MagicMirror

mirror of https://github.com/MichMich/MagicMirror.git synced 2026-06-03 09:51:14 +00:00

Go to file

dependabot[bot] b38c7b7aa2 Bump actions/dependency-review-action from 4 to 5 (#4152 )

Bumps
[actions/dependency-review-action](https://github.com/actions/dependency-review-action)
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/dependency-review-action/releases">actions/dependency-review-action's
releases</a>.</em></p>
<blockquote>
<h2>5.0.0</h2>
<p>This is a new major version of the Dependency Review Action which
updates the runtime to node24. This requires a minimum Actions Runner
version <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">v2.327.1</a>
to run.</p>
<h2>What's Changed</h2>
<ul>
<li>Add .github/copilot-instructions.md for Copilot coding agent by <a
href="https://github.com/ahpook"><code>@ahpook</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1067">actions/dependency-review-action#1067</a></li>
<li>Update Node.js runtime from 20 to 24 by <a
href="https://github.com/scottschreckengaust"><code>@scottschreckengaust</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1084">actions/dependency-review-action#1084</a></li>
<li>Bump spdx-license-ids from 3.0.20 to 3.0.23 by <a
href="https://github.com/mongolyy"><code>@mongolyy</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1091">actions/dependency-review-action#1091</a></li>
<li>docs: bump actions/checkout from v4 to v6 in workflow examples by <a
href="https://github.com/Marukome0743"><code>@Marukome0743</code></a>
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1077">actions/dependency-review-action#1077</a></li>
<li>fix: patched version display for advisories with non-strict semver
ranges (e.g. Maven beta versions) by <a
href="https://github.com/tspascoal"><code>@tspascoal</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1076">actions/dependency-review-action#1076</a></li>
<li>Resolve security findings by <a
href="https://github.com/AshelyTC"><code>@AshelyTC</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1094">actions/dependency-review-action#1094</a></li>
<li>v5.0.0 release branch by <a
href="https://github.com/ahpook"><code>@ahpook</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1098">actions/dependency-review-action#1098</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/scottschreckengaust"><code>@scottschreckengaust</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1084">actions/dependency-review-action#1084</a></li>
<li><a href="https://github.com/mongolyy"><code>@mongolyy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1091">actions/dependency-review-action#1091</a></li>
<li><a
href="https://github.com/Marukome0743"><code>@Marukome0743</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1077">actions/dependency-review-action#1077</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0">https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0</a></p>
<h2>Dependency Review Action 4.9.0</h2>
<p>This feature release contains a couple of notable changes:</p>
<ul>
<li>There is a new configuration option
<code>show_patched_versions</code> which will add a column to the
output, showing the fix version of each vulnerable dependency. Thanks <a
href="https://github.com/felickz"><code>@felickz</code></a>!</li>
<li>Runs which do not display OpenSSF scorecards no longer fetch
scorecard information; previously it was fetched regardless of whether
or not it was displayed, causing unneccessary slowness. Great catch <a
href="https://github.com/jantiebot"><code>@jantiebot</code></a>!</li>
<li>There are a couple of fixes to purl parsing which should improve
match accuracy for <code>allow-package-dependency</code> lists,
including case (in)sensitivity and url-encoded namespaces Thanks <a
href="https://github.com/juxtin"><code>@juxtin</code></a>!</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Compare normalized purls to account for encoding quirks by <a
href="https://github.com/juxtin"><code>@juxtin</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1056">actions/dependency-review-action#1056</a></li>
