AverageMarcus/cluster.fun
1
0
Fork 0
Code Issues 1 Pull Requests 3 Releases Activity

Update ghcr.io/miniflux/miniflux Docker tag to v2.2.19 #684

Merged
AverageMarcus merged 1 commits from renovate/ghcr.io-miniflux-miniflux-2.x into master 2026-04-05 09:42:08 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
renovate commented 2026-04-05 03:14:22 +00:00
Collaborator
Copy Link

This PR contains the following updates:

Package Update Change
ghcr.io/miniflux/miniflux (source) patch 2.2.182.2.19

Release Notes

miniflux/v2 (ghcr.io/miniflux/miniflux)

v2.2.19: Miniflux 2.2.19

Compare Source

Security
  • Remove sensitive values (CSRF tokens, OAuth state, session cookies) from log messages.
  • Improve OAuth2 security:
    • Verify OIDC ID token signatures and claims.
    • Prevent OAuth identity overwrite when already linked.
    • Clear PKCE verifier and CSRF state after use.
    • Validate HTTP status from Google userinfo endpoint.
  • Use HMAC-SHA256 instead of SHA1 for Google Reader API authentication.
  • Use constant-time comparison for token validation.
  • Fix potential DoS when truncating large untrusted input in templates.
  • Reject oversized favicons.
Improvements
  • Improve configuration validation with cross-field consistency checks.
  • OAuth2:
    • Explicit provider selection via OAUTH2_PROVIDER.
    • Better separation between Google and OIDC providers.
    • Updated Google OAuth endpoints to v2.
  • UI:
    • Add cache-busting for static assets (JS, CSS, icons).
    • Add Cache-Control: immutable for static resources.
  • Sanitizer:
    • Allow iframes from framatube.org.
    • Improve performance and parsing behavior.
  • Metrics and workers:
    • Graceful shutdown support for worker pool and metrics collector.
    • Better error reporting for metrics.
  • API / HTTP:
    • Support weak ETag comparison.
    • Improve response helpers and headers handling.
Performance
  • Reduce number of SQL queries for unread entries and UI pages.
  • Optimize database queries and locking behavior:
    • Use SKIP LOCKED in archive operations.
    • Reduce unnecessary queries and connections.
  • Improve UI performance:
    • Cache keymaps instead of recomputing on each keypress.
    • Batch DOM updates when marking entries as read.
  • Optimize sanitizer, media proxy, routing, and template rendering.
  • Reduce allocations in various hot paths.
Bug Fixes
  • Fix category update validation rendering.
  • Fix redirect after marking a feed as read from category view.
  • Fix timezone comparison logic.
  • Fix Arabic pluralization rules (ar_SA).
  • Fix validator behavior when clearing user filters.
  • Fix CLI behavior for --info and --version.
  • Fix CORS preflight responses (return 204).
  • Ensure 204 responses do not include Content-Type.
  • Ignore unsupported media proxy targets and handle MIME types correctly.
Refactoring
  • Remove dependency on gorilla/mux across the codebase.
  • Improve code structure and naming consistency (API, OAuth2, config, validators).
  • Simplify timezone and server setup logic.
  • Improve testability and documentation (GoDoc updates).
Dependencies

  • Update multiple dependencies, including:

    • github.com/lib/pq
    • github.com/go-jose/go-jose/v4
    • github.com/go-webauthn/webauthn
    • github.com/andybalholm/brotli
    • github.com/tdewolff/minify/v2
    • golang.org/x/image
    • github.com/PuerkitoBio/goquery

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/miniflux/miniflux](https://miniflux.app) ([source](https://github.com/miniflux/v2)) | patch | `2.2.18` → `2.2.19` | --- ### Release Notes <details> <summary>miniflux/v2 (ghcr.io/miniflux/miniflux)</summary> ### [`v2.2.19`](https://github.com/miniflux/v2/releases/tag/2.2.19): Miniflux 2.2.19 [Compare Source](https://github.com/miniflux/v2/compare/2.2.18...2.2.19) ##### Security - Remove sensitive values (CSRF tokens, OAuth state, session cookies) from log messages. - Improve OAuth2 security: - Verify OIDC ID token signatures and claims. - Prevent OAuth identity overwrite when already linked. - Clear PKCE verifier and CSRF state after use. - Validate HTTP status from Google userinfo endpoint. - Use HMAC-SHA256 instead of SHA1 for Google Reader API authentication. - Use constant-time comparison for token validation. - Fix potential DoS when truncating large untrusted input in templates. - Reject oversized favicons. ##### Improvements - Improve configuration validation with cross-field consistency checks. - OAuth2: - Explicit provider selection via `OAUTH2_PROVIDER`. - Better separation between Google and OIDC providers. - Updated Google OAuth endpoints to v2. - UI: - Add cache-busting for static assets (JS, CSS, icons). - Add `Cache-Control: immutable` for static resources. - Sanitizer: - Allow iframes from `framatube.org`. - Improve performance and parsing behavior. - Metrics and workers: - Graceful shutdown support for worker pool and metrics collector. - Better error reporting for metrics. - API / HTTP: - Support weak ETag comparison. - Improve response helpers and headers handling. ##### Performance - Reduce number of SQL queries for unread entries and UI pages. - Optimize database queries and locking behavior: - Use `SKIP LOCKED` in archive operations. - Reduce unnecessary queries and connections. - Improve UI performance: - Cache keymaps instead of recomputing on each keypress. - Batch DOM updates when marking entries as read. - Optimize sanitizer, media proxy, routing, and template rendering. - Reduce allocations in various hot paths. ##### Bug Fixes - Fix category update validation rendering. - Fix redirect after marking a feed as read from category view. - Fix timezone comparison logic. - Fix Arabic pluralization rules (`ar_SA`). - Fix validator behavior when clearing user filters. - Fix CLI behavior for `--info` and `--version`. - Fix CORS preflight responses (return 204). - Ensure 204 responses do not include `Content-Type`. - Ignore unsupported media proxy targets and handle MIME types correctly. ##### Refactoring - Remove dependency on `gorilla/mux` across the codebase. - Improve code structure and naming consistency (API, OAuth2, config, validators). - Simplify timezone and server setup logic. - Improve testability and documentation (GoDoc updates). ##### Dependencies - Update multiple dependencies, including: - `github.com/lib/pq` - `github.com/go-jose/go-jose/v4` - `github.com/go-webauthn/webauthn` - `github.com/andybalholm/brotli` - `github.com/tdewolff/minify/v2` - `golang.org/x/image` - `github.com/PuerkitoBio/goquery` </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuMyIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC4zIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
renovate added 1 commit 2026-04-05 03:14:23 +00:00
Update ghcr.io/miniflux/miniflux Docker tag to v2.2.19 2a7f5df0f5
AverageMarcus merged commit 7a44b84ffb into master 2026-04-05 09:42:08 +00:00
AverageMarcus deleted branch renovate/ghcr.io-miniflux-miniflux-2.x 2026-04-05 09:42:09 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
renovate AverageMarcus
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: AverageMarcus/cluster.fun#684
Delete Branch "renovate/ghcr.io-miniflux-miniflux-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?