Listenarrs/Listenarr 0.2.70

Canary 0.2.70

on GitHub

This PR upgrades Node.js from EOL 20/22 to 24 LTS, rewrites the Discord bot in ESM (fixing 5 bugs along the way), bumps frontend deps including TypeScript 6, and patches three Docker CVEs.

Fixed

• Discord bot files missing from build output — corrected ToolsDir and Content Include paths in Listenarr.Api.csproj; switched to Content Remove + Content Include so .js files are copied with CopyToOutputDirectory: PreserveNewest.
• Discord bot failed to start (discord.js named ESM export error) — replaced named ESM bindings with a default import + destructure pattern to correctly handle discord.js as a CJS module.
• Discord bot library/add blocked by antiforgery middleware — AntiforgeryValidationMiddleware now short-circuits when the ApiKey auth method claim is present, since CSRF does not apply to machine-to-machine callers.
• Discord bot "body used already" crash on library/add (node-fetch v3) — restructured the response-reading path so the body stream is consumed exactly once.
• Discord bot library/add 400 (isbn type mismatch and series: "[]") — bot now normalizes isbn to an array and sanitizes a stringified empty-array series to undefined before sending.

Changed

• Node.js upgraded from 20/22 to 24 (Active LTS) — both build and final Dockerfile stages updated to setup_24.x; engines field in fe/package.json updated to >=24.0.0.
• Discord bot converted from CommonJS to ESM — discord-bot/index.js now uses import/export syntax; "type": "module" added to discord-bot/package.json; __dirname derived via fileURLToPath(import.meta.url); unlocks ESM-only bumps: node-fetch ^3.3.2, fetch-cookie ^3.2.0, tough-cookie ^6.0.1.
• @microsoft/signalr upgraded from ^8 to ^10 in discord-bot.
• TypeScript upgraded from ~5.9 to ~6.0 in /fe — all TS 6 breaking changes were already addressed.
• **Frontend dependency ...

Automated canary build

• Version: 0.2.70
• Commit: 9bd3e76
• Original PR: #484