chore(deps): update dawarich to v1.7.8 #7052

Merged

renovate-bot merged 1 commits from renovate/unified-dawarich into main 2026-05-17 01:11:58 +00:00

Conversation 0 Commits 1 Files Changed 2 +3 -3

renovate-bot commented 2026-05-17 01:11:42 +00:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Update	Change
Freika/dawarich	patch	1.7.7 → 1.7.8
freikin/dawarich	patch	1.7.7 → 1.7.8

---

Release Notes

Freika/dawarich (Freika/dawarich)

v1.7.8

Compare Source

⚠️ Upgrade notes

• Self-hosters running OIDC-only sign-in: the ALLOW_EMAIL_PASSWORD_REGISTRATION env var no longer doubles as a login gate. Email/password sign-in is now controlled by the new ALLOW_EMAIL_PASSWORD_LOGIN env var (defaults to true). To preserve OIDC-only sign-in after upgrade, set ALLOW_EMAIL_PASSWORD_LOGIN=false.
• Visit detection rewrite: the next nightly run after upgrade will produce different suggested visits. Confirmed visits and named places are preserved; only suggestions change.
• Places backfill (irreversible): the place-ownership migration backfills places.user_id from owning visits and permanently deletes any place that has no linked visits. Multi-user instances and instances with orphan rows from prior bugs should run rake places:backfill_user_id_dry_run first to see assigned/deleted counts. Single-user self-hosted instances are unaffected. The follow-up release will add a NOT NULL constraint, so any new places created between this release and the next must carry a user_id.
• Historical tracks auto-recalculate on upgrade. A background job backfills points.tracker_id from each point's raw_data (Google deviceTag, OwnTracks tid — both stored as-is) or its import_id (legacy-import-<id>, visible in points and tracks API responses for backfilled rows), then recalculates stats, tracks, and digests for every user with tracks predating the fix. The enqueue job is Sidekiq-retry-safe and re-checks its predicate on each retry, so a crashed/restarted Sidekiq resumes cleanly without re-processing finished users. New installs are unaffected.
• Expect a temporary spike during the recalc window. Per-user jobs are staggered over the first hour; expect elevated Sidekiq queue depth, CPU, and database IO until they finish, with duration scaling by user count and history length. Tracks may appear merged on the map for individual accounts until their recalc completes.
• 2FA lockout recovery on instances without SMTP: the new 10-attempt 2FA lockout sends an unlock email; self-hosters without SMTP configured will not receive it. Locked users can be unlocked from the Rails console with User.find(<id>).reset_failed_otp_attempts!, or by completing the password-reset flow (which also clears the lockout).

Changed

• Visit detection now uses PostGIS spatial clustering for faster, more accurate stops; the iteration-based detector is removed.
• Places are now strictly per-user. Suggestion, photo-geotagging, and reverse-geocoding all use your own place catalogue exclusively; no places are shared across users. Existing shared places have been backfilled to their most-active owner. Self-hosted single-user instances see no behaviour change.

Added

• "Re-run detection on full history" button under Settings → Visits. Confirmed visits and named places are preserved.
• Account lockout after 10 failed 2FA attempts (30-minute auto-unlock or password reset). Applies to both the mobile API (POST /api/v1/auth/otp_challenge) and the web sign-in flow. Backup codes still work during a lockout so users with one stored can recover immediately. A notification email is sent to the account owner when a lockout is triggered. #​2575

