docs: fix the position of workflow_dispatch in docs-deploy

* fix: include video content in the blacklisted tags processing job

Modified the “blacklisted tags” job to include adult & video content, this correctly blacklists more
adult films that were always missed, even if they had the tag.

* refactor: remove dead code

* refactor: remove redundant explicit arguments

.github/ISSUE_TEMPLATE/bug.yml

@@ -95,7 +95,7 @@ body:
     id: terms
     attributes:
       label: Code of Conduct
-      description: By submitting this issue, you agree to follow our [Code of Conduct](/../../CODE_OF_CONDUCT.md)
+      description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/seerr-team/seerr/blob/develop/CODE_OF_CONDUCT.md)
       options:
         - label: I agree to follow Seerr's Code of Conduct
           required: true

.github/workflows/ai-generated.yml

@@ -0,0 +1,59 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: 'AI-generated pull requests'
+
+on:
+  pull_request_target:
+    types: [labeled, unlabeled, reopened]
+
+permissions:
+  pull-requests: read
+
+jobs:
+  ai-generated-support:
+    if: github.event.label.name == 'ai-generated' || github.event.action == 'reopened'
+    runs-on: ubuntu-24.04
+    concurrency:
+      group: support-${{ github.event.pull_request.number }}
+      cancel-in-progress: true
+    permissions:
+      pull-requests: write
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      GH_REPO: ${{ github.repository }}
+      NUMBER: ${{ github.event.pull_request.number }}
+      PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+    steps:
+      - name: Label added, comment and close pull request
+        if: github.event.action == 'labeled' && github.event.label.name == 'ai-generated'
+        shell: bash
+        env:
+          BODY: >
+            :wave: @${{ env.PR_AUTHOR }}, thank you for your contribution!
+
+            However, this pull request has been closed because it appears to contain a significant amount of AI-generated code without sufficient human review or supervision.
+
+            AI-generated code can often introduce subtle bugs, poor design patterns, or inconsistent styles that make long-term maintenance difficult and reduce overall code quality. For the sake of the project's future stability and readability, we require that all contributions meet our established coding standards and demonstrate clear developer oversight.
+
+            This pull request is also too large for effective human review. Please discuss with us on how to break down these changes into smaller, more focused PRs to ensure a thorough and efficient review process.
+            If you'd like to revise and resubmit your changes with careful review and cleanup, we'd be happy to take another look.
+        run: |
+          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
+          retry gh pr comment "$NUMBER" -R "$GH_REPO" -b "$BODY" || true
+          retry gh pr close "$NUMBER" -R "$GH_REPO" || true
+          gh pr lock "$NUMBER" -R "$GH_REPO" -r "spam" || true
+
+      - name: Reopened or label removed, unlock pull request
+        if: github.event.action == 'unlabeled' && github.event.label.name == 'ai-generated'
+        shell: bash
+        run: |
+          retry() { n=0; until "$@"; do n=$((n+1)); [ $n -ge 3 ] && break; echo "retry $n: $*" >&2; sleep 2; done; }
+          retry gh pr reopen "$NUMBER" -R "$GH_REPO" || true
+          gh pr unlock "$NUMBER" -R "$GH_REPO" || true
+
+      - name: Remove AI-generated label on manual reopen
+        if: github.event.action == 'reopened'
+        shell: bash
+        run: |
+          gh pr edit "$NUMBER" -R "$GH_REPO" --remove-label "ai-generated" || true
+          gh pr unlock "$NUMBER" -R "$GH_REPO" || true

.github/workflows/docs-deploy.yml

@@ -3,9 +3,10 @@
 name: Deploy to GitHub Pages
 
 on:
+  workflow_dispatch:
   push:
     branches:
-      - develop
+      - legacy-jellyseerr
     paths:
       - 'docs/**'
       - 'gen-docs/**'

.github/workflows/helm.yml

@@ -55,7 +55,7 @@ jobs:
               # get current version
               current_version=$(grep '^version:' "$chart_path/Chart.yaml" | awk '{print $2}')
               # try to get current release version
-              if oras manifest fetch "ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}:${current_version}" >/dev/null 2>&1; then
+              if oras manifest fetch "ghcr.io/${{ github.repository }}/${chart_name}:${current_version}" >/dev/null 2>&1; then
                 echo "No version change for $chart_name. Skipping."
               else
                 helm dependency build "$chart_path"
@@ -87,8 +87,8 @@ jobs:
     name: Publish to ghcr.io
     runs-on: ubuntu-24.04
     permissions:
-      packages: write # needed for pushing to github registry
-      id-token: write # needed for signing the images with GitHub OIDC Token
+      packages: write
+      id-token: write
     needs: [package-helm-chart]
     if: needs.package-helm-chart.outputs.has_artifacts == 'true'
     steps:
@@ -128,17 +128,59 @@ jobs:
             # push chart to OCI
             chart_release_file=$(basename "$chart_path")
             chart_name=${chart_release_file%-*}
-            helm push ${chart_path} oci://ghcr.io/${GITHUB_REPOSITORY@L} |& tee helm-push-output.log
+            helm push ${chart_path} oci://ghcr.io/${{ github.repository }} |& tee helm-push-output.log
             chart_digest=$(awk -F "[, ]+" '/Digest/{print $NF}' < helm-push-output.log)
             # sign chart
-            cosign sign "ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}@${chart_digest}"
+            cosign sign "ghcr.io/${{ github.repository }}/${chart_name}@${chart_digest}"
             # push artifacthub-repo.yml to OCI
             oras push \
-              ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}:artifacthub.io \
+              ghcr.io/${{ github.repository }}/${chart_name}:artifacthub.io \
               --config /dev/null:application/vnd.cncf.artifacthub.config.v1+yaml \
               charts/$chart_name/artifacthub-repo.yml:application/vnd.cncf.artifacthub.repository-metadata.layer.v1.yaml \
               |& tee oras-push-output.log
             artifacthub_digest=$(grep "Digest:" oras-push-output.log | awk '{print $2}')
             # sign artifacthub-repo.yml
-            cosign sign "ghcr.io/${GITHUB_REPOSITORY@L}/${chart_name}:artifacthub.io@${artifacthub_digest}"
+            cosign sign "ghcr.io/${{ github.repository }}/${chart_name}:artifacthub.io@${artifacthub_digest}"
+          done
+
+  verify:
+    name: Verify signatures for each chart tag
+    needs: [publish]
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
+
+      - name: Downloads artifacts
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        with:
+          name: artifacts
+          path: .cr-release-packages/
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Verify signatures for each chart tag
+        run: |
+          for chart_path in $(find .cr-release-packages -name '*.tgz' -print); do
+            chart_release_file=$(basename "$chart_path")
+            chart_name=${chart_release_file%-*}
+            version=${chart_release_file#$chart_name-}
+            version=${version%.tgz}
+
+            cosign verify "ghcr.io/${{ github.repository }}/${chart_name}:${version}" \
+              --certificate-identity "https://github.com/${{ github.workflow_ref }}" \
+              --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
           done

