Skip to content

chore: sync development to main#2664

Merged
maintainerr-automation[bot] merged 4 commits intomainfrom
development
Apr 12, 2026
Merged

chore: sync development to main#2664
maintainerr-automation[bot] merged 4 commits intomainfrom
development

Conversation

@maintainerr-automation
Copy link
Copy Markdown
Contributor

@maintainerr-automation maintainerr-automation Bot commented Apr 12, 2026

Summary

Promotes the current development branch state to main for release.

Notes

  • development is the source branch for ongoing work.
  • main is the stable release branch.
  • This PR should be squash-merged.
  • Create or update this PR with ./release.sh prepare-pr.
  • When the PR is approved, release automation continues automatically.
  • Approval triggers Release 2 - Queue Push PR To Main.
  • Release 2.5 - Execute Push PR To Main reloads the PR state, confirms the approving CODEOWNER still has an active approval, waits for non-release checks to finish, then continues the remaining release steps.
  • The remaining release steps are: squash-merge into main, sync back branches, and run Release 4 - Build Main.
  • If checks or branch protection still block the merge, release automation comments on this PR with the blocker.
  • If the flow succeeds, release automation posts a final summary comment with the merge, sync-back, and build results.
  • The manual release workflow starts only after the post-merge sync-back is complete.
  • Release 5 - Publish finishes with a second sync-back so the semantic-release commit on main is merged back into development.
  • Trigger the final release from main with REF=main ./release.sh release.

Test Plan

  • Run ./release.sh prepare-pr
  • Review the changed files and commit list in this PR
  • Approve this PR to trigger Release 2 - Queue Push PR To Main and Release 2.5 - Execute Push PR To Main
  • Confirm the PR was squash-merged into main, sync-back completed, and Release 4 - Build Main finished
  • Run REF=main ./release.sh release
  • Confirm Release 5 - Publish synced the release commit from main back into development

@maintainerr-automation maintainerr-automation Bot added the release:docker-build Build release candidate Docker image label Apr 12, 2026
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 12, 2026
View reviewed changes
Comment thread apps/server/src/modules/api/external-api/external-api.service.ts Fixed
@enoch85 enoch85 mentioned this pull request Apr 12, 2026
Merged
4 tasks
@enoch85
fix: remove SSRF sinks from API failure logging (#2665)
ea77a31 
* fix: remove SSRF sinks from API failure logging

Replace axios.getUri() calls in external-api, plexApi, and jellyfin-adapter
with a small helper that builds log-safe request descriptors via plain
string ops, and normalize base URLs on construction. Preserves per-request
baseURL overrides and params in failure logs, and closes the CodeQL
server-side-request-forgery alert on external-api.service.ts.

* fix: drop base URL normalizer to keep CodeQL SSRF fix minimal

The added normalizeExternalApiBaseUrl used new URL(baseUrl), which CodeQL
treats as a URL-construction sink. That gave its SSRF query a cleaner
dataflow path from user config into every downstream axios request,
producing four new alerts on the request call sites in
external-api.service.ts. Removing the normalizer keeps only
describeRequestTarget, which builds log strings via plain string ops
and encodeURIComponent, and closes the original alert without introducing
new ones.
@enoch85 enoch85 self-requested a review as a code owner April 12, 2026 09:20
@Maintainerr Maintainerr deleted a comment from Copilot AI Apr 12, 2026
github-actions[bot]
github-actions Bot approved these changes Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved by release automation (CODEOWNER approval was verified by Release 2).

@maintainerr-automation maintainerr-automation Bot merged commit 2424b44 into main Apr 12, 2026
32 checks passed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 12, 2026

🚀 Release 2.5 - Execute Push PR To Main completed after approval.

  • PR squash-merged into main
  • Sync back: success
  • Build Main: success

@maintainerr-automation
Copy link
Copy Markdown
Contributor Author

maintainerr-automation Bot commented Apr 13, 2026

🎉 This PR is included in version 3.6.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@enoch85 enoch85 enoch85 approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

+1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

release:docker-build Build release candidate Docker image released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@enoch85 @github-advanced-security