diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index ed881ff27..5097b8569 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -31,6 +31,9 @@ body: label: Version description: What version of Homarr are you running? options: + # The below comment is used to insert a new version with on-release.yml + #NEXT_VERSION# + - 1.33.0 - 1.32.0 - 1.31.0 - 1.30.1 diff --git a/.github/workflows/conventions-semantic-pull-requests.yml b/.github/workflows/conventions-semantic-pull-requests.yml index cec459930..01eed5320 100644 --- a/.github/workflows/conventions-semantic-pull-requests.yml +++ b/.github/workflows/conventions-semantic-pull-requests.yml @@ -14,6 +14,6 @@ jobs: validate-pull-request-title: runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - uses: amannn/action-semantic-pull-request@v6 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml new file mode 100644 index 000000000..83357cafe --- /dev/null +++ b/.github/workflows/on-release.yml @@ -0,0 +1,82 @@ +permissions: {} + +on: + release: + types: [published] + +jobs: + trigger-docs-release: + name: Trigger Documentation Release + runs-on: ubuntu-latest + steps: + - name: Obtain token + id: obtainToken + uses: tibdex/github-app-token@v2 + with: + private_key: ${{ secrets.HOMARR_DOCS_RELEASE_APP_PRIVATE_KEY }} + app_id: ${{ vars.HOMARR_DOCS_RELEASE_APP_ID }} + installation_retrieval_mode: repository + installation_retrieval_payload: homarr-labs/documentation + - name: Trigger documentation release + env: + GITHUB_TOKEN: ${{ steps.obtainToken.outputs.token }} + SOURCE_TAG: ${{ github.event.release.tag_name }} + run: | + curl -X POST \ + -H "Authorization: token $GITHUB_TOKEN" \ + -H "Accept: application/vnd.github+json" \ + https://api.github.com/repos/homarr-labs/documentation/dispatches \ + -d @- <1.0.0 | :white_check_mark: | -| <1.0.0 | :x: | +We only fix security issues in the [latest stable version](https://github.com/homarr-labs/homarr/releases/latest). Meaning security issues in prior versions will not be fixed and users have to upgrade to the latest version to receive them. ## Reporting a Vulnerability + We use [GitHub's system for reporting vulnerabilities](https://docs.github.com/en/enterprise-cloud@latest/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory). Click [**here to report an advisory**](https://github.com/homarr-labs/homarr/security/advisories/new). Our team will get notified and will get back to you within 1-6 business days. diff --git a/apps/nextjs/package.json b/apps/nextjs/package.json index c689679eb..169f2b5d1 100644 --- a/apps/nextjs/package.json +++ b/apps/nextjs/package.json @@ -50,17 +50,17 @@ "@homarr/ui": "workspace:^0.1.0", "@homarr/validation": "workspace:^0.1.0", "@homarr/widgets": "workspace:^0.1.0", - "@mantine/colors-generator": "^8.2.4", - "@mantine/core": "^8.2.4", - "@mantine/dropzone": "^8.2.4", - "@mantine/hooks": "^8.2.4", - "@mantine/modals": "^8.2.4", - "@mantine/tiptap": "^8.2.4", + "@mantine/colors-generator": "^8.2.5", + "@mantine/core": "^8.2.5", + "@mantine/dropzone": "^8.2.5", + "@mantine/hooks": "^8.2.5", + "@mantine/modals": "^8.2.5", + "@mantine/tiptap": "^8.2.5", "@million/lint": "1.0.14", "@tabler/icons-react": "^3.34.1", - "@tanstack/react-query": "^5.85.3", - "@tanstack/react-query-devtools": "^5.85.3", - "@tanstack/react-query-next-experimental": "^5.85.3", + "@tanstack/react-query": "^5.85.5", + "@tanstack/react-query-devtools": "^5.85.5", + "@tanstack/react-query-next-experimental": "^5.85.5", "@trpc/client": "^11.4.4", "@trpc/next": "^11.4.4", "@trpc/react-query": "^11.4.4", @@ -76,7 +76,7 @@ "glob": "^11.0.3", "jotai": "^2.13.1", "mantine-react-table": "2.0.0-beta.9", - "next": "15.4.6", + "next": "15.5.0", "postcss-preset-mantine": "^1.18.0", "prismjs": "^1.30.0", "react": "19.1.1", @@ -87,7 +87,7 @@ "superjson": "2.2.2", "swagger-ui-react": "^5.27.1", "use-deep-compare-effect": "^1.8.1", - "zod": "^4.0.14" + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/apps/nextjs/src/app/[locale]/manage/apps/page.tsx b/apps/nextjs/src/app/[locale]/manage/apps/page.tsx index 761fd4495..f94cff54f 100644 --- a/apps/nextjs/src/app/[locale]/manage/apps/page.tsx +++ b/apps/nextjs/src/app/[locale]/manage/apps/page.tsx @@ -1,3 +1,4 @@ +import { Fragment } from "react"; import Link from "next/link"; import { redirect } from "next/navigation"; import { ActionIcon, ActionIconGroup, Anchor, Avatar, Card, Group, Stack, Text, Title } from "@mantine/core"; @@ -98,7 +99,12 @@ const AppCard = async ({ app }: AppCardProps) => { {app.description && ( - {app.description} + {app.description.split("\n").map((line, index) => ( + + {line} +
+ + ))} )} {app.href && ( diff --git a/apps/tasks/package.json b/apps/tasks/package.json index 2b83e824c..ad1a11fd7 100644 --- a/apps/tasks/package.json +++ b/apps/tasks/package.json @@ -39,7 +39,7 @@ "dotenv": "^17.2.1", "fastify": "^5.5.0", "superjson": "2.2.2", - "undici": "7.13.0" + "undici": "7.14.0" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/package.json b/package.json index d0401e6c0..b265fb9fd 100644 --- a/package.json +++ b/package.json @@ -22,13 +22,14 @@ "lint:ws": "pnpm dlx sherif@latest", "package:new": "turbo gen init", "release": "semantic-release", + "scripts:update-bug-report-template": "tsx ./scripts/update-bug-report-template.mts", + "scripts:update-readme-integrations": "tsx ./scripts/update-integration-list.mts", "start": "concurrently \"pnpm with-env node apps/tasks/tasks.cjs\" \"pnpm with-env node apps/websocket/wssServer.cjs\" \"pnpm -F nextjs start\"", "test": "cross-env NODE_ENV=development CI=true vitest run --exclude e2e --coverage.enabled ", "test:e2e": "cross-env NODE_ENV=development CI=true vitest e2e", "test:ui": "cross-env NODE_ENV=development CI=true vitest --exclude e2e --ui --coverage.enabled", "typecheck": "turbo typecheck", - "with-env": "dotenv -e .env --", - "scripts:update-readme-integrations": "tsx ./scripts/update-integration-list.mts" + "with-env": "dotenv -e .env --" }, "prettier": "@homarr/prettier-config", "devDependencies": { @@ -41,7 +42,7 @@ "@semantic-release/release-notes-generator": "^14.0.3", "@testcontainers/redis": "^11.5.1", "@turbo/gen": "^2.5.6", - "@vitejs/plugin-react": "^5.0.0", + "@vitejs/plugin-react": "^5.0.1", "@vitest/coverage-v8": "^3.2.4", "@vitest/ui": "^3.2.4", "conventional-changelog-conventionalcommits": "^9.1.0", @@ -55,7 +56,7 @@ "vite-tsconfig-paths": "^5.1.4", "vitest": "^3.2.4" }, - "packageManager": "pnpm@10.14.0", + "packageManager": "pnpm@10.15.0", "engines": { "node": ">=22.18.0" }, @@ -72,7 +73,7 @@ "tree-sitter-json" ], "overrides": { - "proxmox-api>undici": "7.13.0" + "proxmox-api>undici": "7.14.0" }, "patchedDependencies": { "@types/node-unifi": "patches/@types__node-unifi.patch" diff --git a/packages/api/package.json b/packages/api/package.json index 419622ea8..d04171fef 100644 --- a/packages/api/package.json +++ b/packages/api/package.json @@ -42,18 +42,18 @@ "@homarr/server-settings": "workspace:^0.1.0", "@homarr/validation": "workspace:^0.1.0", "@kubernetes/client-node": "^1.3.0", - "@tanstack/react-query": "^5.85.3", + "@tanstack/react-query": "^5.85.5", "@trpc/client": "^11.4.4", "@trpc/react-query": "^11.4.4", "@trpc/server": "^11.4.4", "@trpc/tanstack-react-query": "^11.4.4", "lodash.clonedeep": "^4.5.0", - "next": "15.4.6", + "next": "15.5.0", "react": "19.1.1", "react-dom": "19.1.1", "superjson": "2.2.2", - "trpc-to-openapi": "^3.0.0", - "zod": "^4.0.14" + "trpc-to-openapi": "^3.0.1", + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/auth/package.json