feat(brand): brand refresh + logotype→wordtype rename + GAMDL v3.7.4 admission + dep bumps (supersedes #929, #931, closes #925)#928
Merged
Conversation
GAMDL v3.7.4 (released 2026-06-12) is a 5-commit upstream reliability patch — 4 functional + 1 version bump. Same admission shape as v3.3 / v3.5 / v3.5.1 / v3.5.2 / v3.7.1. * New audit doc at `.github/audits/gamdl-v3.7.4-audit.md` documents the 5 commits + cross-reference against MeedyaDL's integration surface (gamdl_capabilities / gamdl_options / config_service / download_queue / process / gamdl_service / tool-versions.toml). * `src-tauri/tool-versions.toml [gamdl]` — `maximum_tested_version` and `recommended_version` bumped 3.7.3 → 3.7.4. `minimum_version` stays at 2.9.1. * `.claude/CLAUDE.md` — v3.7.4 admission paragraph appended to the GAMDL support-window history. ## Findings (none require code change) * `a9e7538` — `interface/song.py::_switch_m3u8_master_url_to_default` rewrites HLS variant master URLs to the canonical `_default.m3u8` form. Internal to GAMDL's HLS pipeline; MeedyaDL never inspects m3u8 URLs (only comments reference the debug-log key). * `b66c06a` — `api/apple_music.py` token-extraction regex updated for Apple's `index-legacy-*.js` → `index-*.js` home-page bundle rename + JWT capture tightened. Fixes GAMDL's own `get_token()`; MeedyaDL's `apple_music_api.rs::TokenSource` three-tier chain is independent. * `fb143ad` — `interface/base.py::get_cover_bytes` now uses an explicit 30s timeout + `follow_redirects=True`. Reliability win; MeedyaDL observes the cover-image file outputs, not the HTTP path. * `69c2a8a` — `api/exceptions.py::GamdlApiResponseError.content` typed `Any | None` (was `str | None`); non-string content now JSON-serialised. The `Resource Not Found` literal that `process::is_storefront_mismatch_error` keys on is preserved; `PYTHON_EXCEPTION_REGEX` keys on the class-name prefix, not content. Verified compatible. * `b0c5335` — version bump. No new CLI flags, no INI keys, no output-format changes, no exception classes added, no `GamdlFeature` gate thresholds to advance. ## Verification * `cargo check --lib` — clean * `cargo clippy --lib -- -D warnings` — clean * `cargo test --lib gamdl_capabilities` — 31 / 31 pass (every gate still classifies correctly against the new ceiling)
… the codebase Bundles three related concerns: ## 1. Brand refresh (user-supplied) Every favicon, app icon (ICO / ICNS / PNG), liquidglass variant, and SVG/PNG/GIF/WebP raster in `assets/brand/` and the corresponding `public/` copies has been replaced with the new brand drop. Filenames preserved; binary contents updated. * New animated raster formats added: `.gif` and `.webp` variants of the logo across all colour-blind / dark modes. * New `assets/brand/README.txt` documents the per-folder layout (`public/` for SVG sources + app-icon; `assets/brand/` for raster variants). * New `public/app-icon.icns` + per-CB-mode liquidglass `.icns` files for the Apple Icon Composer foregrounds. ## 2. logotype → wordtype rename Graphics files renamed via `git mv` (preserving git history): * `assets/brand/logotype.svg` → `wordtype.svg` * `assets/brand/logotype.png` + 7 colour-mode variants * `public/logotype.svg` → `wordtype.svg` The wordmark itself is the same artefact — only the terminology changes from "logotype" (industry term) to "wordtype" (project term). Note that `assets/brand-old/` (a local-only archive folder, not tracked in the repo) is left untouched. ## 3. Code reference updates | File | Refs updated | |---|---| | `README.md` | 2 — brand assets header + brand-assets feature description | | `src/components/layout/Sidebar.tsx` | 3 — comments + `/logotype.svg` → `/wordtype.svg` image src | | `assets/brand/brandkit.html` | 25 — section headings, object/img tags, download links, font / file-spec tables | | `assets/brand/README.txt` | 1 — "Unchanged" line | | `scripts/svg-to-apng.mjs` | 12 — render-target name, source file path, `LOGOTYPE_MODES` map, `--logotype-*` CSS custom properties | | `DEV_NOTES.md` | 21 — file/folder spec, animation pipeline, CSS custom property names | | `assets/brand/wordtype.svg` + `public/wordtype.svg` (SVG-internal) | All `--logotype-*` CSS custom properties → `--wordtype-*` (~131 refs each, mostly inside comments + CSS blocks; embedded font base64 untouched) | Verified no external CSS / TSX / Rust reads `--logotype-*` — the only consumers were the SVGs themselves and `svg-to-apng.mjs`. All renamed together in this commit. ## What's NOT touched * `CHANGELOG.md` — historical record, never edited. * `assets/brand-old/` — local-only archive (untracked). * `assets/logo/` — orphan folder, six earlier-version logos with zero active references in code (only one historical mention in CHANGELOG). Left in place; user disposition decision. * `src-tauri/bundled-deps/python/.../mutagen/id3/_specs.py` — third- party Python lib (ID3 BAND_LOGOTYPE / PUBLISHER_LOGOTYPE are ID3 spec terms, unrelated to MeedyaDL's wordmark). * `dist/logotype.svg` — build output, regenerates from `public/wordtype.svg`. ## Verification * `tsc --noEmit` — clean * `npm run lint` — clean * Vitest — 550 / 550 passed * `cargo check --lib` — clean * Full repo scan for `logotype` (excluding intentional skips) — 0 refs
Companion to the brand-refresh commit (97268c3). Replaces every icon Tauri bundles into the OS-installed app: * `src-tauri/icons/*.png` (Windows / macOS sizes from 32×32 to 1024×1024) * `src-tauri/icons/icon.icns`, `icon.ico` (top-level OS icons) * `src-tauri/icons/Square*Logo.png` (Windows tile sizes — Square107, 142, 150, 284, 30, 310, 44, 71, 89) * `src-tauri/icons/StoreLogo.png` (Microsoft Store badge) * `src-tauri/icons/ios/*.png` (iOS AppIcon at every required size) * `src-tauri/icons/android/*.png` + `.xml` (Android adaptive icons + ic_launcher_background colour resource) * `src-tauri/icons/tray/` (new directory — system tray icon variants) Same brand drop as the previous commit; split for cleaner review. The Tauri bundler reads these directly when packaging `.dmg` / `.exe` / `.AppImage` / `.deb` artefacts, so a refresh here is what users will actually see in their OS application list and Dock / Start Menu.
These 6 files (`meedyadl-logo*.svg` / `*.png`) were confirmed orphan during the brand refresh — zero active references anywhere in code, scripts, configs, or runtime UI. Only mention was a single historical entry in CHANGELOG.md (2026-02-05 release notes), which is the correct place for it to stay recorded. Cleared from the working tree to remove confusion with the active brand assets in `assets/brand/`.
Preserves a permanent in-repo snapshot of the prior brand identity before the 2026-06-15 refresh: every favicon (8), app icon variant (macOS .icns + Windows .ico + raster .png across all colour-blind modes and liquidglass treatments), the logo + wordmark (still named `logotype.*` in the archive — the rename only applies to the live `assets/brand/` and `public/` paths), and the old `brandkit.html`. Total: 72 files. Rationale for keeping these in-tree rather than throwing them away: * History — the active brand assets are binary, so `git log -p` won't show meaningful diffs of the old vs new artwork; an explicit archive folder is the only practical way to see the prior version side-by-side. * Reference for future redesigns — when the next iteration happens, having two prior brand drops to compare against gives clear precedent for what's been tried. * CHANGELOG provenance — release notes that mention "brand refresh" can point readers at `assets/brand-old/` for a before/after. The archive uses the unmodified pre-rename filenames (`logotype.*` not `wordtype.*`) — the rename is a code-level convention, not a historical revision.
