From 16fee67983ed2aee8c87ca625d7ce859a5b5feb2 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Mon, 30 Jun 2025 13:47:11 +0200
Subject: [PATCH 01/60] Use /flush/network instead of /flush/arp

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/settings-system.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/js/settings-system.js b/scripts/js/settings-system.js
index fc3f7beb..ae5ebb73 100644
--- a/scripts/js/settings-system.js
+++ b/scripts/js/settings-system.js
@@ -267,7 +267,7 @@ $(".confirm-flusharp").confirm({
   title: "Confirmation required",
   confirm() {
     $.ajax({
-      url: document.body.dataset.apiurl + "/action/flush/arp",
+      url: document.body.dataset.apiurl + "/action/flush/network",
       type: "POST",
     }).fail(data => {
       apiFailure(data);

From eb140af01a9a3322cedfe9c8ca90b194fdcadf07 Mon Sep 17 00:00:00 2001
From: sharkboots75 <sharkboots75@gmail.com>
Date: Thu, 17 Apr 2025 06:33:49 +1000
Subject: [PATCH 02/60] Make DNSSEC icon conditional in Queries Log

Avoid emitting the DNSSEC icon in Domain column if DNSSEC is not being used/tracked

Signed-off-by: sharkboots75 <sharkboots75@gmail.com>
---
 scripts/js/queries.js | 34 +++++++++++++++++++++++++---------
 style/pi-hole.css     | 10 ++++++++++
 2 files changed, 35 insertions(+), 9 deletions(-)

diff --git a/scripts/js/queries.js b/scripts/js/queries.js
index c0a3c2ba..94a814bb 100644
--- a/scripts/js/queries.js
+++ b/scripts/js/queries.js
@@ -28,6 +28,17 @@ const filters = [
   "reply",
   "dnssec",
 ];
+var doDNSSEC = false;
+
+// Check if pihole is validiting DNSSEC
+function getDnssecConfig() {
+  $.getJSON(
+    document.body.dataset.apiurl + "/config/dns/dnssec",
+    function(data) {
+      doDNSSEC = data.config.dns.dnssec;
+    }
+  );
+}
 
 function initDateRangePicker() {
   $("#querytime").daterangepicker(
@@ -480,6 +491,9 @@ function liveUpdate() {
 }
 
 $(() => {
+  // Do we want to show DNSSEC icons?
+  getDnssecConfig();
+
   // Do we want to filter queries?
   const GETDict = utils.parseQueryString();
 
@@ -565,7 +579,6 @@ $(() => {
     },
     rowCallback(row, data) {
       const querystatus = parseQueryStatus(data);
-      const dnssec = parseDNSSEC(data);
 
       if (querystatus.icon !== false) {
         $("td:eq(1)", row).html(
@@ -589,14 +602,17 @@ $(() => {
 
       // Prefix colored DNSSEC icon to domain text
       let dnssecIcon = "";
-      dnssecIcon =
-        '<i class="mr-2 fa fa-fw ' +
-        dnssec.icon +
-        " " +
-        dnssec.color +
-        '" title="DNSSEC: ' +
-        dnssec.text +
-        '"></i>';
+      if (doDNSSEC === true) {
+        const dnssec = parseDNSSEC(data);
+        dnssecIcon =
+          '<i class="mr-2 fa fa-fw ' +
+          dnssec.icon +
+          " " +
+          dnssec.color +
+          '" title="DNSSEC: ' +
+          dnssec.text +
+          '"></i>';
+      }
 
       // Escape HTML in domain
       domain = dnssecIcon + utils.escapeHtml(domain);
diff --git a/style/pi-hole.css b/style/pi-hole.css
index fc51792e..1ab96976 100644
--- a/style/pi-hole.css
+++ b/style/pi-hole.css
@@ -1609,3 +1609,13 @@ textarea.field-sizing-content {
   opacity: 0;
   transition: opacity 200ms ease-in-out;
 }
+
+/* Used in query log page */
+td.dnssec {
+  padding-inline-start: 2.25em !important;
+  text-indent: -1.25em;
+}
+td.dnssec i {
+  text-indent: 0;
+  margin-left: -0.5rem;
+}

From fc01fb030e33205adc56dfbd9b4fc6d6a9570ee3 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Fri, 27 Jun 2025 12:35:19 +0200
Subject: [PATCH 03/60] Fix tests

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/queries.js | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/scripts/js/queries.js b/scripts/js/queries.js
index 94a814bb..9fd26f63 100644
--- a/scripts/js/queries.js
+++ b/scripts/js/queries.js
@@ -28,16 +28,13 @@ const filters = [
   "reply",
   "dnssec",
 ];
-var doDNSSEC = false;
+let doDNSSEC = false;
 
 // Check if pihole is validiting DNSSEC
 function getDnssecConfig() {
-  $.getJSON(
-    document.body.dataset.apiurl + "/config/dns/dnssec",
-    function(data) {
-      doDNSSEC = data.config.dns.dnssec;
-    }
-  );
+  $.getJSON(document.body.dataset.apiurl + "/config/dns/dnssec", data => {
+    doDNSSEC = data.config.dns.dnssec;
+  });
 }
 
 function initDateRangePicker() {

From 1c753f7cc6afce2c50f4ce9f393503a83b41b147 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 16 Jul 2025 09:03:23 +0200
Subject: [PATCH 04/60] Use innerHTML instead of append to fix gravity color
 output

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/gravity.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/js/gravity.js b/scripts/js/gravity.js
index 3fb960d8..f3edb1e3 100644
--- a/scripts/js/gravity.js
+++ b/scripts/js/gravity.js
@@ -138,7 +138,7 @@ function parseLines(outputElement, text) {
     });
 
     // Append the new text to the end of the output
-    outputElement.append(line);
+    outputElement.innerHTML += line;
   }
 }
 

From e137dd0a0faf92d1379bc578004914be0ee7e6e2 Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Wed, 16 Jul 2025 16:19:46 +0200
Subject: [PATCH 05/60] Bind address to new element instead of raw HTML
 construction

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 scripts/js/groups-lists.js | 29 +++++++++++++----------------
 1 file changed, 13 insertions(+), 16 deletions(-)

diff --git a/scripts/js/groups-lists.js b/scripts/js/groups-lists.js
index 8d540c7f..6dc3d56a 100644
--- a/scripts/js/groups-lists.js
+++ b/scripts/js/groups-lists.js
@@ -234,23 +234,20 @@ function initTable() {
       if (data.address.startsWith("file://")) {
         // Local files cannot be downloaded from a distant client so don't show
         // a link to such a list here
-        $("td:eq(3)", row).html(
-          '<code id="address_' +
-            dataId +
-            '" class="breakall">' +
-            utils.escapeHtml(data.address) +
-            "</code>"
-        );
+        const codeElem = document.createElement("code");
+        codeElem.id = "address_" + dataId;
+        codeElem.className = "breakall";
+        codeElem.textContent = data.address;
+        $("td:eq(3)", row).empty().append(codeElem);
       } else {
-        $("td:eq(3)", row).html(
-          '<a id="address_' +
-            dataId +
-            '" class="breakall" href="' +
-            encodeURI(data.address) +
-            '" target="_blank" rel="noopener noreferrer">' +
-            utils.escapeHtml(data.address) +
-            "</a>"
-        );
+        const aElem = document.createElement("a");
+        aElem.id = "address_" + dataId;
+        aElem.className = "breakall";
+        aElem.href = data.address;
+        aElem.target = "_blank";
+        aElem.rel = "noopener noreferrer";
+        aElem.textContent = data.address;
+        $("td:eq(3)", row).empty().append(aElem);
       }
 
       $("td:eq(4)", row).html(

From d2dc2535bb79859c4a86197e4221da491aedd174 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 16 Jul 2025 22:00:03 +0200
Subject: [PATCH 06/60] Trim whitespaces before adding custom DNS record

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/settings-dns-records.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/js/settings-dns-records.js b/scripts/js/settings-dns-records.js
index b9598455..fd3f92b0 100644
--- a/scripts/js/settings-dns-records.js
+++ b/scripts/js/settings-dns-records.js
@@ -215,7 +215,7 @@ $(() => {
 
   $("#btnAdd-host").on("click", () => {
     utils.disableAll();
-    const elem = $("#Hip").val() + " " + $("#Hdomain").val();
+    const elem = $("#Hip").val().trim() + " " + $("#Hdomain").val().trim();
     const url = document.body.dataset.apiurl + "/config/dns/hosts/" + encodeURIComponent(elem);
     utils.showAlert("info", "", "Adding DNS record...", elem);
     $.ajax({

From ac7b9845b624dd9f0f595146c7ba758e576c38c4 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 16 Jul 2025 22:03:25 +0200
Subject: [PATCH 07/60] Also trim CNAME input fields

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/settings-dns-records.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/js/settings-dns-records.js b/scripts/js/settings-dns-records.js
index fd3f92b0..0686cf32 100644
--- a/scripts/js/settings-dns-records.js
+++ b/scripts/js/settings-dns-records.js
@@ -239,7 +239,7 @@ $(() => {
 
   $("#btnAdd-cname").on("click", () => {
     utils.disableAll();
-    let elem = $("#Cdomain").val() + "," + $("#Ctarget").val();
+    let elem = $("#Cdomain").val().trim() + "," + $("#Ctarget").val().trim();
     const ttlVal = Number.parseInt($("#Cttl").val(), 10);
     // TODO Fix eslint
     // eslint-disable-next-line unicorn/prefer-number-properties

From 319675a902e87511ae4528fd4bc006e74aa0488f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 19 Jul 2025 10:24:57 +0000
Subject: [PATCH 08/60] build(deps-dev): bump xo from 1.1.1 to 1.2.1

Bumps [xo](https://github.com/xojs/xo) from 1.1.1 to 1.2.1.
- [Release notes](https://github.com/xojs/xo/releases)
- [Commits](https://github.com/xojs/xo/compare/v1.1.1...v1.2.1)

