Update ghcr.io/mealie-recipes/mealie Docker tag to v1.4.0 #224

Merged
AverageMarcus merged 1 commits from renovate/ghcr.io-mealie-recipes-mealie-1.x into master 2024-04-04 08:50:48 +00:00
Collaborator

This PR contains the following updates:

Package Update Change
ghcr.io/mealie-recipes/mealie minor v1.3.2 -> v1.4.0

Release Notes

mealie-recipes/mealie (ghcr.io/mealie-recipes/mealie)

v1.4.0

Compare Source

Highlights

Security Updates

The team at Github Security Lab provided us with a disclosure containing some recommendations for enhancing the security of Mealie, which have been implemented as part of this release. The vulnerabilities all required an authenticated user to exploit, so were likely only an issue if you allowed open registration to your system.

The key functional change you'll notice is that it's now not possible to scrape recipes/images from URLs that resolve to internal IP addresses. This is to prevent a user being able to map out the network the Mealie instance is part of.

Note that we now default the ALLOW_SIGNUP environment variable to false, previously it was true.

There is a new security page available in the documentation should you want to read up on some extra security steps you can take for your Mealie instance.

The pull request was https://github.com/mealie-recipes/mealie/pull/3368

What's Changed

New Contributors

Full Changelog: https://github.com/mealie-recipes/mealie/compare/v1.3.2...v1.4.0


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/mealie-recipes/mealie](https://github.com/mealie-recipes/mealie) | minor | `v1.3.2` -> `v1.4.0` | --- ### Release Notes <details> <summary>mealie-recipes/mealie (ghcr.io/mealie-recipes/mealie)</summary> ### [`v1.4.0`](https://github.com/mealie-recipes/mealie/releases/tag/v1.4.0) [Compare Source](https://github.com/mealie-recipes/mealie/compare/v1.3.2...v1.4.0) #### Highlights - Security updates (more on that below) - OIDC Login Support - https://github.com/mealie-recipes/mealie/pull/2860, https://github.com/mealie-recipes/mealie/pull/3280 - Initial Startup Workflow - https://github.com/mealie-recipes/mealie/pull/3204 #### Security Updates The team at Github Security Lab provided us with a disclosure containing some recommendations for enhancing the security of Mealie, which have been implemented as part of this release. The vulnerabilities all required an authenticated user to exploit, so were likely only an issue if you allowed open registration to your system. The key functional change you'll notice is that it's now not possible to scrape recipes/images from URLs that resolve to internal IP addresses. This is to prevent a user being able to map out the network the Mealie instance is part of. Note that we now default the `ALLOW_SIGNUP` environment variable to false, previously it was true. There is a new security page available in the documentation should you want to read up on some extra security steps you can take for your Mealie instance. The pull request was https://github.com/mealie-recipes/mealie/pull/3368 #### What's Changed - docs(auto): Update image tag, for release v1.3.2 by [@&#8203;github-actions](https://github.com/github-actions) in https://github.com/mealie-recipes/mealie/pull/3279 - feat: Login with OAuth via OpenID Connect (OIDC) by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3280 - fix: Typos in OIDC docs by [@&#8203;boc-the-git](https://github.com/boc-the-git) in https://github.com/mealie-recipes/mealie/pull/3285 - fix: Allow UserOut to accept list of slugs for recipe favorites by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3283 - feat: First Time Setup Wizard by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3204 - fix(deps): update dependency tzdata to v2024 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3281 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3286 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3299 - fix(deps): update dependency pydantic to v2.6.4 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3300 - feat: Timeline Filters by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3284 - fix: Only call store APIs once by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3306 - fix: Date pickers not respecting locale or first day of the week by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3303 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3307 - fix: Limit shopping list owners to current group by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3305 - fix: Shopping List Migration Fails With No Users by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3290 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3313 - fix: proxy get_all to page_all by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3312 - fix: Purge Group Exports type mismatch by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3314 - fix: remove deprecated lifecycle and consolidate startup actions by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3311 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3319 - chore(deps): update dependency coverage to v7.4.4 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3316 - chore(deps): update dependency ruff to v0.3.3 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3261 - chore(deps): update dependency black to v24.3.0 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3322 - chore(deps): update dependency mkdocs-material to v9.5.14 