Equivalent npm + cargo minor-patch updates to PR #930 (which targets main), applied via npm update / cargo update / explicit sharp bump. Required because main and alpha lockfile baselines differ — cherry- picking the lockfile diff would conflict on the divergent baseline. ## npm (matches PR #926 within #930) | Package | Now (alpha) | |---|---| | @sentry/browser | 10.58.0 | | lucide-react | 1.18.0 | | @tailwindcss/postcss | 4.3.1 | | @tailwindcss/typography | 0.5.20 | | @typescript-eslint/eslint-plugin | 8.61.1 | | @typescript-eslint/parser | 8.61.1 | | eslint | 10.5.0 | | eslint-plugin-react-refresh | 0.5.3 | | prettier | 3.8.4 | | sharp | 0.35.1 (explicit caret bump from ^0.34.5) | | tailwindcss | 4.3.1 | A few packages landed at slightly newer patch releases than the exact main targets (e.g. @sentry/browser 10.58 vs 10.57, @typescript- eslint 8.61.1 vs 8.61.0). All within the same minor-patch range — new releases shipped since #926 opened. ## cargo (matches PR #927 within #930) | Crate | Now (alpha) | |---|---| | uuid | 1.23.3 | | regex | 1.12.4 | ## Verification * npm install — clean * npm run lint — clean * tsc --noEmit — clean * cargo check --lib — clean * Vitest — 550 / 550 passed
Salem874
changed the title
2 tasks
Same fix as the mirror commit on PR #930 (5bffabd) — `npm audit fix` clears the same set of transitive advisories surfaced by the consolidated dep bumps: * ws 8.0.0 - 8.20.1 — memory exhaustion DoS (GHSA-96hv-2xvq-fx4p) — HIGH * @babel/core ≤7.29.0 — arbitrary file read (GHSA-4x5r-pxfx-6jf8) — moderate * brace-expansion 5.0.2 - 5.0.5 — DoS via numeric range (GHSA-jxxr-4gwj-5jf2) — moderate * js-yaml ≤4.1.1 — quadratic-complexity DoS (GHSA-h67p-54hq-rp68) — moderate `npm audit --audit-level=high` now exits 0.
…d+audit+deps PR (#928)
Salem874
changed the title
2 tasks
…::unnecessary_sort_by) CI on PR #928 failed with `cargo clippy -- -D warnings` because Rust 1.96+'s `clippy::unnecessary_sort_by` lint flags this pattern: found.sort_by(|a, b| b.1.cmp(&a.1)); The clippy-preferred form is `sort_by_key` with `std::cmp::Reverse` for descending sorts. Behaviour is identical; only the form differs. Surfaced by the manual CI dispatch since the CI workflow's `pull_request` trigger only fires on PRs targeting `main` (not `alpha`), so this lint wasn't caught at PR open time. Worth tracking as a follow-up: extend the CI `pull_request: branches: [main]` filter to include `alpha` so alpha-targeted PRs get the same clippy gating automatically.
Salem874
added a commit
that referenced
this pull request
Jun 21, 2026
…ffprobe noise filter (closes #847, #950, #951; supersedes #952 #953) (#954) ## Summary Combined housekeeping wave for the alpha channel. Bundles the three commits from PRs #952 + #953 that **actually apply to alpha's current state**, dropping the two that are already a no-op on alpha. Single merge so reviewers can see the full housekeeping wave atomically without PR stacking. ## Per-commit applicability audit against actual alpha codebase I verified each commit from #952 + #953 by grepping the **actual alpha codebase** (not just commit logs) before deciding what to cherry-pick. Two commits were dropped because alpha already has the fixes: | Originally in | Commit | Alpha state | Decision | |---|---|---|---| | #952 | \`21c226fe\` milestone numbering across 6 files | Already correct on alpha (M9-1..M9-6 set during M9 Spotify work; the bug only ever existed on main) | **SKIPPED** | | #952 | \`99b5d0fc\` GAMDL v3.7.2-v3.7.3 + v3.7.4 audit doc backfill | Both audit docs already exist on alpha (came in via #928 brand refresh) | **SKIPPED** | | #952 | \`205f1526\` console.log → console.debug in App.tsx deep-link handler | Alpha still has \`console.log\` at App.tsx:951 | **APPLIED** | | #952 | \`ea9b133f\` Cancel/Retry tooltip title=aria-label a11y | Alpha has the same title="Cancel"/title="Retry" + aria-label="Cancel download"/"Retry download" mismatch | **APPLIED** | | #953 | \`2d7701e0\` ffprobe demuxing-noise filter (#847) | Alpha has \`is_python_traceback_noise\` but no ffprobe sibling | **APPLIED** | All three cherry-picks landed clean — no conflict resolution required (git auto-merged \`download_queue.rs\` cleanly even though #911 / Spotify work moved adjacent regions around). ## What's in this PR ### console.log → console.debug (closes #951) src/App.tsx:951 deep-link handler used \`console.log()\`. The prevailing convention elsewhere is \`console.debug\` (\`useTheme.ts:188-196\`, \`main.tsx:90\`) so dev-only diagnostics are suppressed at the browser's default log level. The line above already shows a user-facing toast, so the console line is purely