---
updated-dependencies:
- dependency-name: xo
  dependency-version: 1.2.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 157 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 80 insertions(+), 79 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 98d1743a..b5889b42 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -43,7 +43,7 @@
         "postcss": "^8.5.6",
         "postcss-cli": "^11.0.1",
         "prettier": "^3.6.2",
-        "xo": "^1.1.1"
+        "xo": "^1.2.1"
       }
     },
     "node_modules/@babel/code-frame": {
@@ -563,17 +563,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.35.0.tgz",
-      "integrity": "sha512-ijItUYaiWuce0N1SoSMrEd0b6b6lYkYt99pqCPfybd+HKVXtEvYhICfLdwp42MhiI5mp0oq7PKEL+g1cNiz/Eg==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.37.0.tgz",
+      "integrity": "sha512-jsuVWeIkb6ggzB+wPCsR4e6loj+rM72ohW6IBn2C+5NCvfUVY8s33iFPySSVXqtm5Hu29Ne/9bnA0JmyLmgenA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.35.0",
-        "@typescript-eslint/type-utils": "8.35.0",
-        "@typescript-eslint/utils": "8.35.0",
-        "@typescript-eslint/visitor-keys": "8.35.0",
+        "@typescript-eslint/scope-manager": "8.37.0",
+        "@typescript-eslint/type-utils": "8.37.0",
+        "@typescript-eslint/utils": "8.37.0",
+        "@typescript-eslint/visitor-keys": "8.37.0",
         "graphemer": "^1.4.0",
         "ignore": "^7.0.0",
         "natural-compare": "^1.4.0",
@@ -587,7 +587,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.35.0",
+        "@typescript-eslint/parser": "^8.37.0",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <5.9.0"
       }
@@ -603,16 +603,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.35.0.tgz",
-      "integrity": "sha512-6sMvZePQrnZH2/cJkwRpkT7DxoAWh+g6+GFRK6bV3YQo7ogi3SX5rgF6099r5Q53Ma5qeT7LGmOmuIutF4t3lA==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.37.0.tgz",
+      "integrity": "sha512-kVIaQE9vrN9RLCQMQ3iyRlVJpTiDUY6woHGb30JDkfJErqrQEmtdWH3gV0PBAfGZgQXoqzXOO0T3K6ioApbbAA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.35.0",
-        "@typescript-eslint/types": "8.35.0",
-        "@typescript-eslint/typescript-estree": "8.35.0",
-        "@typescript-eslint/visitor-keys": "8.35.0",
+        "@typescript-eslint/scope-manager": "8.37.0",
+        "@typescript-eslint/types": "8.37.0",
+        "@typescript-eslint/typescript-estree": "8.37.0",
+        "@typescript-eslint/visitor-keys": "8.37.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -628,14 +628,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.35.0.tgz",
-      "integrity": "sha512-41xatqRwWZuhUMF/aZm2fcUsOFKNcG28xqRSS6ZVr9BVJtGExosLAm5A1OxTjRMagx8nJqva+P5zNIGt8RIgbQ==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.37.0.tgz",
+      "integrity": "sha512-BIUXYsbkl5A1aJDdYJCBAo8rCEbAvdquQ8AnLb6z5Lp1u3x5PNgSSx9A/zqYc++Xnr/0DVpls8iQ2cJs/izTXA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.35.0",
-        "@typescript-eslint/types": "^8.35.0",
+        "@typescript-eslint/tsconfig-utils": "^8.37.0",
+        "@typescript-eslint/types": "^8.37.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -650,14 +650,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.35.0.tgz",
-      "integrity": "sha512-+AgL5+mcoLxl1vGjwNfiWq5fLDZM1TmTPYs2UkyHfFhgERxBbqHlNjRzhThJqz+ktBqTChRYY6zwbMwy0591AA==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.37.0.tgz",
+      "integrity": "sha512-0vGq0yiU1gbjKob2q691ybTg9JX6ShiVXAAfm2jGf3q0hdP6/BruaFjL/ManAR/lj05AvYCH+5bbVo0VtzmjOA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.35.0",
-        "@typescript-eslint/visitor-keys": "8.35.0"
+        "@typescript-eslint/types": "8.37.0",
+        "@typescript-eslint/visitor-keys": "8.37.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -668,9 +668,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.35.0.tgz",
-      "integrity": "sha512-04k/7247kZzFraweuEirmvUj+W3bJLI9fX6fbo1Qm2YykuBvEhRTPl8tcxlYO8kZZW+HIXfkZNoasVb8EV4jpA==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.37.0.tgz",
+      "integrity": "sha512-1/YHvAVTimMM9mmlPvTec9NP4bobA1RkDbMydxG8omqwJJLEW/Iy2C4adsAESIXU3WGLXFHSZUU+C9EoFWl4Zg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -685,14 +685,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.35.0.tgz",
-      "integrity": "sha512-ceNNttjfmSEoM9PW87bWLDEIaLAyR+E6BoYJQ5PfaDau37UGca9Nyq3lBk8Bw2ad0AKvYabz6wxc7DMTO2jnNA==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.37.0.tgz",
+      "integrity": "sha512-SPkXWIkVZxhgwSwVq9rqj/4VFo7MnWwVaRNznfQDc/xPYHjXnPfLWn+4L6FF1cAz6e7dsqBeMawgl7QjUMj4Ow==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "8.35.0",
-        "@typescript-eslint/utils": "8.35.0",
+        "@typescript-eslint/types": "8.37.0",
+        "@typescript-eslint/typescript-estree": "8.37.0",
+        "@typescript-eslint/utils": "8.37.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^2.1.0"
       },
@@ -709,9 +710,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.35.0.tgz",
-      "integrity": "sha512-0mYH3emanku0vHw2aRLNGqe7EXh9WHEhi7kZzscrMDf6IIRUQ5Jk4wp1QrledE/36KtdZrVfKnE32eZCf/vaVQ==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.37.0.tgz",
+      "integrity": "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -723,16 +724,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.35.0.tgz",
-      "integrity": "sha512-F+BhnaBemgu1Qf8oHrxyw14wq6vbL8xwWKKMwTMwYIRmFFY/1n/9T/jpbobZL8vp7QyEUcC6xGrnAO4ua8Kp7w==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.37.0.tgz",
+      "integrity": "sha512-zuWDMDuzMRbQOM+bHyU4/slw27bAUEcKSKKs3hcv2aNnc/tvE/h7w60dwVw8vnal2Pub6RT1T7BI8tFZ1fE+yg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.35.0",
-        "@typescript-eslint/tsconfig-utils": "8.35.0",
-        "@typescript-eslint/types": "8.35.0",
-        "@typescript-eslint/visitor-keys": "8.35.0",
+        "@typescript-eslint/project-service": "8.37.0",
+        "@typescript-eslint/tsconfig-utils": "8.37.0",
+        "@typescript-eslint/types": "8.37.0",
+        "@typescript-eslint/visitor-keys": "8.37.0",
         "debug": "^4.3.4",
         "fast-glob": "^3.3.2",
         "is-glob": "^4.0.3",
@@ -778,16 +779,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.35.0.tgz",
-      "integrity": "sha512-nqoMu7WWM7ki5tPgLVsmPM8CkqtoPUG6xXGeefM5t4x3XumOEKMoUZPdi+7F+/EotukN4R9OWdmDxN80fqoZeg==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.37.0.tgz",
+      "integrity": "sha512-TSFvkIW6gGjN2p6zbXo20FzCABbyUAuq6tBvNRGsKdsSQ6a7rnV6ADfZ7f4iI3lIiXc4F4WWvtUfDw9CJ9pO5A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.35.0",
-        "@typescript-eslint/types": "8.35.0",
-        "@typescript-eslint/typescript-estree": "8.35.0"
+        "@typescript-eslint/scope-manager": "8.37.0",
+        "@typescript-eslint/types": "8.37.0",
+        "@typescript-eslint/typescript-estree": "8.37.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -802,13 +803,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.35.0.tgz",
-      "integrity": "sha512-zTh2+1Y8ZpmeQaQVIc/ZZxsx8UzgKJyNg1PTvjzC7WMhPSVS8bfDX34k1SrwOf016qd5RU3az2UxUNue3IfQ5g==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.37.0.tgz",
+      "integrity": "sha512-YzfhzcTnZVPiLfP/oeKtDp2evwvHLMe0LOy7oe+hb9KKIumLNohYS9Hgp1ifwpu42YWxhZE8yieggz6JpqO/1w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.35.0",
+        "@typescript-eslint/types": "8.37.0",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -3632,14 +3633,13 @@
       }
     },
     "node_modules/eslint-plugin-n": {
-      "version": "17.20.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-n/-/eslint-plugin-n-17.20.0.tgz",
-      "integrity": "sha512-IRSoatgB/NQJZG5EeTbv/iAx1byOGdbbyhQrNvWdCfTnmPxUT0ao9/eGOeG7ljD8wJBsxwE8f6tES5Db0FRKEw==",
+      "version": "17.21.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-n/-/eslint-plugin-n-17.21.0.tgz",
+      "integrity": "sha512-1+iZ8We4ZlwVMtb/DcHG3y5/bZOdazIpa/4TySo22MLKdwrLcfrX0hbadnCvykSQCCmkAnWmIP8jZVb2AAq29A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.5.0",
-        "@typescript-eslint/utils": "^8.26.1",
         "enhanced-resolve": "^5.17.1",
         "eslint-plugin-es-x": "^7.8.0",
         "get-tsconfig": "^4.8.1",
@@ -8315,9 +8315,9 @@
       }
     },
     "node_modules/ts-declaration-location/node_modules/picomatch": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
-      "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
+      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8466,15 +8466,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.35.0",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.35.0.tgz",
-      "integrity": "sha512-uEnz70b7kBz6eg/j0Czy6K5NivaYopgxRjsnAJ2Fx5oTLo3wefTHIbL7AkQr1+7tJCRVpTs/wiM8JR/11Loq9A==",
+      "version": "8.37.0",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.37.0.tgz",
+      "integrity": "sha512-TnbEjzkE9EmcO0Q2zM+GE8NQLItNAJpMmED1BdgoBMYNdqMhzlbqfdSwiRlAzEK2pA9UzVW0gzaaIzXWg2BjfA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.35.0",
-        "@typescript-eslint/parser": "8.35.0",
-        "@typescript-eslint/utils": "8.35.0"
+        "@typescript-eslint/eslint-plugin": "8.37.0",
+        "@typescript-eslint/parser": "8.37.0",
+        "@typescript-eslint/typescript-estree": "8.37.0",
+        "@typescript-eslint/utils": "8.37.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -8876,43 +8877,43 @@
       "license": "ISC"
     },
     "node_modules/xo": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/xo/-/xo-1.1.1.tgz",
-      "integrity": "sha512-CMuUby6vSP+OQyOQRbhqWWIfc1dg06M6MFdtIQh/EMNE+ONcBzDhzNnbtDt/qD9gGRdg5qZ9YK16BBGwOfA2BQ==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/xo/-/xo-1.2.1.tgz",
+      "integrity": "sha512-CPv9yCCa8WkS8JMME5igrBQhqwOlQ+YFFsF2JP0vjQjuGdme5PLYgnDu8LnawMahtDq2PzpOWbMu2EEIxrOfBA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-plugin-eslint-comments": "^4.5.0",
         "@sindresorhus/tsconfig": "^7.0.0",
         "@stylistic/eslint-plugin": "^4.2.0",
-        "@typescript-eslint/parser": "^8.32.1",
+        "@typescript-eslint/parser": "^8.37.0",
         "arrify": "^3.0.0",
         "cosmiconfig": "^9.0.0",
         "define-lazy-prop": "^3.0.0",
-        "eslint": "^9.27.0",
+        "eslint": "^9.31.0",
         "eslint-config-prettier": "^10.1.5",
         "eslint-config-xo-react": "^0.28.0",
         "eslint-config-xo-typescript": "^7.0.0",
         "eslint-formatter-pretty": "^6.0.1",
         "eslint-plugin-ava": "^15.0.1",
-        "eslint-plugin-import-x": "^4.12.2",
-        "eslint-plugin-n": "^17.18.0",
+        "eslint-plugin-import-x": "^4.16.1",
+        "eslint-plugin-n": "^17.21.0",
         "eslint-plugin-no-use-extend-native": "^0.7.2",
-        "eslint-plugin-prettier": "^5.4.0",
+        "eslint-plugin-prettier": "^5.5.1",
         "eslint-plugin-promise": "^7.2.1",
         "eslint-plugin-unicorn": "^59.0.1",
         "find-cache-directory": "^6.0.0",
         "get-stdin": "^9.0.0",
         "get-tsconfig": "^4.10.1",
-        "globals": "^16.1.0",
+        "globals": "^16.3.0",
         "globby": "^14.1.0",
         "meow": "^13.2.0",
         "micromatch": "^4.0.8",
         "open-editor": "^5.1.0",
         "path-exists": "^5.0.0",
-        "prettier": "^3.5.3",
+        "prettier": "^3.6.2",
         "type-fest": "^4.41.0",
-        "typescript-eslint": "^8.32.1"
+        "typescript-eslint": "^8.37.0"
       },
       "bin": {
         "xo": "dist/cli.js"
diff --git a/package.json b/package.json
index c71a4648..fdfed592 100644
--- a/package.json
+++ b/package.json
@@ -59,7 +59,7 @@
     "postcss": "^8.5.6",
     "postcss-cli": "^11.0.1",
     "prettier": "^3.6.2",
-    "xo": "^1.1.1"
+    "xo": "^1.2.1"
   },
   "browserslist": [
     ">= 0.5%",

From b4af886192cd38cc1223b729cc315429a537d026 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Mon, 14 Apr 2025 16:21:21 +0200
Subject: [PATCH 09/60] HTML escape adlist URL before printing it in gravity
 stream

Co-authored-by: DL6ER <dl6er@dl6er.de>
Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/gravity.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/js/gravity.js b/scripts/js/gravity.js
index f3edb1e3..77083c91 100644
--- a/scripts/js/gravity.js
+++ b/scripts/js/gravity.js
@@ -5,7 +5,7 @@
  *  This file is copyright under the latest version of the EUPL.
  *  Please see LICENSE file for your rights under this license. */
 
-/* global apiFailure:false */
+/* global apiFailure:false, utils:false */
 
 "use strict";
 
@@ -91,7 +91,8 @@ function parseLines(outputElement, text) {
   for (let line of lines) {
     if (line[0] === "\r") {
       // This line starts with the "OVER" sequence. Replace them with "\n" before print
-      line = line.replaceAll("\r", "\n").replaceAll("\r", "\n");
+      // we also escape HTML to prevent XSS attacks
+      line = utils.escapeHtml(line.replaceAll("\r", "\n").replaceAll("\r", "\n"));
 
       // Last line from the textarea will be overwritten, so we remove it
       const lastLineIndex = outputElement.innerHTML.lastIndexOf("\n");

From 55e8e4a328f77ceafa0b74c012d2a461504b3347 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sat, 19 Jul 2025 21:53:26 +0200
Subject: [PATCH 10/60] Use \u001B instead of (hidden) ESC character

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/gravity.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/js/gravity.js b/scripts/js/gravity.js
index 77083c91..06fc4c3a 100644
--- a/scripts/js/gravity.js
+++ b/scripts/js/gravity.js
@@ -92,7 +92,7 @@ function parseLines(outputElement, text) {
     if (line[0] === "\r") {
       // This line starts with the "OVER" sequence. Replace them with "\n" before print
       // we also escape HTML to prevent XSS attacks
-      line = utils.escapeHtml(line.replaceAll("\r", "\n").replaceAll("\r", "\n"));
+      line = utils.escapeHtml(line.replaceAll("\r\u001B[K", "\n").replaceAll("\r", "\n"));
 
       // Last line from the textarea will be overwritten, so we remove it
       const lastLineIndex = outputElement.innerHTML.lastIndexOf("\n");

From 2e960473cb7e434f291b81e3ccf78ce96ef51ba2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 26 Jul 2025 10:06:09 +0000
Subject: [PATCH 11/60] build(deps-dev): bump eslint from 9.31.0 to 9.32.0

