Update docker.io/miniflux/miniflux Docker tag to v2.0.43 #1147

Closed

renovate-bot wants to merge 1 commits from renovate/docker.io-miniflux-miniflux-2.x into master

pull from: renovate/docker.io-miniflux-miniflux-2.x

merge into: tobru:master

tobru:master

tobru:renovate/quay.io-argoproj-argocd-2.x

tobru:renovate/postgres-15.x

tobru:renovate/influxdb-2.x

tobru:renovate/docker.io-postgres-15.x

tobru:renovate/docker.io-library-odoo-16.x

tobru:renovate/sissbruecker-linkding-1.x

tobru:renovate/rancher-system-upgrade-controller-0.x

tobru:renovate/quay.io-oauth2-proxy-oauth2-proxy-7.x

tobru:renovate/quay.io-jetstack-cert-manager-webhook-1.x

tobru:renovate/quay.io-jetstack-cert-manager-controller-1.x

tobru:renovate/quay.io-jetstack-cert-manager-cainjector-1.x

tobru:renovate/grafana-grafana-9.x

tobru:renovate/ghcr.io-jpmens-mqttwarn-full-0.x

tobru:renovate/ghcr.io-dexidp-dex-2.x

tobru:renovate/docker.io-traccar-traccar-5.x

tobru:renovate/docker.io-postgres-13.x

tobru:renovate/docker.io-mariadb-10.x

tobru:renovate/docker.io-drone-drone-2.x

tobru:renovate/docker.io-docspell-restserver-0.x

tobru:renovate/docker.io-docspell-joex-0.x

tobru:renovate/docker.io-bitnami-sealed-secrets-controller-0.x

tobru:renovate/busybox-1.x

tobru:renovate/bats-bats-1.x

tobru:renovate/redis-7.x

tobru:renovate/docker.io-owntracks-recorder-0.x

tobru:renovate/cronjob-1.x

tobru:headscale

tobru:docspell

tobru:monjsonnet

Conversation 0 Commits 1 Files Changed 1 +1 -1

renovate-bot commented 2022-10-27 16:44:14 +00:00

Contributor

Copy Link

This PR contains the following updates:

Package	Update	Change
docker.io/miniflux/miniflux	patch	2.0.38 -> 2.0.43

---

Release Notes

miniflux/v2

v2.0.43

Compare Source

• Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592)

  Creating an RSS feed item with the inline description containing an <img> tag
  with a srcset attribute pointing to an invalid URL like
  http:a<script>alert(1)</script>, we can coerce the proxy handler into an error
  condition where the invalid URL is returned unescaped and in full.

  This results in JavaScript execution on the Miniflux instance as soon as the
  user is convinced to open the broken image.

• Use r.RemoteAddr to check /metrics endpoint network access (CVE-2023-27591)

  HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
  such, it cannot be used to test if the client IP is allowed.

  The recommendation is to use HTTP Basic authentication to protect the
  metrics endpoint, or run Miniflux behind a trusted reverse-proxy.

• Add HTTP Basic authentication for /metrics endpoint

• Add proxy support for several media types

• Parse feed categories from RSS, Atom and JSON feeds

• Ignore empty link when discovering feeds

• Disable CGO explicitly to make sure the binary is statically linked

• Add CSS classes to differentiate between category/feed/entry view and icons

• Add rewrite and scraper rules for blog.cloudflare.com

• Add color-scheme to themes

• Add new keyboard shortcut to toggle open/close entry attachments section

• Sanitizer: allow id attribute in <sup> element

• Add Indonesian Language

• Update translations

• Update Docker Compose examples:

  • Run the application in one command
  • Bring back the health check condition to depends_on
  • Remove deprecated version element

• Update scraping rules for ilpost.it

• Bump github.com/PuerkitoBio/goquery from 1.8.0 to 1.8.1

• Bump github.com/tdewolff/minify/v2 from 2.12.4 to 2.12.5

• Bump github.com/yuin/goldmark from 1.5.3 to 1.5.4

• Bump golang.org/x/* dependencies

v2.0.42

Compare Source

• Fix header items wrapping
• Add option to enable or disable double tap
• Improve PWA display mode label in settings page
• Bump golang.org/x/* dependencies
• Update translations
• Add scraping rule for ilpost.it
• Update reading time HTML element after fetching the original web page
• Add category feeds refresh feature

v2.0.41

Compare Source

• Reverted PR #​1290 (follow the only link) because it leads to several panics/segfaults that prevent feed updates
• Disable double-tap mobile gesture if swipe gesture is disabled
• Skip integrations if there are no entries to push
• Enable TLS-ALPN-01 challenge for ACME
  • This type of challenge works purely at the TLS layer and is compatible
    with SNI proxies. The existing HTTP-01 challenge support has been left
    as-is.
• Preconfigure Miniflux for GitHub Codespaces
• Updated golang.org/x/net/* dependencies

v2.0.40

Compare Source

• Update dependencies
• Pin Postgres image version in Docker Compose examples to avoid unexpected upgrades
• Make English and Spanish translation more consistent:
  • Use "Feed" everywhere instead of "Subscription"
  • Use "Entry" instead of "Article"
• Allow Content-Type and Accept headers in CORS policy
• Use dirs file for Debian package
• Use custom home page in PWA manifest
• Fix scraper rule that could be incorrect when there is a redirect
• Improve web scraper to fetch the only link present as workaround to some landing pages
• Add Matrix bot integration
• Proxify images in API responses
• Add new options in user preferences to configure sorting of entries in the category page
• Remove dependency on github.com/mitchellh/go-server-timing
• Add support for the continuation parameter and result for Google Reader API ID calls
• Use automatic variable for build target file names
• Add rewrite rule for recalbox.com
• Improve Dutch translation

v2.0.39

Compare Source

• Add support for date filtering in Google Reader API item ID calls
• Handle RSS entries with only a GUID permalink
• Go API Client: Accept endpoint URLs ending with /v1/
• CORS API headers: Allow Basic authorization header
• Log feed URL when submitting a subscription that returns an error
• Update make run command to execute migrations automatically
• Add option to send only the URL to Wallabag
• Do not convert anchors to absolute links
• Add config option to use a custom image proxy URL
• Allow zoom on mobile devices
• Add scraping rules for theverge.com, royalroad.com, swordscomic.com, and smbc-comics.com
• Add Ukrainian translation
• Update golang.org/x/* dependencies
• Bump github.com/tdewolff/minify/v2 from 2.12.0 to 2.12.4
• Bump github.com/yuin/goldmark from 1.4.13 to 1.5.2
• Bump github.com/lib/pq from 1.10.6 to 1.10.7

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/miniflux/miniflux](https://github.com/miniflux/v2) | patch | `2.0.38` -> `2.0.43` | --- ### Release Notes <details> <summary>miniflux/v2</summary> ### [`v2.0.43`](https://github.com/miniflux/v2/blob/HEAD/ChangeLog#Version-2043-March-16-2023) [Compare Source](https://github.com/miniflux/v2/compare/2.0.42...2.0.43) - Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592) Creating an RSS feed item with the inline description containing an `<img>` tag with a `srcset` attribute pointing to an invalid URL like `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced to open the broken image. - Use `r.RemoteAddr` to check `/metrics` endpoint network access (CVE-2023-27591) HTTP headers like `X-Forwarded-For` or `X-Real-Ip` can be easily spoofed. As such, it cannot be used to test if the client IP is allowed. The recommendation is to use HTTP Basic authentication to protect the metrics endpoint, or run Miniflux behind a trusted reverse-proxy. - Add HTTP Basic authentication for `/metrics` endpoint - Add proxy support for several media types - Parse feed categories from RSS, Atom and JSON feeds - Ignore empty link when discovering feeds - Disable CGO explicitly to make sure the binary is statically linked - Add CSS classes to differentiate between category/feed/entry view and icons - Add rewrite and scraper rules for `blog.cloudflare.com` - Add `color-scheme` to themes - Add new keyboard shortcut to toggle open/close entry attachments section - Sanitizer: allow `id` attribute in `<sup>` element - Add Indonesian Language - Update translations - Update Docker Compose examples: - Run the application in one command - Bring back the health check condition to `depends_on` - Remove deprecated `version` element - Update scraping rules for `ilpost.it` - Bump `github.com/PuerkitoBio/goquery` from `1.8.0` to `1.8.1` - Bump `github.com/tdewolff/minify/v2` from `2.12.4` to `2.12.5` - Bump `github.com/yuin/goldmark` from `1.5.3` to `1.5.4` - Bump `golang.org/x/*` dependencies ### [`v2.0.42`](https://github.com/miniflux/v2/blob/HEAD/ChangeLog#Version-2042-January-29-2023) [Compare Source](https://github.com/miniflux/v2/compare/2.0.41...2.0.42) - Fix header items wrapping - Add option to enable or disable double tap - Improve PWA display mode label in settings page - Bump `golang.org/x/*` dependencies - Update translations - Add scraping rule for `ilpost.it` - Update reading time HTML element after fetching the original web page - Add category feeds refresh feature ### [`v2.0.41`](https://github.com/miniflux/v2/blob/HEAD/ChangeLog#Version-2041-December-10-2022) [Compare Source](https://github.com/miniflux/v2/compare/2.0.40...2.0.41) - Reverted PR [#&#8203;1290](https://github.com/miniflux/v2/issues/1290) (follow the only link) because it leads to several panics/segfaults that prevent feed updates - Disable double-tap mobile gesture if swipe gesture is disabled - Skip integrations if there are no entries to push - Enable TLS-ALPN-01 challenge for ACME - This type of challenge works purely at the TLS layer and is compatible with SNI proxies. The existing HTTP-01 challenge support has been left as-is. - Preconfigure Miniflux for GitHub Codespaces - Updated `golang.org/x/net/*` dependencies ### [`v2.0.40`](https://github.com/miniflux/v2/blob/HEAD/ChangeLog#Version-2040-November-13-2022) [Compare Source](https://github.com/miniflux/v2/compare/2.0.39...2.0.40) - Update dependencies - Pin Postgres image version in Docker Compose examples to avoid unexpected upgrades - Make English and Spanish translation more consistent: - Use "Feed" everywhere instead of "Subscription" - Use "Entry" instead of "Article" - Allow Content-Type and Accept headers in CORS policy - Use dirs file for Debian package - Use custom home page in PWA manifest - Fix scraper rule that could be incorrect when there is a redirect - Improve web scraper to fetch the only link present as workaround to some landing pages - Add Matrix bot integration - Proxify images in API responses - Add new options in user preferences to configure sorting of entries in the category page - Remove dependency on `github.com/mitchellh/go-server-timing` - Add support for the `continuation` parameter and result for Google Reader API ID calls - Use automatic variable for build target file names - Add rewrite rule for `recalbox.com` - Improve Dutch translation ### [`v2.0.39`](https://github.com/miniflux/v2/blob/HEAD/ChangeLog#Version-2039-October-16-2022) [Compare Source](https://github.com/miniflux/v2/compare/2.0.38...2.0.39) - Add support for date filtering in Google Reader API item ID calls - Handle RSS entries with only a GUID permalink - Go API Client: Accept endpoint URLs ending with `/v1/` - CORS API headers: Allow `Basic` authorization header - Log feed URL when submitting a subscription that returns an error - Update `make run` command to execute migrations automatically - Add option to send only the URL to Wallabag - Do not convert anchors to absolute links - Add config option to use a custom image proxy URL - Allow zoom on mobile devices - Add scraping rules for `theverge.com`, `royalroad.com`, `swordscomic.com`, and `smbc-comics.com` - Add Ukrainian translation - Update `golang.org/x/*` dependencies - Bump `github.com/tdewolff/minify/v2` from `2.12.0` to `2.12.4` - Bump `github.com/yuin/goldmark` from `1.4.13` to `1.5.2` - Bump `github.com/lib/pq` from `1.10.6` to `1.10.7` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xLjUiLCJ1cGRhdGVkSW5WZXIiOiIzNS4xMC4wIn0=-->

