π release(v1.5.1-rc.4): container detail features + #329 i18n completion & gate + base-image CVE sweep#463
Merged
Merged
Conversation
β¦matching When a container's resolved compose file path differs from the configured compose file only by a mount prefix, match on the trailing <dir>/<file> tail instead of skipping the container. Gated behind an opt-in mountPrefixFallback option (DD_ACTION_DOCKERCOMPOSE_<name>_MOUNT_PREFIX_FALLBACK), default off, because tail matching cannot tell apart stacks that share a project-dir name across environments. Refs: #365
Trigger templates can now reference $currentReleaseNotes to include the running version's release notes alongside the existing target-version notes. Refs: #295
β¦details - β¨ feat(containers): read the image software version (org.opencontainers.image.version OCI label, with a container-inspect fallback) into image.softwareVersion and show it in the side and full-page detail panels (#209) - β¨ feat(containers): show container uptime from State.StartedAt in the detail panels and as an opt-in Uptime table column, with a live-updating display - π fix(model): tolerate unknown container fields (Joi allowUnknown) so a store written by a newer version stays readable after a downgrade - β test: cover the new model fields, watcher resolution, uptime formatter, useNow gating, and the column-visibility and preferences-migration paths Refs: #209
Sync the committed roadmap surface with what rc.4 ships: container uptime + software-version display, opt-in compose mount-prefix matching, and the $currentReleaseNotes template variable.
β¦write (#209) - β¨ add opt-in `dd.inspect.tag.version-only` label that routes the `dd.inspect.tag.path` value into image.softwareVersion only, preserving the real image tag and tag-based update detection - π dual-write `dd.inspect.tag.path` into image.softwareVersion by default (tag-overwrite behavior byte-for-byte unchanged when the opt-in label is absent) - β¨ UI: rename the containers "Version" column to "Tag" (column key preserved so saved prefs keep working), add a "Version" column showing software version with fallback to the tag; schema v6βv7 migration so existing users get the new column - π docs + CHANGELOG for the column split and the opt-in label Completes the Tag/Version column split promised on discussion #209; the softwareVersion data + detail-panel display shipped earlier in bc4d74b. Non-breaking by design.
- bump pinned node:24-alpine (Node 24.16.0/Alpine 3.21 -> 24.18.0/Alpine 3.24) β clears all 11 Node binary CVEs incl. critical CVE-2026-48930 and 4 high - add libexpat to the targeted apk upgrade set -> 2.8.2-r0 β clears 13 medium libexpat CVEs - rebuild + grype rescan confirms 0 critical/high and 0 node/libexpat findings remain - 3 busybox/ssl_client findings (CVE-2025-60876, medium) have no upstream Alpine fix yet β tracked for a later base bump - all previously pinned Alpine apk versions still resolve on 3.24; build otherwise unchanged
Answers the two follow-up questions in discussion #451. - β¨ feat(containers): add a per-container "Recheck for updates" action wired to POST /containers/:id/watch, surfaced in the side and full-page detail toolbars, both Actions tabs, and the row actions dropdown. It's a read-only refresh, ungated like the global recheck, with toasts on complete / not-found / failure and an in-flight disabled/"Recheckingβ¦" state. - β¨ feat(containers): tooltip on the "Update" column header clarifying it shows the available update type (major/minor/patch/digest), not a done-state. Threaded via a headerTooltipKey column field through DataTable. EN locale only; other locales flow through Crowdin. 100% ui coverage held.