Bumps [eslint](https://github.com/eslint/eslint) from 9.31.0 to 9.32.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.31.0...v9.32.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 24 ++++++++++++------------
 package.json      |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b5889b42..91514d76 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -37,7 +37,7 @@
       },
       "devDependencies": {
         "autoprefixer": "^10.4.21",
-        "eslint": "^9.31.0",
+        "eslint": "^9.32.0",
         "eslint-plugin-compat": "^6.0.2",
         "globals": "^16.3.0",
         "postcss": "^8.5.6",
@@ -243,9 +243,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.31.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.31.0.tgz",
-      "integrity": "sha512-LOm5OVt7D4qiKCqoiPbA7LWmI+tbw1VbTUowBcUMgQSuM6poJufkFkYDcQpo5KfgD39TnNySV26QjOh7VFpSyw==",
+      "version": "9.32.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.32.0.tgz",
+      "integrity": "sha512-BBpRFZK3eX6uMLKz8WxFOBIFFcGFJ/g8XuwjTHCqHROSIsopI+ddn/d5Cfh36+7+e5edVS8dbSHnBNhrLEX0zg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -266,9 +266,9 @@
       }
     },
     "node_modules/@eslint/plugin-kit": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.3.tgz",
-      "integrity": "sha512-1+WqvgNMhmlAambTvT3KPtCl/Ibr68VldY2XY40SL1CE0ZXiakFR/cbTspaF5HsnpDMvcYYoJHfl4980NBjGag==",
+      "version": "0.3.4",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.4.tgz",
+      "integrity": "sha512-Ul5l+lHEcw3L5+k8POx6r74mxEYKG5kOb6Xpy2gCRW6zweT6TEhAf8vhxGgjhqrd/VO/Dirhsb+1hNpD1ue9hw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3162,9 +3162,9 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.31.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.31.0.tgz",
-      "integrity": "sha512-QldCVh/ztyKJJZLr4jXNUByx3gR+TDYZCRXEktiZoUR3PGy4qCmSbkxcIle8GEwGpb5JBZazlaJ/CxLidXdEbQ==",
+      "version": "9.32.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.32.0.tgz",
+      "integrity": "sha512-LSehfdpgMeWcTZkWZVIJl+tkZ2nuSkyyB9C27MZqFWXuph7DvaowgcTvKqxvpLW1JZIk8PN7hFY3Rj9LQ7m7lg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3174,8 +3174,8 @@
         "@eslint/config-helpers": "^0.3.0",
         "@eslint/core": "^0.15.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.31.0",
-        "@eslint/plugin-kit": "^0.3.1",
+        "@eslint/js": "9.32.0",
+        "@eslint/plugin-kit": "^0.3.4",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@humanwhocodes/retry": "^0.4.2",
diff --git a/package.json b/package.json
index fdfed592..6b0e279b 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
   },
   "devDependencies": {
     "autoprefixer": "^10.4.21",
-    "eslint": "^9.31.0",
+    "eslint": "^9.32.0",
     "eslint-plugin-compat": "^6.0.2",
     "globals": "^16.3.0",
     "postcss": "^8.5.6",

From aa7ce51e08ebeeeb066e8caac9b4a4aa9ddabd34 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 26 Jul 2025 10:10:54 +0000
Subject: [PATCH 12/60] build(deps): bump github/codeql-action from 3.29.2 to
 3.29.4

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.2 to 3.29.4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.29.2...v3.29.4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 16e5fe56..11f52ddf 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.29.2
+        uses: github/codeql-action/init@v3.29.4
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.29.2
+        uses: github/codeql-action/autobuild@v3.29.4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.29.2
+        uses: github/codeql-action/analyze@v3.29.4
         with:
           category: "/language:javascript"

From bec82d8045c419cfccd6b832f21fe95633a27b87 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 2 Aug 2025 10:08:28 +0000
Subject: [PATCH 13/60] build(deps): bump github/codeql-action from 3.29.4 to
 3.29.5

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.4 to 3.29.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.29.4...v3.29.5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 11f52ddf..c1e5ef89 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.29.4
+        uses: github/codeql-action/init@v3.29.5
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.29.4
+        uses: github/codeql-action/autobuild@v3.29.5
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.29.4
+        uses: github/codeql-action/analyze@v3.29.5
         with:
           category: "/language:javascript"

From 3b3fc03949c620cfe104de540ba69ea74a04653b Mon Sep 17 00:00:00 2001
From: DL6ER <dl6er@dl6er.de>
Date: Sat, 9 Aug 2025 10:26:54 +0200
Subject: [PATCH 14/60] Hint at the special role of the underscore character

Signed-off-by: DL6ER <dl6er@dl6er.de>
---
 queries.lp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/queries.lp b/queries.lp
index f05f0ff3..c8cbcaa0 100644
--- a/queries.lp
+++ b/queries.lp
@@ -138,7 +138,7 @@ mg.include('scripts/lua/header_authenticated.lp','r')
             </div>
             <!-- /.box-body -->
             <div class="box-footer clearfix">
-                <span class="pull-left">* These input fields allow manual input as well. Use <code>*</code> for wildcard search.</span>
+                <span class="pull-left">* These input fields allow manual input as well. Use <code>*</code> for wildcard search. The underscore <code>_</code> can be used as a single-character wildcard. If you want to search for an underscore character, escape it like <code>\_</code>.</span>
                 <span class="pull-right">Click "Refresh" below to apply.</span>
             </div>
             <!-- /.box -->

From 9a9f6cd170b82926fa7b675750791acb3d0115d0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 9 Aug 2025 10:14:13 +0000
Subject: [PATCH 15/60] build(deps-dev): bump eslint from 9.32.0 to 9.33.0

Bumps [eslint](https://github.com/eslint/eslint) from 9.32.0 to 9.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.32.0...v9.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 42 +++++++++++++++++++++---------------------
 package.json      |  2 +-
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 91514d76..b5d9c465 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -37,7 +37,7 @@
       },
       "devDependencies": {
         "autoprefixer": "^10.4.21",
-        "eslint": "^9.32.0",
+        "eslint": "^9.33.0",
         "eslint-plugin-compat": "^6.0.2",
         "globals": "^16.3.0",
         "postcss": "^8.5.6",
@@ -183,9 +183,9 @@
       }
     },
     "node_modules/@eslint/config-helpers": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.3.0.tgz",
-      "integrity": "sha512-ViuymvFmcJi04qdZeDc2whTHryouGcDlaxPqarTD0ZE10ISpxGUVZGZDx4w01upyIynL3iu6IXH2bS1NhclQMw==",
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.3.1.tgz",
+      "integrity": "sha512-xR93k9WhrDYpXHORXpxVL5oHj3Era7wo6k/Wd8/IsQNnZUTzkGS29lyn3nAT05v6ltUuTFVCCYDEGfy2Or/sPA==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -193,9 +193,9 @@
       }
     },
     "node_modules/@eslint/core": {
-      "version": "0.15.1",
-      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.1.tgz",
-      "integrity": "sha512-bkOp+iumZCCbt1K1CmWf0R9pM5yKpDv+ZXtvSyQpudrI9kuFLp+bM2WOPXImuD/ceQuaa8f5pj93Y7zyECIGNA==",
+      "version": "0.15.2",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.2.tgz",
+      "integrity": "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -243,9 +243,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.32.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.32.0.tgz",
-      "integrity": "sha512-BBpRFZK3eX6uMLKz8WxFOBIFFcGFJ/g8XuwjTHCqHROSIsopI+ddn/d5Cfh36+7+e5edVS8dbSHnBNhrLEX0zg==",
+      "version": "9.33.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.33.0.tgz",
+      "integrity": "sha512-5K1/mKhWaMfreBGJTwval43JJmkip0RmM+3+IuqupeSKNC/Th2Kc7ucaq5ovTSra/OOKB9c58CGSz3QMVbWt0A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -266,13 +266,13 @@
       }
     },
     "node_modules/@eslint/plugin-kit": {
-      "version": "0.3.4",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.4.tgz",
-      "integrity": "sha512-Ul5l+lHEcw3L5+k8POx6r74mxEYKG5kOb6Xpy2gCRW6zweT6TEhAf8vhxGgjhqrd/VO/Dirhsb+1hNpD1ue9hw==",
+      "version": "0.3.5",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.5.tgz",
+      "integrity": "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@eslint/core": "^0.15.1",
+        "@eslint/core": "^0.15.2",
         "levn": "^0.4.1"
       },
       "engines": {
@@ -3162,20 +3162,20 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.32.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.32.0.tgz",
-      "integrity": "sha512-LSehfdpgMeWcTZkWZVIJl+tkZ2nuSkyyB9C27MZqFWXuph7DvaowgcTvKqxvpLW1JZIk8PN7hFY3Rj9LQ7m7lg==",
+      "version": "9.33.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.33.0.tgz",
+      "integrity": "sha512-TS9bTNIryDzStCpJN93aC5VRSW3uTx9sClUn4B87pwiCaJh220otoI0X8mJKr+VcPtniMdN8GKjlwgWGUv5ZKA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.12.1",
         "@eslint/config-array": "^0.21.0",
-        "@eslint/config-helpers": "^0.3.0",
-        "@eslint/core": "^0.15.0",
+        "@eslint/config-helpers": "^0.3.1",
+        "@eslint/core": "^0.15.2",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.32.0",
-        "@eslint/plugin-kit": "^0.3.4",
+        "@eslint/js": "9.33.0",
+        "@eslint/plugin-kit": "^0.3.5",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@humanwhocodes/retry": "^0.4.2",
diff --git a/package.json b/package.json
index 6b0e279b..88efd589 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
   },
   "devDependencies": {
     "autoprefixer": "^10.4.21",
-    "eslint": "^9.32.0",
+    "eslint": "^9.33.0",
     "eslint-plugin-compat": "^6.0.2",
     "globals": "^16.3.0",
     "postcss": "^8.5.6",

From 2df4782c175ebadeb9ab7dcbf52e19bae4bf9fc7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 9 Aug 2025 10:28:14 +0000
Subject: [PATCH 16/60] build(deps): bump github/codeql-action from 3.29.5 to
 3.29.8

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.5 to 3.29.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.29.5...v3.29.8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c1e5ef89..ae3793c5 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.29.5
+        uses: github/codeql-action/init@v3.29.8
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.29.5
+        uses: github/codeql-action/autobuild@v3.29.8
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.29.5
+        uses: github/codeql-action/analyze@v3.29.8
         with:
           category: "/language:javascript"

From aeb86e423917fbe23947d455334616b077f1606e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 16 Aug 2025 10:49:55 +0000
Subject: [PATCH 17/60] build(deps-dev): bump xo from 1.2.1 to 1.2.2

Bumps [xo](https://github.com/xojs/xo) from 1.2.1 to 1.2.2.
- [Release notes](https://github.com/xojs/xo/releases)
- [Commits](https://github.com/xojs/xo/compare/v1.2.1...v1.2.2)

---
updated-dependencies:
- dependency-name: xo
  dependency-version: 1.2.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b5d9c465..5cf2acf1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -43,7 +43,7 @@
         "postcss": "^8.5.6",
         "postcss-cli": "^11.0.1",
         "prettier": "^3.6.2",
-        "xo": "^1.2.1"
+        "xo": "^1.2.2"
       }
     },
     "node_modules/@babel/code-frame": {
@@ -8877,9 +8877,9 @@
       "license": "ISC"
     },
     "node_modules/xo": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/xo/-/xo-1.2.1.tgz",
-      "integrity": "sha512-CPv9yCCa8WkS8JMME5igrBQhqwOlQ+YFFsF2JP0vjQjuGdme5PLYgnDu8LnawMahtDq2PzpOWbMu2EEIxrOfBA==",
+      "version": "1.2.2",
+      "resolved": "https://registry.npmjs.org/xo/-/xo-1.2.2.tgz",
+      "integrity": "sha512-8l565N0q5ROdSez8flcltMt1gi8OiEEYR1sGiRqc+QRrGf0Z8NEbhPkxYRrHn36iF+Hmyles79036LwuKREA5w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index 88efd589..057b75b8 100644
--- a/package.json
+++ b/package.json
@@ -59,7 +59,7 @@
     "postcss": "^8.5.6",
     "postcss-cli": "^11.0.1",
     "prettier": "^3.6.2",
-    "xo": "^1.2.1"
+    "xo": "^1.2.2"
   },
   "browserslist": [
     ">= 0.5%",

From 288dc3651ffc335e19dabca14f6d0d51bdd55901 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 16 Aug 2025 10:50:59 +0000
Subject: [PATCH 18/60] build(deps): bump github/codeql-action from 3.29.8 to
 3.29.9

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.8 to 3.29.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.29.8...v3.29.9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ae3793c5..2b2f521d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.29.8
+        uses: github/codeql-action/init@v3.29.9
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.29.8
+        uses: github/codeql-action/autobuild@v3.29.9
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.29.8
+        uses: github/codeql-action/analyze@v3.29.9
         with:
           category: "/language:javascript"

From 0bf92bfde46f45aa1860720912ca592762a955ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 16 Aug 2025 10:51:05 +0000
Subject: [PATCH 19/60] build(deps): bump actions/checkout from 4.2.2 to 5.0.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.2 to 5.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml               | 2 +-
 .github/workflows/codespell.yml            | 2 +-
 .github/workflows/editorconfig-checker.yml | 2 +-
 .github/workflows/stale.yml                | 2 +-
 .github/workflows/sync-back-to-dev.yml     | 2 +-
 .github/workflows/test.yml                 | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ae3793c5..982f4545 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index f0545956..8bb678d6 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/editorconfig-checker.yml b/.github/workflows/editorconfig-checker.yml
index 6aa9f269..84e32101 100644
--- a/.github/workflows/editorconfig-checker.yml
+++ b/.github/workflows/editorconfig-checker.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
       - uses: editorconfig-checker/action-editorconfig-checker@main
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 2e87c1f1..74e46649 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
       - name: Remove 'stale' label
diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml
index 0116402c..4adb9efb 100644
--- a/.github/workflows/sync-back-to-dev.yml
+++ b/.github/workflows/sync-back-to-dev.yml
@@ -11,7 +11,7 @@ jobs:
     name: Syncing branches
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
       - name: Opening pull request
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0df0b50b..99fca882 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Clone repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v5.0.0
         with:
           persist-credentials: false
 

