chore(deps): Pin dependencies

Updated issue report template to specify improvements for Streamyfin and enhanced placeholder text for clarity.

.github/ISSUE_TEMPLATE/issue_report.yml

@@ -1,5 +1,5 @@
 name: "🐛 Bug Report"
-description: Create a report to help us improve
+description: Create a report to help Streamyfin improve
 title: "[Bug]: "
 labels:
   - "🐛 bug"
@@ -36,7 +36,7 @@ body:
     attributes:
       label: What happened?
       description: A clear and concise description of what the bug is.
-      placeholder: Describe what happened in detail.
+      placeholder: Describe what happened in detail, the more precise the better.
     validations:
       required: true
 
@@ -67,7 +67,7 @@ body:
     attributes:
       label: Which device and operating system are you using?
       description: Please provide your device model and OS version
-      placeholder: e.g. iPhone 15 Pro, iOS 18.1.1 or Samsung Galaxy S24, Android 14
+      placeholder: e.g. iPhone 17 Pro / iOS 26.5.1, Samsung Galaxy S25 / Android 16, Apple TV / tvOS 26.5
     validations:
       required: true
 
@@ -75,11 +75,11 @@ body:
     id: version
     attributes:
       label: Streamyfin Version
-      description: What version of Streamyfin are you running?
+      description: What version of Streamyfin are you using?
       options:
-        - 0.47.1
+        - 0.54.1
-        - 0.30.2
+        - 0.51.0
-        - older
+        - Older
         - TestFlight/Development build
     validations:
       required: true
@@ -90,9 +90,9 @@ body:
       label: Jellyfin Server Information
       description: Please provide details about your Jellyfin server
       placeholder: |
-        - Jellyfin Server Version: e.g. 10.10.7
+        - Jellyfin Server Version: e.g. 10.11.10
-        - Server OS: e.g. Ubuntu 22.04, Windows 11, Docker
+        - Server OS: e.g. Ubuntu 26.04, Windows 11, Docker, Proxmox
-        - Connection: e.g. Local network, Remote via domain, VPN
+        - Connection: e.g. Local network, remote via domain, VPN
 
   - type: textarea
     id: screenshots
@@ -104,7 +104,7 @@ body:
     id: logs
     attributes:
       label: Relevant logs (if available)
-      description: If you have access to app logs or crash reports, please include them here. **Remember to remove any personal information like server URLs or usernames.**
+      description: If you have access to app logs or crash reports, please include them here. **Remember to remove any personal information like server URL, API keys or usernames.**
       render: shell
 
   - type: textarea

.github/workflows/trivy-scan.yml

@@ -1,60 +0,0 @@
-name: 🛡️ Trivy Security Scan
-
-# Filesystem scan (Streamyfin ships no container image): finds vulnerable dependencies,
-# leaked secrets and misconfigurations, and reports them to GitHub code scanning.
-# Runs post-merge + weekly (not on PRs — dependency-review already gates PRs, and SARIF
-# upload needs a write token that fork PRs don't get).
-on:
-  push:
-    branches: [develop, master]
-  schedule:
-    - cron: "50 7 * * 5" # Weekly, Friday 07:50 UTC
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-concurrency:
-  group: trivy-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  trivy:
-    name: 🔎 Filesystem scan
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      security-events: write # upload SARIF to code scanning
-    steps:
-      - name: 📥 Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      # Rotate the DB cache weekly (matches the scheduled scan): cache hits within the week
-      # instead of a fresh immutable entry per run, still refreshing the DB every week.
-      - name: 🗓️ Compute weekly Trivy cache key
-        id: trivy-cache-key
-        run: echo "value=trivy-db-${{ runner.os }}-$(date -u +%G-%V)" >> "$GITHUB_OUTPUT"
-
-      - name: 💾 Cache Trivy vulnerability DB
-        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-        with:
-          path: ~/.cache/trivy
-          key: ${{ steps.trivy-cache-key.outputs.value }}
-          restore-keys: trivy-db-${{ runner.os }}-
-
-      - name: 🔎 Run Trivy filesystem scan
-        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
-        with:
-          scan-type: fs
-          scan-ref: .
-          scanners: vuln,secret,misconfig
-          ignore-unfixed: true
-          severity: CRITICAL,HIGH
-          format: sarif
-          output: trivy-results.sarif
-
-      - name: 📤 Upload results to code scanning
-        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
-        with:
-          sarif_file: trivy-results.sarif
-          category: trivy-fs

bun.lock

@@ -105,7 +105,7 @@
         "@react-native-tvos/config-tv": "0.1.6",
         "@types/jest": "29.5.14",
         "@types/lodash": "4.17.24",
-        "@types/react": "~19.2.10",
+        "@types/react": "19.2.16",
         "@types/react-test-renderer": "19.1.0",
         "cross-env": "10.1.0",
         "expo-doctor": "1.19.7",
@@ -605,7 +605,7 @@
 