.github/workflows/release.yml

@@ -1,3 +1,4 @@
+---
 # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: Seerr Release
 

.github/workflows/renovate-helm-custom-hooks.yml

@@ -0,0 +1,181 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Renovate Helm Hooks
+
+on:
+  pull_request:
+    branches:
+      - develop
+    paths:
+      - 'charts/**'
+
+permissions: {}
+
+concurrency:
+  group: renovate-helm-hooks-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  renovate-post-run:
+    name: Renovate Bump Chart Version
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    if: github.actor == 'renovate[bot]'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
+        id: app-token
+        with:
+          app-id: 2138788
+          private-key: ${{ secrets.APP_SEERR_HELM_PRIVATE_KEY }}
+
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0
+
+      - name: Run chart-testing (list-changed)
+        id: list-changed
+        run: |
+          changed="$(ct list-changed --target-branch ${TARGET_BRANCH})"
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+            echo "changed_list=${changed//$'\n'/ }" >> "$GITHUB_OUTPUT"
+          fi
+        env:
+          TARGET_BRANCH: ${{ github.event.repository.default_branch }}
+
+      - name: Bump chart version
+        if: steps.list-changed.outputs.changed == 'true'
+        env:
+          CHART: ${{ steps.list-changed.outputs.changed_list }}
+        run: |
+          if [[ ! -d "${CHART}" ]]; then
+            echo "${CHART} directory not found"
+            exit 0
+          fi
+
+          # Extract current appVersion and chart version from Chart.yaml
+          APP_VERSION=$(grep -e "^appVersion:" "$CHART/Chart.yaml" | cut -d ":" -f 2 | tr -d '[:space:]' | tr -d '"')
+          CHART_VERSION=$(grep -e "^version:" "$CHART/Chart.yaml" | cut -d ":" -f 2 | tr -d '[:space:]' | tr -d '"')
+
+          # Extract major, minor and patch versions of appVersion
+          APP_MAJOR_VERSION=$(printf '%s' "$APP_VERSION" | cut -d "." -f 1)
+          APP_MINOR_VERSION=$(printf '%s' "$APP_VERSION" | cut -d "." -f 2)
+          APP_PATCH_VERSION=$(printf '%s' "$APP_VERSION" | cut -d "." -f 3)
+
+          # Extract major, minor and patch versions of chart version
+          CHART_MAJOR_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 1)
+          CHART_MINOR_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 2)
+          CHART_PATCH_VERSION=$(printf '%s' "$CHART_VERSION" | cut -d "." -f 3)
+
+          # Get previous appVersion from the base commit of the pull request
+          BASE_COMMIT=$(git merge-base origin/main HEAD)
+          PREV_APP_VERSION=$(git show "$BASE_COMMIT":"$CHART/Chart.yaml" | grep -e "^appVersion:" | cut -d ":" -f 2 | tr -d '[:space:]' | tr -d '"')
+
+          # Extract major, minor and patch versions of previous appVersion
+          PREV_APP_MAJOR_VERSION=$(printf '%s' "$PREV_APP_VERSION" | cut -d "." -f 1)
+          PREV_APP_MINOR_VERSION=$(printf '%s' "$PREV_APP_VERSION" | cut -d "." -f 2)
+          PREV_APP_PATCH_VERSION=$(printf '%s' "$PREV_APP_VERSION" | cut -d "." -f 3)
+
+          # Check if the major, minor, or patch version of appVersion has changed
+          if [[ "$APP_MAJOR_VERSION" != "$PREV_APP_MAJOR_VERSION" ]]; then
+            # Bump major version of the chart and reset minor and patch versions to 0
+            CHART_MAJOR_VERSION=$((CHART_MAJOR_VERSION+1))
+            CHART_MINOR_VERSION=0
+            CHART_PATCH_VERSION=0
+          elif [[ "$APP_MINOR_VERSION" != "$PREV_APP_MINOR_VERSION" ]]; then
+            # Bump minor version of the chart and reset patch version to 0
+            CHART_MINOR_VERSION=$((CHART_MINOR_VERSION+1))
+            CHART_PATCH_VERSION=0
+          elif [[ "$APP_PATCH_VERSION" != "$PREV_APP_PATCH_VERSION" ]]; then
+            # Bump patch version of the chart
+            CHART_PATCH_VERSION=$((CHART_PATCH_VERSION+1))
+          fi
+
+          # Update the chart version in Chart.yaml
+          CHART_NEW_VERSION="${CHART_MAJOR_VERSION}.${CHART_MINOR_VERSION}.${CHART_PATCH_VERSION}"
+          sed -i "s/^version:.*/version: ${CHART_NEW_VERSION}/" "$CHART/Chart.yaml"
+
+      - name: Ensure documentation is updated
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: docker://jnorwood/helm-docs:v1.14.2@sha256:7e562b49ab6b1dbc50c3da8f2dd6ffa8a5c6bba327b1c6335cc15ce29267979c
+
+      - name: Commit changes
+        if: steps.list-changed.outputs.changed == 'true'
+        env:
+          CHART: ${{ steps.list-changed.outputs.changed_list }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_HEAD_REF: ${{ github.head_ref }}
+        run: |
+          # Define the target directory
+          TARGET_DIR="$CHART"
+
+          # Fetch deleted files in the target directory
+          DELETED_FILES=$(git diff --diff-filter=D --name-only HEAD -- "$TARGET_DIR")
+
+          # Fetch added/modified files in the target directory
+          MODIFIED_FILES=$(git diff --diff-filter=ACM --name-only HEAD -- "$TARGET_DIR")
+
+          # Create a temporary file for JSON output
+          FILE_CHANGES_JSON_FILE=$(mktemp)
+
+          # Initialize JSON structure in the file
+          echo '{ "deletions": [], "additions": [] }' > "$FILE_CHANGES_JSON_FILE"
+
+          # Add deletions
+          for file in $DELETED_FILES; do
+            jq --arg path "$file" '.deletions += [{"path": $path}]' "$FILE_CHANGES_JSON_FILE" > "$FILE_CHANGES_JSON_FILE.tmp"
+            mv "$FILE_CHANGES_JSON_FILE.tmp" "$FILE_CHANGES_JSON_FILE"
+          done
+
+          # Add additions (new or modified files)
+          for file in $MODIFIED_FILES; do
+            BASE64_CONTENT=$(base64 -w 0 <"$file")  # Encode file content
+            jq --arg path "$file" --arg content "$BASE64_CONTENT" \
+              '.additions += [{"path": $path, "contents": $content}]' "$FILE_CHANGES_JSON_FILE" > "$FILE_CHANGES_JSON_FILE.tmp"
+            mv "$FILE_CHANGES_JSON_FILE.tmp" "$FILE_CHANGES_JSON_FILE"
+          done
+
+          # Create a temporary file for the final JSON payload
+          JSON_PAYLOAD_FILE=$(mktemp)
+
+          # Construct the final JSON using jq and store it in a file
+          jq -n --arg repo "$GITHUB_REPOSITORY" \
+                --arg branch "$GITHUB_HEAD_REF" \
+                --arg message "fix: post upgrade changes from renovate" \
+                --arg expectedOid "$GITHUB_SHA" \
+                --slurpfile fileChanges "$FILE_CHANGES_JSON_FILE" \
+                '{
+                  query: "mutation ($input: CreateCommitOnBranchInput!) {
+                    createCommitOnBranch(input: $input) {
+                      commit {
+                        url
+                      }
+                    }
+                  }",
+                  variables: {
+                    input: {
+                      branch: {
+                        repositoryNameWithOwner: $repo,
+                        branchName: $branch
+                      },
+                      message: { headline: $message },
+                      fileChanges: $fileChanges[0],
+                      expectedHeadOid: $expectedOid
+                    }
+                  }
+                }' > "$JSON_PAYLOAD_FILE"
+
+          # Call GitHub API
+          curl https://api.github.com/graphql -f \
+               -sSf -H "Authorization: Bearer $GITHUB_TOKEN" \
+               --data "@$JSON_PAYLOAD_FILE"
+
+          # Clean up temporary files
+          rm "$FILE_CHANGES_JSON_FILE" "$JSON_PAYLOAD_FILE"