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3333 - docs: Update maintainers.md by [@&#8203;eltociear](https://github.com/eltociear) in https://github.com/mealie-recipes/mealie/pull/3339 - Dicsussion Template: OAuth example template by [@&#8203;cmintey](https://github.com/cmintey) in https://github.com/mealie-recipes/mealie/pull/3340 - chore(deps): update dependency pytest-asyncio to v0.23.6 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3341 - fix(deps): update dependency uvicorn to v0.28.1 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3342 - fix: Repeated calls to group self by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3321 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3328 - fix(deps): update dependency uvicorn to ^0.29.0 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3346 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3347 - OIDC Docs Updates by [@&#8203;cmintey](https://github.com/cmintey) in https://github.com/mealie-recipes/mealie/pull/3323 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3351 - chore(deps): update dependency ruff to v0.3.4 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3353 - Add OIDC environment variable for specififying the signing algorithm by [@&#8203;cmintey](https://github.com/cmintey) in https://github.com/mealie-recipes/mealie/pull/3354 - feat: Migrate from My Recipe Box by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3352 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3355 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3361 - Update dependency mkdocs-material to v9.5.15 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3358 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3366 - Update dependency SQLAlchemy to v2.0.29 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3362 - Update dependency pre-commit to v3.7.0 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3369 - Reset the search input after selection on the RecipeOrganizerSelector by [@&#8203;Kuchenpirat](https://github.com/Kuchenpirat) in https://github.com/mealie-recipes/mealie/pull/3373 - Update dependency rapidfuzz to v3.7.0 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3370 - fix: Recipe Search URL State by [@&#8203;michael-genson](https://github.com/michael-genson) in https://github.com/mealie-recipes/mealie/pull/3332 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3377 - feat: Add auto-select-first attribute to RecipeOrganizerSelector by [@&#8203;Kuchenpirat](https://github.com/Kuchenpirat) in https://github.com/mealie-recipes/mealie/pull/3376 - feat: cookbook editor on cookbook page by [@&#8203;Kuchenpirat](https://github.com/Kuchenpirat) in https://github.com/mealie-recipes/mealie/pull/3378 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3379 - docs: Tidy up the 'task' template by [@&#8203;boc-the-git](https://github.com/boc-the-git) in https://github.com/mealie-recipes/mealie/pull/3380 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3381 - fix(deps): update dependency orjson to v3.10.0 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3383 - fix(deps): update dependency tzdata to v2024 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3386 - fix(deps): update dependency apprise to v1.7.5 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3394 - chore(deps): update dependency mkdocs-material to v9.5.16 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3397 - New Crowdin updates by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3400 - refactor: Sidebar UI by [@&#8203;Kuchenpirat](https://github.com/Kuchenpirat) in https://github.com/mealie-recipes/mealie/pull/3390 - fix(deps): update dependency pillow to v10.3.0 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3402 - chore(deps): update dependency ruff to v0.3.5 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3405 - chore(deps): update dependency mkdocs-material to v9.5.17 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3407 - fix(deps): update dependency fastapi to v0.110.1 by [@&#8203;renovate](https://github.com/renovate) in https://github.com/mealie-recipes/mealie/pull/3408 - security: gh security recs by [@&#8203;hay-kot](https://github.com/hay-kot) in https://github.com/mealie-recipes/mealie/pull/3368 - redirect to direct login on failure by [@&#8203;cmintey](https://github.com/cmintey) in https://github.com/mealie-recipes/mealie/pull/3406 #### New Contributors - [@&#8203;eltociear](https://github.com/eltociear) made their first contribution in https://github.com/mealie-recipes/mealie/pull/3339 **Full Changelog**: https://github.com/mealie-recipes/mealie/compare/v1.3.2...v1.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNzkuMCIsInVwZGF0ZWRJblZlciI6IjM3LjI3OS4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
renovate added 1 commit 2024-04-03 12:01:48 +00:00
AverageMarcus merged commit f378cb63c0 into master 2024-04-04 08:50:48 +00:00
AverageMarcus deleted branch renovate/ghcr.io-mealie-recipes-mealie-1.x 2024-04-04 08:50:48 +00:00
Author
Collaborator

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.4.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

### Renovate Ignore Notification Because you closed this PR without merging, Renovate will ignore this update (`v1.4.0`). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the `ignoreDeps` array of your Renovate config. If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AverageMarcus/cluster.fun#224
No description provided.