<li>Make purl comparisons case insensitive by <a
href="https://github.com/juxtin"><code>@juxtin</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1057">actions/dependency-review-action#1057</a></li>
<li>Feat: Add <code>Patched Version</code> to
<code>Vulnerabilities</code> summary by <a
href="https://github.com/felickz"><code>@felickz</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1045">actions/dependency-review-action#1045</a></li>
<li>fix: only get scorecard levels if user wants to see the OpenSSF
scorecard by <a
href="https://github.com/jantiebot"><code>@jantiebot</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1060">actions/dependency-review-action#1060</a></li>
<li>Bump actions/stale from 10.1.0 to 10.2.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1058">actions/dependency-review-action#1058</a></li>
<li>Bump actions/checkout from 4 to 6 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1021">actions/dependency-review-action#1021</a></li>
<li>Updates for release 4.9.0 by <a
href="https://github.com/ahpook"><code>@ahpook</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1064">actions/dependency-review-action#1064</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jantiebot"><code>@jantiebot</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1060">actions/dependency-review-action#1060</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0">https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0</a></p>
<h2>4.8.3</h2>
<h2>Dependency Review Action v4.8.3</h2>
<p>This is a bugfix release that updates a number of upstream
dependencies and includes a fix for the earlier feature that detected
oversized summaries and upload them as artifacts, which could
occasionally crash the action.</p>
<p>We have also updated the release process to use a long-lived
<code>v4</code> <strong>branch</strong> for the action, instead of a
force-pushed tag, which aligns better with git branching strategies; the
change should be transparent to end users.</p>
<h2>What's Changed</h2>
<ul>
<li>GitHub Actions can't push to our protected main by <a
href="https://github.com/dangoor"><code>@dangoor</code></a> in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/1017">actions/dependency-review-action#1017</a></li>
<li>Bump actions/stale from 9.1.0 to 10.1.0 by <a
href="https://github.com/dependabot"><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/dependency-review-action/pull/995">actions/dependency-review-action#995</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a1d282b36b"><code>a1d282b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/1098">#1098</a>
from actions/ahpook/v5-release</li>
<li><a
href="eb6c199c5a"><code>eb6c199</code></a>
update examples to show <a
href="https://github.com/v5"><code>@v5</code></a></li>
<li><a
href="3943c2c5be"><code>3943c2c</code></a>
v5.0.0 release branch</li>
<li><a
href="454943c880"><code>454943c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/1094">#1094</a>
from actions/ashelytc/security-findings</li>
<li><a
href="6d92a1228e"><code>6d92a12</code></a>
revert <code>@typescript-eslint/parser</code> update</li>
<li><a
href="a8e5a7e936"><code>a8e5a7e</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/1076">#1076</a>
from tspascoal/fix-version-matching-for-non-string-s...</li>
<li><a
href="b6b7079031"><code>b6b7079</code></a>
update <code>@typescript-eslint/parser</code> to 8.40.0</li>
<li><a
href="821a21dd69"><code>821a21d</code></a>
update more dependencies</li>
<li><a
href="05aaaae45c"><code>05aaaae</code></a>
run npm audit fix</li>
<li><a
href="55d3e75450"><code>55d3e75</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/dependency-review-action/issues/1077">#1077</a>
from Marukome0743/docs/checkout</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/dependency-review-action/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/dependency-review-action&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