charts/seerr-chart/README.md

@@ -20,6 +20,10 @@ Seerr helm chart for Kubernetes
 
 Kubernetes: `>=1.23.0-0`
 
+## Installation
+
+Refer to [https://docs.seerr.dev/getting-started/kubernetes](Seerr kubernetes documentation)
+
 ## Update Notes
 
 ### Updating to 3.0.0

charts/seerr-chart/README.md.gotmpl

@@ -14,11 +14,15 @@
 
 {{ template "chart.requirementsSection" . }}
 
+## Installation
+
+Refer to [https://docs.seerr.dev/getting-started/kubernetes](Seerr kubernetes documentation)
+
 ## Update Notes
 
 ### Updating to 3.0.0
 
-Nothing change we just rebranded `jellyseerr` helm-chart to `seerr` :)
+Nothing has changed; we just rebranded the `jellyseerr` Helm chart to `seerr` 🥳.
 
 ### Updating to 2.7.0
 

docs/getting-started/buildfromsource.mdx

@@ -15,7 +15,7 @@ import TabItem from '@theme/TabItem';
 
 ### Prerequisites
     - [Node.js 22.x](https://nodejs.org/en/download/)
-    - [Pnpm 10.x](https://pnpm.io/installation)
+    - [Pnpm 9.x](https://pnpm.io/installation)
     - [Git](https://git-scm.com/downloads)
 
 ## Unix (Linux, macOS)

docs/getting-started/docker.mdx

@@ -15,6 +15,12 @@ Refer to [Configuring Databases](/extending-jellyseerr/database-config#postgresq
 An alternative Docker image is available on Docker Hub for this project. You can find it at [Docker Hub Repository Link](https://hub.docker.com/r/seerr/seerr)
 :::
 
+:::info
+All official Seerr images are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/).
+
+To confirm that the container image you are using is authentic and unmodified, please refer to the [Verifying Signed Artifacts](/using-jellyseerr/advanced/verifying-signed-artifacts#verifying-signed-images) guide.
+:::
+
 ## Unix (Linux, macOS)
 :::warning
 Be sure to replace `/path/to/appdata/config` in the below examples with a valid host directory path. If this volume mount is not configured correctly, your Jellyseerr settings/data will not be persisted when the container is recreated (e.g., when updating the image or rebooting your machine).
@@ -72,11 +78,6 @@ Finally, run the container with the same parameters originally used to create th
 ```bash
 docker run -d ...
 ```
-:::info
-All official Seerr images are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/).
-
-To confirm that the container image you are using is authentic and unmodified, please refer to the [Verifying Signed Artifacts](/using-jellyseerr/advanced/verifying-signed-artifacts) guide.
-:::
 
 :::tip
 You may alternatively use a third-party updating mechanism, such as [Watchtower](https://github.com/containrrr/watchtower) or [Ouroboros](https://github.com/pyouroboros/ouroboros), to keep Jellyseerr up-to-date automatically.
@@ -134,15 +135,6 @@ You may alternatively use a third-party mechanism like [dockge](https://github.c
   </TabItem>
 </Tabs>
 
-
-## Unraid
-
-1. Ensure you have the **Community Applications** plugin installed.
-2. Inside the **Community Applications** app store, search for **Jellyseerr**.
-3. Click the **Install Button**.
-4. On the following **Add Container** screen, make changes to the **Host Port** and **Host Path 1** \(Appdata\) as needed.
-5. Click apply and access "Jellyseerr" at your `<ServerIP:HostPort>` in a web browser.
-
 ## Windows
 
 Please refer to the [Docker Desktop for Windows user manual](https://docs.docker.com/docker-for-windows/) for details on how to install Docker on Windows. There is no need to install a Linux distro if using named volumes like in the example below.

docs/getting-started/index.mdx

@@ -7,4 +7,4 @@ import DocCardList from '@theme/DocCardList';
 After running Jellyseerr for the first time, configure it by visiting the web UI at `http://[address]:5055` and completing the setup steps.
 :::
 
-<DocCardList />
+<DocCardList />

docs/getting-started/kubernetes.mdx

@@ -1,13 +1,19 @@
 ---
 title: Kubernetes (Advanced)
 description: Install Jellyseerr in Kubernetes
-sidebar_position: 5
+sidebar_position: 3
 ---
 # Kubernetes
-:::info
+:::warning
 This method is not recommended for most users. It is intended for advanced users who are using Kubernetes.
 :::
 