β¦ndness A code-level audit of #329 found eight user-visible strings still rendering in English for non-English locales. They now resolve through the catalog (English keys added here; the 16 community locales follow via the normal Crowdin sync after release): - π TriggersView status badge (active/inactive) β keys existed but were wired only to the icon tooltip, not the badge text. - π ContainerSideTabContent + ContainerFullPageActionsTab yes/no preview values β new common.yes / common.no keys. - π useServerFeatures "container actions disabled" tooltip β new sharedComponents.serverFeatures.actionsDisabledReason key. - π update-maturity "Available for N days" tooltip β thread the translate fn through mapApiContainer/mapApiContainers and the five call sites so the existing containerComponents.updateAge.* keys are used instead of the English fallback (the keys were previously dead code). - π grouped "Update All" success toast β interpolate the group name through new containersView.toast.queuedUpdateGroupSingle/Multiple keys instead of concatenating a raw English " in <group>". - π SecurityView severity tooltips β map raw CRITICAL/HIGH/MEDIUM/LOW through the existing securityView.filters.severity* keys via a severityLabel helper. - π useContainerBackups operation "unknown" fallback β thread the translate fn through and use the existing containerComponents.sideTabContent.unknown key. - π AppLayout search-hint connectors and the "(+N more)" legacy-keys summary. Also fixes a pre-existing type error surfaced while editing the mapper: - π add startedAt to ApiContainerInput. The uptime work (bc4d74b) added startedAt to ApiContainerDetails but not to the input fallback type that deriveRuntimeDetails reads, so tsc failed on this branch (it had not hit the pre-push tsc gate yet because dev/v1.5.1 is local-only). Full app+ui suite green at 100% coverage; tsc and biome clean. Refs: #329
Root-cause hardening for #329, which slipped past us 3Γ because nothing parsed .vue templates: tsc skips them, biome has no raw-text rule, and the locales test only checked that directories exist. Two new vitest gates under ui/tests/i18n/ now run in the standard suite: - β no-raw-text.spec.ts β parses every .vue with @vue/compiler-sfc and walks the template AST, failing on hardcoded prose in text nodes and static user-facing attributes (title/placeholder/alt/aria-label/label). Skips <code>/<pre>/<kbd> subtrees and carries a tiny justified allowlist for format identifiers (spdx-json, cyclonedx-json, CSV, JSON) and the brand wordmark. Documents its honest limitation up front: it cannot flag English literals inside {{ }} interpolations or in <script>/.ts without unacceptable false positives, so code review still covers that class. - β key-parity.spec.ts β asymmetric locale parity: fails on orphan keys (in a locale but absent from en) and stray top-level keys, but tolerates keys missing from a locale (the normal Crowdin lag, 384 today) so it never false-fails on an EN-only commit. The raw-text gate immediately caught two untranslated strings the earlier 60-agent audit missed; fixed here: - π trigger "agent:" label in ContainerFullPageActionsTab / ContainerFullPageTabContent / ContainerSideTabContent β now containerComponents.triggers.agentLabel. - π SecurityView "{n} fix" summary badge β now securityView.fixableBadge ("{count} fix"). Verified: full app+ui suite green at 100% coverage; tsc + biome clean; both gates adversarially confirmed to fail on a reintroduced raw string and an injected orphan key, then pass again once reverted. Refs: #329
Cut the [1.5.1-rc.4] CHANGELOG section from the accumulated [Unreleased] work. The batch (9 commits on dev/v1.5.1, all gate-green at 100% app+ui coverage): - β¨ opt-in compose mount-prefix fallback (#365) - β¨ $currentReleaseNotes trigger template variable (#295) - β¨ container software version + uptime in detail panels and table columns - β¨ Tag/Version column split with non-breaking inspect-path dual-write (#209) - π base-image refresh clearing 24 container-scan CVEs (1 critical + 4 high Node, 13 medium libexpat); 3 busybox/ssl_client medium findings have no upstream fix yet and are tracked - β¨ per-container recheck button + Update-column tooltip (#451) - π close the remaining #329 i18n gaps (10 surfaces) + latent startedAt type fix - β i18n regression gate (SFC raw-text scan + locale key-parity)
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
biggest-littlest
approved these changes
Jun 29, 2026
biggest-littlest
left a comment
Member
There was a problem hiding this comment.
Release batch looks good β gates green, CHANGELOG section is accurate, security base-image bump is the right call before GA. π
ALARGECOMPANY
approved these changes
Jun 29, 2026
ALARGECOMPANY
left a comment
Member
There was a problem hiding this comment.
Verified the version files and changelog entry. Approving.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v1.5.1-rc.4
Supersedes rc.3 β the soak clock restarts on rc.4, which is the actual GA candidate (rc.3's content is all carried here plus the batch below). 9 commits off
dev/v1.5.1, all gate-green at 100% app+ui coverage, biome + tsc clean.Added
<project-dir>/<file>when only a mount prefix differs (Portainer / bind-mounted compose). Off by default. (Error Updating Imgaine Docker ComposeΒ #365)$currentReleaseNotestrigger template variable β release notes for the running version. (Add shortcut link in containers to their github projects.Β #295)org.opencontainers.image.version(inspect fallback); uptime fromState.StartedAt, live-updating.dd.inspect.tag.version-only. (Containers Page: Separate Column for Version Tag and Software/Container Version?Β #209)Fixed
agent:label,{n} fixbadge). EN keys ship now; the 16 locales follow via Crowdin after release. Also fixes a latentApiContainerInput.startedAttype error. (International Language SupportΒ #329)Security
node:24-alpine24.16.0/Alpine 3.21 β 24.18.0/Alpine 3.24 +libexpatapk upgrade, clearing 24 container-scan CVEs (1 critical CVE-2026-48930 + 4 high Node, 13 medium libexpat). Rebuild + rescan confirms 0 critical/high. The 3 busybox/ssl_client medium findings (CVE-2025-60876) have no upstream Alpine fix yet and are tracked.Test
ui/tests/i18n/no-raw-text.spec.ts(SFC template raw-text scan via@vue/compiler-sfc) +key-parity.spec.ts(Crowdin-lag-tolerant locale parity). Root-cause hardening so International Language SupportΒ #329 can't silently recur a 4th time.