Describe the Bug
The newtUpdateAvailable field in the Sites API response (GET /org/{orgId}/sites) incorrectly shows false for sites running outdated Newt versions. Two root causes were identified:
Bug 1 (primary): Tag sorting + duplicate tags
The code in server/routers/site/listSites.ts fetches /repos/fosrl/newt/tags and takes tags[0].name as the latest version. However, the Newt repo has duplicate tags with and without v prefix for versions 1.8.0–1.10.3. The GitHub Tags API returns v-prefixed tags before unprefixed ones:
# Actual order from GET /repos/fosrl/newt/tags:
v1.10.3 ← tags[0] — taken as "latest"!
v1.10.2
v1.10.1
...
1.11.0 ← the ACTUAL latest version (never reached)
1.10.4
1.10.3 ← same version as v1.10.3
Result: latestNewtVersion = "v1.10.3" instead of "1.11.0"
semver.lt("1.10.1", "v1.10.3") → true (correct for 1.10.1 sites)semver.lt("1.10.3", "v1.10.3") → false (wrong — 1.11.0 is available)
Bug 2 (secondary): Cache invalidation without fallback
The cached version has a 1-hour TTL. After expiry, if the GitHub fetch times out (1.5s limit), the cache returns null and ALL sites default to newtUpdateAvailable: false. A stale-while-revalidate pattern would preserve the last known value until a successful fetch.
Suggested fixes:
- Sort fetched tags by
semver.rcompare() and deduplicate before selecting tags[0]
- Use
/repos/fosrl/newt/releases/latest instead of /tags (returns the actual latest release, not affected by tag ordering)
- Persist cached version until next successful fetch (stale-while-revalidate)
- Clean up duplicate
v-prefixed tags in the Newt repo
Environment
- OS Type & Version: Ubuntu 24.04 (Hetzner Cloud)
- Pangolin Version: 1.17.0 (Enterprise Edition)
- Gerbil Version: 1.17.0
- Traefik Version: 3.6.13
- Newt Version: Mix of 1.10.1, 1.10.3, 1.11.0 across 10 sites
- Olm Version: n/a
To Reproduce
- Have sites running Newt 1.10.3 and 1.11.0
- Call
GET /org/{orgId}/sites
- Observe that sites on 1.10.3 show
newtUpdateAvailable: false
- Verify with
curl https://api.github.com/repos/fosrl/newt/tags | jq '.[0].name' — returns v1.10.3 not 1.11.0
Expected Behavior
All sites running Newt < 1.11.0 should show newtUpdateAvailable: true, since 1.11.0 is the latest release.
Describe the Bug
The
newtUpdateAvailablefield in the Sites API response (GET /org/{orgId}/sites) incorrectly showsfalsefor sites running outdated Newt versions. Two root causes were identified:Bug 1 (primary): Tag sorting + duplicate tags
The code in
server/routers/site/listSites.tsfetches/repos/fosrl/newt/tagsand takestags[0].nameas the latest version. However, the Newt repo has duplicate tags with and withoutvprefix for versions 1.8.0–1.10.3. The GitHub Tags API returnsv-prefixed tags before unprefixed ones:Result:
latestNewtVersion = "v1.10.3"instead of"1.11.0"semver.lt("1.10.1", "v1.10.3")→ true (correct for 1.10.1 sites)semver.lt("1.10.3", "v1.10.3")→ false (wrong — 1.11.0 is available)Bug 2 (secondary): Cache invalidation without fallback
The cached version has a 1-hour TTL. After expiry, if the GitHub fetch times out (1.5s limit), the cache returns
nulland ALL sites default tonewtUpdateAvailable: false. A stale-while-revalidate pattern would preserve the last known value until a successful fetch.Suggested fixes:
semver.rcompare()and deduplicate before selectingtags[0]/repos/fosrl/newt/releases/latestinstead of/tags(returns the actual latest release, not affected by tag ordering)v-prefixed tags in the Newt repoEnvironment
To Reproduce
GET /org/{orgId}/sitesnewtUpdateAvailable: falsecurl https://api.github.com/repos/fosrl/newt/tags | jq '.[0].name'— returnsv1.10.3not1.11.0Expected Behavior
All sites running Newt < 1.11.0 should show
newtUpdateAvailable: true, since 1.11.0 is the latest release.