+:::info
+All official Seerr charts are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/).
+
+To confirm that the chart you are using is authentic and unmodified, please refer to the [Verifying Signed Artifacts](/using-jellyseerr/advanced/verifying-signed-artifacts#verifying-signed-helm-charts) guide.
+:::
+
 ## Installation
 ```console
 helm install jellyseerr oci://ghcr.io/fallenbagel/jellyseerr/jellyseerr-chart

docs/getting-started/nixpkg.mdx

@@ -1,271 +0,0 @@
----
-title: Nix Package Manager (Advanced)
-description: Install Jellyseerr using Nix
-sidebar_position: 3
----
-
-import { JellyseerrVersion, NixpkgVersion } from '@site/src/components/JellyseerrVersion';
-import Admonition from '@theme/Admonition';
-import Tabs from '@theme/Tabs';
-import TabItem from '@theme/TabItem';
-
-# Nix Package Manager (Advanced)
-:::info
-This method is not recommended for most users. It is intended for advanced users who are using Nix as their package manager.
-:::
-
-export const VersionMismatchWarning = () => {
-  let jellyseerrVersion = null;
-  let nixpkgVersions = null;
-  try {
-    jellyseerrVersion = JellyseerrVersion();
-    nixpkgVersions = NixpkgVersion();
-  } catch (err) {
-    return (
-      <Admonition type="error">
-        Failed to load version information. Error: {err.message || JSON.stringify(err)}
-      </Admonition>
-    );
-  }
-
-    if (!nixpkgVersions || nixpkgVersions.error) {
-    return (
-      <Admonition type="error">
-        Failed to fetch Nixpkg versions: {nixpkgVersions?.error || 'Unknown error'}
-      </Admonition>
-    );
-  }
-
-  const isUnstableUpToDate = jellyseerrVersion === nixpkgVersions.unstable;
-  const isStableUpToDate = jellyseerrVersion === nixpkgVersions.stable;
-
-  return (
-     <>
-      {!isStableUpToDate ? (
-  <Admonition type="warning">
-    The{' '}
-    <a href="https://github.com/NixOS/nixpkgs/blob/nixos-24.11/pkgs/servers/jellyseerr/default.nix#L14">
-      upstream Jellyseerr Nix Package (v{nixpkgVersions.stable})
-    </a>{' '}
-    is not <b>up-to-date</b>. If you want to use <b>Jellyseerr v{jellyseerrVersion}</b>,{' '}
-    {isUnstableUpToDate ? (
-      <>
-        consider using the{' '}
-        <a href="https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/je/jellyseerr/package.nix">
-          unstable package
-        </a>{' '}
-        instead.
-      </>
-    ) : (
-      <>
-        you will need to{' '}
-        <a href="#overriding-the-package-derivation">override the package derivation</a>.
-      </>
-    )}
-  </Admonition>
-) : null} 
-    </>
-  );
-};
-
-<VersionMismatchWarning />
-
-## Installation
-To get up and running with jellyseerr using Nix, you can add the following to your `configuration.nix`:
-
-```nix
-{ config, pkgs, ... }:
-
-{
-  services.jellyseerr.enable = true;
-}
-```
-
-If you want more advanced configuration options, you can use the following:
-
-<Tabs groupId="nixpkg-methods" queryString>
-  <TabItem value="default" label="Default Configurations">
-```nix
-{ config, pkgs, ... }:
-
-{
-  services.jellyseerr = {
-    enable = true;
-    port = 5055;
-    openFirewall = true;
-    package = pkgs.jellyseerr; # Use the unstable package if stable is not up-to-date
-  };
-}
-```
-  </TabItem>
-  <TabItem value="custom" label="Database Configurations">
-In order to use postgres, you will need to add override the default module of jellyseerr with the following as the current default module is not compatible with postgres:
-```nix
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib;
-let
-  cfg = config.services.jellyseerr;
-in
-{
-  meta.maintainers = [ maintainers.camillemndn ];
-
-  disabledModules = [ "services/misc/jellyseerr.nix" ];
-
-  options.services.jellyseerr = {
-    enable = mkEnableOption ''Jellyseerr, a requests manager for Jellyfin'';
-
-    openFirewall = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''Open port in the firewall for the Jellyseerr web interface.'';
-    };
-
-    port = mkOption {
-      type = types.port;
-      default = 5055;
-      description = ''The port which the Jellyseerr web UI should listen to.'';
-    };
-
-    package = mkOption {
-      type = types.package;
-      default = pkgs.jellyseerr;
-      defaultText = literalExpression "pkgs.jellyseerr";
-      description = ''
-        Jellyseerr package to use.
-      '';
-    };
-
-    databaseConfig = mkOption {
-      type = types.attrsOf types.str;
-      default = {
-        type = "sqlite";
-        configDirectory = "config";
-        logQueries = "false";
-      };
-      description = ''
-        Database configuration. For "sqlite", only "type", "configDirectory", and "logQueries" are relevant.
-        For "postgres", include host, port, user, pass, name, and optionally socket.
-        Example:
-        {
-          type = "postgres";
-          socket = "/run/postgresql";
-          user = "jellyseerr";
-          name = "jellyseerr";
-          logQueries = "false";
-        }
-        or
-        {
-          type = "postgres";
-          host = "localhost";
-          port = "5432";
-          user = "dbuser";
-          pass = "password";
-          name = "jellyseerr";
-          logQueries = "false";
-        }
-        or
-        {
-          type = "sqlite";
-          configDirectory = "config";
-          logQueries = "false";
-        }
-      '';
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.jellyseerr = {
-      description = "Jellyseerr, a requests manager for Jellyfin";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      environment =
-        let
-          dbConfig = cfg.databaseConfig;
-        in
-        {
-          PORT = toString cfg.port;
-          DB_TYPE = toString dbConfig.type;
-          CONFIG_DIRECTORY = toString dbConfig.configDirectory or "";
-          DB_LOG_QUERIES = toString dbConfig.logQueries;
-          DB_HOST = if dbConfig.type == "postgres" && !(hasAttr "socket" dbConfig) then toString dbConfig.host or "" else "";
-          DB_PORT = if dbConfig.type == "postgres" && !(hasAttr "socket" dbConfig) then toString dbConfig.port or "" else "";
-          DB_SOCKET_PATH = if dbConfig.type == "postgres" && hasAttr "socket" dbConfig then toString dbConfig.socket or "" else "";
-          DB_USER = if dbConfig.type == "postgres" then toString dbConfig.user or "" else "";
-          DB_PASS = if dbConfig.type == "postgres" then toString dbConfig.pass or "" else "";
-          DB_NAME = if dbConfig.type == "postgres" then toString dbConfig.name or "" else "";
-        };
-      serviceConfig = {
-        Type = "exec";
-        StateDirectory = "jellyseerr";
