also fixes immutable prototype pollution (npm audit fix).
* ci(deps): bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/login-action from 3 to 4
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump apprise from 1.9.7 to 1.9.8
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump cachetools from 7.0.1 to 7.0.4
Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4)
---
updated-dependencies:
- dependency-name: cachetools
dependency-version: 7.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend
Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.30
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48
Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy[postgresql]
dependency-version: 2.0.48
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.5
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/setup-buildx-action from 3 to 4
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Feature/glassmorphism unified UI (#507)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509)
mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB,
causing CI scans to fail with:
FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2
Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use
the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all
workflows: security-scan.yml, release.yml, test.yml.
* Feature/glassmorphism unified UI (#508)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* feat(frontend): expand streamer settings, clean up settings UI
- Add codec preferences, max concurrent recordings, and global cleanup
policy toggle to streamer settings modal (StreamerDetailView)
- Update backend API to handle new per-streamer settings fields
(maxStreams, supportedCodecs, useGlobalCleanupPolicy)
- Fix saveSettings to call working PUT endpoint directly instead of
broken composable endpoint
- Hide connection-status block when not connected (TwitchConnectionPanel)
- Remove borders from steps-container and benefits-section
- Hide duplicate section headers on mobile settings pages
- Various glassmorphism UI polish: video controls, chapter seeking,
notification panel, force-record visibility, responsive video wrapper,
dashboard title cutoff, error overlay mobile fix
* Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance.
* fix: update copyright year in LICENSE file to 2026
* feat: add frontend development guide with quick start, dev scripts, and mock mode instructions
* fix(lint): apply ruff formatting to streamers.py and metadata_service.py
* chore(deps): upgrade to Vite 8, update all dependencies (#510)
- Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown)
- Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918)
- Convert manualChunks from object to function (Rolldown requirement)
- Update @vitejs/plugin-vue 6.0.4 -> 6.0.5
- Update @types/node 25.3.5 -> 25.5.0
- Update esbuild 0.27.3 -> 0.27.4
- Update sass 1.97.3 -> 1.98.0
- Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0
- Update Python cachetools 7.0.4 -> 7.0.5
* fix(recording): prevent ghost recordings from permanently blocking new recordings (#511)
Recording 68 for Dhalucard became a ghost recording on March 2 after a
PostgreSQL recovery mode outage prevented status updates. This ghost entry
blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors.
Root causes fixed:
- _handle_recording_completion: 'file not found' path never called
remove_active_recording, leaving ghost entries in state manager
- _handle_recording_error: DB failures in mark_recording_failed caused
the entire method to bail before remove_active_recording
- stop_recording: EventSub handler's 5s timeout caused CancelledError
before remove_active_recording was reached
Changes:
- Move remove_active_recording to finally blocks in _handle_recording_completion,
_handle_recording_error, and stop_recording so cleanup always runs
- Add stale recording detection in start_recording: if an 'active' recording
has no running process, clean it up instead of blocking
- Trigger post-processing for stale recordings that have files on disk
- Move post-processing trigger to finally block in stop_recording so it
survives handler timeouts
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update Streamlink 8.1.2 → 8.2.1
Key changes in Streamlink 8.2.1:
- Twitch: Switched to Usher v2 API endpoints (internal plugin change)
- HLS stream names with pixels format now include framerate data
Code changes:
- Replace deprecated --hls-segment-queue-threshold with
--stream-segmented-queue-deadline (deprecated since 8.1.0)
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/62ff8929-e85d-47ca-a72a-e9cb1595ddd5
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Seraph91P <github@mebert-server.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* chore(deps): bump eslint from 10.1.0 to 10.2.0 in /app/frontend (#542)
Bumps [eslint](https://github.com/eslint/eslint) from 10.1.0 to 10.2.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.1.0...v10.2.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @types/node from 25.5.0 to 25.5.2 in /app/frontend (#541)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.5.2
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49 (#540)
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.48 to 2.0.49.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy
dependency-version: 2.0.49
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sass from 1.98.0 to 1.99.0 in /app/frontend (#539)
Bumps [sass](https://github.com/sass/dart-sass) from 1.98.0 to 1.99.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.98.0...1.99.0)
---
updated-dependencies:
- dependency-name: sass
dependency-version: 1.99.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump uvicorn from 0.42.0 to 0.44.0 (#538)
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](https://github.com/Kludex/uvicorn/compare/0.42.0...0.44.0)
---
updated-dependencies:
- dependency-name: uvicorn
dependency-version: 0.44.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump python-multipart from 0.0.22 to 0.0.24 (#535)
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.24.
