feat(miniflux): update image ghcr.io/miniflux/miniflux 2.2.19 → 2.3.0 (#48270)
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/miniflux/miniflux](https://miniflux.app) ([source](https://redirect.github.com/miniflux/v2)) | minor | `8810dfe` → `65266db` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/18710) for more information. Add the preset `:preserveSemverRanges` to your config if you don't want to pin your dependencies. --- ### Release Notes <details> <summary>miniflux/v2 (ghcr.io/miniflux/miniflux)</summary> ### [`v2.3.0`](https://redirect.github.com/miniflux/v2/releases/tag/2.3.0): Miniflux 2.3.0 [Compare Source](https://redirect.github.com/miniflux/v2/compare/2.2.19...v2.3.0) ##### Security - Only discoverable WebAuthn credentials (resident keys / passkeys) are supported for login. - Non-resident credentials can no longer be used for first-factor authentication to prevent username enumeration before password verification. They are intended for post-password MFA flows, which Miniflux does not currently support. - Persist WebAuthn backup eligibility/state and validated credential state after login. - Require `POST` requests for logout, feed refresh, and OAuth2 unlink actions. - Apply CSRF protection to all non-safe HTTP methods. - Add `http.CrossOriginProtection` middleware for the web UI. - Validate redirect URL schemes in `HTMLRedirect` to prevent unsafe redirects. - Restore URL scheme validation in templates for untrusted feed URLs. - Sanitize filenames in `Content-Disposition` headers to prevent header injection. - Reject empty OAuth2 state parameters when no authentication flow is in progress. - Allow configured private proxies while still enforcing private-network restrictions for direct requests and redirects. - Validate URI schemes case-insensitively according to RFC 3986. - Pin third-party GitHub Actions to immutable commit SHAs to reduce supply-chain risks. - Cap the maximum entry limit to 1000 across the UI, API, and storage layer. ##### Improvements - Add support for exporting and importing Miniflux-specific feed settings in OPML files, allowing full feed configuration backups and restores. - Add enclosure links rewrite rule to expose podcast/video enclosure URLs inside entry content for external RSS clients. - Add support for the `shortcuts:` iOS URL scheme in sanitized content. - Add Linux `riscv64` builds. - Allow disabling local authentication without enabling automatic OAuth2/auth-proxy user creation. - Improve Chinese Traditional (`zh-TW`) translations. - Improve RSS parsing for feeds that reuse the same GUID across multiple entries. - Improve UI consistency for authentication settings and external-link behavior. - Automatically clean up orphaned feed icons from the database. - Detect Cloudflare bot challenge pages during feed refresh and return a dedicated error message. - Improve error handling and cleanup in WebAuthn login flows. - Simplify large feed and user deletions using `ON DELETE CASCADE`. ##### Performance - Improve sanitizer performance significantly and reduce allocations in multiple hot paths. - Optimize reading-time calculation to avoid unnecessary allocations. - Improve feed parsing performance by preallocating slices/maps and reducing string allocations. - Optimize ISO8601 duration parsing for YouTube and podcast feeds. - Reduce database queries for navigation metadata and storage operations. - Optimize template rendering for icons and CSP generation. - Avoid loading entry content from PostgreSQL when not needed. - Reuse a singleton HTML minifier instance instead of allocating one per request. - Optimize string handling in the reader and sanitizer packages. ##### Bug Fixes - Fix incorrect read/starred toggling in Google Reader API. - Prevent archived/deleted entries from reappearing as unread by using a tombstone table and removing the `removed` entry status. - Fix handling of slow HTTP headers. - Fix "open in new tab" behavior for redirected external entry links. - Fix Wallabag integration typo in error messages. ##### Dependency Updates - Update `github.com/go-webauthn/webauthn` to `v0.17.3`. - Update various `golang.org/x/*` packages. - Update `github.com/coreos/go-oidc/v3` to `v3.18.0`. - Update `github.com/tdewolff/minify/v2` to `v2.24.13`. *** As always, thank you to all contributors who helped improve Miniflux in this release. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9taW5pZmx1eCIsImF1dG9tZXJnZSIsInJlbm92YXRlL2NvbnRhaW5lciIsInR5cGUvbWlub3IiXX0=-->
This commit is contained in:
@@ -9,7 +9,7 @@ annotations:
|
||||
trueforge.org/min_helm_version: "3.14"
|
||||
trueforge.org/train: stable
|
||||
apiVersion: v2
|
||||
appVersion: 2.2.19
|
||||
appVersion: 2.3.0
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 29.3.4
|
||||
@@ -37,5 +37,5 @@ sources:
|
||||
- https://github.com/miniflux/v2
|
||||
- https://github.com/trueforge-org/truecharts/tree/master/charts/stable/miniflux
|
||||
type: application
|
||||
version: 18.3.0
|
||||
version: 18.4.0
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
repository: ghcr.io/miniflux/miniflux
|
||||
tag: 2.2.19@sha256:8810dfe7f4d9979f9dc1385607695c116f049daa586c635a9a1fb3c58936b074
|
||||
tag: 2.3.0@sha256:65266db84761d09d999946218adfc91fd7abbd4a1086f74b3ad0e51083e30df2
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user