     "@types/node": ["@types/node@18.19.130", "", { "dependencies": { "undici-types": "~5.26.4" } }, "sha512-GRaXQx6jGfL8sKfaIDD6OupbIHBr9jv7Jnaml9tB7l4v068PAOXqfcujMMo5PhbIs6ggR1XODELqahT2R8v0fg=="],
 
-    "@types/react": ["@types/react@19.2.15", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-eRwcGNHve+E8qtEQSSRl6urh+rFop4v8gm6O8rGv25CodbvFdLjA1vVQ1KkiFE0w0UPOnb8tDiFKL5lp0rtY5Q=="],
+    "@types/react": ["@types/react@19.2.16", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-esJiCAnl0kfpNdE69f3So4WJUXy95dLZydX0KwK46riIHDzHM7O9Vtf9xCHW0PXIqvgqNrswl522kA/5yx+F4w=="],
 
     "@types/react-test-renderer": ["@types/react-test-renderer@19.1.0", "", { "dependencies": { "@types/react": "*" } }, "sha512-XD0WZrHqjNrxA/MaR9O22w/RNidWR9YZmBdRGI7wcnWGrv/3dA8wKCJ8m63Sn+tLJhcjmuhOi629N66W6kgWzQ=="],
 
@@ -1599,7 +1599,7 @@
 
     "react-native-text-ticker": ["react-native-text-ticker@1.15.0", "", {}, "sha512-d/uK+PIOhsYMy1r8h825iq/nADiHsabz3WMbRJSnkpQYn+K9aykUAXRRhu8ZbTAzk4CgnUWajJEFxS5ZDygsdg=="],
 
-    "react-native-track-player": ["react-native-track-player@github:lovegaoshi/react-native-track-player#33a3ecd", { "peerDependencies": { "react": "*", "react-native": "*", "react-native-windows": "*", "shaka-player": "^4.7.9" }, "optionalPeers": ["react-native-windows", "shaka-player"] }, "lovegaoshi-react-native-track-player-33a3ecd"],
+    "react-native-track-player": ["react-native-track-player@github:lovegaoshi/react-native-track-player#33a3ecd", { "peerDependencies": { "react": "*", "react-native": "*", "react-native-windows": "*", "shaka-player": "^4.7.9" }, "optionalPeers": ["react-native-windows", "shaka-player"] }, "lovegaoshi-react-native-track-player-33a3ecd", "sha512-vfkld2jUj7EPkAjIc/Vbx4Q4MtOOLmYtCYCE2dWJsyLnPqgj1f0xVzBxbeVP7dfT+eSh4KIXfdxESXaHgrXIlw=="],
 
     "react-native-udp": ["react-native-udp@4.1.7", "", { "dependencies": { "buffer": "^5.6.0", "events": "^3.1.0" } }, "sha512-NUE3zewu61NCdSsLlj+l0ad6qojcVEZPT4hVG/x6DU9U4iCzwtfZSASh9vm7teAcVzLkdD+cO3411LHshAi/wA=="],
 
@@ -2019,6 +2019,8 @@
 
     "@testing-library/dom/pretty-format": ["pretty-format@27.5.1", "", { "dependencies": { "ansi-regex": "^5.0.1", "ansi-styles": "^5.0.0", "react-is": "^17.0.1" } }, "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ=="],
 
+    "@types/react-test-renderer/@types/react": ["@types/react@19.2.15", "", { "dependencies": { "csstype": "^3.2.2" } }, "sha512-eRwcGNHve+E8qtEQSSRl6urh+rFop4v8gm6O8rGv25CodbvFdLjA1vVQ1KkiFE0w0UPOnb8tDiFKL5lp0rtY5Q=="],
+
     "accepts/negotiator": ["negotiator@0.6.3", "", {}, "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="],
 
     "ansi-fragments/slice-ansi": ["slice-ansi@2.1.0", "", { "dependencies": { "ansi-styles": "^3.2.0", "astral-regex": "^1.0.0", "is-fullwidth-code-point": "^2.0.0" } }, "sha512-Qu+VC3EwYLldKa1fCxuuvULvSJOKEgk9pi8dZeCVK7TqBfUNTH4sFkk4joj8afVSfAYgJoSOetjx9QWOJ5mYoQ=="],

package.json

@@ -126,7 +126,7 @@
     "@react-native-tvos/config-tv": "0.1.6",
     "@types/jest": "29.5.14",
     "@types/lodash": "4.17.24",
-    "@types/react": "~19.2.10",
+    "@types/react": "19.2.16",
     "@types/react-test-renderer": "19.1.0",
     "cross-env": "10.1.0",
     "expo-doctor": "1.19.7",