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.24)
---
updated-dependencies:
- dependency-name: python-multipart
dependency-version: 0.0.24
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump aiohttp from 3.13.4 to 3.13.5 (#534)
---
updated-dependencies:
- dependency-name: aiohttp
dependency-version: 3.13.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump pillow from 12.1.1 to 12.2.0 (#531)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to 12.2.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0)
---
updated-dependencies:
- dependency-name: pillow
dependency-version: 12.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump esbuild from 0.27.4 to 0.28.0 in /app/frontend (#532)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.28.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue from 3.5.31 to 3.5.32 in /app/frontend (#533)
Bumps [vue](https://github.com/vuejs/core) from 3.5.31 to 3.5.32.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.31...v3.5.32)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.32
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite from 8.0.3 to 8.0.4 in /app/frontend (#536)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.3 to 8.0.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.4/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 8.0.4
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump fastapi from 0.135.2 to 0.135.3 (#537)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.2 to 0.135.3.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.135.2...0.135.3)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend (#526)
* chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.2
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(frontend): fix TypeScript 6.0.2 compatibility issues in tsconfig and source files
- Remove deprecated `baseUrl` option from tsconfig.json (TS5101)
- Add explicit `rootDir: "."` to tsconfig.json (TS5011)
- Replace `process.env.NODE_ENV` with `import.meta.env?.DEV` in browser code
- Replace `NodeJS.Timeout` with `ReturnType<typeof setTimeout>` for browser compatibility
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* chore: revert unrelated vite.config.js style change
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Serph91P
added a commit
that referenced
this pull request
Apr 6, 2026
* ci(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump bandit from 1.9.2 to 1.9.4
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4)
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump fastapi from 0.133.1 to 0.135.1
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump python-dotenv from 1.2.1 to 1.2.2
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2)
---
updated-dependencies:
- dependency-name: python-dotenv
dependency-version: 1.2.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.0.7
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.27.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(deps): resolve serialize-javascript RCE vulnerability (GHSA)
Override serialize-javascript to ^7.0.3 to fix code injection via
RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix
for CVE-2020-7660).
Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser
-> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x.
Also fixes immutable prototype pollution (npm audit fix).
* ci(deps): bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/login-action from 3 to 4
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump apprise from 1.9.7 to 1.9.8
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump cachetools from 7.0.1 to 7.0.4
Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4)
---
updated-dependencies:
- dependency-name: cachetools
dependency-version: 7.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend
Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.30
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48
Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy[postgresql]
dependency-version: 2.0.48
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.5
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/setup-buildx-action from 3 to 4
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Feature/glassmorphism unified UI (#507)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509)
mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB,
causing CI scans to fail with:
FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2
Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use
the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all
workflows: security-scan.yml, release.yml, test.yml.
* Feature/glassmorphism unified UI (#508)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* feat(frontend): expand streamer settings, clean up settings UI
- Add codec preferences, max concurrent recordings, and global cleanup
policy toggle to streamer settings modal (StreamerDetailView)
- Update backend API to handle new per-streamer settings fields
(maxStreams, supportedCodecs, useGlobalCleanupPolicy)
- Fix saveSettings to call working PUT endpoint directly instead of
broken composable endpoint
- Hide connection-status block when not connected (TwitchConnectionPanel)
- Remove borders from steps-container and benefits-section
- Hide duplicate section headers on mobile settings pages
- Various glassmorphism UI polish: video controls, chapter seeking,
notification panel, force-record visibility, responsive video wrapper,
dashboard title cutoff, error overlay mobile fix
* Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance.
* fix: update copyright year in LICENSE file to 2026
* feat: add frontend development guide with quick start, dev scripts, and mock mode instructions
* fix(lint): apply ruff formatting to streamers.py and metadata_service.py
* chore(deps): upgrade to Vite 8, update all dependencies (#510)
- Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown)
- Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918)
- Convert manualChunks from object to function (Rolldown requirement)
- Update @vitejs/plugin-vue 6.0.4 -> 6.0.5
- Update @types/node 25.3.5 -> 25.5.0
- Update esbuild 0.27.3 -> 0.27.4
- Update sass 1.97.3 -> 1.98.0
- Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0
- Update Python cachetools 7.0.4 -> 7.0.5
* fix(recording): prevent ghost recordings from permanently blocking new recordings (#511)
Recording 68 for Dhalucard became a ghost recording on March 2 after a
PostgreSQL recovery mode outage prevented status updates. This ghost entry
blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors.
Root causes fixed:
- _handle_recording_completion: 'file not found' path never called
remove_active_recording, leaving ghost entries in state manager
- _handle_recording_error: DB failures in mark_recording_failed caused
the entire method to bail before remove_active_recording
- stop_recording: EventSub handler's 5s timeout caused CancelledError
before remove_active_recording was reached
Changes:
- Move remove_active_recording to finally blocks in _handle_recording_completion,
_handle_recording_error, and stop_recording so cleanup always runs
- Add stale recording detection in start_recording: if an 'active' recording
has no running process, clean it up instead of blocking
- Trigger post-processing for stale recordings that have files on disk
- Move post-processing trigger to finally block in stop_recording so it
survives handler timeouts
* ci(deps): bump release-drafter/release-drafter from 6 to 7 (#513)
Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6 to 7.
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](https://github.com/release-drafter/release-drafter/compare/v6...v7)
---
updated-dependencies:
- dependency-name: release-drafter/release-drafter
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump uvicorn[standard] from 0.41.0 to 0.42.0 (#514)
Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0)
---
updated-dependencies:
- dependency-name: uvicorn[standard]
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @vue/tsconfig from 0.9.0 to 0.9.1 in /app/frontend (#528)
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.9.0...v0.9.1)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.1
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite from 8.0.0 to 8.0.3 in /app/frontend (#527)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.0 to 8.0.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 8.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#525)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6)
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue from 3.5.30 to 3.5.31 in /app/frontend (#524)
Bumps [vue](https://github.com/vuejs/core) from 3.5.30 to 3.5.31.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.30...v3.5.31)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.31
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump fastapi from 0.135.1 to 0.135.2 (#523)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.135.1...0.135.2)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump aiohttp from 3.13.3 to 3.13.4 (#521)
---
updated-dependencies:
- dependency-name: aiohttp
dependency-version: 3.13.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* ci(deps): bump codecov/codecov-action from 5 to 6 (#520)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump apprise from 1.9.8 to 1.9.9 (#515)
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.8 to 1.9.9.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.8...v1.9.9)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue-router from 5.0.3 to 5.0.4 in /app/frontend (#519)
Bumps [vue-router](https://github.com/vuejs/router) from 5.0.3 to 5.0.4.
