chore(deps): update houndarr to v1.12.0 #7287

2026-05-23T04:02:43Z

renovate-bot commented

2026-05-23 04:02:43 +00:00

This PR contains the following updates:

Package	Update	Change
av1155/houndarr	minor	`1.11.0` → `1.12.0`
ghcr.io/av1155/houndarr	minor	`v1.11.0` → `v1.12.0`

Release Notes

av1155/houndarr (av1155/houndarr)

`v1.12.0`

Compare Source

Added

External /api/v1/widget endpoint returns API-key-protected dashboard totals, backed by schema v19 widget_api_key storage. (#604)
Settings page can generate, regenerate, and revoke the Houndarr API key, showing plaintext only once for widget clients. (#605)
New Homepage integration guide covers /api/v1/widget, X-Api-Key, and Settings > Admin > API key rotation. (#606)
Instance settings gain an Enable missing search toggle that pauses the missing-search pass per instance; existing instances stay enabled after the v18 migration. (#619)
Instance settings gain Tag Filter · Include and Tag Filter · Exclude fields that scope searches to (or away from) items tagged in the upstream *arr, resolved against /tag each cycle. Schema v20 adds the two columns with empty defaults. (#637)
Missing search settings gain optional hot retry windows after post-release grace, backed by schema v21 window and interval columns. (#630)

Changed

Python floor raised from 3.12 to 3.13. From-source installs and the Docker image now require a 3.13 interpreter; Python 3.13 has upstream support through October 2029. (#596)

Fixed

Transient library-fetch failures on any *arr no longer produce a recurring upgrade pool fetch failed log row each upgrade cycle. (#620)
Login and widget rate limiters no longer leak one in-memory entry per unique source IP under sustained probing; entries evict on read and via a five-minute background sweep. (#632)

Security

urllib3 bumped to 2.7.0, closing two upstream advisories on decompression-bomb safeguards and sensitive-header forwarding through proxied redirects. Houndarr exercises neither path; the bump clears pip-audit and Trivy alerts. (#623)
idna bumped to 3.15; closes CVE-2026-45409 (oversized input in check_label before contextual-rule processing). Houndarr does not pass attacker-controlled hostnames through the IDN encoder; the bump clears pip-audit and Trivy alerts. (#639)

Configuration

📅 Schedule: (in timezone America/Chicago)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [av1155/houndarr](https://github.com/av1155/houndarr) | minor | `1.11.0` → `1.12.0` | | [ghcr.io/av1155/houndarr](https://github.com/av1155/houndarr) | minor | `v1.11.0` → `v1.12.0` | --- ### Release Notes <details> <summary>av1155/houndarr (av1155/houndarr)</summary> ### [`v1.12.0`](https://github.com/av1155/houndarr/releases/tag/v1.12.0) [Compare Source](https://github.com/av1155/houndarr/compare/v1.11.0...v1.12.0) ##### Added - External `/api/v1/widget` endpoint returns API-key-protected dashboard totals, backed by schema v19 `widget_api_key` storage. ([#604](https://github.com/av1155/houndarr/issues/604)) - Settings page can generate, regenerate, and revoke the Houndarr API key, showing plaintext only once for widget clients. ([#605](https://github.com/av1155/houndarr/issues/605)) - New [Homepage integration guide](https://av1155.github.io/houndarr/docs/guides/homepage-integration) covers `/api/v1/widget`, `X-Api-Key`, and Settings > Admin > API key rotation. ([#606](https://github.com/av1155/houndarr/issues/606)) - Instance settings gain an `Enable missing search` toggle that pauses the missing-search pass per instance; existing instances stay enabled after the v18 migration. ([#619](https://github.com/av1155/houndarr/issues/619)) - Instance settings gain `Tag Filter · Include` and `Tag Filter · Exclude` fields that scope searches to (or away from) items tagged in the upstream \*arr, resolved against `/tag` each cycle. Schema v20 adds the two columns with empty defaults. ([#637](https://github.com/av1155/houndarr/issues/637)) - Missing search settings gain optional hot retry windows after post-release grace, backed by schema v21 window and interval columns. ([#630](https://github.com/av1155/houndarr/issues/630)) ##### Changed - Python floor raised from 3.12 to 3.13. From-source installs and the Docker image now require a 3.13 interpreter; Python 3.13 has upstream support through October 2029. ([#596](https://github.com/av1155/houndarr/issues/596)) ##### Fixed - Transient library-fetch failures on any \*arr no longer produce a recurring `upgrade pool fetch failed` log row each upgrade cycle. ([#620](https://github.com/av1155/houndarr/issues/620)) - Login and widget rate limiters no longer leak one in-memory entry per unique source IP under sustained probing; entries evict on read and via a five-minute background sweep. ([#632](https://github.com/av1155/houndarr/issues/632)) ##### Security - `urllib3` bumped to 2.7.0, closing two upstream advisories on decompression-bomb safeguards and sensitive-header forwarding through proxied redirects. Houndarr exercises neither path; the bump clears `pip-audit` and Trivy alerts. ([#623](https://github.com/av1155/houndarr/issues/623)) - `idna` bumped to 3.15; closes CVE-2026-45409 (oversized input in `check_label` before contextual-rule processing). Houndarr does not pass attacker-controlled hostnames through the IDN encoder; the bump clears `pip-audit` and Trivy alerts. ([#639](https://github.com/av1155/houndarr/issues/639)) </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovate-bot added the docker label 2026-05-23 04:02:43 +00:00

renovate-bot force-pushed renovate/unified-houndarr from 554576d435 to 4be90e6d10

2026-05-23 05:07:50 +00:00

Compare

renovate-bot force-pushed renovate/unified-houndarr from 4be90e6d10 to 093104b377

2026-05-23 07:10:44 +00:00

Compare

renovate-bot added 1 commit 2026-05-23 08:06:42 +00:00

chore(deps): update houndarr to v1.12.0

lint-test-helm / lint-helm (pull_request) Successful in 24s

Details

lint-test-helm / validate-kubeconform (pull_request) Successful in 28s

Details

render-manifests / render-manifests (pull_request) Successful in 2m19s

Details

de78d89bc1

renovate-bot force-pushed renovate/unified-houndarr from 093104b377 to de78d89bc1

2026-05-23 08:06:42 +00:00

Compare

alexlebens merged commit 202b4174a2 into main

2026-05-23 17:00:25 +00:00

alexlebens deleted branch renovate/unified-houndarr

2026-05-23 17:00:30 +00:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: alexlebens/infrastructure#7287