alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

chore(deps): update shelfmark to v1.3.0 #6892

Merged
alexlebens merged 1 commits from renovate/unified-shelfmark into main 2026-05-13 01:11:41 +00:00
Conversation 0 Commits 1 Files Changed 2 +2 -2
renovate-bot commented 2026-05-12 12:06:51 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
calibrain/shelfmark minor 1.2.31.3.0
ghcr.io/calibrain/shelfmark minor v1.2.3v1.3.0

Release Notes

calibrain/shelfmark (calibrain/shelfmark)

v1.3.0

Compare Source

This release adds a new security option, fixes Prowlarr seedtime preferences, and implements several fixes and security hardening changes.

New:
  • Added DISABLE_LOCAL_AUTH environment variable for OIDC-only configs
  • Changed Prowlarr seedtime preference to opt-in (Enable in Settings > Prowlarr). Fixed an issue with user-specified seed time configs not pulling into shelfmark correctly.
Fixes
  • Fixed Google Books error responses being cached as search results. (#​958)
  • Fixed language filter matching by normalising language strings more consistently. (#​960)
  • Improved download copy/hardlink handling on FUSE & NFS. (#​957, #​961)
  • Streamed archive extraction instead of loading archive contents into memory. (#​965)
  • Fixed Tor routing and healthchecks so Tor can bootstrap correctly, private networks can bypass Tor, and healthchecks no longer require a clear-net probe. (#​944, #​966)
Security
  • Updated frontend, Python, and CodeQL dependencies, including fixing an 11th May urllib3 CVE (#​952, #​953, #​954)
  • Hardened cover-image fetching and download prefetch flows against unsafe remote URLs, redirects, and untrusted origins. (#​943, #​967, #​976)
  • Tightened download and queue authorization, including queue ownership checks, release-source availability checks, and request policy source validation. (#​970, #​971, #​975)
  • Contained remote path mappings and qBittorrent fallback path handling to prevent unsafe path resolution. (#​973, #​974)
  • Validated IRC DCC offers and AudiobookBay detail URLs before using them. (#​964, #​972)
  • Redacted release URLs more safely in Newznab/Prowlarr download flows. (#​968)
  • Required verified OIDC email claims before linking external identities to existing accounts. (#​963)
  • Made container startup fail closed when the config directory remains unwritable instead of falling back to root. (#​985)
  • Pinned Docker base image digests and removed installer tooling from runtime images. (#​969, #​978)