- [Release notes](https://github.com/vuejs/router/releases)
- [Commits](https://github.com/vuejs/router/compare/v5.0.3...v5.0.4)
---
updated-dependencies:
- dependency-name: vue-router
dependency-version: 5.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump eslint from 10.0.3 to 10.1.0 in /app/frontend (#517)
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.3 to 10.1.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.3...v10.1.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.1.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue-tsc from 3.2.5 to 3.2.6 in /app/frontend (#518)
Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/vuejs/language-tools/releases)
- [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vuejs/language-tools/commits/v3.2.6/packages/tsc)
---
updated-dependencies:
- dependency-name: vue-tsc
dependency-version: 3.2.6
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend (#522)
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.1.0 to 8.1.1.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.1.1/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.1.1
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Seraph91P <github@mebert-server.de>
* chore(deps): update Streamlink 8.1.2 → 8.2.1 (#529)
* chore(deps): bump rollup in /app/frontend
Bumps and [rollup](https://github.com/rollup/rollup). These dependencies needed to be updated together.
Updates `rollup` from 4.57.0 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0)
Updates `rollup` from 2.79.2 to 2.80.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0)
---
updated-dependencies:
- dependency-name: rollup
dependency-version: 4.59.0
dependency-type: indirect
- dependency-name: rollup
dependency-version: 2.80.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Develop (#512)
* ci(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump bandit from 1.9.2 to 1.9.4
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4)
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump fastapi from 0.133.1 to 0.135.1
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump python-dotenv from 1.2.1 to 1.2.2
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2)
---
updated-dependencies:
- dependency-name: python-dotenv
dependency-version: 1.2.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.0.7
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.27.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(deps): resolve serialize-javascript RCE vulnerability (GHSA)
Override serialize-javascript to ^7.0.3 to fix code injection via
RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix
for CVE-2020-7660).
Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser
-> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x.
Also fixes immutable prototype pollution (npm audit fix).
* ci(deps): bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/login-action from 3 to 4
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump apprise from 1.9.7 to 1.9.8
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump cachetools from 7.0.1 to 7.0.4
Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4)
---
updated-dependencies:
- dependency-name: cachetools
dependency-version: 7.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend
Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.30
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48
Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy[postgresql]
dependency-version: 2.0.48
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.5
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/setup-buildx-action from 3 to 4
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Feature/glassmorphism unified UI (#507)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509)
mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB,
causing CI scans to fail with:
FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2
Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use
the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all
workflows: security-scan.yml, release.yml, test.yml.
* Feature/glassmorphism unified UI (#508)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* feat(frontend): expand streamer settings, clean up settings UI
- Add codec preferences, max concurrent recordings, and global cleanup
policy toggle to streamer settings modal (StreamerDetailView)
- Update backend API to handle new per-streamer settings fields
(maxStreams, supportedCodecs, useGlobalCleanupPolicy)
- Fix saveSettings to call working PUT endpoint directly instead of
broken composable endpoint
- Hide connection-status block when not connected (TwitchConnectionPanel)
- Remove borders from steps-container and benefits-section
- Hide duplicate section headers on mobile settings pages
- Various glassmorphism UI polish: video controls, chapter seeking,
notification panel, force-record visibility, responsive video wrapper,
dashboard title cutoff, error overlay mobile fix
* Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance.
* fix: update copyright year in LICENSE file to 2026
* feat: add frontend development guide with quick start, dev scripts, and mock mode instructions
* fix(lint): apply ruff formatting to streamers.py and metadata_service.py
* chore(deps): upgrade to Vite 8, update all dependencies (#510)
- Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown)
- Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918)
- Convert manualChunks from object to function (Rolldown requirement)
- Update @vitejs/plugin-vue 6.0.4 -> 6.0.5
- Update @types/node 25.3.5 -> 25.5.0
- Update esbuild 0.27.3 -> 0.27.4
- Update sass 1.97.3 -> 1.98.0
- Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0
- Update Python cachetools 7.0.4 -> 7.0.5
* fix(recording): prevent ghost recordings from permanently blocking new recordings (#511)
Recording 68 for Dhalucard became a ghost recording on March 2 after a
PostgreSQL recovery mode outage prevented status updates. This ghost entry
blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors.
