This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [ghcr.io/miniflux/miniflux](https://miniflux.app) ([source](https://github.com/miniflux/v2)) | patch | `2.2.18` → `2.2.19` |
---
### Release Notes
<details>
<summary>miniflux/v2 (ghcr.io/miniflux/miniflux)</summary>
### [`v2.2.19`](https://github.com/miniflux/v2/releases/tag/2.2.19): Miniflux 2.2.19
[Compare Source](https://github.com/miniflux/v2/compare/2.2.18...2.2.19)
##### Security
- Remove sensitive values (CSRF tokens, OAuth state, session cookies) from log messages.
- Improve OAuth2 security:
- Verify OIDC ID token signatures and claims.
- Prevent OAuth identity overwrite when already linked.
- Clear PKCE verifier and CSRF state after use.
- Validate HTTP status from Google userinfo endpoint.
- Use HMAC-SHA256 instead of SHA1 for Google Reader API authentication.
- Use constant-time comparison for token validation.
- Fix potential DoS when truncating large untrusted input in templates.
- Reject oversized favicons.
##### Improvements
- Improve configuration validation with cross-field consistency checks.
- OAuth2:
- Explicit provider selection via `OAUTH2_PROVIDER`.
- Better separation between Google and OIDC providers.
- Updated Google OAuth endpoints to v2.
- UI:
- Add cache-busting for static assets (JS, CSS, icons).
- Add `Cache-Control: immutable` for static resources.
- Sanitizer:
- Allow iframes from `framatube.org`.
- Improve performance and parsing behavior.
- Metrics and workers:
- Graceful shutdown support for worker pool and metrics collector.
- Better error reporting for metrics.
- API / HTTP:
- Support weak ETag comparison.
- Improve response helpers and headers handling.
##### Performance
- Reduce number of SQL queries for unread entries and UI pages.
- Optimize database queries and locking behavior:
- Use `SKIP LOCKED` in archive operations.
- Reduce unnecessary queries and connections.
- Improve UI performance:
- Cache keymaps instead of recomputing on each keypress.
- Batch DOM updates when marking entries as read.
- Optimize sanitizer, media proxy, routing, and template rendering.
- Reduce allocations in various hot paths.
##### Bug Fixes
- Fix category update validation rendering.
- Fix redirect after marking a feed as read from category view.
- Fix timezone comparison logic.
- Fix Arabic pluralization rules (`ar_SA`).
- Fix validator behavior when clearing user filters.
- Fix CLI behavior for `--info` and `--version`.
- Fix CORS preflight responses (return 204).
- Ensure 204 responses do not include `Content-Type`.
- Ignore unsupported media proxy targets and handle MIME types correctly.
##### Refactoring
- Remove dependency on `gorilla/mux` across the codebase.
- Improve code structure and naming consistency (API, OAuth2, config, validators).
- Simplify timezone and server setup logic.
- Improve testability and documentation (GoDoc updates).
##### Dependencies
- Update multiple dependencies, including:
- `github.com/lib/pq`
- `github.com/go-jose/go-jose/v4`
- `github.com/go-webauthn/webauthn`
- `github.com/andybalholm/brotli`
- `github.com/tdewolff/minify/v2`
- `golang.org/x/image`
- `github.com/PuerkitoBio/goquery`
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuMyIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC4zIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=-->
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
This PR contains the following updates:
2.2.18→2.2.19Release Notes
miniflux/v2 (ghcr.io/miniflux/miniflux)
v2.2.19: Miniflux 2.2.19Compare Source
Security
Improvements
OAUTH2_PROVIDER.Cache-Control: immutablefor static resources.framatube.org.Performance
SKIP LOCKEDin archive operations.Bug Fixes
ar_SA).--infoand--version.Content-Type.Refactoring
gorilla/muxacross the codebase.Dependencies
Update multiple dependencies, including:
github.com/lib/pqgithub.com/go-jose/go-jose/v4github.com/go-webauthn/webauthngithub.com/andybalholm/brotligithub.com/tdewolff/minify/v2golang.org/x/imagegithub.com/PuerkitoBio/goqueryConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.