b/packages/auth/package.json index 58509d831..3eb6b875d 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -35,11 +35,11 @@ "bcrypt": "^6.0.0", "cookies": "^0.9.1", "ldapts": "8.0.9", - "next": "15.4.6", + "next": "15.5.0", "next-auth": "5.0.0-beta.29", "react": "19.1.1", "react-dom": "19.1.1", - "zod": "^4.0.14" + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/certificates/package.json b/packages/certificates/package.json index 70578b5a4..170095c80 100644 --- a/packages/certificates/package.json +++ b/packages/certificates/package.json @@ -24,7 +24,7 @@ "dependencies": { "@homarr/common": "workspace:^0.1.0", "@homarr/db": "workspace:^0.1.0", - "undici": "7.13.0" + "undici": "7.14.0" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/common/package.json b/packages/common/package.json index 45e9aa1f6..397024060 100644 --- a/packages/common/package.json +++ b/packages/common/package.json @@ -30,12 +30,12 @@ "@homarr/log": "workspace:^0.1.0", "@paralleldrive/cuid2": "^2.2.2", "dayjs": "^1.11.13", - "next": "15.4.6", + "next": "15.5.0", "react": "19.1.1", "react-dom": "19.1.1", - "undici": "7.13.0", - "zod": "^4.0.14", - "zod-validation-error": "^3.5.3" + "undici": "7.14.0", + "zod": "^4.0.17", + "zod-validation-error": "^4.0.1" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/common/src/errors/http/handlers/node-fetch-http-error-handler.ts b/packages/common/src/errors/http/handlers/node-fetch-http-error-handler.ts new file mode 100644 index 000000000..facfc5a91 --- /dev/null +++ b/packages/common/src/errors/http/handlers/node-fetch-http-error-handler.ts @@ -0,0 +1,44 @@ +import { FetchError } from "node-fetch"; + +import { logger } from "@homarr/log"; + +import { RequestError } from "../request-error"; +import type { AnyRequestError } from "../request-error"; +import type { ResponseError } from "../response-error"; +import { matchErrorCode } from "./fetch-http-error-handler"; +import { HttpErrorHandler } from "./http-error-handler"; + +/** + * node-fetch was a defacto standard to use fetch in nodejs. + * + * It is for example used within the cross-fetch package which is used in tsdav. + */ +export class NodeFetchHttpErrorHandler extends HttpErrorHandler { + constructor(private type = "node-fetch") { + super(); + } + + handleRequestError(error: unknown): AnyRequestError | undefined { + if (!(error instanceof FetchError)) return undefined; + if (error.code === undefined) return undefined; + + logger.debug(`Received ${this.type} request error`, { + code: error.code, + message: error.message, + }); + + const requestErrorInput = matchErrorCode(error.code); + if (!requestErrorInput) return undefined; + + return new RequestError(requestErrorInput, { + cause: error, + }); + } + + /** + * Response errors do not exist for fetch as it does not throw errors for non successful responses. + */ + handleResponseError(_: unknown): ResponseError | undefined { + return undefined; + } +} diff --git a/packages/common/src/errors/http/handlers/tsdav-http-error-handler.ts b/packages/common/src/errors/http/handlers/tsdav-http-error-handler.ts index 9f9c363c5..76817ce0f 100644 --- a/packages/common/src/errors/http/handlers/tsdav-http-error-handler.ts +++ b/packages/common/src/errors/http/handlers/tsdav-http-error-handler.ts @@ -2,12 +2,12 @@ import { logger } from "@homarr/log"; import type { AnyRequestError } from "../request-error"; import { ResponseError } from "../response-error"; -import { FetchHttpErrorHandler } from "./fetch-http-error-handler"; import { HttpErrorHandler } from "./http-error-handler"; +import { NodeFetchHttpErrorHandler } from "./node-fetch-http-error-handler"; export class TsdavHttpErrorHandler extends HttpErrorHandler { handleRequestError(error: unknown): AnyRequestError | undefined { - return new FetchHttpErrorHandler("tsdav").handleRequestError(error); + return new NodeFetchHttpErrorHandler("tsdav").handleRequestError(error); } handleResponseError(error: unknown): ResponseError | undefined { @@ -16,7 +16,7 @@ export class TsdavHttpErrorHandler extends HttpErrorHandler { // https://github.com/natelindev/tsdav/blob/bf33f04b1884694d685ee6f2b43fe9354b12d167/src/account.ts#L86 if (error.message !