Root causes fixed:
- _handle_recording_completion: 'file not found' path never called
remove_active_recording, leaving ghost entries in state manager
- _handle_recording_error: DB failures in mark_recording_failed caused
the entire method to bail before remove_active_recording
- stop_recording: EventSub handler's 5s timeout caused CancelledError
before remove_active_recording was reached
Changes:
- Move remove_active_recording to finally blocks in _handle_recording_completion,
_handle_recording_error, and stop_recording so cleanup always runs
- Add stale recording detection in start_recording: if an 'active' recording
has no running process, clean it up instead of blocking
- Trigger post-processing for stale recordings that have files on disk
- Move post-processing trigger to finally block in stop_recording so it
survives handler timeouts
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update Streamlink 8.1.2 → 8.2.1
Key changes in Streamlink 8.2.1:
- Twitch: Switched to Usher v2 API endpoints (internal plugin change)
- HLS stream names with pixels format now include framerate data
Code changes:
- Replace deprecated --hls-segment-queue-threshold with
--stream-segmented-queue-deadline (deprecated since 8.1.0)
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/62ff8929-e85d-47ca-a72a-e9cb1595ddd5
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Seraph91P <github@mebert-server.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* chore(deps): bump eslint from 10.1.0 to 10.2.0 in /app/frontend (#542)
Bumps [eslint](https://github.com/eslint/eslint) from 10.1.0 to 10.2.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.1.0...v10.2.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @types/node from 25.5.0 to 25.5.2 in /app/frontend (#541)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.5.2
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49 (#540)
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.48 to 2.0.49.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy
dependency-version: 2.0.49
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sass from 1.98.0 to 1.99.0 in /app/frontend (#539)
Bumps [sass](https://github.com/sass/dart-sass) from 1.98.0 to 1.99.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.98.0...1.99.0)
---
updated-dependencies:
- dependency-name: sass
dependency-version: 1.99.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump uvicorn from 0.42.0 to 0.44.0 (#538)
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](https://github.com/Kludex/uvicorn/compare/0.42.0...0.44.0)
---
updated-dependencies:
- dependency-name: uvicorn
dependency-version: 0.44.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump python-multipart from 0.0.22 to 0.0.24 (#535)
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.24.
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.24)
---
updated-dependencies:
- dependency-name: python-multipart
dependency-version: 0.0.24
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump aiohttp from 3.13.4 to 3.13.5 (#534)
---
updated-dependencies:
- dependency-name: aiohttp
dependency-version: 3.13.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump pillow from 12.1.1 to 12.2.0 (#531)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to 12.2.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0)
---
updated-dependencies:
- dependency-name: pillow
dependency-version: 12.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump esbuild from 0.27.4 to 0.28.0 in /app/frontend (#532)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.28.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue from 3.5.31 to 3.5.32 in /app/frontend (#533)
Bumps [vue](https://github.com/vuejs/core) from 3.5.31 to 3.5.32.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.31...v3.5.32)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.32
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite from 8.0.3 to 8.0.4 in /app/frontend (#536)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.3 to 8.0.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.4/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 8.0.4
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump fastapi from 0.135.2 to 0.135.3 (#537)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.2 to 0.135.3.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.135.2...0.135.3)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend (#526)
* chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.2
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(frontend): fix TypeScript 6.0.2 compatibility issues in tsconfig and source files
- Remove deprecated `baseUrl` option from tsconfig.json (TS5101)
- Add explicit `rootDir: "."` to tsconfig.json (TS5011)
- Replace `process.env.NODE_ENV` with `import.meta.env?.DEV` in browser code
- Replace `NodeJS.Timeout` with `ReturnType<typeof setTimeout>` for browser compatibility
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* chore: revert unrelated vite.config.js style change
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* fix(security): resolve gitleaks secrets and npm vulnerability alerts (#544)
- Replace realistic example tokens with obvious placeholders in docs
(README.md, copilot-instructions.md, agent files)
- Add .gitleaks.toml to allowlist historical commits with rotated tokens
- Fix all npm dependency vulnerabilities via npm audit fix:
flatted, picomatch, yaml, lodash, brace-expansion (0 vulns remaining)
- Dismiss CodeQL py/path-injection false positives (validated before use)
- Dismiss Dockerfile lint, esbuild Go CVEs, container image alerts
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Serph91P
added a commit
that referenced
this pull request
Apr 17, 2026
* ci(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump bandit from 1.9.2 to 1.9.4
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4)
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump fastapi from 0.133.1 to 0.135.1
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump python-dotenv from 1.2.1 to 1.2.2
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2)
---
updated-dependencies:
- dependency-name: python-dotenv
dependency-version: 1.2.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.0.7
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.27.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(deps): resolve serialize-javascript RCE vulnerability (GHSA)
Override serialize-javascript to ^7.0.3 to fix code injection via
RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix
for CVE-2020-7660).
Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser
-> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x.
Also fixes immutable prototype pollution (npm audit fix).
* ci(deps): bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/login-action from 3 to 4
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump apprise from 1.9.7 to 1.9.8
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump cachetools from 7.0.1 to 7.0.4
Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4)
---
updated-dependencies:
- dependency-name: cachetools
dependency-version: 7.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend
Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.30
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48
Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy[postgresql]
dependency-version: 2.0.48
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.5
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/setup-buildx-action from 3 to 4
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Feature/glassmorphism unified UI (#507)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509)
mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB,
causing CI scans to fail with:
FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2
Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use
the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all
workflows: security-scan.yml, release.yml, test.yml.
* Feature/glassmorphism unified UI (#508)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* feat(frontend): expand streamer settings, clean up settings UI
- Add codec preferences, max concurrent recordings, and global cleanup
policy toggle to streamer settings modal (StreamerDetailView)
- Update backend API to handle new per-streamer settings fields
(maxStreams, supportedCodecs, useGlobalCleanupPolicy)
- Fix saveSettings to call working PUT endpoint directly instead of
broken composable endpoint
- Hide connection-status block when not connected (TwitchConnectionPanel)
- Remove borders from steps-container and benefits-section
- Hide duplicate section headers on mobile settings pages
- Various glassmorphism UI polish: video controls, chapter seeking,
notification panel, force-record visibility, responsive video wrapper,
dashboard title cutoff, error overlay mobile fix
* Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance.