Configuration

📅 Schedule: (in timezone America/Chicago)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [calibrain/shelfmark](https://github.com/calibrain/shelfmark) | minor | `1.2.3` → `1.3.0` | | [ghcr.io/calibrain/shelfmark](https://github.com/calibrain/shelfmark) | minor | `v1.2.3` → `v1.3.0` | --- ### Release Notes <details> <summary>calibrain/shelfmark (calibrain/shelfmark)</summary> ### [`v1.3.0`](https://github.com/calibrain/shelfmark/releases/tag/v1.3.0) [Compare Source](https://github.com/calibrain/shelfmark/compare/v1.2.3...v1.3.0) This release adds a new security option, fixes Prowlarr seedtime preferences, and implements several fixes and security hardening changes. ##### New: - Added `DISABLE_LOCAL_AUTH` environment variable for OIDC-only configs - Changed Prowlarr seedtime preference to opt-in (Enable in Settings > Prowlarr). Fixed an issue with user-specified seed time configs not pulling into shelfmark correctly. ##### Fixes - Fixed Google Books error responses being cached as search results. ([#&#8203;958](https://github.com/calibrain/shelfmark/issues/958)) - Fixed language filter matching by normalising language strings more consistently. ([#&#8203;960](https://github.com/calibrain/shelfmark/issues/960)) - Improved download copy/hardlink handling on FUSE & NFS. ([#&#8203;957](https://github.com/calibrain/shelfmark/issues/957), [#&#8203;961](https://github.com/calibrain/shelfmark/issues/961)) - Streamed archive extraction instead of loading archive contents into memory. ([#&#8203;965](https://github.com/calibrain/shelfmark/issues/965)) - Fixed Tor routing and healthchecks so Tor can bootstrap correctly, private networks can bypass Tor, and healthchecks no longer require a clear-net probe. ([#&#8203;944](https://github.com/calibrain/shelfmark/issues/944), [#&#8203;966](https://github.com/calibrain/shelfmark/issues/966)) ##### Security - Updated frontend, Python, and CodeQL dependencies, including fixing an 11th May `urllib3` CVE ([#&#8203;952](https://github.com/calibrain/shelfmark/issues/952), [#&#8203;953](https://github.com/calibrain/shelfmark/issues/953), [#&#8203;954](https://github.com/calibrain/shelfmark/issues/954)) - Hardened cover-image fetching and download prefetch flows against unsafe remote URLs, redirects, and untrusted origins. ([#&#8203;943](https://github.com/calibrain/shelfmark/issues/943), [#&#8203;967](https://github.com/calibrain/shelfmark/issues/967), [#&#8203;976](https://github.com/calibrain/shelfmark/issues/976)) - Tightened download and queue authorization, including queue ownership checks, release-source availability checks, and request policy source validation. ([#&#8203;970](https://github.com/calibrain/shelfmark/issues/970), [#&#8203;971](https://github.com/calibrain/shelfmark/issues/971), [#&#8203;975](https://github.com/calibrain/shelfmark/issues/975)) - Contained remote path mappings and qBittorrent fallback path handling to prevent unsafe path resolution. ([#&#8203;973](https://github.com/calibrain/shelfmark/issues/973), [#&#8203;974](https://github.com/calibrain/shelfmark/issues/974)) - Validated IRC DCC offers and AudiobookBay detail URLs before using them. ([#&#8203;964](https://github.com/calibrain/shelfmark/issues/964), [#&#8203;972](https://github.com/calibrain/shelfmark/issues/972)) - Redacted release URLs more safely in Newznab/Prowlarr download flows. ([#&#8203;968](https://github.com/calibrain/shelfmark/issues/968)) - Required verified OIDC email claims before linking external identities to existing accounts. ([#&#8203;963](https://github.com/calibrain/shelfmark/issues/963)) - Made container startup fail closed when the config directory remains unwritable instead of falling back to root. ([#&#8203;985](https://github.com/calibrain/shelfmark/issues/985)) - Pinned Docker base image digests and removed installer tooling from runtime images. ([#&#8203;969](https://github.com/calibrain/shelfmark/issues/969), [#&#8203;978](https://github.com/calibrain/shelfmark/issues/978)) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE3My42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkb2NrZXIiXX0=-->
renovate-bot added the docker label 2026-05-12 12:06:51 +00:00
renovate-bot added 1 commit 2026-05-13 00:46:20 +00:00
chore(deps): update shelfmark to v1.3.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 30s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 21s
Details
render-manifests / render-manifests (pull_request) Successful in 1m0s
Details
e4c304f070
renovate-bot force-pushed renovate/unified-shelfmark from 858b9fb9c8 to e4c304f070 2026-05-13 00:46:20 +00:00 Compare
alexlebens merged commit 86ff50fd93 into main 2026-05-13 01:11:41 +00:00
alexlebens deleted branch renovate/unified-shelfmark 2026-05-13 01:11:45 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Renovate
Issue generated by Renovate.
 automerge
This PR will be automerged by Renovate.
 chart
Chart update generated by Renovate.
 docker
Docker update generated by Renovate.
github-actions
Github Action update generated by Renovate.
github-releases
Github Release generated by Renovate
 helm
Helm update generated by Renovate.
image
Image update generated by Renovate.
 stale
PR or Issue that has not been updated recently.
No Label docker
Milestone
No items
No Milestone
Assignees
Clear assignees
gitea-bot renovate-bot alexlebens
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#6892
Delete Branch "renovate/unified-shelfmark"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?