-        WorkingDirectory = "${cfg.package}/libexec/jellyseerr";
-        DynamicUser = true;
-        ExecStart = "${cfg.package}/bin/jellyseerr";
-        BindPaths = [ "/var/lib/jellyseerr/:${cfg.package}/libexec/jellyseerr/config/" ];
-        Restart = "on-failure";
-        ProtectHome = true;
-        ProtectSystem = "strict";
-        PrivateTmp = true;
-        PrivateDevices = true;
-        ProtectHostname = true;
-        ProtectClock = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectKernelLogs = true;
-        ProtectControlGroups = true;
-        NoNewPrivileges = true;
-        RestrictRealtime = true;
-        RestrictSUIDSGID = true;
-        RemoveIPC = true;
-        PrivateMounts = true;
-      };
-    };
-
-    networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };
-  };
-}
-```
-Then, import the module into your `configuration.nix`:
-```nix
-{ config, pkgs, ... }:
-{
-  imports = [ ./modules/jellyseerr.nix ];
-
-  services.jellyseerr = {
-    enable = true;
-    port = 5055;
-    openFirewall = true;
-    package = pkgs.unstable.jellyseerr; # use the unstable package if stable is not up-to-date
-    databaseConfig = {
-      type = "postgres";
-      host = "localhost"; # or socket: "/run/postgresql"
-      port = "5432"; # if using socket, this is not needed
-      user = "jellyseerr";
-      pass = "jellyseerr";
-      name = "jellyseerr";
-      logQueries = "false";
-    };
-  }
-}
-```
-  </TabItem>
-</Tabs>
-
-After adding the configuration to your `configuration.nix`, you can run the following command to install jellyseerr:
-
-```bash
-nixos-rebuild switch
-```
-After rebuild is complete jellyseerr should be running, verify that it is with the following command.
-```bash
-systemctl status jellyseerr
-```
-
-:::info
-You can now access Jellyseerr by visiting `http://localhost:5055` in your web browser.
-:::
-

docs/getting-started/third-parties/aur.mdx

@@ -1,16 +1,15 @@
 ---
-title: AUR (Arch User Repository)
+title: AUR (Advanced)
 description: Install Jellyseerr using the Arch User Repository
-sidebar_position: 4
+sidebar_position: 2
 ---
 
-# AUR (Arch User Repository)
-
-:::note Disclaimer
-This AUR package is not maintained by us but by a third party. Please refer to the maintainer for any issues.
+# AUR
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
 :::
 
-:::info
+:::warning
 This method is not recommended for most users. It is intended for advanced users who are using Arch Linux or an Arch-based distribution.
 :::
 

docs/getting-started/third-parties/index.mdx

@@ -0,0 +1,11 @@
+---
+title: Third-party Installation Methods
+---
+import DocCardList from '@theme/DocCardList';
+
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
+:::
+
+
+<DocCardList />

docs/getting-started/third-parties/nixpkg.mdx

@@ -0,0 +1,17 @@
+---
+title: Nix Package Manager (Advanced)
+description: Install Jellyseerr using Nixpkgs
+sidebar_position: 1
+---
+
+import { JellyseerrVersion, NixpkgVersion } from '@site/src/components/JellyseerrVersion';
+import Admonition from '@theme/Admonition';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# Nix Package Manager
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
+:::
+
+Refer to [NixOS documentation](https://search.nixos.org/options?channel=25.05&query=seerr)

docs/getting-started/third-parties/unraid.mdx

@@ -0,0 +1,20 @@
+---
+title: Unraid (Advanced)
+description: Install Jellyseerr using Unraid
+sidebar_position: 3
+---
+
+# Unraid
+:::warning
+Third-party installation methods are maintained by the community. The Seerr team is not responsible for these packages.
+:::
+
+:::warning
+This method is not recommended for most users. It is intended for advanced users who are using Unraid.
+:::
+
+1. Ensure you have the **Community Applications** plugin installed.
+2. Inside the **Community Applications** app store, search for **Jellyseerr**.
+3. Click the **Install Button**.
+4. On the following **Add Container** screen, make changes to the **Host Port** and **Host Path 1** \(Appdata\) as needed.
+5. Click apply and access "Jellyseerr" at your `<ServerIP:HostPort>` in a web browser.

docs/using-jellyseerr/advanced/verifying-signed-artifacts.mdx

@@ -12,6 +12,7 @@ import TabItem from '@theme/TabItem';
 
 These artifacts are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/):
 - Container images
+- Helm charts
 
 This ensures that the images you pull are authentic, tamper-proof, and built by the official Seerr release pipeline.
 
@@ -27,19 +28,11 @@ You will need the following tools installed:
 
 To verify images:
 
-- [Docker](https://docs.docker.com/get-docker/) **or**
-- [Podman](https://podman.io/getting-started/installation) (including [Skopeo](https://github.com/containers/skopeo/blob/main/install.md))
+- [Docker](https://docs.docker.com/get-docker/) **or** [Podman](https://podman.io/getting-started/installation) (including [Skopeo](https://github.com/containers/skopeo/blob/main/install.md))
 
 ---
 
-# Verifying Signed Images
-
-All Seerr container images published to GitHub Container Registry (GHCR) are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/).
-This ensures that the images you pull are authentic, tamper-proof, and built by the official Seerr release pipeline.
-
-Each image also includes a CycloneDX SBOM (Software Bill of Materials) attestation, generated with [Trivy](https://aquasecurity.github.io/trivy/), providing transparency about all dependencies included in the image.
-
----
+## Verifying Signed Images
 
 ### Image Locations
 
@@ -227,17 +220,6 @@ This confirms that the image was:
 
 ---
 
-### Troubleshooting
-
-| Issue | Likely Cause | Suggested Fix |
-|-------|---------------|----------------|
-| `no matching signatures` | Incorrect digest or tag | Retrieve the digest again using Docker or Skopeo |
-| `certificate identity does not match expected` | Workflow reference changed | Ensure your `--certificate-identity` matches this documentation |
-| `cosign: command not found` | Cosign not installed | Install Cosign from the official release |
-| `certificate expired` | Old release | Verify a newer tag or digest |
-
----
-
 ### Example: Full Verification Flow
 
 <Tabs groupId="verify-examples">
@@ -269,6 +251,127 @@ cosign verify ghcr.io/seerr-team/seerr@"$DIGEST" \
   </TabItem>
 </Tabs>
 
+## Verifying Signed Helm charts
+
+### Helm Chart Locations
+
+Official Seerr helm charts are available from:
+
+- GitHub Container Registry (GHCR): `ghcr.io/seerr-team/seerr/seerr-chart/seerr-chart:<tag>`
+
+You can view all available tags on the [Seerr Releases page](https://github.com/seerr-team/seerr/pkgs/container/seerr%2Fseerr-chart).