* fix: update copyright year in LICENSE file to 2026
* feat: add frontend development guide with quick start, dev scripts, and mock mode instructions
* fix(lint): apply ruff formatting to streamers.py and metadata_service.py
* chore(deps): upgrade to Vite 8, update all dependencies (#510)
- Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown)
- Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918)
- Convert manualChunks from object to function (Rolldown requirement)
- Update @vitejs/plugin-vue 6.0.4 -> 6.0.5
- Update @types/node 25.3.5 -> 25.5.0
- Update esbuild 0.27.3 -> 0.27.4
- Update sass 1.97.3 -> 1.98.0
- Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0
- Update Python cachetools 7.0.4 -> 7.0.5
* fix(recording): prevent ghost recordings from permanently blocking new recordings (#511)
Recording 68 for Dhalucard became a ghost recording on March 2 after a
PostgreSQL recovery mode outage prevented status updates. This ghost entry
blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors.
Root causes fixed:
- _handle_recording_completion: 'file not found' path never called
remove_active_recording, leaving ghost entries in state manager
- _handle_recording_error: DB failures in mark_recording_failed caused
the entire method to bail before remove_active_recording
- stop_recording: EventSub handler's 5s timeout caused CancelledError
before remove_active_recording was reached
Changes:
- Move remove_active_recording to finally blocks in _handle_recording_completion,
_handle_recording_error, and stop_recording so cleanup always runs
- Add stale recording detection in start_recording: if an 'active' recording
has no running process, clean it up instead of blocking
- Trigger post-processing for stale recordings that have files on disk
- Move post-processing trigger to finally block in stop_recording so it
survives handler timeouts
* ci(deps): bump release-drafter/release-drafter from 6 to 7 (#513)
Bumps [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) from 6 to 7.
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](https://github.com/release-drafter/release-drafter/compare/v6...v7)
---
updated-dependencies:
- dependency-name: release-drafter/release-drafter
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump uvicorn[standard] from 0.41.0 to 0.42.0 (#514)
Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](https://github.com/Kludex/uvicorn/compare/0.41.0...0.42.0)
---
updated-dependencies:
- dependency-name: uvicorn[standard]
dependency-version: 0.42.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @vue/tsconfig from 0.9.0 to 0.9.1 in /app/frontend (#528)
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.9.0 to 0.9.1.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.9.0...v0.9.1)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.1
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite from 8.0.0 to 8.0.3 in /app/frontend (#527)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.0 to 8.0.3.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.3/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 8.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#525)
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.5 to 46.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/46.0.5...46.0.6)
---
updated-dependencies:
- dependency-name: cryptography
dependency-version: 46.0.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue from 3.5.30 to 3.5.31 in /app/frontend (#524)
Bumps [vue](https://github.com/vuejs/core) from 3.5.30 to 3.5.31.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.30...v3.5.31)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.31
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump fastapi from 0.135.1 to 0.135.2 (#523)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.1 to 0.135.2.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.135.1...0.135.2)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump aiohttp from 3.13.3 to 3.13.4 (#521)
---
updated-dependencies:
- dependency-name: aiohttp
dependency-version: 3.13.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* ci(deps): bump codecov/codecov-action from 5 to 6 (#520)
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump apprise from 1.9.8 to 1.9.9 (#515)
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.8 to 1.9.9.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.8...v1.9.9)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.9
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue-router from 5.0.3 to 5.0.4 in /app/frontend (#519)
Bumps [vue-router](https://github.com/vuejs/router) from 5.0.3 to 5.0.4.
- [Release notes](https://github.com/vuejs/router/releases)
- [Commits](https://github.com/vuejs/router/compare/v5.0.3...v5.0.4)
---
updated-dependencies:
- dependency-name: vue-router
dependency-version: 5.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump eslint from 10.0.3 to 10.1.0 in /app/frontend (#517)
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.3 to 10.1.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.3...v10.1.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.1.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue-tsc from 3.2.5 to 3.2.6 in /app/frontend (#518)
Bumps [vue-tsc](https://github.com/vuejs/language-tools/tree/HEAD/packages/tsc) from 3.2.5 to 3.2.6.
- [Release notes](https://github.com/vuejs/language-tools/releases)
- [Changelog](https://github.com/vuejs/language-tools/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vuejs/language-tools/commits/v3.2.6/packages/tsc)
---
updated-dependencies:
- dependency-name: vue-tsc
dependency-version: 3.2.6
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend (#522)
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.1.0 to 8.1.1.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.1.1/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.1.1
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Seraph91P <github@mebert-server.de>
* chore(deps): update Streamlink 8.1.2 → 8.2.1 (#529)
* chore(deps): bump rollup in /app/frontend
Bumps and [rollup](https://github.com/rollup/rollup). These dependencies needed to be updated together.
Updates `rollup` from 4.57.0 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0)
Updates `rollup` from 2.79.2 to 2.80.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.57.0...v4.59.0)
---
updated-dependencies:
- dependency-name: rollup
dependency-version: 4.59.0
dependency-type: indirect
- dependency-name: rollup
dependency-version: 2.80.0
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Develop (#512)
* ci(deps): bump actions/upload-artifact from 6 to 7
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump bandit from 1.9.2 to 1.9.4
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.9.2 to 1.9.4.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.9.2...1.9.4)
---
updated-dependencies:
- dependency-name: bandit
dependency-version: 1.9.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump fastapi from 0.133.1 to 0.135.1
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.133.1 to 0.135.1.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.133.1...0.135.1)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump python-dotenv from 1.2.1 to 1.2.2
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2)
---
updated-dependencies:
- dependency-name: python-dotenv
dependency-version: 1.2.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vite-plugin-vue-devtools in /app/frontend
Bumps [vite-plugin-vue-devtools](https://github.com/vuejs/devtools/tree/HEAD/packages/vite) from 8.0.6 to 8.0.7.
