2641a1b874
- R11: pin requirements.txt to the versions running in the image, so a rebuild can't pull a breaking upstream release. Documented how to upgrade. - R12: log rotation now also prunes job_runs rows older than 90 days (nulling the manual_imports FK reference first), so the table doesn't grow without bound. dedup/genre candidates are review state and left alone. - U5: credential form shows non-secret fields (URLs, usernames, prefs) as plain text so they can be verified while typing; only real secrets stay masked. Dashboard IP card reworded from gluetun-specific to generic "Outbound IP". - S9: enforce ALLOWED_EMAIL at the OIDC callback, before any user row or session is created, instead of only on later requests. Verified: pinned build resolves; prune deletes only old rows and keeps the manual_imports record; credentials page renders text+password inputs; a disallowed email gets 403 with no user row, an allowed one succeeds. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
25 lines
608 B
Plaintext
25 lines
608 B
Plaintext
# Pinned to the versions currently running in the image. Rebuilds are then
|
|
# reproducible: a breaking upstream release can't be pulled in on the next
|
|
# `docker build`. To upgrade, bump a pin here deliberately, rebuild, and test.
|
|
|
|
# Control-plane app
|
|
fastapi==0.139.0
|
|
uvicorn[standard]==0.51.0
|
|
jinja2==3.1.6
|
|
python-multipart==0.0.32
|
|
pydantic==2.13.4
|
|
pydantic-settings==2.14.2
|
|
sqlalchemy==2.0.51
|
|
apscheduler==3.11.3
|
|
authlib==1.7.2
|
|
itsdangerous==2.2.0
|
|
cryptography==49.0.0
|
|
httpx==0.28.1
|
|
|
|
# Pipeline scripts (migrated from /opt/sldl)
|
|
beets==2.12.0
|
|
mutagen==1.48.1
|
|
numpy==2.4.6
|
|
pyacoustid==1.3.1
|
|
requests==2.34.2
|