sync with dev#2903
Merged
bradkeifer merged 274 commits into4484-airplay-2-not-pairingfrom Dec 31, 2025
Merged
Conversation
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
…2767) `Dockerfile.base` still used the old package name `aioresonate` instead of `aiosendspin`. Since no `PyAV` updates were released since then, we don't need to rebuild the base image.
Potential fix for code scanning in github action Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Small fix for HAOS running as add-on to allow api connection when server still needs to be onboarded
Bumps [orjson](https://github.com/ijl/orjson) from 3.11.4 to 3.11.5. - [Release notes](https://github.com/ijl/orjson/releases) - [Changelog](https://github.com/ijl/orjson/blob/master/CHANGELOG.md) - [Commits](ijl/orjson@3.11.4...3.11.5) --- updated-dependencies: - dependency-name: orjson dependency-version: 3.11.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Bumps [podcastparser](https://github.com/gpodder/podcastparser) from 0.6.10 to 0.6.11. - [Commits](gpodder/podcastparser@0.6.10...0.6.11) --- updated-dependencies: - dependency-name: podcastparser dependency-version: 0.6.11 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
* Fix OpenSubsonic ReplayGain loudness calculation The OpenSubsonic provider was passing raw ReplayGain gain values (in dB) directly to set_loudness(), but set_loudness() expects integrated loudness values (in LUFS). This caused tracks with ReplayGain tags to show incorrect loudness values when accessed via OpenSubsonic/Navidrome. For example, a quiet track with +0.39 dB gain was being stored as 0.39 LUFS instead of -18.39 LUFS, resulting in massive gain reduction (-17.39 dB) instead of a small boost. Fixed by converting ReplayGain values to loudness before storing: Loudness (LUFS) = -18 - Gain (dB) This matches the ReplayGain 2.0 specification and how the filesystem provider handles ReplayGain tags. Only affects users connecting to Navidrome/Subsonic servers. Users with local filesystem music were not affected. * Remove unnecessary comment --------- Co-authored-by: Claude <noreply@anthropic.com>
Fix link
Fix Plex Connect timeline reporting Use queue.corrected_elapsed_time instead of player.corrected_elapsed_time to accurately track current track position. This fixes issues where: - Timeline reported incorrect elapsed time when playing multiple tracks - Huge time values were sent after track transitions - Step forward/back commands used wrong elapsed time reference The queue tracks per-track elapsed time while player tracks total session time.
* Chore(deps): Bump deno from 2.5.6 to 2.6.3 Bumps deno from 2.5.6 to 2.6.3. --- updated-dependencies: - dependency-name: deno dependency-version: 2.6.3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Also bump provider manifest --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marvin Schenkel <marvinschenkel@gmail.com>
* Chore(deps): Bump websocket-client from 1.8.0 to 1.9.0 Bumps [websocket-client](https://github.com/websocket-client/websocket-client) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/websocket-client/websocket-client/releases) - [Changelog](https://github.com/websocket-client/websocket-client/blob/master/ChangeLog) - [Commits](websocket-client/websocket-client@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: websocket-client dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Also bump provider manifest --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Marvin Schenkel <marvinschenkel@gmail.com>
Allow users to add multiple Audible provider instances with separate logins. The provider implementation already supports this - just needed to add the multi_instance flag to the manifest. Fixes: music-assistant/discussions#862
* Fix Spotify podcast thumbnail image quality * Remove debug line * Simplify
* Fix Audible authentication for new API token format - Add compatible token refresh handling for new actor_access_token format - Validate signing auth availability (preferred, stable auth method) - Accept multiple authorization code parameter names in callback URL - Improve error handling and diagnostic messages * Use shared http_session instead of creating new client - Modify refresh_access_token_compat to accept http_session parameter - Update to use aiohttp ClientSession (from mass.http_session) - Remove unnecessary httpx.AsyncClient creation --------- Co-authored-by: Ztripez von Matérn <ztripez@bobby.se>
Update to include bugfix for get_playlists endpoint. Signed-off-by: Eric B Munson <eric@munsonfam.org>
Co-authored-by: marcelveldt <6389780+marcelveldt@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
49
to
-67
| @@ -64,32 +64,26 @@ jobs: | |||
| echo "Using dev branch for $CHANNEL release" | |||
| fi | |||
|
|
|||
| - name: Trigger test workflow | |||
| uses: convictional/trigger-workflow-and-wait@v1.6.5 | |||
| with: | |||
| owner: ${{ github.repository_owner }} | |||
| repo: server | |||
| github_token: ${{ secrets.PRIVILEGED_GITHUB_TOKEN }} | |||
| workflow_file_name: test.yml | |||
| ref: ${{ steps.branch.outputs.branch }} | |||
| wait_interval: 10 | |||
| propagate_failure: true | |||
| trigger_workflow: true | |||
| wait_workflow: true | |||
| preflight-checks: | |||
| name: Run tests and linting before release | |||
| needs: determine-branch | |||
| uses: ./.github/workflows/test.yml | |||
| with: | |||
| ref: ${{ needs.determine-branch.outputs.branch }} | |||
|
|
|||
| validate-and-build: | |||
| name: Validate version and build Python artifact | |||
| runs-on: ubuntu-latest | |||
| needs: preflight-checks | |||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
In general, the problem is fixed by explicitly declaring permissions: in the workflow so the GITHUB_TOKEN is granted only the minimal scopes needed. When added at the top level of the workflow (same level as on: and env:), those permissions apply to all jobs that do not override them individually. For most workflows that only need to check out code and read repository contents, contents: read is a sensible default.
For this specific file, the least intrusive and safest fix—without changing current behavior—is:
- Add a workflow‑level
permissions:block right after theon:section and beforeenv:(lines around 41). - Set
contents: readas a minimal starting point, which still allowsactions/checkoutto function while preventing unintended write operations by default. - Because we are not shown any job steps that require write permissions (e.g., creating releases, pushing tags) in the visible region, we will not add any broader permissions. If other jobs (such as
create-release) below the truncated region need writes, they can later declare job-specificpermissions:blocks.
Concretely, in .github/workflows/release.yml, insert:
permissions:
contents: readbetween the workflow_call block (ending at line 39–40) and the existing env: block (starting at line 41).
Suggested changeset
1
.github/workflows/release.yml
| @@ -38,6 +38,9 @@ | ||
| PRIVILEGED_GITHUB_TOKEN: | ||
| required: true | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| env: | ||
| PYTHON_VERSION: "3.12" | ||
| BASE_IMAGE_VERSION_STABLE: "1.4.10" |
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
bradkeifer
merged commit 9f4c309
into
4484-airplay-2-not-pairing
13 of 14 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.