- [Release notes](https://github.com/vuejs/devtools/releases)
- [Commits](https://github.com/vuejs/devtools/commits/v8.0.7/packages/vite)
---
updated-dependencies:
- dependency-name: vite-plugin-vue-devtools
dependency-version: 8.0.7
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @vue/tsconfig from 0.8.1 to 0.9.0 in /app/frontend
Bumps [@vue/tsconfig](https://github.com/vuejs/tsconfig) from 0.8.1 to 0.9.0.
- [Release notes](https://github.com/vuejs/tsconfig/releases)
- [Commits](https://github.com/vuejs/tsconfig/compare/v0.8.1...v0.9.0)
---
updated-dependencies:
- dependency-name: "@vue/tsconfig"
dependency-version: 0.9.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump esbuild from 0.27.2 to 0.27.3 in /app/frontend
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.2 to 0.27.3.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.2...v0.27.3)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.27.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(deps): resolve serialize-javascript RCE vulnerability (GHSA)
Override serialize-javascript to ^7.0.3 to fix code injection via
RegExp.flags and Date.prototype.toISOString() (CVE incomplete fix
for CVE-2020-7660).
Transitive dep chain: vite-plugin-pwa -> workbox-build -> @rollup/plugin-terser
-> serialize-javascript. Upstream pins ^0.4.3 which caps at 6.x.
Also fixes immutable prototype pollution (npm audit fix).
* ci(deps): bump docker/build-push-action from 6 to 7
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump eslint from 10.0.2 to 10.0.3 in /app/frontend
Bumps [eslint](https://github.com/eslint/eslint) from 10.0.2 to 10.0.3.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.0.2...v10.0.3)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.0.3
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/login-action from 3 to 4
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump apprise from 1.9.7 to 1.9.8
Bumps [apprise](https://github.com/caronc/apprise) from 1.9.7 to 1.9.8.
- [Release notes](https://github.com/caronc/apprise/releases)
- [Commits](https://github.com/caronc/apprise/compare/v1.9.7...v1.9.8)
---
updated-dependencies:
- dependency-name: apprise
dependency-version: 1.9.8
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump cachetools from 7.0.1 to 7.0.4
Bumps [cachetools](https://github.com/tkem/cachetools) from 7.0.1 to 7.0.4.
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/tkem/cachetools/compare/v7.0.1...v7.0.4)
---
updated-dependencies:
- dependency-name: cachetools
dependency-version: 7.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump vue from 3.5.29 to 3.5.30 in /app/frontend
Bumps [vue](https://github.com/vuejs/core) from 3.5.29 to 3.5.30.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.29...v3.5.30)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.30
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/metadata-action from 5 to 6
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump sqlalchemy[postgresql] from 2.0.47 to 2.0.48
Bumps [sqlalchemy[postgresql]](https://github.com/sqlalchemy/sqlalchemy) from 2.0.47 to 2.0.48.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy[postgresql]
dependency-version: 2.0.48
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump @types/node from 24.10.9 to 25.3.5 in /app/frontend
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.9 to 25.3.5.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.3.5
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* ci(deps): bump docker/setup-buildx-action from 3 to 4
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-version: '4'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* Feature/glassmorphism unified UI (#507)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io (#509)
mirror.gcr.io returns 404 when downloading the Trivy vulnerability DB,
causing CI scans to fail with:
FATAL: failed to download artifact from mirror.gcr.io/aquasec/trivy-db:2
Set TRIVY_DB_REPOSITORY and TRIVY_JAVA_DB_REPOSITORY env vars to use
the official ghcr.io registry (ghcr.io/aquasecurity/trivy-db:2) in all
workflows: security-scan.yml, release.yml, test.yml.
* Feature/glassmorphism unified UI (#508)
* feat(frontend): unified glassmorphism UI rework with bug fixes
- Create _glass-system.scss unified design system (~450 lines)
- CSS custom properties for glass tokens (bg, blur, shadow, border)
- Theme-aware variables (dark/light) eliminating manual overrides
- Glass surface mixins (subtle/medium/strong variants)
- Component classes, button system, form elements, utilities
- Fix notification bell click-outside bug
- Replace broken querySelector with Vue template refs
- Add @click.stop modifier and onUnmounted cleanup
- Make bell visible on all screen sizes (was hidden on mobile)
- Fix login state refresh bug
- LoginView now uses useAuth().login() composable
- Replace window.location.href with router.push('/')
- Auth state updates reactively via module-level singleton refs
- Remove duplicate hamburger menu navigation
- Delete mobile menu overlay, hamburger button, related functions
- SidebarNav for desktop, BottomNav for mobile (clean separation)
- Migrate 13 components to glass system variables
- Replace hardcoded rgba/blur/shadow with glass tokens
- Remove [data-theme] overrides (glass vars are theme-aware)
- Add @supports fallbacks for backdrop-filter
- Remove old _glass.scss import from main.scss (dead code)
* feat: add .gitignore to exclude cache and project.local.yml
* feat: update .gitignore to include .pytest_cache and .serena
* feat(frontend): expand streamer settings, clean up settings UI
- Add codec preferences, max concurrent recordings, and global cleanup
policy toggle to streamer settings modal (StreamerDetailView)
- Update backend API to handle new per-streamer settings fields
(maxStreams, supportedCodecs, useGlobalCleanupPolicy)
- Fix saveSettings to call working PUT endpoint directly instead of
broken composable endpoint
- Hide connection-status block when not connected (TwitchConnectionPanel)
- Remove borders from steps-container and benefits-section
- Hide duplicate section headers on mobile settings pages
- Various glassmorphism UI polish: video controls, chapter seeking,
notification panel, force-record visibility, responsive video wrapper,
dashboard title cutoff, error overlay mobile fix
* Remove outdated ADRs and architecture review documents; implement circuit breaker for Twitch API and Prometheus metrics for observability; enhance security by addressing critical vulnerabilities in authentication and session management; improve error handling and logging practices; and refine overall application architecture for better reliability and performance.
