Replaces the override rule system with a new priority-based routing rules engine. Routing rules are
evaluated top-to-bottom with first-match-wins semantics, supporting conditions on users, genres,
languages, and keywords. Quality profiles, root folders, minimum availability, series type, and tags
move from instance-level settings to routing rules with support for instance switching, with
fallback rules acting as catch-all defaults. Includes a migration to convert existing instance
defaults and override rules into the new system, a routing resolver used at request time, updated
OpenAPI spec, and a new UI with drag-and-drop reordering, filter tabs, and inline rule expansion.
fix#232, fix#1560, fix#2058
* fix(servarr): add timeout to Radarr/Sonarr API requests to prevent infinite loading
Adds a 5-second timeout to all Radarr/Sonarr API requests and displays a warning banner when
services are unreachable. This prevents the Recent Requests section and request list pages from
hanging indefinitely when a configured service has connection issues.
fix#2374
* fix(requests): only show service error banner to users with advanced permissions
* chore(deps): update dependencies and fix security vulnerabilities
Update TypeScript 4.9 → 5.4. Update Zod 3 → 4. Update nodemailer 6 → 7. Update @typescript-eslint
packages to v7. Update xml2js, undici, lodash, axios, swr, winston- Add pnpm.overrides for
transitive dependency vulnerabilities
* chore: fix import ordering for TypeScript 5.4 compatibility
prettier-plugin-organize-imports behaves differently with TypeScript 5.4 vs 4.9, causing CI
formatting checks to fail. This reformats imports to match the ordering expected by the plugin with
the upgraded TS version.
PR #1543 introduced resolution checking to check 4k from non4k media when users have both server
types configured with the same service. Howerver, this causes false deletions for users with only a
single non4k service when radarr upgrades file to 4k resolution. This fix only applies resolution to
checking when both 4k and non4k servers are configured. Otherwise then if file exists then it counts
as available
Removes plex-api dependency and its type declarations. Then extends the ExternalApi class for
PlexAPI implementation to mimick the exact same old behaviour. This should resolve the security
vulnerabilities in transitive dependencies: form-data(critical), request (moderate, deprecated),
tough-cookie (moderate), xml2js (moderate). Plex-api itself is also no longer maintained.
Upgrade typeorm from 0.3.12 to 0.3.28 to resolve multiple security vulnerabilities. Fixes high
severity SQL injection vulnerability in typeorm (CVE present in <0.3.26). Removes Windows-specific
postinstall workaround that's no longer needed.The fix for #478 was a workaround and is now resolved
upstream see (https://github.com/typeorm/typeorm/issues/9766). The issue was specifically with
TypeORM 0.3.12's glob pattern handling on Windows.
fix#478