2026-05-12 19:13:34 +02:00

.github

Bump actions/dependency-review-action from 4 to 5 (#4152 )

2026-05-12 19:13:34 +02:00

.husky

Switch to 'npx' for lint-staged in pre-commit hook (#3658 )

2024-12-22 07:26:01 +01:00

clientonly

refactor(clientonly): modernize code structure and add comprehensive tests (#4022 )

2026-01-28 20:48:47 +01:00

config

move custom.css from css to config (#4020 )

2026-01-28 10:50:25 +01:00

css

move custom.css from css to config (#4020 )

2026-01-28 10:50:25 +01:00

defaultmodules

perf(calendar): use async ICS parsing to avoid blocking event loop (#4143 )

2026-05-06 20:40:44 +02:00

refactor: rewrite NodeHelper as an ES6 class (#4147 )

2026-05-08 19:45:47 +02:00

modules

move default modules from /modules/default to /defaultmodules (#4019 )

2026-01-27 08:37:52 +01:00

serveronly

refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080 )

2026-04-02 08:56:27 +02:00

tests

remove warning in unit tests (for nodejs >= v25) (#4149 )

2026-05-09 23:00:16 +02:00

translations

fix(newsfeed): fix full article view and add framing check (#4039 )

2026-03-01 00:32:42 +01:00

.editorconfig

Add prettier, configs and editorconfig

2020-05-07 14:09:22 +02:00

.gitattributes

Release 2.24.0 (#3141 )

2023-07-01 21:17:31 +02:00

.gitignore

move custom.css from css to config (#4020 )

2026-01-28 10:50:25 +01:00

.npmrc

Update .npmrc (#3399 )

2024-03-16 13:06:27 +01:00

.prettierignore

Switch to ESLint v9 and flat config (#3558 )

2024-09-25 21:05:11 +02:00

CHANGELOG.md

[core] auto create release notes with every push on develop (#3985 )

2025-12-10 11:56:31 -06:00

Collaboration.md

update Collaboration.md and dependencies (#4001 )

2026-01-08 10:14:47 +01:00

cspell.config.json

Unify linting: replace Stylelint and markdownlint with ESLint (#4148 )

2026-05-09 12:01:18 +02:00

eslint.config.mjs

Unify linting: replace Stylelint and markdownlint with ESLint (#4148 )

2026-05-09 12:01:18 +02:00

favicon.svg

refactor: unify favicon for index.html and Electron (#4006 )

2026-01-05 10:51:43 +01:00

index.html

change loading config.js, allow variables in config.js and try to protect sensitive data (#4029 )

2026-02-06 00:21:35 +01:00

jsconfig.json

Run prettier over ALL files once

2020-05-11 22:22:32 +02:00

LICENSE.md

Prepare 2.34.0-develop

2025-09-30 18:14:08 +02:00

module-types.ts

Release v2.25.0 (#3214 )

2023-10-01 20:13:41 +02:00

package-lock.json

Unify linting: replace Stylelint and markdownlint with ESLint (#4148 )

2026-05-09 12:01:18 +02:00

package.json

Unify linting: replace Stylelint and markdownlint with ESLint (#4148 )

2026-05-09 12:01:18 +02:00

prettier.config.mjs

Unify linting: replace Stylelint and markdownlint with ESLint (#4148 )

2026-05-09 12:01:18 +02:00

README.md

Add dark theme logo (#4026 )

2026-02-01 08:22:46 +01:00

vitest.config.mjs

chore: update ESLint and plugins, simplify config, apply new rules (#4052 )

2026-03-07 08:34:28 -07:00

README.md

MagicMirror² is an open source modular smart mirror platform. With a growing list of installable modules, the MagicMirror² allows you to convert your hallway or bathroom mirror into your personal assistant. MagicMirror² is built by the creator of the original MagicMirror with the incredible help of a growing community of contributors.

MagicMirror² focuses on a modular plugin system and uses Electron as an application wrapper. So no more web server or browser installs necessary!

Documentation

For the full documentation including installation instructions, please visit our dedicated documentation website: https://docs.magicmirror.builders.

Contributing Guidelines

Contributions of all kinds are welcome, not only in the form of code but also with regards to

bug reports
documentation
translations

For the full contribution guidelines, check out: https://docs.magicmirror.builders/about/contributing.html

Enjoying MagicMirror? Consider a donation!

MagicMirror² is Open Source and free. That doesn't mean we don't need any money.

Please consider a donation to help us cover the ongoing costs like webservers and email services. If we receive enough donations we might even be able to free up some working hours and spend some extra time improving the MagicMirror² core.

To donate, please follow this link.

Description

MagicMirror² is an open source modular smart mirror platform. With a growing list of installable modules, the MagicMirror² allows you to convert your hallway or bathroom mirror into your personal assistant.

domotics javascript magicmirror mirror raspberry-pi smarthome

Readme 66 MiB

Languages

JavaScript 84.2%

HTML 8.6%

CSS 5.6%

Nunjucks 1.5%

TypeScript 0.1%

README.md

Documentation

Links

Contributing Guidelines

Enjoying MagicMirror? Consider a donation!