From 21a65be5a71ed642e31e7c73a54747b3122e48cb Mon Sep 17 00:00:00 2001
From: idotj <info@idotj.com>
Date: Tue, 19 Aug 2025 16:50:44 +0200
Subject: [PATCH 20/60] Fix 2FA icon styles #3431

Signed-off-by: idotj <info@idotj.com>
---
 login.lp          | 10 +++++++---
 settings-api.lp   | 12 ++++++++----
 style/pi-hole.css |  6 +++++-
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/login.lp b/login.lp
index 1ac17150..08e01654 100644
--- a/login.lp
+++ b/login.lp
@@ -50,9 +50,13 @@ mg.include('scripts/lua/header.lp','r')
                             </span>
                         </div>
                     </div>
-                    <div class="form-group has-feedback hidden" id="totp_input">
-                        <input type="text" id="totp" size="6" maxlen="6" class="form-control totp_token" placeholder="123456" value="" spellcheck="false" autofocus autocomplete="off">
-                        <span class="fa fa-clock-rotate-left pwd-field form-control-feedback"></span>
+                    <div class="form-group hidden" id="totp_input">
+                        <div class="input-group">
+                            <input type="text" id="totp" size="6" maxlen="6" class="form-control totp_token" placeholder="123456" value="" spellcheck="false" autofocus autocomplete="off">
+                            <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verfication code">
+                                <i class="fa fa-clock-rotate-left form-control-feedback"></i>
+                            </div>
+                        </div>
                     </div>
                     <div class="form-group">
                         <button type="submit" class="btn btn-primary form-control"><i class="fas fa-sign-in-alt"></i>&nbsp;&nbsp;&nbsp;Log in (uses cookie)</button>
diff --git a/settings-api.lp b/settings-api.lp
index 2bdbe3e7..584d7bbe 100644
--- a/settings-api.lp
+++ b/settings-api.lp
@@ -192,11 +192,15 @@ mg.include('scripts/lua/settings_header.lp','r')
                 <p>2. Enter the 2FA code from your app below to confirm that you have set up 2FA correctly.</p>
                 <div class="row">
                     <div class="col-md-6 col-md-offset-3">
-                        <div id="totp_div" class="has-feedback has-error">
-                            <div class="pwd-field form-group">
-                                <input type="text" size="6" maxlength="6" class="form-control totp_token" id="totp_code" placeholder="">
+                        <div id="totp_div">
+                            <div class="pwd-field form-group has-error">
+                                <div class="input-group">
+                                    <input type="text" size="6" maxlength="6" class="form-control totp_token" id="totp_code" placeholder="">
+                                    <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verfication code">
+                                        <i class="fa fa-clock-rotate-left form-control-feedback"></i>
+                                    </div>
+                                </div>
                             </div>
-                            <i class="fa-solid fa-clock-rotate-left pwd-field form-control-feedback"></i>
                         </div>
                     </div>
                 </div>
diff --git a/style/pi-hole.css b/style/pi-hole.css
index 1da12ba4..2c7dec19 100644
--- a/style/pi-hole.css
+++ b/style/pi-hole.css
@@ -575,7 +575,7 @@ td.details-control {
 }
 
 .form-control-feedback {
-  right: 0.5em;
+  right: 1em;
   width: 16px;
   height: 100%;
 }
@@ -1136,6 +1136,10 @@ table.dataTable tbody > tr > .selected {
   opacity: 0.1;
 }
 
+.totp_token + .input-group-addon {
+  padding: 0 1.5em;
+}
+
 .save-button-container {
   position: fixed;
   bottom: 1.2em;

From 2768c44d24d592e888ea1c48fd62c4321e463e67 Mon Sep 17 00:00:00 2001
From: idotj <info@idotj.com>
Date: Tue, 19 Aug 2025 18:47:21 +0200
Subject: [PATCH 21/60] Fix typo

Signed-off-by: idotj <info@idotj.com>
---
 login.lp        | 2 +-
 settings-api.lp | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/login.lp b/login.lp
index 08e01654..c3db77c0 100644
--- a/login.lp
+++ b/login.lp
@@ -53,7 +53,7 @@ mg.include('scripts/lua/header.lp','r')
                     <div class="form-group hidden" id="totp_input">
                         <div class="input-group">
                             <input type="text" id="totp" size="6" maxlen="6" class="form-control totp_token" placeholder="123456" value="" spellcheck="false" autofocus autocomplete="off">
-                            <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verfication code">
+                            <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verification code">
                                 <i class="fa fa-clock-rotate-left form-control-feedback"></i>
                             </div>
                         </div>
diff --git a/settings-api.lp b/settings-api.lp
index 584d7bbe..031f96e8 100644
--- a/settings-api.lp
+++ b/settings-api.lp
@@ -196,7 +196,7 @@ mg.include('scripts/lua/settings_header.lp','r')
                             <div class="pwd-field form-group has-error">
                                 <div class="input-group">
                                     <input type="text" size="6" maxlength="6" class="form-control totp_token" id="totp_code" placeholder="">
-                                    <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verfication code">
+                                    <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verification code">
                                         <i class="fa fa-clock-rotate-left form-control-feedback"></i>
                                     </div>
                                 </div>

From ee02f1aea8d6b09ad6930aad77cf7a9332c8e81f Mon Sep 17 00:00:00 2001
From: idotj <info@idotj.com>
Date: Wed, 20 Aug 2025 14:20:11 +0200
Subject: [PATCH 22/60] Remove CSS

Signed-off-by: idotj <info@idotj.com>
---
 login.lp          |  2 +-
 settings-api.lp   |  2 +-
 style/pi-hole.css | 10 ----------
 3 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/login.lp b/login.lp
index c3db77c0..d360f404 100644
--- a/login.lp
+++ b/login.lp
@@ -54,7 +54,7 @@ mg.include('scripts/lua/header.lp','r')
                         <div class="input-group">
                             <input type="text" id="totp" size="6" maxlen="6" class="form-control totp_token" placeholder="123456" value="" spellcheck="false" autofocus autocomplete="off">
                             <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verification code">
-                                <i class="fa fa-clock-rotate-left form-control-feedback"></i>
+                                <i class="fa fa-clock-rotate-left"></i>
                             </div>
                         </div>
                     </div>
diff --git a/settings-api.lp b/settings-api.lp
index 031f96e8..2331abd6 100644
--- a/settings-api.lp
+++ b/settings-api.lp
@@ -197,7 +197,7 @@ mg.include('scripts/lua/settings_header.lp','r')
                                 <div class="input-group">
                                     <input type="text" size="6" maxlength="6" class="form-control totp_token" id="totp_code" placeholder="">
                                     <div class="input-group-addon" data-toggle="tooltip" data-placement="auto" title="TOTP verification code">
-                                        <i class="fa fa-clock-rotate-left form-control-feedback"></i>
+                                        <i class="fa fa-clock-rotate-left"></i>
                                     </div>
                                 </div>
                             </div>
diff --git a/style/pi-hole.css b/style/pi-hole.css
index 2c7dec19..693e4f1d 100644
--- a/style/pi-hole.css
+++ b/style/pi-hole.css
@@ -574,12 +574,6 @@ td.details-control {
   border: none;
 }
 
-.form-control-feedback {
-  right: 1em;
-  width: 16px;
-  height: 100%;
-}
-
 .loginpage-logo {
   margin: 0 0 10px;
 }
@@ -1136,10 +1130,6 @@ table.dataTable tbody > tr > .selected {
   opacity: 0.1;
 }
 
-.totp_token + .input-group-addon {
-  padding: 0 1.5em;
-}
-
 .save-button-container {
   position: fixed;
   bottom: 1.2em;

From ce30798656c885815f674ad624b7664af260b361 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 23 Aug 2025 10:10:49 +0000
Subject: [PATCH 23/60] build(deps-dev): bump eslint from 9.33.0 to 9.34.0

Bumps [eslint](https://github.com/eslint/eslint) from 9.33.0 to 9.34.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.33.0...v9.34.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5cf2acf1..2e4a7bde 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -37,7 +37,7 @@
       },
       "devDependencies": {
         "autoprefixer": "^10.4.21",
-        "eslint": "^9.33.0",
+        "eslint": "^9.34.0",
         "eslint-plugin-compat": "^6.0.2",
         "globals": "^16.3.0",
         "postcss": "^8.5.6",
@@ -243,9 +243,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.33.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.33.0.tgz",
-      "integrity": "sha512-5K1/mKhWaMfreBGJTwval43JJmkip0RmM+3+IuqupeSKNC/Th2Kc7ucaq5ovTSra/OOKB9c58CGSz3QMVbWt0A==",
+      "version": "9.34.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.34.0.tgz",
+      "integrity": "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3162,9 +3162,9 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.33.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.33.0.tgz",
-      "integrity": "sha512-TS9bTNIryDzStCpJN93aC5VRSW3uTx9sClUn4B87pwiCaJh220otoI0X8mJKr+VcPtniMdN8GKjlwgWGUv5ZKA==",
+      "version": "9.34.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.34.0.tgz",
+      "integrity": "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3174,7 +3174,7 @@
         "@eslint/config-helpers": "^0.3.1",
         "@eslint/core": "^0.15.2",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.33.0",
+        "@eslint/js": "9.34.0",
         "@eslint/plugin-kit": "^0.3.5",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
diff --git a/package.json b/package.json
index 057b75b8..db5cbb2c 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
   },
   "devDependencies": {
     "autoprefixer": "^10.4.21",
-    "eslint": "^9.33.0",
+    "eslint": "^9.34.0",
     "eslint-plugin-compat": "^6.0.2",
     "globals": "^16.3.0",
     "postcss": "^8.5.6",

From 78ced9f0d24064d04073438df841cd9eda4d4b49 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 23 Aug 2025 10:16:57 +0000
Subject: [PATCH 24/60] build(deps): bump github/codeql-action from 3.29.9 to
 3.29.11

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.9 to 3.29.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.29.9...v3.29.11)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.29.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 57571bdb..6ed93e6e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.29.9
+        uses: github/codeql-action/init@v3.29.11
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.29.9
+        uses: github/codeql-action/autobuild@v3.29.11
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.29.9
+        uses: github/codeql-action/analyze@v3.29.11
         with:
           category: "/language:javascript"

From be3859db7ff31291d9f9edd26164013cf497c943 Mon Sep 17 00:00:00 2001
From: Aaron Blankenship <aaron@aaronblankenship.com>
Date: Sun, 24 Aug 2025 11:28:28 -0500
Subject: [PATCH 25/60] Prevents getting stuck loading unlimited query log
 results. Changed in Queries Log table only.

Signed-off-by: Aaron Blankenship <aaron@aaronblankenship.com>
---
 scripts/js/queries.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/js/queries.js b/scripts/js/queries.js
index c0a3c2ba..fd2df99a 100644
--- a/scripts/js/queries.js
+++ b/scripts/js/queries.js
@@ -561,7 +561,10 @@ $(() => {
       utils.stateSaveCallback("query_log_table", data);
     },
     stateLoadCallback() {
-      return utils.stateLoadCallback("query_log_table");
+      const state = utils.stateLoadCallback("query_log_table");
+      // Default to 25 entries if "All" was previously selected
+      if (state) state.length = state.length === -1 ? 25 : state.length;
+      return state;
     },
     rowCallback(row, data) {
       const querystatus = parseQueryStatus(data);

From ef76839fa8d0fbaee443d132a6ebe4b16d0cb34e Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 27 Aug 2025 21:05:13 +0200
Subject: [PATCH 26/60] Pin github action to SHA

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 .github/workflows/codeql.yml               | 8 ++++----
 .github/workflows/codespell.yml            | 4 ++--
 .github/workflows/editorconfig-checker.yml | 4 ++--
 .github/workflows/merge-conflict.yml       | 2 +-
 .github/workflows/stale.yml                | 4 ++--
 .github/workflows/stale_pr.yml             | 2 +-
 .github/workflows/sync-back-to-dev.yml     | 2 +-
 .github/workflows/test.yml                 | 4 ++--
 8 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6ed93e6e..ed016761 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -26,21 +26,21 @@ jobs:
 
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.29.11
+        uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.29.11
+        uses: github/codeql-action/autobuild@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.29.11
+        uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
         with:
           category: "/language:javascript"
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
index 8bb678d6..6d18000d 100644
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -13,12 +13,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
 
