chore: git hygiene — enforce LF, drop dead .gitattributes/.gitignore rules

- .gitattributes: 'text=auto eol=lf' so files are stored and checked out as LF
  on every OS (no more CRLF churn on Windows, regardless of core.autocrlf);
  mark common binaries; keep .bat/.cmd as CRLF.
- Remove the stale Git LFS rule for modules/vlc-player (that module no longer
  exists and no LFS objects are tracked).
- .gitignore: stop ignoring bun.lock (it's committed and checked by the lockfile
  workflow), and replace the dead/duplicate per-module build paths (player,
  hls-downloader, sf-player, music-controls, duplicate mpv-player) with a single
  modules/*/android/build/ glob.
- Renormalise the one CRLF-stored file (crowdin.yml) to LF (EOL only).

.gitattributes

@@ -1 +1,28 @@
-.modules/vlc-player/Frameworks/*.xcframework filter=lfs diff=lfs merge=lfs -text
+# Normalise line endings to LF for everyone. Files are stored as LF in git and
+# checked out as LF on every OS, so Windows clones stop producing CRLF churn
+# (no more "LF will be replaced by CRLF" warnings) regardless of core.autocrlf.
+* text=auto eol=lf
+
+# Windows-only scripts must stay CRLF
+*.bat text eol=crlf
+*.cmd text eol=crlf
+
+# Binary assets — never touched / never normalised
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.webp binary
+*.ico binary
+*.icns binary
+*.ttf binary
+*.otf binary
+*.woff binary
+*.woff2 binary
+*.mp3 binary
+*.mp4 binary
+*.mov binary
+*.pdf binary
+*.keystore binary
+*.jks binary
+*.p12 binary

.github/workflows/trivy-scan.yml

@@ -1,62 +0,0 @@
-name: 🛡️ Trivy Security Scan
-
-# Filesystem scan (Streamyfin ships no container image): finds vulnerable dependencies,
-# leaked secrets and misconfigurations, and reports them to GitHub code scanning.
-# Runs post-merge + weekly (not on PRs — dependency-review already gates PRs, and SARIF
-# upload needs a write token that fork PRs don't get).
-on:
-  push:
-    branches: [develop, master]
-    paths:
-      - "package.json"
-      - "bun.lock"
-      - "**/*.ts"
-      - "**/*.tsx"
-      - "**/*.js"
-      - "**/*.jsx"
-      - ".github/workflows/trivy-scan.yml"
-  schedule:
-    - cron: "50 7 * * 5" # Weekly, Friday 07:50 UTC
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-concurrency:
-  group: trivy-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  trivy:
-    name: 🔎 Filesystem scan
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      security-events: write # upload SARIF to code scanning
-    steps:
-      - name: 📥 Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: 💾 Cache Trivy vulnerability DB
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-        with:
-          path: ~/.cache/trivy
-          key: trivy-db-${{ github.run_id }}
-          restore-keys: trivy-db-
-
-      - name: 🔎 Run Trivy filesystem scan
-        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
-        with:
-          scan-type: fs
-          scan-ref: .
-          scanners: vuln,secret,misconfig
-          ignore-unfixed: true
-          severity: CRITICAL,HIGH
-          format: sarif
-          output: trivy-results.sarif
-
-      - name: 📤 Upload results to code scanning
-        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
-        with:
-          sarif_file: trivy-results.sarif
-          category: trivy-fs

.gitignore

@@ -1,6 +1,5 @@
 # Dependencies and Package Managers
 node_modules/
-bun.lock
 bun.lockb
 package-lock.json
 
@@ -21,10 +20,8 @@ web-build/
 # Gradle caches (top-level + per-module native projects)
 **/.gradle/
 
-# Module-specific Builds
+# Native module build outputs (any module)
-modules/mpv-player/android/build
+modules/*/android/build/
-modules/player/android
-modules/hls-downloader/android/build
 
 # Generated Applications
 Streamyfin.app
@@ -69,10 +66,6 @@ certs/
 
 # Version and Backup Files
 /version-backup-*
-/modules/sf-player/android/build
-/modules/music-controls/android/build
-modules/background-downloader/android/build/*
-/modules/mpv-player/android/build
 
 # ios:unsigned-build Artifacts
 build/

components/video-player/controls/Controls.tv.tsx

@@ -1254,7 +1254,7 @@ export const Controls: FC<Props> = ({
                 <Text
                   style={[styles.endsAtText, { fontSize: typography.callout }]}
                 >
-                  {t("player.ends_at", { time: getFinishTime() })}
+                  {t("player.ends_at")} {getFinishTime()}
                 </Text>
               </View>
             )}
@@ -1448,7 +1448,7 @@ export const Controls: FC<Props> = ({
                 <Text
                   style={[styles.endsAtText, { fontSize: typography.callout }]}
                 >
-                  {t("player.ends_at", { time: getFinishTime() })}
+                  {t("player.ends_at")} {getFinishTime()}
                 </Text>
               </View>
             )}