== "Invalid credentials") return undefined; - logger.debug("Received Tsdav response error", { + logger.debug("Received tsdav response error", { status: 401, }); diff --git a/packages/core/package.json b/packages/core/package.json index f947211c6..d7fdc64be 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -26,7 +26,7 @@ "dependencies": { "@t3-oss/env-nextjs": "^0.13.8", "ioredis": "5.7.0", - "zod": "^4.0.14" + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/cron-job-api/package.json b/packages/cron-job-api/package.json index 74106452a..9e9cab390 100644 --- a/packages/cron-job-api/package.json +++ b/packages/cron-job-api/package.json @@ -29,13 +29,13 @@ "@homarr/core": "workspace:^0.1.0", "@homarr/cron-jobs": "workspace:^0.1.0", "@homarr/log": "workspace:^0.1.0", - "@tanstack/react-query": "^5.85.3", + "@tanstack/react-query": "^5.85.5", "@trpc/client": "^11.4.4", "@trpc/server": "^11.4.4", "@trpc/tanstack-react-query": "^11.4.4", "node-cron": "^4.2.1", "react": "19.1.1", - "zod": "^4.0.14" + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/db/package.json b/packages/db/package.json index 9988dc725..8bbae94a6 100644 --- a/packages/db/package.json +++ b/packages/db/package.json @@ -44,14 +44,14 @@ "@homarr/definitions": "workspace:^0.1.0", "@homarr/log": "workspace:^0.1.0", "@homarr/server-settings": "workspace:^0.1.0", - "@mantine/core": "^8.2.4", + "@mantine/core": "^8.2.5", "@paralleldrive/cuid2": "^2.2.2", "@testcontainers/mysql": "^11.5.1", "better-sqlite3": "^12.2.0", "dotenv": "^17.2.1", "drizzle-kit": "^0.31.4", "drizzle-orm": "^0.44.4", - "drizzle-zod": "^0.8.2", + "drizzle-zod": "^0.8.3", "mysql2": "3.14.3", "superjson": "2.2.2" }, diff --git a/packages/definitions/package.json b/packages/definitions/package.json index c9f22c028..f565f7d5b 100644 --- a/packages/definitions/package.json +++ b/packages/definitions/package.json @@ -25,7 +25,7 @@ "dependencies": { "@homarr/common": "workspace:^0.1.0", "fast-xml-parser": "^5.2.5", - "zod": "^4.0.14" + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/form/package.json b/packages/form/package.json index 77241981a..bd7996cf8 100644 --- a/packages/form/package.json +++ b/packages/form/package.json @@ -26,9 +26,9 @@ "@homarr/common": "workspace:^0.1.0", "@homarr/translation": "workspace:^0.1.0", "@homarr/validation": "workspace:^0.1.0", - "@mantine/form": "^8.2.4", - "mantine-form-zod-resolver": "^1.2.1", - "zod": "^4.0.14" + "@mantine/form": "^8.2.5", + "mantine-form-zod-resolver": "^1.3.0", + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/forms-collection/package.json b/packages/forms-collection/package.json index 403020796..c9286bb79 100644 --- a/packages/forms-collection/package.json +++ b/packages/forms-collection/package.json @@ -29,9 +29,9 @@ "@homarr/notifications": "workspace:^0.1.0", "@homarr/translation": "workspace:^0.1.0", "@homarr/validation": "workspace:^0.1.0", - "@mantine/core": "^8.2.4", + "@mantine/core": "^8.2.5", "react": "19.1.1", - "zod": "^4.0.14" + "zod": "^4.0.17" }, "devDependencies": { "@homarr/eslint-config": "workspace:^0.2.0", diff --git a/packages/forms-collection/src/new-app/_form.tsx b/packages/forms-collection/src/new-app/_form.tsx index a23f8c5e6..00d60a033 100644 --- a/packages/forms-collection/src/new-app/_form.tsx +++ b/packages/forms-collection/src/new-app/_form.tsx @@ -97,7 +97,13 @@ export const AppForm = ({ -