Implement reportAccountAction, fix bug in auth flow between sonos and…#1
Open
chxx wants to merge 51 commits into
Open
Implement reportAccountAction, fix bug in auth flow between sonos and…#1chxx wants to merge 51 commits into
chxx wants to merge 51 commits into
Conversation
…e data for some reason, adding endpoints stops 404 however
Cannot upgrade to node 24 without looking armv7 support
… redundant key value from various sonos interaction calls, rename bnbt header to authorization
* Refactor/cleanup library/service versus subsonic Move subsonic music service/library into own file * Remove bearer token and unused variations of subsonic service type
…to (#238) support auth headers in http request smapi option
Bumps [jws](https://github.com/brianloveswords/node-jws) to 3.2.3 and updates ancestor dependency . These dependencies need to be updated together. Updates `jws` from 3.2.2 to 3.2.3 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) Updates `jws` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/brianloveswords/node-jws/releases) - [Changelog](https://github.com/auth0/node-jws/blob/master/CHANGELOG.md) - [Commits](auth0/node-jws@v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: jws dependency-version: 3.2.3 dependency-type: indirect - dependency-name: jws dependency-version: 4.0.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.1. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Correct documentation around the use of cloudflared
Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.15.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.5...v1.15.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.15.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The implementation in src/clock.ts uses .date()/.month() which return local time. The tests passed UTC times (Z suffix), so in any timezone west of UTC the local date became the previous day - e.g. midnight UTC on 25/12 is 24/12 in PDT, breaking isChristmas. Drop the Z suffix so the test times are interpreted as local time, matching the implementation. Also fix a typo in one test description (ragardless -> regardless).
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) --- updated-dependencies: - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
CI workflow: - Bump GitHub Actions to current major versions (checkout v5, setup-node v5, docker/* v3-v6, codeql v3) so workflows run on Node 24 instead of the deprecated Node 20 - Bump Node version in build_and_test from 20 to 22 (matches the Dockerfile base image) Dockerfile: - Drop redundant 'npm test' from the build (already runs in the build_and_test job before the Docker push, repeating it on emulated arm/v7 and arm64 wastes substantial CI minutes) - Reorder so package.json is copied and 'npm ci' runs before the source is copied, letting Docker cache the install layer when only application code changes - Use 'npm prune --omit=dev' to strip devDeps in place rather than doing a second full 'npm install' - Add GHA-backed Docker layer cache (cache-from/cache-to) so subsequent builds reuse layers across runs
* Update dependencies and replace ts-jest with @swc/jest
- Bump direct dependencies to latest minor/patch versions
- Replace ts-jest with @swc/jest for ~2x faster test execution
(and removes ts-jest's chain to deprecated test-exclude/glob@7/inflight)
- Run npm audit fix to resolve 3 vulnerabilities (low/moderate/high)
* Override whatwg-url to silence punycode deprecation warning
@svrooij/sonos pulls in node-fetch@2 → whatwg-url@5 → tr46@0.0.3
which uses Node's built-in punycode module (DEP0040). Forcing
whatwg-url@14 uses the userland punycode package instead.
* Replace image-js with sharp in tests to drop unmaintained has-own dep
The 2 tests that used image-js only checked PNG width/height, which sharp
(already a runtime dependency) handles via metadata(). Removing image-js
eliminates the deprecated has-own@1.0.1 transitive dependency.
* Replace ts-md5, randomstring, uuid, image-js with built-ins
- Replace ts-md5 with Node's built-in crypto.createHash('md5')
- Replace randomstring with a small crypto.randomBytes-backed helper
in src/random.ts (keeps mockability for tests)
- Replace uuid library with Node's built-in crypto.randomUUID()
- Remove unused chai, @types/chai, @types/mocha (project uses Jest)
Drops 5 runtime deps and 3 devDeps in exchange for ~12 lines of helper
code, reducing supply-chain attack surface and removing the deprecated
'has-own' transitive dependency.
* Drop fs-extra, tmp, urn-lib, and direct jws dependency
- fs-extra: only readFile/writeFile/existsSync/etc. used; replaced with
Node's built-in fs and fs/promises modules
- tmp: only used in tests via dirSync(); replaced with fs.mkdtempSync
- urn-lib: only used to format/parse 'bnb:<system>:<resource>' URNs;
replaced with a 12-line BURN object directly in burn.ts
- jws: was listed as a direct dep but jsonwebtoken already pulls it in
transitively. Removed direct dep, kept @types/jws as devDep for tsc.
Drops 4 runtime deps and 4 devDeps, further reducing the supply-chain
attack surface for an internet-exposed app.
---------
Co-authored-by: Alice Grey <almw@pm.me>
* Add OpenSubsonic transcoding extension support for Sonos Implements getTranscodeDecision and getTranscodeStream from the OpenSubsonic transcoding extension (v1). This enables Navidrome 0.61+ to automatically downsample high sample rate FLAC files (e.g. 96kHz) to Sonos-compatible rates (48kHz) while keeping lossless quality. The Sonos client capability profile declares supported sample rates, bit depths, and channels. When streaming, bonob first asks Navidrome for a transcode decision. If transcoding is needed, it uses the new getTranscodeStream endpoint. Otherwise it falls back to the legacy /rest/stream endpoint, maintaining backward compatibility with older Navidrome versions. * Check if subsonic implementation supports transcode decision via looking at extensions endpoint, set supported codecs/containers for sending to subsonic --------- Co-authored-by: Alice Grey <almw@pm.me>
Adds a boolean config item (default true) that flows through SubsonicMusicService and SubsonicMusicLibrary as useTranscode, allowing users to disable automatic OpenSubsonic transcoding negotiation and always use the legacy stream path.
bnbEnvVar no longer auto-adds BONOB_{KEY} as a fallback, and the
extra legacy arrays for BNB_URL, BNB_SUBSONIC_URL, and
BNB_SUBSONIC_CUSTOM_CLIENTS are removed. The legacy mechanism in
envVar remains intact for future use. Tests updated accordingly.
When S1 is disabled (the default), skip reading all other SONOS_* env vars and return hardcoded safe defaults (discovery disabled, sid -1). Only when BNB_SONOS_ENABLE_S1=true are the env vars consulted.
Bumps [form-data](https://github.com/form-data/form-data) from 4.0.5 to 4.0.6. - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](form-data/form-data@v4.0.5...v4.0.6) --- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
… bonob