       - name: Spell-Checking
-        uses: codespell-project/actions-codespell@master
+        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 #v2.1
         with:
           ignore_words_file: .codespellignore
           skip: ./vendor,./package.json,./package-lock.json
diff --git a/.github/workflows/editorconfig-checker.yml b/.github/workflows/editorconfig-checker.yml
index 84e32101..750705d0 100644
--- a/.github/workflows/editorconfig-checker.yml
+++ b/.github/workflows/editorconfig-checker.yml
@@ -10,8 +10,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
-      - uses: editorconfig-checker/action-editorconfig-checker@main
+      - uses: editorconfig-checker/action-editorconfig-checker@main # tag v2. is really out of date
       - run: editorconfig-checker
diff --git a/.github/workflows/merge-conflict.yml b/.github/workflows/merge-conflict.yml
index 457ef61f..745879d9 100644
--- a/.github/workflows/merge-conflict.yml
+++ b/.github/workflows/merge-conflict.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check if PRs are have merge conflicts
-        uses: eps1lon/actions-label-merge-conflict@v3.0.3
+        uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 #v3.0.3
         with:
           dirtyLabel: "Merge Conflicts"
           repoToken: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 74e46649..21b13866 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -17,7 +17,7 @@ jobs:
       issues: write
 
     steps:
-      - uses: actions/stale@v9.1.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30
@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
       - name: Remove 'stale' label
diff --git a/.github/workflows/stale_pr.yml b/.github/workflows/stale_pr.yml
index 08033013..6ff2e578 100644
--- a/.github/workflows/stale_pr.yml
+++ b/.github/workflows/stale_pr.yml
@@ -16,7 +16,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@v9.1.0
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # Do not automatically mark PR/issue as stale
diff --git a/.github/workflows/sync-back-to-dev.yml b/.github/workflows/sync-back-to-dev.yml
index 4adb9efb..504d9d2c 100644
--- a/.github/workflows/sync-back-to-dev.yml
+++ b/.github/workflows/sync-back-to-dev.yml
@@ -11,7 +11,7 @@ jobs:
     name: Syncing branches
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
       - name: Opening pull request
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 99fca882..440522ab 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,12 +19,12 @@ jobs:
 
     steps:
       - name: Clone repository
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@v4.4.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0
         with:
           node-version: "22.x"
           cache: npm

From 9dc305c2b5adfefb0cd016bddd8dd0213d070306 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 10 Sep 2025 10:09:53 +0200
Subject: [PATCH 27/60] Show tooltip of bar graphs below x-axis

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/charts.js | 48 ++++++++++++++++++++++++++++----------------
 scripts/js/index.js  |  6 ++++--
 2 files changed, 35 insertions(+), 19 deletions(-)

diff --git a/scripts/js/charts.js b/scripts/js/charts.js
index ecb99b61..b8a07631 100644
--- a/scripts/js/charts.js
+++ b/scripts/js/charts.js
@@ -233,6 +233,10 @@ function positionTooltip(tooltipEl, tooltip, context) {
   const arrowMinIndent = 2 * tooltip.options.cornerRadius;
   const arrowSize = 5;
 
+  // Check if this is a queryOverTimeChart or clientsChart - these should stick to x-axis
+  const canvasId = context.chart.canvas.id;
+  const isTimelineChart = canvasId === "queryOverTimeChart" || canvasId === "clientsChart";
+
   let tooltipX = offsetX + caretX;
   let arrowX;
 
@@ -289,27 +293,37 @@ function positionTooltip(tooltipEl, tooltip, context) {
     arrowX = offsetX + caretX - tooltipX;
   }
 
-  let tooltipY = offsetY + caretY;
+  let tooltipY;
 
-  // Compute Y position
-  switch (tooltip.yAlign) {
-    case "top": {
-      tooltipY += arrowSize + caretPadding;
-      break;
-    }
+  if (isTimelineChart) {
+    // For timeline charts, always position tooltip below the chart with caret pointing to x-axis
+    const chartArea = context.chart.chartArea;
+    const canvasBottom = chartArea.bottom;
+    tooltipY = offsetY + canvasBottom + arrowSize + caretPadding;
 
-    case "center": {
-      tooltipY -= tooltipHeight / 2;
-      if (tooltip.xAlign === "left") tooltipX += arrowSize;
-      if (tooltip.xAlign === "right") tooltipX -= arrowSize;
-      break;
-    }
+    // Ensure the arrow points to the correct X position
+    arrowX = tooltip.caretX - (tooltipX - offsetX);
+  } else {
+    tooltipY = offsetY + caretY;
+    switch (tooltip.yAlign) {
+      case "top": {
+        tooltipY += arrowSize + caretPadding;
+        break;
+      }
 
-    case "bottom": {
-      tooltipY -= tooltipHeight + arrowSize + caretPadding;
-      break;
+      case "center": {
+        tooltipY -= tooltipHeight / 2;
+        if (tooltip.xAlign === "left") tooltipX += arrowSize;
+        if (tooltip.xAlign === "right") tooltipX -= arrowSize;
+        break;
+      }
+
+      case "bottom": {
+        tooltipY -= tooltipHeight + arrowSize + caretPadding;
+        break;
+      }
+      // No default
     }
-    // No default
   }
 
   // Position tooltip and display
diff --git a/scripts/js/index.js b/scripts/js/index.js
index 9bf49555..65d64d53 100644
--- a/scripts/js/index.js
+++ b/scripts/js/index.js
@@ -639,9 +639,11 @@ $(() => {
           display: false,
         },
         tooltip: {
-          enabled: true,
+          // Disable the on-canvas tooltip
+          enabled: false,
           intersect: false,
-          yAlign: "bottom",
+          external: customTooltips,
+          yAlign: "top",
           itemSort(a, b) {
             return b.datasetIndex - a.datasetIndex;
           },

From 66eb9477184e97f365605df8617fec40db27f038 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 10 Sep 2025 10:21:08 +0200
Subject: [PATCH 28/60] Only display items in queryOverTimeChart tooltips with
 at least 1 query

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/js/index.js b/scripts/js/index.js
index 65d64d53..6a228848 100644
--- a/scripts/js/index.js
+++ b/scripts/js/index.js
@@ -658,7 +658,7 @@ $(() => {
               return "Queries from " + from + " to " + to;
             },
             label(tooltipLabel) {
-              return labelWithPercentage(tooltipLabel);
+              return labelWithPercentage(tooltipLabel, true);
             },
           },
         },

From 2c1876879d55d7c45a2ac5fc366820ff14fca186 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Wed, 10 Sep 2025 10:53:24 +0200
Subject: [PATCH 29/60] Fix calculation of tootlip percentage

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/index.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/js/index.js b/scripts/js/index.js
index 6a228848..a7bf4609 100644
--- a/scripts/js/index.js
+++ b/scripts/js/index.js
@@ -521,8 +521,8 @@ function labelWithPercentage(tooltipLabel, skipZero = false) {
   // Sum all queries for the current time by iterating over all keys in the
   // current dataset
   let sum = 0;
-  for (const value of Object.values(tooltipLabel.parsed._stacks.y)) {
-    if (value === undefined) continue;
+  for (const [key, value] of Object.entries(tooltipLabel.parsed._stacks.y)) {
+    if (key.startsWith("_") || value === undefined) continue;
     const num = Number.parseInt(value, 10);
     if (num) sum += num;
   }

From 52441b7b1bdae7a20174d0feb00c500bb0fa99ab Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Mon, 15 Sep 2025 22:11:44 -0300
Subject: [PATCH 30/60] Remove unnecessary code

The outer `if` (line 92) already guarantees only 2 possible values.
If `isQueryTypeChart` is false, `isForwardDestinationChart` must be true.

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 scripts/js/charts.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/js/charts.js b/scripts/js/charts.js
index ecb99b61..224abda7 100644
--- a/scripts/js/charts.js
+++ b/scripts/js/charts.js
@@ -96,7 +96,7 @@ globalThis.htmlLegendPlugin = {
 
         if (isQueryTypeChart) {
           link.href = `queries?type=${item.text}`;
-        } else if (isForwardDestinationChart) {
+        } else {
           // Encode the forward destination as it may contain an "#" character
           link.href = `queries?upstream=${encodeURIComponent(upstreams[item.text])}`;
         }

From 48666e1ffdf1d69081c624a0bada265a3c160061 Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Mon, 15 Sep 2025 22:19:09 -0300
Subject: [PATCH 31/60] Use an array to store upstream server IPs

This will avoid overwritting the IP when more than one upstream DNS server uses the same name

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 scripts/js/charts.js | 4 ++--
 scripts/js/index.js  | 9 +++------
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/scripts/js/charts.js b/scripts/js/charts.js
index 224abda7..860637c9 100644
--- a/scripts/js/charts.js
+++ b/scripts/js/charts.js
@@ -5,7 +5,7 @@
  *  This file is copyright under the latest version of the EUPL.
  *  Please see LICENSE file for your rights under this license. */
 
-/* global upstreams:false */
+/* global upstreamIPs:false */
 
 "use strict";
 
@@ -98,7 +98,7 @@ globalThis.htmlLegendPlugin = {
           link.href = `queries?type=${item.text}`;
         } else {
           // Encode the forward destination as it may contain an "#" character
-          link.href = `queries?upstream=${encodeURIComponent(upstreams[item.text])}`;
+          link.href = `queries?upstream=${encodeURIComponent(upstreamIPs[item.index])}`;
         }
       } else {
         // no clickable links in other charts
diff --git a/scripts/js/index.js b/scripts/js/index.js
index 9bf49555..f9edc9d5 100644
--- a/scripts/js/index.js
+++ b/scripts/js/index.js
@@ -226,7 +226,7 @@ function updateClientsOverTime() {
     });
 }
 
-const upstreams = {};
+const upstreamIPs = [];
 function updateForwardDestinationsPie() {
   $.getJSON(document.body.dataset.apiurl + "/stats/upstreams", data => {
     const v = [];
@@ -248,11 +248,8 @@ function updateForwardDestinationsPie() {
         label += "#" + item.port;
       }
 
-      // Store upstreams for generating links to the Query Log
-      upstreams[label] = item.ip;
-      if (item.port > 0) {
-        upstreams[label] += "#" + item.port;
-      }
+      // Store upstreams IPs for generating links to the Query Log
+      upstreamIPs.push(item.port > 0 ? item.ip + "#" + item.port : item.ip);
 
       const percent = (100 * item.count) / sum;
       values.push([label, percent, THEME_COLORS[i++ % THEME_COLORS.length]]);

From af471bec94f5af01df071d61ef2f08f4b86e777d Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Mon, 15 Sep 2025 22:32:09 -0300
Subject: [PATCH 32/60] Show the upstream server IP on the title tooltip

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 scripts/js/charts.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/js/charts.js b/scripts/js/charts.js
index 860637c9..967b4bc2 100644
--- a/scripts/js/charts.js
+++ b/scripts/js/charts.js
@@ -99,6 +99,12 @@ globalThis.htmlLegendPlugin = {
         } else {
           // Encode the forward destination as it may contain an "#" character
           link.href = `queries?upstream=${encodeURIComponent(upstreamIPs[item.index])}`;
+
+          // If server name and IP are different, replace the title tooltip
+          // including the upstream IP to the text
+          if (item.text !== upstreamIPs[item.index]) {
+            link.title = `List ${item.text} (${upstreamIPs[item.index]}) queries`;
+          }
         }
       } else {
         // no clickable links in other charts

From ca57bcfb5c7c388562c0dd9c77be2de8cbe5ebc4 Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Tue, 16 Sep 2025 16:47:03 -0300
Subject: [PATCH 33/60] Include the upstream DNS server name to the link, when
 needed

The link must send the "upstream" parameter in exactly the same format used
by the "suggestions" API.
The format is: "upstream=<IP>#<port> (<servername>)".
This will ensure that when a link is clicked, the correct server name will
be highlighted in the SELECT element on the queries.lp page and no other
OPTION element will be created.

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 scripts/js/charts.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/js/charts.js b/scripts/js/charts.js
index 967b4bc2..8dc24023 100644
--- a/scripts/js/charts.js
+++ b/scripts/js/charts.js
@@ -100,10 +100,14 @@ globalThis.htmlLegendPlugin = {
           // Encode the forward destination as it may contain an "#" character
           link.href = `queries?upstream=${encodeURIComponent(upstreamIPs[item.index])}`;
 
-          // If server name and IP are different, replace the title tooltip
-          // including the upstream IP to the text
+          // If server name and IP are different:
           if (item.text !== upstreamIPs[item.index]) {
+            // replace the title tooltip to include the upstream IP to the text ...
             link.title = `List ${item.text} (${upstreamIPs[item.index]}) queries`;
+
+            // ... and include the server name (without port) to the querystring, to match
+            // the text used on the SELECT element (sent by suggestions API endpoint)
+            link.href += ` (${item.text.split("#")[0]})`;
           }
         }
       } else {

From 115b7a858b6b7d41f578d7942989ac2d6790ef89 Mon Sep 17 00:00:00 2001
From: H3xCat <2304691+h3xcat@users.noreply.github.com>
Date: Wed, 17 Sep 2025 23:30:59 -0700
Subject: [PATCH 34/60] Fix closing head tag formatting

Signed-off-by: H3xCat <2304691+h3xcat@users.noreply.github.com>
---
 error403.lp | 1 +
 error404.lp | 1 +
 login.lp    | 1 +
 3 files changed, 3 insertions(+)

diff --git a/error403.lp b/error403.lp
index e9e41c51..eb28cb64 100644
--- a/error403.lp
+++ b/error403.lp
@@ -9,6 +9,7 @@
 
 mg.include('scripts/lua/header.lp','r')
 ?>
+</head>
 <body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(mg.request_info.request_uri)?>">
     <div class="box login-box">
         <section style="padding: 15px;">
diff --git a/error404.lp b/error404.lp
index 7dc63e9f..ec6560e4 100644
--- a/error404.lp
+++ b/error404.lp
@@ -9,6 +9,7 @@
 
 mg.include('scripts/lua/header.lp','r')
 ?>
+</head>
 <body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(mg.request_info.request_uri)?>">
     <div class="box login-box">
         <section style="padding: 15px;">
diff --git a/login.lp b/login.lp
index 1ac17150..1b757925 100644
--- a/login.lp
+++ b/login.lp
@@ -9,6 +9,7 @@
 
 mg.include('scripts/lua/header.lp','r')
 ?>
+</head>
 <body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(mg.request_info.request_uri)?>" data-apiurl="<?=pihole.api_url()?>" data-webhome="<?=webhome?>">
 <div class="box login-box" id="login-box">
     <section style="padding: 15px;">

From ec5f8b7037513eeccb478ff0bfa0f1911300902a Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Fri, 19 Sep 2025 16:21:35 -0300
Subject: [PATCH 35/60] Add offset effect on hover to the doughnut charts

We need to add a small padding to avoid "clipping" the arc/slice.
This happens because when an arc/slice expands, it grows beyond the canvas
limits and get clipped.