+
+---
+
+### Verifying a Specific Release Tag
+
+Each tagged release (for example `3.0.0`) is immutable and cryptographically signed.
+Verification should always be performed using the image digest (SHA256).
+
+#### Retrieve the Helm Chart Digest
+
+<Tabs groupId="verify-methods">
+  <TabItem value="docker" label="Docker">
+
+```bash
+docker buildx imagetools inspect ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{json .Manifest.Digest}}' | tr -d '"'
+```
+  </TabItem>
+
+  <TabItem value="podman" label="Podman / Skopeo">
+
+```bash
+skopeo inspect docker://ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{.Digest}}'
+```
+  </TabItem>
+</Tabs>
+
+Example output:
+
+```
+sha256:abcd1234...
+```
+
+---
+
+#### Verify the Helm Chart Signature
+
+```bash
+cosign verify ghcr.io/seerr-team/seerr/seerr-chart@sha256:abcd1234... \
+  --certificate-identity "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+
+:::info Successful Verification Example
+Verification for `ghcr.io/seerr-team/seerr/seerr-chart@sha256:abcd1234...`
+
+The following checks were performed:
+
+- Cosign claims validated
+- Signatures verified against the transparency log
+- Certificate issued by Fulcio to the expected workflow identity
+:::
+
+---
+
+### Expected Certificate Identity
+
+The expected certificate identity for all signed Seerr images is:
+
+```
+https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main
+```
+
+This confirms that the image was:
+
+- Built by the official Seerr Release workflow
+- Produced from the seerr-team/seerr repository
+- Signed using GitHub’s OIDC identity via Sigstore Fulcio
+
+---
+
+### Example: Full Verification Flow
+
+<Tabs groupId="verify-examples">
+  <TabItem value="docker" label="Docker">
+
+```bash
+DIGEST=$(docker buildx imagetools inspect ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{json .Manifest.Digest}}' | tr -d '"')
+
+cosign verify ghcr.io/seerr-team/seerr/seerr-chart@"$DIGEST" \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+
+cosign verify-attestation ghcr.io/seerr-team/seerr/seerr-chart@"$DIGEST" \
+  --type cyclonedx \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+
+  <TabItem value="podman" label="Podman / Skopeo">
+
+```bash
+DIGEST=$(skopeo inspect docker://ghcr.io/seerr-team/seerr/seerr-chart:3.0.0 --format '{{.Digest}}')
+
+cosign verify ghcr.io/seerr-team/seerr/seerr-chart@"$DIGEST" \
+  --certificate-identity-regexp "https://github.com/seerr-team/seerr/.github/workflows/helm.yml@refs/heads/main" \
+  --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
+```
+  </TabItem>
+</Tabs>
+
+---
+
+## Troubleshooting
+
+| Issue | Likely Cause | Suggested Fix |
+|-------|---------------|----------------|
+| `no matching signatures` | Incorrect digest or tag | Retrieve the digest again using Docker or Skopeo |
+| `certificate identity does not match expected` | Workflow reference changed | Ensure your `--certificate-identity` matches this documentation |
+| `cosign: command not found` | Cosign not installed | Install Cosign from the official release |
+| `certificate expired` | Old release | Verify a newer tag or digest |
+
 ---
 
 ## Further Reading

package.json

@@ -60,7 +60,6 @@
     "dayjs": "1.11.7",
     "dns-caching": "^0.2.7",
     "email-templates": "12.0.1",
-    "email-validator": "2.0.4",
     "express": "4.21.2",
     "express-openapi-validator": "4.13.8",
     "express-rate-limit": "6.7.0",
@@ -107,6 +106,7 @@
     "typeorm": "0.3.12",
     "ua-parser-js": "^1.0.35",
     "undici": "^7.3.0",
+    "validator": "^13.15.15",
     "web-push": "3.5.0",
     "wink-jaro-distance": "^2.0.0",
     "winston": "3.8.2",
@@ -140,6 +140,7 @@
     "@types/secure-random-password": "0.2.1",
     "@types/semver": "7.3.13",
     "@types/swagger-ui-express": "4.1.3",
+    "@types/validator": "^13.15.3",
     "@types/web-push": "3.3.2",
     "@types/xml2js": "0.4.11",
     "@types/yamljs": "0.2.31",

pnpm-lock.yaml

@@ -89,9 +89,6 @@ importers:
       email-templates:
         specifier: 12.0.1
         version: 12.0.1(@babel/core@7.24.7)(encoding@0.1.13)(handlebars@4.7.8)(mustache@4.2.0)(pug@3.0.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(underscore@1.13.7)
-      email-validator:
-        specifier: 2.0.4
-        version: 2.0.4
       express:
         specifier: 4.21.2
         version: 4.21.2
@@ -230,6 +227,9 @@ importers:
       undici:
         specifier: ^7.3.0
         version: 7.3.0
+      validator:
+        specifier: ^13.15.15
+        version: 13.15.15
       web-push:
         specifier: 3.5.0
         version: 3.5.0
@@ -324,6 +324,9 @@ importers:
       '@types/swagger-ui-express':
         specifier: 4.1.3
         version: 4.1.3
+      '@types/validator':
+        specifier: ^13.15.3
+        version: 13.15.3
       '@types/web-push':
         specifier: 3.3.2
         version: 3.3.2
@@ -3340,6 +3343,9 @@ packages:
   '@types/unist@2.0.10':
     resolution: {integrity: sha512-IfYcSBWE3hLpBg8+X2SEa8LVkJdJEkT2Ese2aaLs3ptGdVtABxndrMaxuFlQ1qdFf9Q5rDvDpxI3WwgvKFAsQA==}
 
+  '@types/validator@13.15.3':
+    resolution: {integrity: sha512-7bcUmDyS6PN3EuD9SlGGOxM77F8WLVsrwkxyWxKnxzmXoequ6c7741QBrANq6htVRGOITJ7z72mTP6Z4XyuG+Q==}
+
   '@types/web-push@3.3.2':
     resolution: {integrity: sha512-JxWGVL/m7mWTIg4mRYO+A6s0jPmBkr4iJr39DqJpRJAc+jrPiEe1/asmkwerzRon8ZZDxaZJpsxpv0Z18Wo9gw==}
 
@@ -4735,10 +4741,6 @@ packages:
     resolution: {integrity: sha512-849pjBFVUAWWTa3HqhDjxlXHaSWmxf4CZOlZ9iVkrSAbQ8YCYi+7KiKqt35L6F20WhSViWX7lmMjno6zBv2rNQ==}
     engines: {node: '>=14'}
 
-  email-validator@2.0.4:
-    resolution: {integrity: sha512-gYCwo7kh5S3IDyZPLZf6hSS0MnZT8QmJFqYvbqlDZSbwdZlY6QZWxJ4i/6UhITOJ4XzyI647Bm2MXKCLqnJ4nQ==}
-    engines: {node: '>4.0'}
-
   emoji-regex@10.3.0:
     resolution: {integrity: sha512-QpLs9D9v9kArv4lfDEgg1X/gN5XLnf/A6l9cs8SPZLRZR3ZkY9+kwIQTxm+fsSej5UMYGE8fdoaZVIBlqG0XTw==}
 
@@ -9049,6 +9051,10 @@ packages:
   validate-npm-package-license@3.0.4:
     resolution: {integrity: sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==}
 
+  validator@13.15.15:
+    resolution: {integrity: sha512-BgWVbCI72aIQy937xbawcs+hrVaN/CZ2UwutgaJ36hGqRrLNM+f5LUT/YPRbo8IV/ASeFzXszezV+y2+rq3l8A==}
+    engines: {node: '>= 0.10'}
+
   vary@1.1.2:
     resolution: {integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==}
     engines: {node: '>= 0.8'}
@@ -13256,6 +13262,8 @@ snapshots:
 
   '@types/unist@2.0.10': {}
 
+  '@types/validator@13.15.3': {}
+
   '@types/web-push@3.3.2':
     dependencies:
       '@types/node': 22.10.5
@@ -14937,8 +14945,6 @@ snapshots:
       - walrus
       - whiskers
 
-  email-validator@2.0.4: {}
-
