fix(series): filter Next Up items by SeriesId client-side

Some Jellyfin server versions ignore the seriesId query parameter on
/Shows/NextUp and return the global next-up list, causing the series
detail page to show episodes from unrelated series (matching the home
tab's Next Up row).

Defensively filter the response by SeriesId on the client and hide the
section entirely when there are no matching items, instead of rendering
an empty 'No items to display' block.

.github/workflows/trivy-scan.yml

@@ -1,60 +0,0 @@
-name: 🛡️ Trivy Security Scan
-
-# Filesystem scan (Streamyfin ships no container image): finds vulnerable dependencies,
-# leaked secrets and misconfigurations, and reports them to GitHub code scanning.
-# Runs post-merge + weekly (not on PRs — dependency-review already gates PRs, and SARIF
-# upload needs a write token that fork PRs don't get).
-on:
-  push:
-    branches: [develop, master]
-  schedule:
-    - cron: "50 7 * * 5" # Weekly, Friday 07:50 UTC
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-concurrency:
-  group: trivy-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  trivy:
-    name: 🔎 Filesystem scan
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      security-events: write # upload SARIF to code scanning
-    steps:
-      - name: 📥 Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      # Rotate the DB cache weekly (matches the scheduled scan): cache hits within the week
-      # instead of a fresh immutable entry per run, still refreshing the DB every week.
-      - name: 🗓️ Compute weekly Trivy cache key
-        id: trivy-cache-key
-        run: echo "value=trivy-db-${{ runner.os }}-$(date -u +%G-%V)" >> "$GITHUB_OUTPUT"
-
-      - name: 💾 Cache Trivy vulnerability DB
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-        with:
-          path: ~/.cache/trivy
-          key: ${{ steps.trivy-cache-key.outputs.value }}
-          restore-keys: trivy-db-${{ runner.os }}-
-
-      - name: 🔎 Run Trivy filesystem scan
-        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
-        with:
-          scan-type: fs
-          scan-ref: .
-          scanners: vuln,secret,misconfig
-          ignore-unfixed: true
-          severity: CRITICAL,HIGH
-          format: sarif
-          output: trivy-results.sarif
-
-      - name: 📤 Upload results to code scanning
-        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
-        with:
-          sarif_file: trivy-results.sarif
-          category: trivy-fs

components/series/NextUp.tsx

@@ -3,6 +3,7 @@ import { FlashList } from "@shopify/flash-list";
 import { useQuery } from "@tanstack/react-query";
 import { useAtom } from "jotai";
 import type React from "react";
+import { useMemo } from "react";
 import { useTranslation } from "react-i18next";
 import { View } from "react-native";
 import { apiAtom, userAtom } from "@/providers/JellyfinProvider";
@@ -33,13 +34,16 @@ export const NextUp: React.FC<{ seriesId: string }> = ({ seriesId }) => {
     staleTime: 0,
   });
 
-  if (!items?.length)
-    return (
-      <View className='px-4'>
-        <Text className='text-lg font-bold mb-2'>{t("item_card.next_up")}</Text>
-        <Text className='opacity-50'>{t("item_card.no_items_to_display")}</Text>
-      </View>
-    );
+  // Defensive client-side filter: some Jellyfin server versions ignore the
+  // `seriesId` query param on /Shows/NextUp and return next-up items across all
+  // series (the same content as the home tab's Next Up row). Filter to ensure
+  // we only ever show episodes belonging to this series.
+  const filteredItems = useMemo(
+    () => items?.filter((item) => item.SeriesId === seriesId) ?? [],
+    [items, seriesId],
+  );
+
+  if (!filteredItems.length) return null;
 
   return (
     <View>
@@ -50,7 +54,7 @@ export const NextUp: React.FC<{ seriesId: string }> = ({ seriesId }) => {
         contentContainerStyle={{ paddingLeft: 16 }}
         horizontal
         showsHorizontalScrollIndicator={false}
-        data={items}
+        data={filteredItems}
         renderItem={({ item, index }) => (
           <TouchableItemRouter
             item={item}