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 scripts/js/index.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/scripts/js/index.js b/scripts/js/index.js
index f9edc9d5..3eb1e6ce 100644
--- a/scripts/js/index.js
+++ b/scripts/js/index.js
@@ -890,6 +890,8 @@ $(() => {
         elements: {
           arc: {
             borderColor: $(".box").css("background-color"),
+            hoverBorderColor: $(".box").css("background-color"),
+            hoverOffset: 10,
           },
         },
         plugins: {
@@ -914,6 +916,9 @@ $(() => {
         animation: {
           duration: 750,
         },
+        layout: {
+          padding: 10,
+        },
       },
     });
 
@@ -936,6 +941,8 @@ $(() => {
         elements: {
           arc: {
             borderColor: $(".box").css("background-color"),
+            hoverBorderColor: $(".box").css("background-color"),
+            hoverOffset: 10,
           },
         },
         plugins: {
@@ -960,6 +967,9 @@ $(() => {
         animation: {
           duration: 750,
         },
+        layout: {
+          padding: 10,
+        },
       },
     });
 

From c6a2e8572e0a75e482cf79d490c94ac986d93611 Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Fri, 19 Sep 2025 17:05:49 -0300
Subject: [PATCH 36/60] Trigger the offset effect when the mouse is over a
 legend item

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 scripts/js/charts.js | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/scripts/js/charts.js b/scripts/js/charts.js
index 8dc24023..707c6f79 100644
--- a/scripts/js/charts.js
+++ b/scripts/js/charts.js
@@ -63,6 +63,23 @@ globalThis.htmlLegendPlugin = {
     for (const item of items) {
       const li = document.createElement("li");
 
+      // Select the corresponding "slice" of the chart when the mouse is over a legend item
+      li.addEventListener("mouseover", () => {
+        chart.setActiveElements([
+          {
+            datasetIndex: 0,
+            index: item.index,
+          },
+        ]);
+        chart.update();
+      });
+
+      // Deselect all "slices"
+      li.addEventListener("mouseout", () => {
+        chart.setActiveElements([]);
+        chart.update();
+      });
+
       // Color checkbox (toggle visibility)
       const boxSpan = document.createElement("span");
       boxSpan.title = "Toggle visibility";

From 8e9658e099276745417d454dfc25d704e3fca280 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sun, 28 Sep 2025 10:42:12 +0200
Subject: [PATCH 37/60] Rename config key dns.domain > dns.domain.name

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 settings-dns.lp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/settings-dns.lp b/settings-dns.lp
index e88c9db3..547fde8b 100644
--- a/settings-dns.lp
+++ b/settings-dns.lp
@@ -59,7 +59,7 @@ mg.include('scripts/lua/settings_header.lp','r')
         </div>
         <div class="box box-warning settings-level-expert d-none">
             <div class="box-header with-border">
-                <h3 class="box-title" data-configkeys="dns.domain dns.expandHosts">DNS domain settings</h3>
+                <h3 class="box-title" data-configkeys="dns.domain.name dns.expandHosts">DNS domain settings</h3>
             </div>
             <div class="box-body">
                 <div class="row">
@@ -68,7 +68,7 @@ mg.include('scripts/lua/settings_header.lp','r')
                         <div class="form-group">
                             <div class="input-group">
                                 <div class="input-group-addon">Domain</div>
-                                <input type="text" class="form-control" id="dns.domain" data-key="dns.domain" value="">
+                                <input type="text" class="form-control" id="dns.domain.name" data-key="dns.domain.name" value="">
                             </div>
                         </div>
                         <p>The DNS domains for your Pi-hole. This DNS domain is purely local. FTL may answer queries from its local cache and configuration but *never* forwards any requests upstream *unless* you have configured a dns.revServer exactly for this domain. If no domain is specified and you are using Pi-hole's DHCP server, then any hostnames with a domain part (i.e., with a period) will be disallowed. If a domain is specified, then hostnames with a domain parts matching the domain here are allowed. In addition, when a suffix is set then hostnames without a domain part have the suffix added as an optional domain part.</p>

From 2dc220326af8f6ce2d567a857d3eca7e76e92f10 Mon Sep 17 00:00:00 2001
From: Dominik <DL6ER@users.noreply.github.com>
Date: Sat, 4 Oct 2025 09:12:15 +0200
Subject: [PATCH 38/60] Improve wording

Co-authored-by: Adam Warner <me@adamwarner.co.uk>
Signed-off-by: Dominik <DL6ER@users.noreply.github.com>
---
 queries.lp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/queries.lp b/queries.lp
index c8cbcaa0..df9a6cbb 100644
--- a/queries.lp
+++ b/queries.lp
@@ -138,7 +138,7 @@ mg.include('scripts/lua/header_authenticated.lp','r')
             </div>
             <!-- /.box-body -->
             <div class="box-footer clearfix">
-                <span class="pull-left">* These input fields allow manual input as well. Use <code>*</code> for wildcard search. The underscore <code>_</code> can be used as a single-character wildcard. If you want to search for an underscore character, escape it like <code>\_</code>.</span>
+                <span class="pull-left">* These input fields allow manual input as well. Use <code>*</code> for wildcard search. An <code>_</code> can be used as a single-character wildcard. If you want to search for <code>_</code> explicitly, then you must escape it like <code>\_</code></span>
                 <span class="pull-right">Click "Refresh" below to apply.</span>
             </div>
             <!-- /.box -->

From a45a6c4699259a6c084e91468c0e84685aba4497 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 4 Oct 2025 10:04:18 +0000
Subject: [PATCH 39/60] build(deps-dev): bump eslint from 9.34.0 to 9.37.0

Bumps [eslint](https://github.com/eslint/eslint) from 9.34.0 to 9.37.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.34.0...v9.37.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 53 +++++++++++++++++++++++++----------------------
 package.json      |  2 +-
 2 files changed, 29 insertions(+), 26 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2e4a7bde..6da97cfe 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -37,7 +37,7 @@
       },
       "devDependencies": {
         "autoprefixer": "^10.4.21",
-        "eslint": "^9.34.0",
+        "eslint": "^9.37.0",
         "eslint-plugin-compat": "^6.0.2",
         "globals": "^16.3.0",
         "postcss": "^8.5.6",
@@ -126,9 +126,9 @@
       }
     },
     "node_modules/@eslint-community/eslint-utils": {
-      "version": "4.7.0",
-      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
-      "integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==",
+      "version": "4.9.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz",
+      "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -183,19 +183,22 @@
       }
     },
     "node_modules/@eslint/config-helpers": {
-      "version": "0.3.1",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.3.1.tgz",
-      "integrity": "sha512-xR93k9WhrDYpXHORXpxVL5oHj3Era7wo6k/Wd8/IsQNnZUTzkGS29lyn3nAT05v6ltUuTFVCCYDEGfy2Or/sPA==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz",
+      "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==",
       "dev": true,
       "license": "Apache-2.0",
+      "dependencies": {
+        "@eslint/core": "^0.16.0"
+      },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
     "node_modules/@eslint/core": {
-      "version": "0.15.2",
-      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.15.2.tgz",
-      "integrity": "sha512-78Md3/Rrxh83gCxoUc0EiciuOHsIITzLy53m3d9UyiW8y9Dj2D29FeETqyKA+BRK76tnTp6RXWb3pCay8Oyomg==",
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.16.0.tgz",
+      "integrity": "sha512-nmC8/totwobIiFcGkDza3GIKfAw1+hLiYVrh3I1nIomQ8PEr5cxg34jnkmGawul/ep52wGRAcyeDCNtWKSOj4Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -243,9 +246,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.34.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.34.0.tgz",
-      "integrity": "sha512-EoyvqQnBNsV1CWaEJ559rxXL4c8V92gxirbawSmVUOWXlsRxxQXl6LmCpdUblgxgSkDIqKnhzba2SjRTI/A5Rw==",
+      "version": "9.37.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
+      "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -266,13 +269,13 @@
       }
     },
     "node_modules/@eslint/plugin-kit": {
-      "version": "0.3.5",
-      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.3.5.tgz",
-      "integrity": "sha512-Z5kJ+wU3oA7MMIqVR9tyZRtjYPr4OC004Q4Rw7pgOKUOKkJfZ3O24nz3WYfGRpMDNmcOi3TwQOmgm7B7Tpii0w==",
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.4.0.tgz",
+      "integrity": "sha512-sB5uyeq+dwCWyPi31B2gQlVlo+j5brPlWx4yZBrEaRo/nhdDE8Xke1gsGgtiBdaBTxuTkceLVuVt/pclrasb0A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@eslint/core": "^0.15.2",
+        "@eslint/core": "^0.16.0",
         "levn": "^0.4.1"
       },
       "engines": {
@@ -3162,20 +3165,20 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.34.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.34.0.tgz",
-      "integrity": "sha512-RNCHRX5EwdrESy3Jc9o8ie8Bog+PeYvvSR8sDGoZxNFTvZ4dlxUB3WzQ3bQMztFrSRODGrLLj8g6OFuGY/aiQg==",
+      "version": "9.37.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
+      "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@eslint-community/eslint-utils": "^4.2.0",
+        "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.1",
         "@eslint/config-array": "^0.21.0",
-        "@eslint/config-helpers": "^0.3.1",
-        "@eslint/core": "^0.15.2",
+        "@eslint/config-helpers": "^0.4.0",
+        "@eslint/core": "^0.16.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.34.0",
-        "@eslint/plugin-kit": "^0.3.5",
+        "@eslint/js": "9.37.0",
+        "@eslint/plugin-kit": "^0.4.0",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@humanwhocodes/retry": "^0.4.2",
diff --git a/package.json b/package.json
index db5cbb2c..d1e6dbe3 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
   },
   "devDependencies": {
     "autoprefixer": "^10.4.21",
-    "eslint": "^9.34.0",
+    "eslint": "^9.37.0",
     "eslint-plugin-compat": "^6.0.2",
     "globals": "^16.3.0",
     "postcss": "^8.5.6",

From 078e34c96dc672455769178841a9f5857a6f5142 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sat, 4 Oct 2025 22:21:06 +0200
Subject: [PATCH 40/60] Adjust domain count according to
 https://github.com/pi-hole/FTL/pull/2177

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/footer.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/scripts/js/footer.js b/scripts/js/footer.js
index 7856c137..34228e15 100644
--- a/scripts/js/footer.js
+++ b/scripts/js/footer.js
@@ -241,23 +241,23 @@ function updateFtlInfo() {
       $("#num_lists").text(intl.format(database.lists));
       $("#num_gravity").text(intl.format(database.gravity));
       $("#num_allowed")
-        .text(intl.format(database.domains.allowed + database.regex.allowed))
+        .text(intl.format(database.domains.allowed.enabled + database.regex.allowed.enabled))
         .attr(
           "title",
           "Allowed: " +
-            intl.format(database.domains.allowed) +
+            intl.format(database.domains.allowed.enabled) +
             " exact domains and " +
-            intl.format(database.regex.allowed) +
+            intl.format(database.regex.allowed.enabled) +
             " regex filters are enabled"
         );
       $("#num_denied")
-        .text(intl.format(database.domains.denied + database.regex.denied))
+        .text(intl.format(database.domains.denied.enabled + database.regex.denied.enabled))
         .attr(
           "title",
           "Denied: " +
-            intl.format(database.domains.denied) +
+            intl.format(database.domains.denied.enabled) +
             " exact domains and " +
-            intl.format(database.regex.denied) +
+            intl.format(database.regex.denied.enabled) +
             " regex filters are enabled"
         );
       updateQueryFrequency(intl, ftl.query_frequency);

From 4b5697c7be5aa367e2e22c8635dbf82ac09b099d Mon Sep 17 00:00:00 2001
From: Adam Warner <me@adamwarner.co.uk>
Date: Sat, 4 Oct 2025 22:35:27 +0100
Subject: [PATCH 41/60] Fix addList function to include type in API request URL

Signed-off-by: Adam Warner <me@adamwarner.co.uk>
---
 scripts/js/groups-lists.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/js/groups-lists.js b/scripts/js/groups-lists.js
index 6dc3d56a..47c3db92 100644
--- a/scripts/js/groups-lists.js
+++ b/scripts/js/groups-lists.js
@@ -515,12 +515,12 @@ function addList(event) {
   }
 
   $.ajax({
-    url: document.body.dataset.apiurl + "/lists",
+    url: document.body.dataset.apiurl + "/lists?type=" + encodeURIComponent(type),
     method: "post",
     dataType: "json",
     processData: false,
     contentType: "application/json; charset=utf-8",
-    data: JSON.stringify({ address: addresses, comment, type, groups: group }),
+    data: JSON.stringify({ address: addresses, comment, groups: group }),
     success(data) {
       utils.enableAll();
       utils.listsAlert(type + "list", addresses, data);

From dd94c5172261c920fa097d349cd7ca4a02630102 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 4 Oct 2025 22:06:43 +0000
Subject: [PATCH 42/60] build(deps): bump actions/setup-node from 4.4.0 to
 5.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4.4.0...v5.0.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 440522ab..88892408 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -24,7 +24,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 #v4.4.0
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 #v5.0.0
         with:
           node-version: "22.x"
           cache: npm

From c9970e3ec7890ec04be5fd2a3822bb7d12c4c843 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 4 Oct 2025 22:06:51 +0000
Subject: [PATCH 43/60] build(deps): bump actions/stale from 9.1.0 to 10.1.0

Bumps [actions/stale](https://github.com/actions/stale) from 9.1.0 to 10.1.0.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9.1.0...v10.1.0)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/stale.yml    | 2 +-
 .github/workflows/stale_pr.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 21b13866..ef651f03 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -17,7 +17,7 @@ jobs:
       issues: write
 
     steps:
-      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 #v10.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30
diff --git a/.github/workflows/stale_pr.yml b/.github/workflows/stale_pr.yml
index 6ff2e578..79102019 100644
--- a/.github/workflows/stale_pr.yml
+++ b/.github/workflows/stale_pr.yml
@@ -16,7 +16,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 #v9.1.0
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 #v10.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           # Do not automatically mark PR/issue as stale

From f3650511fd4adccc16f15397538b179c33856b3f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 4 Oct 2025 22:06:56 +0000
Subject: [PATCH 44/60] build(deps): bump github/codeql-action from 3.29.11 to
 3.30.6

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.11 to 3.30.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3.29.11...v3.30.6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ed016761..980902c7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
+        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 #v3.30.6
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
+        uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 #v3.30.6
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@96f518a34f7a870018057716cc4d7a5c014bd61c #v3.29.10
+        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 #v3.30.6
         with:
           category: "/language:javascript"

From 35055bab383543ddcb5b25edf5e872bd090b302e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 4 Oct 2025 22:12:30 +0000
Subject: [PATCH 45/60] build(deps-dev): bump globals from 16.3.0 to 16.4.0

Bumps [globals](https://github.com/sindresorhus/globals) from 16.3.0 to 16.4.0.
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v16.3.0...v16.4.0)

---
updated-dependencies:
- dependency-name: globals
  dependency-version: 16.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6da97cfe..b9184e85 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,7 +39,7 @@
         "autoprefixer": "^10.4.21",
         "eslint": "^9.37.0",
         "eslint-plugin-compat": "^6.0.2",
-        "globals": "^16.3.0",
+        "globals": "^16.4.0",
         "postcss": "^8.5.6",
         "postcss-cli": "^11.0.1",
         "prettier": "^3.6.2",
@@ -4626,9 +4626,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "16.3.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-16.3.0.tgz",
-      "integrity": "sha512-bqWEnJ1Nt3neqx2q5SFfGS8r/ahumIakg3HcwtNlrVlwXIeNumWn/c7Pn/wKzGhf6SaW6H6uWXLqC30STCMchQ==",
+      "version": "16.4.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-16.4.0.tgz",
+      "integrity": "sha512-ob/2LcVVaVGCYN+r14cnwnoDPUufjiYgSqRhiFD0Q1iI4Odora5RE8Iv1D24hAz5oMophRGkGz+yuvQmmUMnMw==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index d1e6dbe3..90459238 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
     "autoprefixer": "^10.4.21",
     "eslint": "^9.37.0",
     "eslint-plugin-compat": "^6.0.2",
-    "globals": "^16.3.0",
+    "globals": "^16.4.0",
     "postcss": "^8.5.6",
     "postcss-cli": "^11.0.1",
     "prettier": "^3.6.2",

From 2fdf373fd801dd8b59460690e8b1c0a0bb2ebe4b Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sun, 5 Oct 2025 09:12:22 +0200
Subject: [PATCH 46/60] Also pin editorconfigchecker by sha

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 .github/workflows/editorconfig-checker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/editorconfig-checker.yml b/.github/workflows/editorconfig-checker.yml
index 750705d0..04d83ef6 100644
--- a/.github/workflows/editorconfig-checker.yml
+++ b/.github/workflows/editorconfig-checker.yml
@@ -13,5 +13,5 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
-      - uses: editorconfig-checker/action-editorconfig-checker@main # tag v2. is really out of date
+      - uses: editorconfig-checker/action-editorconfig-checker@f40bac9e7d9e7d298fbe36b83e1eff8f0de13fb8 # tag v2. is really out of date
       - run: editorconfig-checker

From 4f114352913b53bb4ca0baa4e11b6a6becac569a Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Mon, 6 Oct 2025 21:18:46 +0200
Subject: [PATCH 47/60] Update FTL %cpu and %mem everytime total CPU stats are
 updated

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/footer.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/js/footer.js b/scripts/js/footer.js
index 34228e15..2eee803c 100644
--- a/scripts/js/footer.js
+++ b/scripts/js/footer.js
@@ -261,8 +261,6 @@ function updateFtlInfo() {
             " regex filters are enabled"
         );
       updateQueryFrequency(intl, ftl.query_frequency);
-      $("#sysinfo-cpu-ftl").text("(" + ftl["%cpu"].toFixed(1) + "% used by FTL)");
-      $("#sysinfo-ram-ftl").text("(" + ftl["%mem"].toFixed(1) + "% used by FTL)");
       $("#sysinfo-pid-ftl").text(ftl.pid);
       const startdate = moment()
         .subtract(ftl.uptime, "milliseconds")
@@ -368,6 +366,9 @@ function updateSystemInfo() {
           " processes"
       );
 
+      $("#sysinfo-cpu-ftl").text("(" + system.ftl["%cpu"].toFixed(1) + "% used by FTL)");
+      $("#sysinfo-ram-ftl").text("(" + system.ftl["%mem"].toFixed(1) + "% used by FTL)");
+
       const startdate = moment()
         .subtract(system.uptime, "seconds")
         .format("dddd, MMMM Do YYYY, HH:mm:ss");

From 507fde4edf2b118219f8a194fad741e20196f5a7 Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Mon, 6 Oct 2025 18:55:04 -0300
Subject: [PATCH 48/60] Add CPU usage percentage to the Load tooltip

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 scripts/js/footer.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/scripts/js/footer.js b/scripts/js/footer.js
index 2eee803c..a26b2740 100644
--- a/scripts/js/footer.js
+++ b/scripts/js/footer.js
@@ -344,15 +344,17 @@ function updateSystemInfo() {
       );
       $("#cpu").prop(
         "title",
-        "Load averages for the past 1, 5, and 15 minutes\non a system with " +
+        "CPU usage: " +
+          system.cpu["%cpu"].toFixed(1) +
+          "%\nLoad averages for the past 1, 5, and 15 minutes\non a system with " +
           system.cpu.nprocs +
           " core" +
           (system.cpu.nprocs > 1 ? "s" : "") +
           " running " +
           system.procs +
-          " processes " +
+          " processes" +
           (system.cpu.load.raw[0] > system.cpu.nprocs
-            ? " (load is higher than the number of cores)"
+            ? "\n(load is higher than the number of cores)"
             : "")
       );
       $("#sysinfo-cpu").text(

From bc681503c35769e13e327b42edef52ce241bf8d7 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sat, 11 Oct 2025 09:50:42 +0200
Subject: [PATCH 49/60] Clarify uptime in container matching the host uptime
 with a tooltip

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 settings-system.lp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings-system.lp b/settings-system.lp
index 9bde072a..171ad73a 100644
--- a/settings-system.lp
+++ b/settings-system.lp
@@ -44,7 +44,7 @@ mg.include('scripts/lua/settings_header.lp','r')
                                     <th scope="row">Kernel:</th>
                                     <td><span id="sysinfo-kernel"></span></td>
                                 </tr>
-                                <tr>
+                                <tr title="The machine uptime. For containers, this will match the host uptime">
                                     <th scope="row">Uptime:</th>
                                     <td><span id="sysinfo-uptime"></span></td>
                                 </tr>

From ea497c6171c6917b47b0cef82ddab74e33211067 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 11 Oct 2025 10:03:59 +0000
Subject: [PATCH 50/60] build(deps): bump
 editorconfig-checker/action-editorconfig-checker

Bumps [editorconfig-checker/action-editorconfig-checker](https://github.com/editorconfig-checker/action-editorconfig-checker) from f40bac9e7d9e7d298fbe36b83e1eff8f0de13fb8 to 1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4.
- [Release notes](https://github.com/editorconfig-checker/action-editorconfig-checker/releases)
- [Commits](https://github.com/editorconfig-checker/action-editorconfig-checker/compare/f40bac9e7d9e7d298fbe36b83e1eff8f0de13fb8...1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4)

---
updated-dependencies:
- dependency-name: editorconfig-checker/action-editorconfig-checker
  dependency-version: 1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/editorconfig-checker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/editorconfig-checker.yml b/.github/workflows/editorconfig-checker.yml
index 04d83ef6..65a3a7b6 100644
--- a/.github/workflows/editorconfig-checker.yml
+++ b/.github/workflows/editorconfig-checker.yml
@@ -13,5 +13,5 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
-      - uses: editorconfig-checker/action-editorconfig-checker@f40bac9e7d9e7d298fbe36b83e1eff8f0de13fb8 # tag v2. is really out of date
+      - uses: editorconfig-checker/action-editorconfig-checker@1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4 # tag v2. is really out of date
       - run: editorconfig-checker

From 56a5cd6359be51a05cd0b60fb06e34cca6c0abf1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 11 Oct 2025 10:04:10 +0000
Subject: [PATCH 51/60] build(deps): bump github/codeql-action from 3.30.6 to
 4.30.8

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.6 to 4.30.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/64d10c13136e1c5bce3e5fbde8d4906eeaafc885...f443b600d91635bebf5b0d9ebc620189c0d6fba5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.30.8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 980902c7..01fa4cdf 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 #v3.30.6
+        uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 #v3.30.6
+        uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 #v3.30.6
+        uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
         with:
           category: "/language:javascript"

From 9cdb31086d6f96dbe02a8c0d03215c88c5dc3852 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 11 Oct 2025 10:04:26 +0000
Subject: [PATCH 52/60] build(deps-dev): bump xo from 1.2.2 to 1.2.3

Bumps [xo](https://github.com/xojs/xo) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/xojs/xo/releases)
- [Commits](https://github.com/xojs/xo/compare/v1.2.2...v1.2.3)

---
updated-dependencies:
- dependency-name: xo
  dependency-version: 1.2.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b9184e85..1457c727 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -43,7 +43,7 @@
         "postcss": "^8.5.6",
         "postcss-cli": "^11.0.1",
         "prettier": "^3.6.2",
-        "xo": "^1.2.2"
+        "xo": "^1.2.3"
       }
     },
     "node_modules/@babel/code-frame": {
@@ -8880,9 +8880,9 @@
       "license": "ISC"
     },
     "node_modules/xo": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/xo/-/xo-1.2.2.tgz",
-      "integrity": "sha512-8l565N0q5ROdSez8flcltMt1gi8OiEEYR1sGiRqc+QRrGf0Z8NEbhPkxYRrHn36iF+Hmyles79036LwuKREA5w==",
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/xo/-/xo-1.2.3.tgz",
+      "integrity": "sha512-ykvWr88620CwealQwr7nWcPwolE6RMAVsCSBIdF3JnVdQUBAllnBJypSPsu0YYFzWTrJjQfNgH82lnWMPVTXnA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index 90459238..b565b07c 100644
--- a/package.json
+++ b/package.json
@@ -59,7 +59,7 @@
     "postcss": "^8.5.6",
     "postcss-cli": "^11.0.1",
     "prettier": "^3.6.2",
-    "xo": "^1.2.2"
+    "xo": "^1.2.3"
   },
   "browserslist": [
     ">= 0.5%",

From d4441bd4aae95cbc3084ccbe12a246993c077b52 Mon Sep 17 00:00:00 2001
From: Jon <jprusik@classynemesis.com>
Date: Sat, 11 Oct 2025 19:00:34 -0400
Subject: [PATCH 53/60] Adjust BitWarden to Bitwarden

Signed-off-by: Jonathan Prusik <jprusik@classynemesis.com>
---
 settings-api.lp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings-api.lp b/settings-api.lp
index 2331abd6..493c315d 100644
--- a/settings-api.lp
+++ b/settings-api.lp
@@ -180,7 +180,7 @@ mg.include('scripts/lua/settings_header.lp','r')
                 <h4 class="modal-title">Enable two-factor authentication</h4>
             </div>
             <div class="modal-body">
-                <p>Use a phone app like Google Authenticator, 2FA Authenticator, FreeOTP or BitWarden, etc. to get 2FA codes when prompted during login.</p>
+                <p>Use a phone app like Google Authenticator, 2FA Authenticator, FreeOTP or Bitwarden, etc. to get 2FA codes when prompted during login.</p>
                 <p>1. Scan the QR code below with your app or enter the secret manually.</p>
                 <div class="text-center">
                     <i id="qrcode-spinner" class="fas fa-spinner fa-pulse fa-5x"></i>