   emoji-regex@10.3.0: {}
 
   emoji-regex@8.0.0: {}
@@ -20048,6 +20054,8 @@ snapshots:
       spdx-correct: 3.2.0
       spdx-expression-parse: 3.0.1
 
+  validator@13.15.15: {}
+
   vary@1.1.2: {}
 
   verror@1.10.0:

seerr-api.yml

@@ -2339,8 +2339,12 @@ paths:
                   properties:
                     username:
                       type: string
-                    userId:
-                      type: integer
+                    id:
+                      type: string
+                    thumb:
+                      type: string
+                    email:
+                      type: string
   /settings/jellyfin/sync:
     get:
       summary: Get status of full Jellyfin library sync
@@ -6908,6 +6912,10 @@ paths:
                 is4k:
                   type: boolean
                   example: false
+                  description: |
+                    When true, updates the 4K status field (status4k).
+                    When false or not provided, updates the regular status field (status).
+                    This applies to all status values (available, partial, processing, pending, unknown).
       responses:
         '200':
           description: Returned media

server/api/themoviedb/index.ts

@@ -73,6 +73,7 @@ export interface TmdbCertificationResponse {
 interface DiscoverMovieOptions {
   page?: number;
   includeAdult?: boolean;
+  includeVideo?: boolean;
   language?: string;
   primaryReleaseDateGte?: string;
   primaryReleaseDateLte?: string;
@@ -490,6 +491,7 @@ class TheMovieDb extends ExternalAPI implements TvShowProvider {
     sortBy = 'popularity.desc',
     page = 1,
     includeAdult = false,
+    includeVideo = true,
     language = this.locale,
     primaryReleaseDateGte,
     primaryReleaseDateLte,
@@ -527,6 +529,7 @@ class TheMovieDb extends ExternalAPI implements TvShowProvider {
           sort_by: sortBy,
           page,
           include_adult: includeAdult,
+          include_video: includeVideo,
           language,
           region: this.discoverRegion || '',
           with_original_language:

server/lib/notifications/agents/email.ts

@@ -7,8 +7,8 @@ import type { NotificationAgentEmail } from '@server/lib/settings';
 import { getSettings, NotificationAgentKey } from '@server/lib/settings';
 import logger from '@server/logger';
 import type { EmailOptions } from 'email-templates';
-import * as EmailValidator from 'email-validator';
 import path from 'path';
+import validator from 'validator';
 import { Notification, shouldSendAdminNotification } from '..';
 import type { NotificationAgent, NotificationPayload } from './agent';
 import { BaseAgent } from './agent';
@@ -221,7 +221,9 @@ class EmailAgent
             this.getSettings(),
             payload.notifyUser.settings?.pgpKey
           );
-          if (EmailValidator.validate(payload.notifyUser.email)) {
+          if (
+            validator.isEmail(payload.notifyUser.email, { require_tld: false })
+          ) {
             await email.send(
               this.buildMessage(
                 type,
@@ -283,7 +285,7 @@ class EmailAgent
                 this.getSettings(),
                 user.settings?.pgpKey
               );
-              if (EmailValidator.validate(user.email)) {
+              if (validator.isEmail(user.email, { require_tld: false })) {
                 await email.send(
                   this.buildMessage(type, payload, user.email, user.displayName)
                 );

server/routes/auth.ts

@@ -15,9 +15,9 @@ import { ApiError } from '@server/types/error';
 import { getAppVersion } from '@server/utils/appVersion';
 import { getHostname } from '@server/utils/getHostname';
 import axios from 'axios';
-import * as EmailValidator from 'email-validator';
 import { Router } from 'express';
 import net from 'net';
+import validator from 'validator';
 
 const authRoutes = Router();
 
@@ -37,7 +37,7 @@ authRoutes.get('/me', isAuthenticated(), async (req, res) => {
   const settings = await getSettings();
   if (
     settings.notifications.agents.email.options.userEmailRequired &&
-    !EmailValidator.validate(user.email)
+    !validator.isEmail(user.email, { require_tld: false })
   ) {
     user.warnings.push('userEmailRequired');
     logger.warn(`User ${user.username} has no valid email address`);

server/routes/media.ts

@@ -112,7 +112,7 @@ mediaRoutes.post<
       return next({ status: 404, message: 'Media does not exist.' });
     }
 
-    const is4k = Boolean(req.body.is4k);
+    const is4k = String(req.body.is4k) === 'true';
 
     switch (req.params.status) {
       case 'available':
@@ -145,16 +145,16 @@ mediaRoutes.post<
             message: 'Only series can be set to be partially available',
           });
         }
-        media.status = MediaStatus.PARTIALLY_AVAILABLE;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.PARTIALLY_AVAILABLE;
         break;
       case 'processing':
-        media.status = MediaStatus.PROCESSING;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.PROCESSING;
         break;
       case 'pending':
-        media.status = MediaStatus.PENDING;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.PENDING;
         break;
       case 'unknown':
-        media.status = MediaStatus.UNKNOWN;
+        media[is4k ? 'status4k' : 'status'] = MediaStatus.UNKNOWN;
     }
 
     await mediaRepository.save(media);
@@ -198,7 +198,7 @@ mediaRoutes.delete(
         where: { id: Number(req.params.id) },
       });
 
-      const is4k = req.query.is4k === 'true';
+      const is4k = String(req.query.is4k) === 'true';
       const isMovie = media.mediaType === MediaType.MOVIE;
 
       let serviceSettings;
@@ -212,18 +212,19 @@ mediaRoutes.delete(
         );
       }
 
+      const specificServiceId = is4k ? media.serviceId4k : media.serviceId;
       if (
-        media.serviceId &&
-        media.serviceId >= 0 &&
-        serviceSettings?.id !== media.serviceId
+        specificServiceId &&
+        specificServiceId >= 0 &&
+        serviceSettings?.id !== specificServiceId
       ) {
         if (isMovie) {
           serviceSettings = settings.radarr.find(
-            (radarr) => radarr.id === media.serviceId
+            (radarr) => radarr.id === specificServiceId
           );
         } else {
           serviceSettings = settings.sonarr.find(
-            (sonarr) => sonarr.id === media.serviceId
+            (sonarr) => sonarr.id === specificServiceId
           );
         }
       }
@@ -257,13 +258,7 @@ mediaRoutes.delete(
       }
 
       if (isMovie) {
-        await (service as RadarrAPI).removeMovie(
-          parseInt(
-            is4k
