Skip to content

Release v0.4.3#27

Merged
florianjs merged 1 commit into
mainfrom
release/v0.4.3
Jan 8, 2026
Merged

Release v0.4.3#27
florianjs merged 1 commit into
mainfrom
release/v0.4.3

Conversation

@florianjs

Copy link
Copy Markdown
Owner

Release v0.4.3

Add torrent edit/delete, favicon upload, gitignore sync check


Changes

�[0;34m[INFO]�[0m No previous tag found, using last 20 commits...

  • v0.4.3
  • edit torrents
  • sync gitignore public
  • sync
  • chore: Bump package version from 0.4.1 to 0.4.2.
  • feat: Rebrand project to Trackarr across the codebase and enable documentation deployment.
  • chore: Rebrand project from OpenTracker to Trackarr, update all documentation, and bump package version.
  • feat: publicly publish docs.yml workflow by removing it from the exclusion list
  • feat: bump package version to 0.4.0
  • refactor: rename project from OpenTracker to Trackarr
  • docs: enhance troubleshooting guide with additional solutions and PgBouncer configuration error section
  • fix: update .gitignore to include doc/node_modules and improve getting-started guide for production deployment
  • fix: update .gitignore to include additional directories and files for better environment management
  • chore: bump version to 0.3.2
  • feat: add interactive setup script and update environment configuration for tracker URLs
  • chore: bump version to 0.3.1
  • refactor: Centralize tracker logging with TRACKER_DEBUG and remove extraneous console.logs across services, while also updating the package version and public publish script.
  • docs: Remove specific plugin items from the roadmap.
  • refactor: Migrate contributors list generation from GitHub Actions workflow to a local TypeScript script and update roadmap section title.
  • docs: restructure roadmap into versioned feature plans and associated schema additions.

Checklist

  • Code reviewed
  • Tested locally
  • Documentation updated (if needed)

When this PR is merged, version v0.4.3 will be automatically tagged.

@florianjs
florianjs merged commit d86bd12 into main Jan 8, 2026
@github-actions
github-actions Bot deleted the release/v0.4.3 branch January 8, 2026 08:00
Dim145 added a commit to Dim145/opentracker that referenced this pull request Jun 20, 2026
…itor, nuxt

- nodemailer 8.0.7 -> ^8.0.9 (resolves 8.0.11): CRLF injection in List-* header
  comments (GHSA-268h-hp4c-crq3) + jsonTransport bypasses disableFileAccess /
  disableUrlAccess (GHSA-wqvq-jvpq-h66f), both medium. Alerts florianjs#27, florianjs#28.
- dompurify -> ^3.4.9 pnpm override (resolves 3.4.11; transitive via
  isomorphic-dompurify): multiple IN_PLACE / Trusted-Types / template
  sanitization bypasses (medium/low). Alerts florianjs#19-florianjs#25 (incl. florianjs#22, whose
  vulnerable range <=3.4.6 is below 3.4.11).
- launch-editor -> ^2.14.1 pnpm override (transitive): NTLMv2 hash disclosure
  via UNC path handling on Windows (GHSA-v6wh-96g9-6wx3, medium). Alert florianjs#26.
- nuxt 4.4.6 -> ^4.4.7 (resolves 4.4.8): dev server discloses project absolute
  path + workspace UUID via /.well-known (GHSA-rq7w-g337-39qq, low). Alert florianjs#18.

Regenerated pnpm-lock.yaml. Verified resolved: nodemailer 8.0.11, dompurify
3.4.11, launch-editor 2.14.1, nuxt 4.4.8. Nitro build + vitest (31 unit, 7
integration) green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant