chore(deps): update sahara101/movie-roulette to v5.4.0 #5200

renovate-bot · 2026-03-27T18:02:39Z

renovate-bot commented

2026-03-27 18:02:39 +00:00

This PR contains the following updates:

Package	Update	Change
ghcr.io/sahara101/movie-roulette	minor	`v5.3.0` → `v5.4.0`
sahara101/Movie-Roulette	minor	`v5.3.0` → `v5.4.0`

Release Notes

sahara101/Movie-Roulette (sahara101/Movie-Roulette)

`v5.4.0`

Compare Source

New Features

Watch Together - Watchlist & Library modes (Plex only) - find movies to watch with a partner via two modes: Watchlist (intersects plex.tv watchlists, no app account needed) or Library (intersects local watch-status caches, instant). Enable via PLEX_WATCH_TOGETHER=true or Settings -> Plex
Multi-arch Docker manifest - latest and version tags are now multi-arch manifests (AMD64, ARM64, ARMv7). arm-latest kept for backward compatibility
Filter panel redesign (HeroUI) - filter is now a full-height right sidebar on desktop and a bottom-sheet on mobile, with open/close animations and an active-filter-count badge (or W for Watch Together)

Security

cbor2 -> 5.9.0 (CVE-2026-26209, high) - DoS via uncontrolled recursion in cbor2.loads(); affects WebAuthn/Passkey flow
requests -> 2.33.0 (CVE-2026-25645, medium) - insecure predictable temp filename in extract_zipped_paths()

Bug Fixes

Plex managed/home user cache not building - resilient fallback chain (switchUser() -> switchHomeUser()) handles Plex CVE-2025-34158 / CVE-2025-69417 endpoint restriction
Empty cache file suppressing rebuilds - cache build now also triggers when the file exists but is <= 2 bytes
Slow search - queries local cache instead of media server API; drops from ~3-10 s to <50 ms; debounce reduced to 150 ms
Search modal uncloseable on mobile/PWA - uses centered modal with tappable backdrop on mobile
Watchlist pool stall (3-5 s) after reset - TTL is now sliding with 15-minute idle timeout instead of fixed 5-minute expiry
"All movies seen" toast missing in HeroUI - pool reset surfaced in Watch Together response; toast uses glassmorphism styling
Filter close animation missing on mobile (HeroUI) - bottom-sheet now slides down correctly instead of using the desktop keyframe
Update notification wrong theme on main page - heroui-theme.css and aceternity-effects.css now loaded in HeroUI main page block
Login card off-center on mobile - switches to justify-content: center at <=480px
Collection warning x button visible on mobile - hidden at <=480px across all stylesheets
User Management usernames hidden on mobile - scoped hide rule to .user-item .user-name to avoid conflict with auth.css

Full Changelog: https://github.com/sahara101/Movie-Roulette/compare/v5.3.0...v5.4.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | ghcr.io/sahara101/movie-roulette | minor | `v5.3.0` → `v5.4.0` | | [sahara101/Movie-Roulette](https://github.com/sahara101/Movie-Roulette) | minor | `v5.3.0` → `v5.4.0` | --- ### Release Notes <details> <summary>sahara101/Movie-Roulette (sahara101/Movie-Roulette)</summary> ### [`v5.4.0`](https://github.com/sahara101/Movie-Roulette/releases/tag/v5.4.0) [Compare Source](https://github.com/sahara101/Movie-Roulette/compare/v5.3.0...v5.4.0) #### New Features - **Watch Together - Watchlist & Library modes** (Plex only) - find movies to watch with a partner via two modes: **Watchlist** (intersects plex.tv watchlists, no app account needed) or **Library** (intersects local watch-status caches, instant). Enable via `PLEX_WATCH_TOGETHER=true` or Settings -> Plex - **Multi-arch Docker manifest** - `latest` and version tags are now multi-arch manifests (AMD64, ARM64, ARMv7). `arm-latest` kept for backward compatibility - **Filter panel redesign (HeroUI)** - filter is now a full-height right sidebar on desktop and a bottom-sheet on mobile, with open/close animations and an active-filter-count badge (or **W** for Watch Together) #### Security - **cbor2 -> 5.9.0** (CVE-2026-26209, high) - DoS via uncontrolled recursion in `cbor2.loads()`; affects WebAuthn/Passkey flow - **requests -> 2.33.0** (CVE-2026-25645, medium) - insecure predictable temp filename in `extract_zipped_paths()` #### Bug Fixes - **Plex managed/home user cache not building** - resilient fallback chain (`switchUser()` -> `switchHomeUser()`) handles Plex CVE-2025-34158 / CVE-2025-69417 endpoint restriction - **Empty cache file suppressing rebuilds** - cache build now also triggers when the file exists but is <= 2 bytes - **Slow search** - queries local cache instead of media server API; drops from \~3-10 s to <50 ms; debounce reduced to 150 ms - **Search modal uncloseable on mobile/PWA** - uses centered modal with tappable backdrop on mobile - **Watchlist pool stall (3-5 s) after reset** - TTL is now sliding with 15-minute idle timeout instead of fixed 5-minute expiry - **"All movies seen" toast missing in HeroUI** - pool reset surfaced in Watch Together response; toast uses glassmorphism styling - **Filter close animation missing on mobile (HeroUI)** - bottom-sheet now slides down correctly instead of using the desktop keyframe - **Update notification wrong theme on main page** - `heroui-theme.css` and `aceternity-effects.css` now loaded in HeroUI main page block - **Login card off-center on mobile** - switches to `justify-content: center` at <=480px - **Collection warning x button visible on mobile** - hidden at <=480px across all stylesheets - **User Management usernames hidden on mobile** - scoped hide rule to `.user-item .user-name` to avoid conflict with `auth.css` **Full Changelog**: <https://github.com/sahara101/Movie-Roulette/compare/v5.3.0...v5.4.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added the docker label 2026-03-27 18:02:39 +00:00

renovate-bot added 1 commit 2026-03-28 01:19:50 +00:00

chore(deps): update sahara101/movie-roulette to v5.4.0

lint-test-helm / lint-helm (pull_request) Successful in 19s

Details

lint-test-helm / validate-kubeconform (pull_request) Successful in 12s

Details

render-manifests / render-manifests (pull_request) Successful in 1m12s

Details

7a7fab44e3

renovate-bot force-pushed renovate/unified-sahara101movie-roulette from 46d26991f8 to 7a7fab44e3

2026-03-28 01:19:50 +00:00

Compare

alexlebens merged commit bf6e08f418 into main

2026-03-28 01:22:46 +00:00

alexlebens deleted branch renovate/unified-sahara101movie-roulette

2026-03-28 01:22:49 +00:00

alexlebens referenced this issue from a commit

2026-03-28 01:22:50 +00:00

chore(deps): update sahara101/movie-roulette to v5.4.0 (#5200)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#5200