Summary
This PR updates the project dependencies across the frontend, backend, tooling, and Discord bot so we can clear out the current wave of Dependabot PRs and stay on the latest stable package versions.
A few packages needed small code updates for newer APIs, mostly around OpenAPI/Swagger and archive extraction.
Changes
Changed
- Updated npm and NuGet dependencies to their latest stable versions.
- Updated the Swagger/OpenAPI setup for the newer
Swashbuckle.AspNetCoreandMicrosoft.OpenApiAPIs. - Updated SharpCompress usage to match the newer archive and reader APIs.
- Added
.dotnet/to.gitignorefor local SDK/cache files.
Fixed
- Removed
vite-plugin-vue-devtoolsbecause it was not compatible with the updated Vite version. - Removed the ffprobe extraction fallback that used the system
tarcommand, since that bypassed the safer managed extraction path. - Added a check so ffprobe install only succeeds when the expected binary is actually present.
Removed
- Removed
vite-plugin-vue-devtoolsand its related transitive dependencies.
Testing
dotnet build listenarr.api\Listenarr.Api.csproj --no-restoredotnet build listenarr.api\Listenarr.Api.csproj -c Release --no-restoredotnet test tests\Listenarr.Api.Tests\Listenarr.Api.Tests.csproj --no-restore- Passed: 612/612
npm run buildinfenpm run test:unit -- --runinfe- Passed: 345/345
- Checked outdated packages with npm and NuGet.
- Checked production npm audits.
Notes
All updated packages are on the latest stable versions.
The frontend still has a dev-only Cypress transitive audit warning through uuid. Production audit is clean with npm audit --omit=dev, and npm’s suggested fix would downgrade Cypress, so I left that alone.
Automated Canary build