Files
TrueCharts Bot 49d2bca6fe feat(ntfy): update image docker.io/binwiederhier/ntfy v2.24.0 → v2.25.0 (#49470)
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [docker.io/binwiederhier/ntfy](https://ntfy.sh/)
([source](https://redirect.github.com/binwiederhier/ntfy)) | minor |
`f8a9b10` → `cfbbb1b` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency
Dashboard](../issues/18710) for more information.

Add the preset `:preserveSemverRanges` to your config if you don't want
to pin your dependencies.

---

### Release Notes

<details>
<summary>binwiederhier/ntfy (docker.io/binwiederhier/ntfy)</summary>

###
[`v2.25.0`](https://redirect.github.com/binwiederhier/ntfy/releases/tag/v2.25.0)

[Compare
Source](https://redirect.github.com/binwiederhier/ntfy/compare/v2.24.0...v2.25.0)

This release adds **password reset** via email, and reworks email
verification to use durable, link-based magic links (replacing the old
in-memory 6-digit codes). Email stays optional at signup; a user can
reset their password only once they have a verified "primary"
(recovery)email.

All of this work is probably not useful for self-hosters, but it
hopefully will be useful for me, since I do have to reset accounts on a
regular basis.

**Security issues:**

- Generate access tokens, IDs, and magic-link tokens with a
cryptographically secure RNG (`crypto/rand`) instead of a clock-seeded
PRNG

**Features:**

- Add password reset via emailed magic link, with a "Forgot password"
link on the login page and a `ntfy user reset-pass` CLI command for
admins
- Rework email verification to use durable, single-use, expiring magic
links instead of in-memory 6-digit codes, and add a "primary" email
(used for account recovery and as the `X-Email: yes` target) with
verified/unverified state in the account UI
- You can now clear/read messages and delete messages with a GET request
([#&#8203;1771](https://redirect.github.com/binwiederhier/ntfy/issues/1771),
thanks to [@&#8203;lemmi](https://redirect.github.com/lemmi) for
reporting and to [@&#8203;wunter8](https://redirect.github.com/wunter8)
for implementing)
- Add a reload button to the web app's action bar when running as an
installed PWA, which clears the service worker caches and hard-refreshes
the app
- Add a "Back to app" link to the web app's login, signup, and
password-reset pages (alongside the existing links), which previously
had no way back to the app

**Bug fixes + maintenance:**

- `X-Email: yes` (also `true`/`1`) now sends to your primary verified
email regardless of the `smtp-sender-verify` setting (previously it was
rejected unless verification was enabled); it requires being logged in
with a verified address
- Grant users full access to their own sync topic (`st_...`) so
cross-device subscription sync works under `auth-default-access:
deny-all`
([#&#8203;733](https://redirect.github.com/binwiederhier/ntfy/issues/733),
[#&#8203;1795](https://redirect.github.com/binwiederhier/ntfy/pull/1795),
thanks to [@&#8203;lmorchard](https://redirect.github.com/lmorchard) for
the contribution)
- Support HTTP (non-TLS) S3-compatible endpoints by preserving the
endpoint scheme, e.g. for a local MinIO instance
([#&#8203;1794](https://redirect.github.com/binwiederhier/ntfy/pull/1794),
[#&#8203;1734](https://redirect.github.com/binwiederhier/ntfy/issues/1734),
thanks to [@&#8203;sskender](https://redirect.github.com/sskender) for
the contribution, and
[@&#8203;Kernald](https://redirect.github.com/Kernald) for reporting)
- Stop silently stripping spaces from passwords while typing in the web
app's login, signup, and password-reset forms
([#&#8203;1246](https://redirect.github.com/binwiederhier/ntfy/issues/1246),
thanks to [@&#8203;aldem](https://redirect.github.com/aldem) for
reporting)
- Update web app dependencies, including major-version upgrades to Vite
(6 -> 8, now Rolldown-based), Material UI (5 -> 9), and Dexie (3 -> 4)
([#&#8203;1800](https://redirect.github.com/binwiederhier/ntfy/pull/1800),
[#&#8203;1764](https://redirect.github.com/binwiederhier/ntfy/pull/1764),
[#&#8203;1767](https://redirect.github.com/binwiederhier/ntfy/pull/1767),
[#&#8203;1762](https://redirect.github.com/binwiederhier/ntfy/pull/1762),
[#&#8203;1766](https://redirect.github.com/binwiederhier/ntfy/pull/1766),
[#&#8203;1765](https://redirect.github.com/binwiederhier/ntfy/pull/1765),
thanks Dependabot)
- Play notification sounds in the web app even when the Notification API
is unavailable, e.g. over plain HTTP or in browsers without notification
support
([#&#8203;1772](https://redirect.github.com/binwiederhier/ntfy/pull/1772),
thanks to [@&#8203;mitya12342](https://redirect.github.com/mitya12342)
for the contribution)
- Stop escaping `<`, `>`, and `&` as `\u003c`/`\u003e`/`\u0026` in JSON
responses
([#&#8203;1511](https://redirect.github.com/binwiederhier/ntfy/issues/1511),
[#&#8203;1512](https://redirect.github.com/binwiederhier/ntfy/pull/1512),
thanks to [@&#8203;wunter8](https://redirect.github.com/wunter8) for the
contribution)
- Fix the web app navbar not reflecting a topic reservation (lock icon,
and "Reserve topic" -> "Change reservation"/"Remove reservation" menu)
until a page reload, by persisting reservation and display-name changes
onto already-subscribed topics during account sync
- Reduce the web app's initial bundle size by \~300 KB (\~50 KB gzipped)
by lazy-loading the emoji picker dataset and the Markdown renderer, and
by importing Material UI icons individually