Fixed

• Fix support of FIT files from Garmin Connect. #​2686
• The Anomalies map layer no longer requires manually toggling off and on after a page reload or timeframe change. The toggle state is restored on reload, and the layer refetches anomalies for the active date range. #​2568
• Email/password login is now shown alongside the OIDC button on self-hosted instances by default, instead of being hidden whenever OIDC is configured. Operators who want to enforce OIDC-only sign-in can set ALLOW_EMAIL_PASSWORD_LOGIN=false. See the upgrade note above. #​2495
• Suggested visits at residential addresses are no longer stuck on the placeholder name "Suggested place" indefinitely. The nightly place-naming job now assembles a name from street, house number, city, and state when the geocoder response has no top-level place name — matching how new visits are named at creation time. #​1711
• Photos imported from Immich now display at the correct time on Map v2 and import with the correct UTC timestamp, regardless of the host server's timezone or the photo's capture timezone. Previously, photos taken outside the server's timezone could appear up to 24 hours off. Existing imports keep their old timestamps; to fix already-imported photos, re-run the Immich import from Settings → Integrations → Immich. The photos API now exposes a capturedAt field with the canonical UTC instant (from Immich's fileCreatedAt / PhotoPrism's TakenAt) alongside the existing localDateTime key, which continues to return the source's wall-clock value. Map v2 uses capturedAt for time display. #​2253
• Confirmed and declined visits inside an area or assigned to a place are no longer reverted to "suggested" — and any name you gave them is no longer overwritten — by the nightly visit-recompute job. #​2048, #​2484
• GPX import now streams the file rather than loading the entire XML into memory, so multi-hundred-MB GPX files (e.g. long-running activity exports) no longer OOM the Sidekiq worker. #​2296
• Viewing an import on Map v2 or the Points page now selects the import's full date range, instead of defaulting to today or the last month. #​1857
• Imports (GPX, KML, GeoJSON, FIT, TCX, Google Timeline, OwnTracks .rec, CSV, Polarsteps) now generate tracks for the imported point range. To rebuild every track in a range — including manually-corrected ones — use Map v2 → Settings → Recalculate tracks & stats. #​2224
• Tracks recorded by multiple devices on the same account (phone + watch + GPS unit) no longer get merged into one zigzagging track on the map. Each device's points are kept on their own track, and Map v2 draws routes per-device. #​337, #​1726
• Importing a GPX file with multiple <trk> or <trkseg> elements no longer merges them into a single track when timestamps overlap or arrive out of order (e.g. Garmin daily-file exports); each track and segment becomes its own track. When a <trk> declares <src>, that value is SHA1-hashed and used as a stable device identity so consecutive imports of the same device stay on the same track stream; with only <name>, identity is scoped to the import filename to prevent unrelated devices from colliding. #​1726
• Importing a Google Records.json export with positions from more than one device no longer "teleports" between devices and inflates distance travelled; points are scoped per-device using Google's deviceTag. #​337
• The tracks unique index now scopes by tracker_id (via a COALESCE(tracker_id, '') expression so legacy NULL-tracker rows still can't duplicate), letting two devices produce a journey with the same start/end timestamps on one account without colliding on insert.

---

Configuration

📅 Schedule: (in timezone America/Chicago)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [Freika/dawarich](https://github.com/Freika/dawarich) | patch | `1.7.7` → `1.7.8` | | [freikin/dawarich](https://github.com/Freika/dawarich) | patch | `1.7.7` → `1.7.8` | --- ### Release Notes <details> <summary>Freika/dawarich (Freika/dawarich)</summary> ### [`v1.7.8`](https://github.com/Freika/dawarich/blob/HEAD/CHANGELOG.md#178---2026-05-16) [Compare Source](https://github.com/Freika/dawarich/compare/1.7.7...1.7.8) ##### ⚠️ Upgrade notes - **Self-hosters running OIDC-only sign-in:** the `ALLOW_EMAIL_PASSWORD_REGISTRATION` env var no longer doubles as a login gate. Email/password sign-in is now controlled by the new `ALLOW_EMAIL_PASSWORD_LOGIN` env var (defaults to `true`). To preserve OIDC-only sign-in after upgrade, set `ALLOW_EMAIL_PASSWORD_LOGIN=false`. - **Visit detection rewrite:** the next nightly run after upgrade will produce different suggested visits. Confirmed visits and named places are preserved; only suggestions change. - **Places backfill (irreversible):** the place-ownership migration backfills `places.user_id` from owning visits and **permanently deletes any place that has no linked visits**. Multi-user instances and instances with orphan rows from prior bugs should run `rake places:backfill_user_id_dry_run` first to see assigned/deleted counts. Single-user self-hosted instances are unaffected. The follow-up release will add a `NOT NULL` constraint, so any new places created between this release and the next must carry a `user_id`. - **Historical tracks auto-recalculate on upgrade.** A background job backfills `points.tracker_id` from each point's `raw_data` (Google `deviceTag`, OwnTracks `tid` — both stored as-is) or its `import_id` (`legacy-import-<id>`, visible in points and tracks API responses for backfilled rows), then recalculates stats, tracks, and digests for every user with tracks predating the fix. The enqueue job is Sidekiq-retry-safe and re-checks its predicate on each retry, so a crashed/restarted Sidekiq resumes cleanly without re-processing finished users. New installs are unaffected. - **Expect a temporary spike during the recalc window.** Per-user jobs are staggered over the first hour; expect elevated Sidekiq queue depth, CPU, and database IO until they finish, with duration scaling by user count and history length. Tracks may appear merged on the map for individual accounts until their recalc completes. - **2FA lockout recovery on instances without SMTP:** the new 10-attempt 2FA lockout sends an unlock email; self-hosters without SMTP configured will not receive it. Locked users can be unlocked from the Rails console with `User.find(<id>).reset_failed_otp_attempts!`, or by completing the password-reset flow (which also clears the lockout). ##### Changed - Visit detection now uses PostGIS spatial clustering for faster, more accurate stops; the iteration-based detector is removed. - Places are now strictly per-user. Suggestion, photo-geotagging, and reverse-geocoding all use your own place catalogue exclusively; no places are shared across users. Existing shared places have been backfilled to their most-active owner. Self-hosted single-user instances see no behaviour change. ##### Added - "Re-run detection on full history" button under Settings → Visits. Confirmed visits and named places are preserved. - Account lockout after 10 failed 2FA attempts (30-minute auto-unlock or password reset). Applies to both the mobile API (`POST /api/v1/auth/otp_challenge`) and the web sign-in flow. Backup codes still work during a lockout so users with one stored can recover immediately. A notification email is sent to the account owner when a lockout is triggered. [#&#8203;2575](https://github.com/Freika/dawarich/issues/2575) ##### Fixed - Fix support of FIT files from Garmin Connect. [#&#8203;2686](https://github.com/Freika/dawarich/issues/2686) - The Anomalies map layer no longer requires manually toggling off and on after a page reload or timeframe change. The toggle state is restored on reload, and the layer refetches anomalies for the active date range. [#&#8203;2568](https://github.com/Freika/dawarich/issues/2568) - Email/password login is now shown alongside the OIDC button on self-hosted instances by default, instead of being hidden whenever OIDC is configured. Operators who want to enforce OIDC-only sign-in can set `ALLOW_EMAIL_PASSWORD_LOGIN=false`. See the upgrade note above. [#&#8203;2495](https://github.com/Freika/dawarich/issues/2495) - Suggested visits at residential addresses are no longer stuck on the placeholder name "Suggested place" indefinitely. The nightly place-naming job now assembles a name from street, house number, city, and state when the geocoder response has no top-level place name — matching how new visits are named at