From febc2b870a05f976a0591a14f8f7bb99379ba162 Mon Sep 17 00:00:00 2001
From: yubiuser <github@yubiuser.dev>
Date: Sun, 12 Oct 2025 15:43:37 +0200
Subject: [PATCH 54/60] Escape all lines to also prevent XSS for non-domain
 entries

Signed-off-by: yubiuser <github@yubiuser.dev>
---
 scripts/js/gravity.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scripts/js/gravity.js b/scripts/js/gravity.js
index 06fc4c3a..425abdaa 100644
--- a/scripts/js/gravity.js
+++ b/scripts/js/gravity.js
@@ -89,10 +89,11 @@ function parseLines(outputElement, text) {
   const lines = text.split(/(?=\r)/g);
 
   for (let line of lines) {
+    // Escape HTML to prevent XSS attacks (both in adlist URL and non-domain entries)
+    line = utils.escapeHtml(line);
     if (line[0] === "\r") {
       // This line starts with the "OVER" sequence. Replace them with "\n" before print
-      // we also escape HTML to prevent XSS attacks
-      line = utils.escapeHtml(line.replaceAll("\r\u001B[K", "\n").replaceAll("\r", "\n"));
+      line = line.replaceAll("\r\u001B[K", "\n").replaceAll("\r", "\n");
 
       // Last line from the textarea will be overwritten, so we remove it
       const lastLineIndex = outputElement.innerHTML.lastIndexOf("\n");

From ee30c9f20b37b89cfe0b0b7ad30bb50f8dccb3a4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 18 Oct 2025 10:03:08 +0000
Subject: [PATCH 55/60] build(deps): bump actions/setup-node from 5.0.0 to
 6.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/a0853c24544627f65ddf259abe73b1d18a591444...2028fbc5c25fe9cf00d9f06a71cc4710d4507903)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 88892408..b8b17260 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -24,7 +24,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Node.js
-        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 #v5.0.0
+        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 #v6.0.0
         with:
           node-version: "22.x"
           cache: npm

From 95b837cd50c968c20a1e7720253018fa3edc316c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 18 Oct 2025 10:03:11 +0000
Subject: [PATCH 56/60] build(deps): bump
 editorconfig-checker/action-editorconfig-checker

Bumps [editorconfig-checker/action-editorconfig-checker](https://github.com/editorconfig-checker/action-editorconfig-checker) from 1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4 to 5ecdd656fe347c26f76b1b435b90e1d74fb5e787.
- [Release notes](https://github.com/editorconfig-checker/action-editorconfig-checker/releases)
- [Commits](https://github.com/editorconfig-checker/action-editorconfig-checker/compare/1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4...5ecdd656fe347c26f76b1b435b90e1d74fb5e787)

---
updated-dependencies:
- dependency-name: editorconfig-checker/action-editorconfig-checker
  dependency-version: 5ecdd656fe347c26f76b1b435b90e1d74fb5e787
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/editorconfig-checker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/editorconfig-checker.yml b/.github/workflows/editorconfig-checker.yml
index 65a3a7b6..5a081611 100644
--- a/.github/workflows/editorconfig-checker.yml
+++ b/.github/workflows/editorconfig-checker.yml
@@ -13,5 +13,5 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
         with:
           persist-credentials: false
-      - uses: editorconfig-checker/action-editorconfig-checker@1a41284d59c6fe7f1b21ddc4a2b36400a33dc1b4 # tag v2. is really out of date
+      - uses: editorconfig-checker/action-editorconfig-checker@5ecdd656fe347c26f76b1b435b90e1d74fb5e787 # tag v2. is really out of date
       - run: editorconfig-checker

From ee2a3ee30c3e3aedf453466cfc0c8d9aa66f5981 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 18 Oct 2025 10:03:22 +0000
Subject: [PATCH 57/60] build(deps): bump github/codeql-action from 4.30.8 to
 4.30.9

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.30.8 to 4.30.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f443b600d91635bebf5b0d9ebc620189c0d6fba5...16140ae1a102900babc80a33c44059580f687047)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.30.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 01fa4cdf..27be9826 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
+        uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 #v4.30.9
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
           queries: +security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
+        uses: github/codeql-action/autobuild@16140ae1a102900babc80a33c44059580f687047 #v4.30.9
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@f443b600d91635bebf5b0d9ebc620189c0d6fba5 #v4.30.8
+        uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 #v4.30.9
         with:
           category: "/language:javascript"

From 7a2197820d7f86cba383aac0ea376657c8d40e72 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 18 Oct 2025 10:03:31 +0000
Subject: [PATCH 58/60] build(deps-dev): bump eslint from 9.37.0 to 9.38.0

Bumps [eslint](https://github.com/eslint/eslint) from 9.37.0 to 9.38.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.37.0...v9.38.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.38.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 41 ++++++++++++++++++++---------------------
 package.json      |  2 +-
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1457c727..feb8a15e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -37,7 +37,7 @@
       },
       "devDependencies": {
         "autoprefixer": "^10.4.21",
-        "eslint": "^9.37.0",
+        "eslint": "^9.38.0",
         "eslint-plugin-compat": "^6.0.2",
         "globals": "^16.4.0",
         "postcss": "^8.5.6",
@@ -168,13 +168,13 @@
       }
     },
     "node_modules/@eslint/config-array": {
-      "version": "0.21.0",
-      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.0.tgz",
-      "integrity": "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ==",
+      "version": "0.21.1",
+      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.1.tgz",
+      "integrity": "sha512-aw1gNayWpdI/jSYVgzN5pL0cfzU02GT3NBpeT/DXbx1/1x7ZKxFPd9bwrzygx/qiwIQiJ1sw/zD8qY/kRvlGHA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@eslint/object-schema": "^2.1.6",
+        "@eslint/object-schema": "^2.1.7",
         "debug": "^4.3.1",
         "minimatch": "^3.1.2"
       },
@@ -183,9 +183,9 @@
       }
     },
     "node_modules/@eslint/config-helpers": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz",
-      "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==",
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.1.tgz",
+      "integrity": "sha512-csZAzkNhsgwb0I/UAV6/RGFTbiakPCf0ZrGmrIxQpYvGZ00PhTkSnyKNolphgIvmnJeGw6rcGVEXfTzUnFuEvw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -246,9 +246,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.37.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz",
-      "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==",
+      "version": "9.38.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.38.0.tgz",
+      "integrity": "sha512-UZ1VpFvXf9J06YG9xQBdnzU+kthors6KjhMAl6f4gH4usHyh31rUf2DLGInT8RFYIReYXNSydgPY0V2LuWgl7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -259,9 +259,9 @@
       }
     },
     "node_modules/@eslint/object-schema": {
-      "version": "2.1.6",
-      "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.6.tgz",
-      "integrity": "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA==",
+      "version": "2.1.7",
+      "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.7.tgz",
+      "integrity": "sha512-VtAOaymWVfZcmZbp6E2mympDIHvyjXs/12LqWYjVw6qjrfF+VK+fyG33kChz3nnK+SU5/NeHOqrTEHS8sXO3OA==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -3165,25 +3165,24 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.37.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz",
-      "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==",
+      "version": "9.38.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.38.0.tgz",
+      "integrity": "sha512-t5aPOpmtJcZcz5UJyY2GbvpDlsK5E8JqRqoKtfiKE3cNh437KIqfJr3A3AKf5k64NPx6d0G3dno6XDY05PqPtw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.1",
-        "@eslint/config-array": "^0.21.0",
-        "@eslint/config-helpers": "^0.4.0",
+        "@eslint/config-array": "^0.21.1",
+        "@eslint/config-helpers": "^0.4.1",
         "@eslint/core": "^0.16.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.37.0",
+        "@eslint/js": "9.38.0",
         "@eslint/plugin-kit": "^0.4.0",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@humanwhocodes/retry": "^0.4.2",
         "@types/estree": "^1.0.6",
-        "@types/json-schema": "^7.0.15",
         "ajv": "^6.12.4",
         "chalk": "^4.0.0",
         "cross-spawn": "^7.0.6",
diff --git a/package.json b/package.json
index b565b07c..1c38c7a5 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
   },
   "devDependencies": {
     "autoprefixer": "^10.4.21",
-    "eslint": "^9.37.0",
+    "eslint": "^9.38.0",
     "eslint-plugin-compat": "^6.0.2",
     "globals": "^16.4.0",
     "postcss": "^8.5.6",

From 8c0f7853519cd9747cc5c8dff26f9d0099943cf7 Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Sun, 13 Jul 2025 02:55:19 -0300
Subject: [PATCH 59/60] Replace `mg.request_info.request_uri` with the variable
 `scriptname`

The information from `mg.request_info.request_uri` depends on the URL typed
by the user. This information was used without any sanitization, allowing
an attacker to send crafted links containing anything, including javascript
code, which could be loaded and executed in a few pages.

Replacing this value with `scriptname` variable fixes the issue, since this
variable contains the name of the file currently being executed. This
information cannot be externally manipulated and it is safe to be used on
the page.

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 error403.lp                         | 2 +-
 error404.lp                         | 2 +-
 login.lp                            | 2 +-
 scripts/lua/header_authenticated.lp | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/error403.lp b/error403.lp
index eb28cb64..f777938a 100644
--- a/error403.lp
+++ b/error403.lp
@@ -10,7 +10,7 @@
 mg.include('scripts/lua/header.lp','r')
 ?>
 </head>
-<body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(mg.request_info.request_uri)?>">
+<body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(scriptname)?>">
     <div class="box login-box">
         <section style="padding: 15px;">
                 <h2 class="error-headline text-danger">403</h2>
diff --git a/error404.lp b/error404.lp
index ec6560e4..db032d50 100644
--- a/error404.lp
+++ b/error404.lp
@@ -10,7 +10,7 @@
 mg.include('scripts/lua/header.lp','r')
 ?>
 </head>
-<body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(mg.request_info.request_uri)?>">
+<body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(scriptname)?>">
     <div class="box login-box">
         <section style="padding: 15px;">
                 <h2 class="error-headline text-yellow">404</h2>
diff --git a/login.lp b/login.lp
index 680ef99e..5816082f 100644
--- a/login.lp
+++ b/login.lp
@@ -10,7 +10,7 @@
 mg.include('scripts/lua/header.lp','r')
 ?>
 </head>
-<body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(mg.request_info.request_uri)?>" data-apiurl="<?=pihole.api_url()?>" data-webhome="<?=webhome?>">
+<body class="hold-transition layout-boxed login-page page-<?=pihole.format_path(scriptname)?>" data-apiurl="<?=pihole.api_url()?>" data-webhome="<?=webhome?>">
 <div class="box login-box" id="login-box">
     <section style="padding: 15px;">
         <div class="login-logo">
diff --git a/scripts/lua/header_authenticated.lp b/scripts/lua/header_authenticated.lp
index 609d7420..c544cf7a 100644
--- a/scripts/lua/header_authenticated.lp
+++ b/scripts/lua/header_authenticated.lp
@@ -24,7 +24,7 @@ mg.include('header.lp','r')
     <script src="<?=pihole.fileversion('vendor/waitMe-js/modernized-waitme-min.js')?>"></script>
     <script src="<?=pihole.fileversion('scripts/js/logout.js')?>"></script>
 </head>
-<body class="<?=theme.name?> hold-transition sidebar-mini <? if pihole.boxedlayout() then ?>layout-boxed<? end ?> logged-in page-<?=pihole.format_path(mg.request_info.request_uri)?>" data-apiurl="<?=pihole.api_url()?>" data-webhome="<?=webhome?>">
+<body class="<?=theme.name?> hold-transition sidebar-mini <? if pihole.boxedlayout() then ?>layout-boxed<? end ?> logged-in page-<?=pihole.format_path(scriptname)?>" data-apiurl="<?=pihole.api_url()?>" data-webhome="<?=webhome?>">
 <noscript>
     <!-- JS Warning -->
     <div>

From 844f16e5e950c37d05b69d2ec8006226e79fec73 Mon Sep 17 00:00:00 2001
From: RD WebDesign <github@rdwebdesign.com.br>
Date: Sun, 19 Oct 2025 18:52:40 -0300
Subject: [PATCH 60/60] Remove `mg.request_info.request_uri` from error403.lp

This page is currently not used because we redirect to login page in case
of unauthenticated access, but I'm removing it just in case we decide to
change how we handle 403 errors in the future.

Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
---
 error403.lp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/error403.lp b/error403.lp
index f777938a..bdf54a4f 100644
--- a/error403.lp
+++ b/error403.lp
@@ -17,7 +17,7 @@ mg.include('scripts/lua/header.lp','r')
                 <div class="error-content">
                     <h3><i class="fa fa-times-circle text-danger"></i> Oops! Access denied.</h3>
                     <p>
-                        You don't have permission to access <code><?=mg.request_info.request_uri?></code> on this server.<br>
+                        You don't have permission to access this URL.<br>
                         Did you mean to go to <a href="<?=pihole.webhome()?>">your Pi-hole's dashboard</a> instead?
                     </p>
             </div>