-              ? (media.externalServiceSlug4k as string)
-              : (media.externalServiceSlug as string)
-          )
-        );
+        await (service as RadarrAPI).removeMovie(media.tmdbId);
       } else {
         const tmdb = new TheMovieDb();
         const series = await tmdb.getTvShow({ tvId: media.tmdbId });

src/components/Login/AddEmailModal.tsx

@@ -5,6 +5,7 @@ import { Transition } from '@headlessui/react';
 import axios from 'axios';
 import { Field, Formik } from 'formik';
 import { useIntl } from 'react-intl';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.Login', {
@@ -36,7 +37,11 @@ const AddEmailModal: React.FC<AddEmailModalProps> = ({
 
   const EmailSettingsSchema = Yup.object().shape({
     email: Yup.string()
-      .email(intl.formatMessage(messages.validationEmailFormat))
+      .test(
+        'email',
+        intl.formatMessage(messages.validationEmailFormat),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      )
       .required(intl.formatMessage(messages.validationEmailRequired)),
   });
 

src/components/ManageSlideOver/index.tsx

@@ -150,6 +150,31 @@ const ManageSlideOver = ({
     return false;
   };
 
+  const isDefault4kService = () => {
+    if (data.mediaInfo) {
+      if (data.mediaInfo.mediaType === MediaType.MOVIE) {
+        return (
+          radarrData?.find(
+            (radarr) =>
+              radarr.isDefault &&
+              radarr.is4k &&
+              radarr.id === data.mediaInfo?.serviceId4k
+          ) !== undefined
+        );
+      } else {
+        return (
+          sonarrData?.find(
+            (sonarr) =>
+              sonarr.isDefault &&
+              sonarr.is4k &&
+              sonarr.id === data.mediaInfo?.serviceId4k
+          ) !== undefined
+        );
+      }
+    }
+    return false;
+  };
+
   const markAvailable = async (is4k = false) => {
     if (data.mediaInfo) {
       await axios.post(`/api/v1/media/${data.mediaInfo?.id}/available`, {
@@ -572,7 +597,7 @@ const ManageSlideOver = ({
                         </span>
                       </Button>
                     </a>
-                    {isDefaultService() && (
+                    {isDefault4kService() && (
                       <div>
                         <ConfirmButton
                           onClick={() => deleteMediaFile(true)}

src/components/ResetPassword/RequestResetLink.tsx

@@ -10,6 +10,7 @@ import Image from 'next/image';
 import Link from 'next/link';
 import { useState } from 'react';
 import { useIntl } from 'react-intl';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.ResetPassword', {
@@ -29,7 +30,11 @@ const ResetPassword = () => {
 
   const ResetSchema = Yup.object().shape({
     email: Yup.string()
-      .email(intl.formatMessage(messages.validationemailrequired))
+      .test(
+        'email',
+        intl.formatMessage(messages.validationemailrequired),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      )
       .required(intl.formatMessage(messages.validationemailrequired)),
   });
 

src/components/Settings/Notifications/NotificationsEmail.tsx

@@ -11,6 +11,7 @@ import { useState } from 'react';
 import { useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
 import useSWR, { mutate } from 'swr';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.Settings.Notifications', {
@@ -77,7 +78,11 @@ const NotificationsEmail = () => {
             .required(intl.formatMessage(messages.validationEmail)),
           otherwise: Yup.string().nullable(),
         })
-        .email(intl.formatMessage(messages.validationEmail)),
+        .test(
+          'email',
+          intl.formatMessage(messages.validationEmail),
+          (value) => !value || validator.isEmail(value, { require_tld: false })
+        ),
       smtpHost: Yup.string().when('enabled', {
         is: true,
         then: Yup.string()

src/components/Setup/JellyfinSetup.tsx

@@ -8,6 +8,7 @@ import axios from 'axios';
 import { Field, Form, Formik } from 'formik';
 import { FormattedMessage, useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages('components.Login', {
@@ -90,7 +91,11 @@ function JellyfinSetup({
         (value) => !value || !value.endsWith('/')
       ),
     email: Yup.string()
-      .email(intl.formatMessage(messages.validationemailformat))
+      .test(
+        'email',
+        intl.formatMessage(messages.validationemailformat),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      )
       .required(intl.formatMessage(messages.validationemailrequired)),
     username: Yup.string().required(
       intl.formatMessage(messages.validationusernamerequired)

src/components/UserList/index.tsx

@@ -36,6 +36,7 @@ import { useEffect, useState } from 'react';
 import { useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
 import useSWR from 'swr';
+import validator from 'validator';
 import * as Yup from 'yup';
 import JellyfinImportModal from './JellyfinImportModal';
 
@@ -210,7 +211,11 @@ const UserList = () => {
     ),
     email: Yup.string()
       .required()
-      .email(intl.formatMessage(messages.validationEmail)),
+      .test(
+        'email',
+        intl.formatMessage(messages.validationEmail),
+        (value) => !value || validator.isEmail(value, { require_tld: false })
+      ),
     password: Yup.lazy((value) =>
       !value
         ? Yup.string()

src/components/UserProfile/UserSettings/UserGeneralSettings/index.tsx

@@ -23,6 +23,7 @@ import { useEffect, useState } from 'react';
 import { useIntl } from 'react-intl';
 import { useToasts } from 'react-toast-notifications';
 import useSWR from 'swr';
+import validator from 'validator';
 import * as Yup from 'yup';
 
 const messages = defineMessages(
@@ -105,10 +106,18 @@ const UserGeneralSettings = () => {
       user?.id === 1 ||
       (user?.userType !== UserType.JELLYFIN && user?.userType !== UserType.EMBY)
         ? Yup.string()
-            .email(intl.formatMessage(messages.validationemailformat))
+            .test(
+              'email',
+              intl.formatMessage(messages.validationemailformat),
+              (value) =>
+                !value || validator.isEmail(value, { require_tld: false })
+            )
             .required(intl.formatMessage(messages.validationemailrequired))
-        : Yup.string().email(
-            intl.formatMessage(messages.validationemailformat)
+        : Yup.string().test(
+            'email',
+            intl.formatMessage(messages.validationemailformat),
+            (value) =>
+              !value || validator.isEmail(value, { require_tld: false })
           ),
     discordId: Yup.string()
       .nullable()