Skip to content

chore(deps): update container image ghcr.io/calibrain/shelfmark to v1.3.0#4178

Merged
renovate[bot] merged 1 commit into
masterfrom
renovate/ghcr.io-calibrain-shelfmark-1.x
May 12, 2026
Merged

chore(deps): update container image ghcr.io/calibrain/shelfmark to v1.3.0#4178
renovate[bot] merged 1 commit into
masterfrom
renovate/ghcr.io-calibrain-shelfmark-1.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 12, 2026

This PR contains the following updates:

Package Update Change
ghcr.io/calibrain/shelfmark minor v1.2.3v1.3.0

Release Notes

calibrain/shelfmark (ghcr.io/calibrain/shelfmark)

v1.3.0

Compare Source

This release adds a new security option, fixes Prowlarr seedtime preferences, and implements several fixes and security hardening changes.

New:
  • Added DISABLE_LOCAL_AUTH environment variable for OIDC-only configs
  • Changed Prowlarr seedtime preference to opt-in (Enable in Settings > Prowlarr). Fixed an issue with user-specified seed time configs not pulling into shelfmark correctly.
Fixes
  • Fixed Google Books error responses being cached as search results. (#​958)
  • Fixed language filter matching by normalising language strings more consistently. (#​960)
  • Improved download copy/hardlink handling on FUSE & NFS. (#​957, #​961)
  • Streamed archive extraction instead of loading archive contents into memory. (#​965)
  • Fixed Tor routing and healthchecks so Tor can bootstrap correctly, private networks can bypass Tor, and healthchecks no longer require a clear-net probe. (#​944, #​966)
Security
  • Updated frontend, Python, and CodeQL dependencies, including fixing an 11th May urllib3 CVE (#​952, #​953, #​954)
  • Hardened cover-image fetching and download prefetch flows against unsafe remote URLs, redirects, and untrusted origins. (#​943, #​967, #​976)
  • Tightened download and queue authorization, including queue ownership checks, release-source availability checks, and request policy source validation. (#​970, #​971, #​975)
  • Contained remote path mappings and qBittorrent fallback path handling to prevent unsafe path resolution. (#​973, #​974)
  • Validated IRC DCC offers and AudiobookBay detail URLs before using them. (#​964, #​972)
  • Redacted release URLs more safely in Newznab/Prowlarr download flows. (#​968)
  • Required verified OIDC email claims before linking external identities to existing accounts. (#​963)
  • Made container startup fail closed when the config directory remains unwritable instead of falling back to root. (#​985)
  • Pinned Docker base image digests and removed installer tooling from runtime images. (#​969, #​978)

v1.3.0

Compare Source

This release adds a new security option, fixes Prowlarr seedtime preferences, and implements several fixes and security hardening changes.

New:
  • Added DISABLE_LOCAL_AUTH environment variable for OIDC-only configs
  • Changed Prowlarr seedtime preference to opt-in (Enable in Settings > Prowlarr). Fixed an issue with user-specified seed time configs not pulling into shelfmark correctly.
Fixes
  • Fixed Google Books error responses being cached as search results. (#​958)
  • Fixed language filter matching by normalising language strings more consistently. (#​960)
  • Improved download copy/hardlink handling on FUSE & NFS. (#​957, #​961)
  • Streamed archive extraction instead of loading archive contents into memory. (#​965)
  • Fixed Tor routing and healthchecks so Tor can bootstrap correctly, private networks can bypass Tor, and healthchecks no longer require a clear-net probe. (#​944, #​966)
Security
  • Updated frontend, Python, and CodeQL dependencies, including fixing an 11th May urllib3 CVE (#​952, #​953, #​954)
  • Hardened cover-image fetching and download prefetch flows against unsafe remote URLs, redirects, and untrusted origins. (#​943, #​967, #​976)
  • Tightened download and queue authorization, including queue ownership checks, release-source availability checks, and request policy source validation. (#​970, #​971, #​975)
  • Contained remote path mappings and qBittorrent fallback path handling to prevent unsafe path resolution. (#​973, #​974)
  • Validated IRC DCC offers and AudiobookBay detail URLs before using them. (#​964, #​972)
  • Redacted release URLs more safely in Newznab/Prowlarr download flows. (#​968)
  • Required verified OIDC email claims before linking external identities to existing accounts. (#​963)
  • Made container startup fail closed when the config directory remains unwritable instead of falling back to root. (#​985)
  • Pinned Docker base image digests and removed installer tooling from runtime images. (#​969, #​978)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from Michaelpalacce as a code owner May 12, 2026 15:39
@renovate renovate Bot merged commit 65bb33d into master May 12, 2026
2 checks passed
@renovate renovate Bot deleted the renovate/ghcr.io-calibrain-shelfmark-1.x branch May 12, 2026 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Michaelpalacce Michaelpalacce Awaiting requested review from Michaelpalacce Michaelpalacce is a code owner

Assignees

No one assigned

Labels

dep/minor renovate/image

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants