Summary
This PR is a mix of release plumbing, security cleanup, Docker compatibility work, and a small UI polish pass. It keeps package versions aligned with the backend version, expands CodeQL coverage, hardens manual download routing, clears current frontend and Discord bot dependency advisories, improves Docker env compatibility, and tidies up the app shell on desktop and mobile.
Changed
- Frontend and package versions are now synced automatically from
listenarr.api/Listenarr.Api.csprojduring local npm workflows and CI version bumps. - CI version bump workflows now pass the already-computed
NEW_VERSIONdirectly into the sync step so frontend metadata cannot lag behind the release version. - CodeQL now scans GitHub Actions workflows in addition to the existing C# and JavaScript analysis.
- The app version was moved out of the header and into the bottom of the sidenav, where it stays visible as plain text.
- On mobile, the menu button now appears to the left of the logo for a more natural header layout.
Fixed
- Docker startup now handles
PGIDcollisions more gracefully by remapping a pre-created service account instead of failing when the requested group already exists. GIDis now accepted as a compatibility alias forPGID.UMASK_SETis now supported as a legacy alias forUMASK, withUMASKstill taking precedence if both are set.- Manual send-to-client downloads no longer trust the client-supplied
DownloadType; the server now derives the effective type itself, preventing spoofedDDLvalues from bypassing normal routing. - Frontend dependency advisories were cleared by refreshing the lockfile so the
@vue/test-utils->js-beautify->editorconfigchain resolves to patched packages. - Discord bot dependency advisories were cleared by updating the resolved
undiciversion to6.24.1through the bot package override and lockfile refresh.
Removed
- The version badge beside the header logo.
- ...
Automated canary build