creation time. [#&#8203;1711](https://github.com/Freika/dawarich/issues/1711) - Photos imported from Immich now display at the correct time on Map v2 and import with the correct UTC timestamp, regardless of the host server's timezone or the photo's capture timezone. Previously, photos taken outside the server's timezone could appear up to 24 hours off. Existing imports keep their old timestamps; to fix already-imported photos, re-run the Immich import from **Settings → Integrations → Immich**. The photos API now exposes a `capturedAt` field with the canonical UTC instant (from Immich's `fileCreatedAt` / PhotoPrism's `TakenAt`) alongside the existing `localDateTime` key, which continues to return the source's wall-clock value. Map v2 uses `capturedAt` for time display. [#&#8203;2253](https://github.com/Freika/dawarich/issues/2253) - Confirmed and declined visits inside an area or assigned to a place are no longer reverted to "suggested" — and any name you gave them is no longer overwritten — by the nightly visit-recompute job. [#&#8203;2048](https://github.com/Freika/dawarich/issues/2048), [#&#8203;2484](https://github.com/Freika/dawarich/issues/2484) - GPX import now streams the file rather than loading the entire XML into memory, so multi-hundred-MB GPX files (e.g. long-running activity exports) no longer OOM the Sidekiq worker. [#&#8203;2296](https://github.com/Freika/dawarich/issues/2296) - Viewing an import on Map v2 or the Points page now selects the import's full date range, instead of defaulting to today or the last month. [#&#8203;1857](https://github.com/Freika/dawarich/issues/1857) - Imports (GPX, KML, GeoJSON, FIT, TCX, Google Timeline, OwnTracks .rec, CSV, Polarsteps) now generate tracks for the imported point range. To rebuild every track in a range — including manually-corrected ones — use Map v2 → Settings → **Recalculate tracks & stats**. [#&#8203;2224](https://github.com/Freika/dawarich/issues/2224) - Tracks recorded by multiple devices on the same account (phone + watch + GPS unit) no longer get merged into one zigzagging track on the map. Each device's points are kept on their own track, and Map v2 draws routes per-device. [#&#8203;337](https://github.com/Freika/dawarich/issues/337), [#&#8203;1726](https://github.com/Freika/dawarich/issues/1726) - Importing a GPX file with multiple `<trk>` or `<trkseg>` elements no longer merges them into a single track when timestamps overlap or arrive out of order (e.g. Garmin daily-file exports); each track and segment becomes its own track. When a `<trk>` declares `<src>`, that value is SHA1-hashed and used as a stable device identity so consecutive imports of the same device stay on the same track stream; with only `<name>`, identity is scoped to the import filename to prevent unrelated devices from colliding. [#&#8203;1726](https://github.com/Freika/dawarich/issues/1726) - Importing a Google Records.json export with positions from more than one device no longer "teleports" between devices and inflates distance travelled; points are scoped per-device using Google's `deviceTag`. [#&#8203;337](https://github.com/Freika/dawarich/issues/337) - The `tracks` unique index now scopes by `tracker_id` (via a `COALESCE(tracker_id, '')` expression so legacy NULL-tracker rows still can't duplicate), letting two devices produce a journey with the same start/end timestamps on one account without colliding on insert. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE4MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiLCJkb2NrZXIiLCJnaXRodWItcmVsZWFzZXMiXX0=-->

renovate-bot added the automergedockergithub-releases labels 2026-05-17 01:11:42 +00:00

renovate-bot added 1 commit 2026-05-17 01:11:44 +00:00

chore(deps): update dawarich to v1.7.8 458f9c54a4

renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-05-17 01:11:49 +00:00

renovate-bot merged commit 7cb087e524 into main 2026-05-17 01:11:58 +00:00

renovate-bot referenced this issue from a commit 2026-05-17 01:11:59 +00:00

Merge pull request 'chore(deps): update dawarich to v1.7.8' (#7052) from renovate/unified-dawarich into main

renovate-bot deleted branch renovate/unified-dawarich 2026-05-17 01:12:04 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

Renovate

Issue generated by Renovate.

automerge

This PR will be automerged by Renovate.

chart

Chart update generated by Renovate.

docker

Docker update generated by Renovate.

github-actions

Github Action update generated by Renovate.

github-releases

Github Release generated by Renovate

helm

Helm update generated by Renovate.

image

Image update generated by Renovate.

stale

PR or Issue that has not been updated recently.

No Label automerge docker github-releases

Milestone

No items

No Milestone

Assignees

Clear assignees

gitea-bot renovate-bot alexlebens

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#7052