dev-diagnostic. ### QueueItem Cancel/Retry tooltip a11y (closes #950) QueueItem.tsx had \`title="Cancel"\` / \`title="Retry"\` but \`aria-label="Cancel download" / "Retry download"\` — sighted-hover tooltip didn't match screen-reader announcement. Sibling to the #945 a11y wave shipped in main via PR #947 (Retry-without-Wrapper, Open File, Open Folder buttons). Updated \`title\` to the longer form so both match. ### ffprobe demuxing-noise filter (closes #847) ffprobe's "Invalid data found when processing input" warning fires from stderr on virtually every track during enrichment — modern ffmpeg's partial-moov-atom warning at byte 0. Downloads complete; ffprobe falls through to a valid result on retry. But ~20 noise lines per album turned the activity log into static. Modelled exactly on the shipped #660 pattern (\`is_python_traceback_noise\` + non-verbose suppression in \`download_queue.rs::emit_subprocess_line\` gate). Verbose mode still surfaces everything; on-disk activity-log writer still records every line. **6 unit tests pin the contract** — all green on alpha (1412 other tests filtered-but-present, confirming alpha's much-richer state vs main). ## Why combined into one PR User asked for the housekeeping work bundled into a single alpha-targeting merge to avoid PR stacking + race conditions. Three small commits, three closing issues, one merge. ## Sibling PRs (to close as superseded) - **PR #952** (\`chore/docs-housekeeping-2026-06-19\` → main) — closing as superseded by this PR. The two skipped commits (milestone numbering + GAMDL audit docs) are no-ops on alpha; the other 3 commits land here. - **PR #953** (\`fix/847-ffprobe-demuxing-noise-filter\` → main) — closing as superseded by this PR. Note: \`#948\` (release-please's \`chore(main): release 1.10.1\`) intentionally excluded — it's auto-generated for the main stable cut and bumps versions across package.json / Cargo.toml / tauri.conf.json to \`1.10.1\`. Alpha is on \`1.11.0-alpha.25\` and would need different version bumps; release-please regenerates the PR from main's commit history, so it can't sensibly retarget to alpha. ## Verification - ✅ \`cargo check\` clean - ✅ \`cargo test --lib is_ffprobe_demux_noise\` → 6/6 pass - ✅ All 3 cherry-picks auto-merged with no manual conflict resolution - ✅ Per-commit applicability verified by grepping actual alpha codebase before applying 🤖 Generated with [Claude Code](https://claude.com/claude-code)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates three pieces of work originally opened as separate PRs to avoid the release-pipeline race condition where multiple PRs landing on
alphaclose in time can both attempt to fire downstream workflows. Originally separate: #929 GAMDL v3.7.4 (closed) and #931 alpha deps mirror (closed) — both bundled into this PR.1 — Brand work (original scope)
assets/brand/,public/, andsrc-tauri/icons/— every favicon, app icon (ICO / ICNS / PNG), Liquid Glass variant, Windows tile / iOS AppIcon / Android adaptive-icon set, plus system tray icons.logotype→wordtyperename across the codebase — 10 graphics files renamed viagit mv(history preserved), 6 code files updated, SVG-internal--logotype-*CSS custom properties →--wordtype-*. Final repo scan → 0 refs outside intentional skip-lists.assets/logo/orphan folder removed (6 unused earlier-version logos); permanent in-tree archive of the prior brand identity preserved atassets/brand-old/(72 files).2 — GAMDL v3.7.4 audit admission (merged from #929, closes #925)
Zero-code-change admission — same shape as v3.3 / v3.5 / v3.5.1 / v3.5.2 / v3.7.1. New audit doc at
.github/audits/gamdl-v3.7.4-audit.md.tool-versions.toml [gamdl]bumpedmaximum_tested_versionandrecommended_versionfrom 3.7.3 → 3.7.4..claude/CLAUDE.mdadmission paragraph appended.3 — Alpha mirror of #930 dep bumps (merged from #931)
Mirrors PR #930's npm + cargo bumps to alpha. Required because main and alpha lockfile baselines differ. Applied via
npm update/cargo update/ explicitsharpcaret bump. Plusnpm audit fixto clear thewsHIGH severity DoS advisory (same fix as the parallel commit on #930).@sentry/browseruuidlucide-reactregex@tailwindcss/postcss@tailwindcss/typography@typescript-eslint/eslint-plugin@typescript-eslint/parsereslinteslint-plugin-react-refreshprettiersharptailwindcssVerification
tsc --noEmit— cleannpm run lint— cleannpm audit --audit-level=high— 0 vulnerabilitiescargo check --lib— cleancargo clippy --lib -- -D warnings— cleancargo test --lib gamdl_capabilities— 31 / 31 pass against the new 3.7.4 ceilinglogotypeoutside intentional skips → 0Test plan
node scripts/svg-to-apng.mjsregenerates rasters without errors