* fix: update copyright year in LICENSE file to 2026
* feat: add frontend development guide with quick start, dev scripts, and mock mode instructions
* fix(lint): apply ruff formatting to streamers.py and metadata_service.py
* chore(deps): upgrade to Vite 8, update all dependencies (#510)
- Upgrade Vite from 7.3.1 to 8.0.0 (2x faster builds via Rolldown)
- Add overrides for vite-plugin-pwa Vite 8 peer dependency (ref #918)
- Convert manualChunks from object to function (Rolldown requirement)
- Update @vitejs/plugin-vue 6.0.4 -> 6.0.5
- Update @types/node 25.3.5 -> 25.5.0
- Update esbuild 0.27.3 -> 0.27.4
- Update sass 1.97.3 -> 1.98.0
- Update vite-plugin-vue-devtools 8.0.7 -> 8.1.0
- Update Python cachetools 7.0.4 -> 7.0.5
* fix(recording): prevent ghost recordings from permanently blocking new recordings (#511)
Recording 68 for Dhalucard became a ghost recording on March 2 after a
PostgreSQL recovery mode outage prevented status updates. This ghost entry
blocked all new recordings for 12+ days with DUPLICATE_BLOCK errors.
Root causes fixed:
- _handle_recording_completion: 'file not found' path never called
remove_active_recording, leaving ghost entries in state manager
- _handle_recording_error: DB failures in mark_recording_failed caused
the entire method to bail before remove_active_recording
- stop_recording: EventSub handler's 5s timeout caused CancelledError
before remove_active_recording was reached
Changes:
- Move remove_active_recording to finally blocks in _handle_recording_completion,
_handle_recording_error, and stop_recording so cleanup always runs
- Add stale recording detection in start_recording: if an 'active' recording
has no running process, clean it up instead of blocking
- Trigger post-processing for stale recordings that have files on disk
- Move post-processing trigger to finally block in stop_recording so it
survives handler timeouts
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): update Streamlink 8.1.2 → 8.2.1
Key changes in Streamlink 8.2.1:
- Twitch: Switched to Usher v2 API endpoints (internal plugin change)
- HLS stream names with pixels format now include framerate data
Code changes:
- Replace deprecated --hls-segment-queue-threshold with
--stream-segmented-queue-deadline (deprecated since 8.1.0)
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/62ff8929-e85d-47ca-a72a-e9cb1595ddd5
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Seraph91P <github@mebert-server.de>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* chore(deps): bump eslint from 10.1.0 to 10.2.0 in /app/frontend (#542)
Bumps [eslint](https://github.com/eslint/eslint) from 10.1.0 to 10.2.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v10.1.0...v10.2.0)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 10.2.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @types/node from 25.5.0 to 25.5.2 in /app/frontend (#541)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.0 to 25.5.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.5.2
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sqlalchemy from 2.0.48 to 2.0.49 (#540)
Bumps [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy) from 2.0.48 to 2.0.49.
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)
---
updated-dependencies:
- dependency-name: sqlalchemy
dependency-version: 2.0.49
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump sass from 1.98.0 to 1.99.0 in /app/frontend (#539)
Bumps [sass](https://github.com/sass/dart-sass) from 1.98.0 to 1.99.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.98.0...1.99.0)
---
updated-dependencies:
- dependency-name: sass
dependency-version: 1.99.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump uvicorn from 0.42.0 to 0.44.0 (#538)
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0.
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](https://github.com/Kludex/uvicorn/compare/0.42.0...0.44.0)
---
updated-dependencies:
- dependency-name: uvicorn
dependency-version: 0.44.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump python-multipart from 0.0.22 to 0.0.24 (#535)
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.24.
- [Release notes](https://github.com/Kludex/python-multipart/releases)
- [Changelog](https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.24)
---
updated-dependencies:
- dependency-name: python-multipart
dependency-version: 0.0.24
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump aiohttp from 3.13.4 to 3.13.5 (#534)
---
updated-dependencies:
- dependency-name: aiohttp
dependency-version: 3.13.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump pillow from 12.1.1 to 12.2.0 (#531)
Bumps [pillow](https://github.com/python-pillow/Pillow) from 12.1.1 to 12.2.0.
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](https://github.com/python-pillow/Pillow/compare/12.1.1...12.2.0)
---
updated-dependencies:
- dependency-name: pillow
dependency-version: 12.2.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump esbuild from 0.27.4 to 0.28.0 in /app/frontend (#532)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.4 to 0.28.0.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.27.4...v0.28.0)
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.28.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vue from 3.5.31 to 3.5.32 in /app/frontend (#533)
Bumps [vue](https://github.com/vuejs/core) from 3.5.31 to 3.5.32.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/compare/v3.5.31...v3.5.32)
---
updated-dependencies:
- dependency-name: vue
dependency-version: 3.5.32
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite from 8.0.3 to 8.0.4 in /app/frontend (#536)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.3 to 8.0.4.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.4/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 8.0.4
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump fastapi from 0.135.2 to 0.135.3 (#537)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.2 to 0.135.3.
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](https://github.com/fastapi/fastapi/compare/0.135.2...0.135.3)
---
updated-dependencies:
- dependency-name: fastapi
dependency-version: 0.135.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend (#526)
* chore(deps): bump typescript from 5.9.3 to 6.0.2 in /app/frontend
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.2.
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.9.3...v6.0.2)
---
updated-dependencies:
- dependency-name: typescript
dependency-version: 6.0.2
dependency-type: direct:development
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
* fix(frontend): fix TypeScript 6.0.2 compatibility issues in tsconfig and source files
- Remove deprecated `baseUrl` option from tsconfig.json (TS5101)
- Add explicit `rootDir: "."` to tsconfig.json (TS5011)
- Replace `process.env.NODE_ENV` with `import.meta.env?.DEV` in browser code
- Replace `NodeJS.Timeout` with `ReturnType<typeof setTimeout>` for browser compatibility
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* chore: revert unrelated vite.config.js style change
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/013a80c0-703a-4480-8a1f-843e29893827
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* fix(security): resolve gitleaks secrets and npm vulnerability alerts (#544)
- Replace realistic example tokens with obvious placeholders in docs
(README.md, copilot-instructions.md, agent files)
- Add .gitleaks.toml to allowlist historical commits with rotated tokens
- Fix all npm dependency vulnerabilities via npm audit fix:
flatted, picomatch, yaml, lodash, brace-expansion (0 vulns remaining)
- Dismiss CodeQL py/path-injection false positives (validated before use)
- Dismiss Dockerfile lint, esbuild Go CVEs, container image alerts
* chore(deps): update cryptography 46.0.6→46.0.7, greenlet 3.3.2→3.4.0, python-multipart 0.0.24→0.0.26 (#554)
Agent-Logs-Url: https://github.com/Serph91P/StreamVault/sessions/998fb5e1-98a2-4211-ab76-9ff0fa2ff242
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Serph91P <8904984+Serph91P@users.noreply.github.com>
* chore(deps): bump @vitejs/plugin-vue in /app/frontend (#553)
Bumps [@vitejs/plugin-vue](https://github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue) from 6.0.5 to 6.0.6.
- [Release notes](https://github.com/vitejs/vite-plugin-vue/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-vue/blob/main/packages/plugin-vue/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-vue/commits/plugin-vue@6.0.6/packages/plugin-vue)
---
updated-dependencies:
- dependency-name: "@vitejs/plugin-vue"
dependency-version: 6.0.6
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* ci(deps): bump softprops/action-gh-release from 2 to 3 (#546)
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v2...v3)
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-version: '3'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @types/node from 25.5.2 to 25.6.0 in /app/frontend (#552)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.5.2 to 25.6.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
---
updated-dependencies:
- dependency-name: "@types/node"
dependency-version: 25.6.0
dependency-type: direct:development
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump prettier from 3.8.1 to 3.8.2 in /app/frontend (#551)
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.1 to 3.8.2.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.8.1...3.8.2)
---
updated-dependencies:
- dependency-name: prettier
dependency-version: 3.8.2
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump vite from 8.0.5 to 8.0.8 in /app/frontend (#550)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 8.0.5 to 8.0.8.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.8/packages/vite)
---
updated-dependencies:
- dependency-name: vite
dependency-version: 8.0.8
dependency-type: direct:development
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat(metadata): improve Plex/Emby NFO cast, plot and genres (#555)
* feat(metadata): improve Plex/Emby NFO cast, plot and genres
- Add 'description' column to streamers (Migration 036) and persist the
Twitch 'About' bio on streamer create, EventSub stream.online and
periodic refresh.
- tvshow.nfo: use the streamer's Twitch bio as <plot> (falls back to the
previous generic placeholder when the bio is empty).
- tvshow.nfo: emit one <genre> per unique historical stream category so
Plex/Emby display the full range of games the streamer has played
(deduplicated, capped at 20 most recent, with 'Livestream' fallback).
- Actor cast image: prefer the HTTPS Twitch CDN URL for <actor><thumb> in
both tvshow.nfo and episode.nfo so Plex' new NFO scanner can resolve it
reliably; fall back to the relative cached poster path when unavailable.
- Create local .Actors/<name>/folder.jpg next to tvshow.nfo as an offline
fallback for Emby/Jellyfin.
- Tests: 12 new unit tests for the helpers (_series_plot_text,
_pick_actor_thumb_url, _collect_streamer_genres).
* test: add top-level conftest to ensure 'app' is importable in CI
Without a pyproject.toml / pytest.ini, pytest's default rootpath algorithm
inserts only the tests/ directory into sys.path (since tests/ has no
__init__.py), which breaks module-level 'from app.xxx import ...' in test
files - including existing tests like test_security.py and the new
test_metadata_nfo.py.
Adding a repo-level conftest.py that prepends the repo root to sys.path is
the canonical fix: it is imported before any test module collection and
works regardless of whether pytest is invoked as a script or via
'python -m pytest'.
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps @vue/tsconfig from 0.9.0 to 0.9.1.
Release notes
Sourced from
@vue/tsconfig's releases.Commits
dc7af0b0.9.1e73ef3cfix: align typescript peer dependency with documentationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)