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbImFwcC9udGZ5IiwiYXV0b21lcmdlIiwicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->
2026-06-25 05:33:42 +02:00

105 lines
3.8 KiB
YAML

# yaml-language-server: $schema=./values.schema.json
image:
repository: docker.io/binwiederhier/ntfy
tag: v2.25.0@sha256:cfbbb1bac9196cb711e29ef0ac4adaeb033be6235f1df857705dc39c14384a1d
pullPolicy: IfNotPresent
service:
main:
ports:
main:
port: 10222
persistence:
config:
enabled: true
mountPath: "/etc/ntfy"
cache:
enabled: true
mountPath: "/var/cache/ntfy"
configmap:
ntfy:
enabled: true
data:
# If a path is set, it enables this options. To disable set to empty path
NTFY_ATTACHMENT_CACHE_DIR: '{{ ternary "/var/cache/ntfy/attachments" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_ATTACHMENT_CACHE_DIR }}'
NTFY_CACHE_FILE: '{{ ternary "/var/cache/ntfy/cache.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_CACHE_FILE }}'
NTFY_AUTH_FILE: '{{ ternary "/etc/ntfy/user.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_AUTH_FILE }}'
NTFY_FIREBASE_KEY_FILE: '{{ ternary "/etc/ntfy/firebase-key.json" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_FIREBASE_FILE }}'
workload:
main:
podSpec:
containers:
main:
probes:
liveness:
type: tcp
readiness:
type: tcp
startup:
type: tcp
args:
- "serve"
env:
NTFY_LISTEN_HTTP: ":{{ .Values.service.main.ports.main.port }}"
# User Defined
NTFY_BASE_URL: "http://localhost:10222"
NTFY_BEHIND_PROXY: false
ENABLE_FIREBASE_FILE: false
ENABLE_CACHE_FILE: false
ENABLE_ATTACHMENT_CACHE_DIR: false
ENABLE_AUTH_FILE: false
NTFY_ENABLE_METRICS: "{{ .Values.metrics.main.enabled }}"
NTFY_UPSTREAM_BASE_URL: "https://ntfy.sh"
# NTFY_CACHE_DURATION: "12h"
# NTFY_KEEPALIVE_INTERVAL: "45s"
# NTFY_MANAGER_INTERVAL: "1m"
# NTFY_GLOBAL_TOPIC_LIMIT: 15000
# NTFY_VISITOR_SUBSCRIPTION_LIMIT: 30
# NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT: "100M"
# NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT: "500M"
# NTFY_VISITOR_REQUEST_LIMIT_BURST: 60
# NTFY_VISITOR_REQUEST_LIMIT_REPLENISH: "5s"
# NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS: ""
# NTFY_VISITOR_EMAIL_LIMIT_BURST: 16
# NTFY_VISITOR_EMAIL_LIMIT_REPLENISH: "1h"
# NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT: "5G"
# NTFY_ATTACHMENT_FILE_SIZE_LIMIT: "15M"
# NTFY_ATTACHMENT_EXPIRY_DURATION: "3h"
# NTFY_AUTH_DEFAULT_ACCESS: "read-write"
# NTFY_SMTP_SENDER_ADDR: ""
# NTFY_SMTP_SENDER_USER: ""
# NTFY_SMTP_SENDER_PASS: ""
# NTFY_SMTP_SENDER_FROM: ""
# NTFY_SMTP_SERVER_LISTEN: ""
# NTFY_SMTP_SERVER_DOMAIN: ""
# NTFY_SMTP_SERVER_ADDR_PREFIX: ""
envFrom:
- configMapRef:
name: "ntfy"
metrics:
main:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
# @default -- See values.yaml
enabled: false
type: "servicemonitor"
endpoints:
- port: main
path: /metrics
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
enabled: false
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules: []
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
# summary: Unifi Poller is down.
# expr: |
# absent(up{job=~".*unifi-poller.*"} == 1)
# for: 5m
# labels:
# severity: critical