renovate-bot added 1 commit 2022-10-27 16:44:15 +00:00

09d92bbf45 Update docker.io/miniflux/miniflux Docker tag to v2.0.39

renovate-bot changed title from Update docker.io/miniflux/miniflux Docker tag to v2.0.39 to Update docker.io/miniflux/miniflux Docker tag to v2.0.40 2022-11-14 17:43:41 +00:00

renovate-bot force-pushed renovate/docker.io-miniflux-miniflux-2.x from 09d92bbf45 to d5dabe8d42 2022-11-14 17:43:42 +00:00 Compare

renovate-bot changed title from Update docker.io/miniflux/miniflux Docker tag to v2.0.40 to Update docker.io/miniflux/miniflux Docker tag to v2.0.41 2022-12-11 17:43:36 +00:00

renovate-bot force-pushed renovate/docker.io-miniflux-miniflux-2.x from d5dabe8d42 to ae2edd9f6a 2022-12-11 17:43:37 +00:00 Compare

renovate-bot changed title from Update docker.io/miniflux/miniflux Docker tag to v2.0.41 to Update docker.io/miniflux/miniflux Docker tag to v2.0.42 2023-01-30 17:44:07 +00:00

renovate-bot force-pushed renovate/docker.io-miniflux-miniflux-2.x from ae2edd9f6a to 6845156ced 2023-01-30 17:44:09 +00:00 Compare

renovate-bot force-pushed renovate/docker.io-miniflux-miniflux-2.x from 6845156ced to 2153a6fb06 2023-03-13 18:44:34 +00:00 Compare

renovate-bot force-pushed renovate/docker.io-miniflux-miniflux-2.x from 2153a6fb06 to 7b86af7ef6 2023-03-16 18:44:26 +00:00 Compare

renovate-bot changed title from Update docker.io/miniflux/miniflux Docker tag to v2.0.42 to Update docker.io/miniflux/miniflux Docker tag to v2.0.43 2023-03-17 18:44:24 +00:00

renovate-bot force-pushed renovate/docker.io-miniflux-miniflux-2.x from 7b86af7ef6 to edae3940e0 2023-03-17 18:44:25 +00:00 Compare

tobru closed this pull request 2023-04-02 17:41:14 +00:00

This repo is archived. You cannot comment on pull requests.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Reference: tobru/gitops-tbrnt#1147

No description provided.