Frédéric Guillot
140a40acaf
Use secrets.GITHUB_TOKEN to push images instead of a PAT
2023-03-27 21:29:33 -07:00
toastal
56efba66f5
Prefer typographic punctuation
...
For a long time, we’ve not been limited to ASCII and have machines that
can properly render the typographically-correct punctuation symbols for
our languages. This leads to a better, clearer reading experience and
also matches the `<meta charset="utf-8">` and the the use of such
punctuation on FAQs.
Changes:
• Ellipsis: `...` → `…` (https://en.wikipedia.org/wiki/Ellipsis )
• Apostrophe: `'` → `’` (https://en.wikipedia.org/wiki/Apostrophe )
While I could try to do research on other languages, I’m not a native
speaker in them and wouldn’t feel comfortable making any adjustments
outside of English.
2023-03-27 20:55:25 -07:00
Frédéric Guillot
7e612cddd3
Update issue templates
2023-03-26 19:13:53 -07:00
Davide Masserut
034e46700c
Process older entries first
...
Feed entries are usually ordered from most to least recent.
Processing older entries first ensures that their creation timestamp
is lower than that of newer entries.
This is useful when we order by creation, because then we get a
consistent timeline.
2023-03-25 16:19:07 -07:00
Daniel Jakots
ac8f64d7a1
Set Prometheus as datasource everywhere
...
Requested by @lnicola.
2023-03-24 20:12:13 -07:00
Daniel Jakots
b536e05fee
Fix grafana dashboard
2023-03-24 20:12:13 -07:00
dependabot[bot]
6eed037186
Bump actions/setup-go from 3 to 4
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 20:20:59 -07:00
Frédéric Guillot
5912400dee
Push Docker images to Quay.io (RedHat)
2023-03-19 21:25:05 -07:00
Frédéric Guillot
ab209df78f
Update ChangeLog
2023-03-16 19:34:20 -07:00
dependabot[bot]
11a352dcfd
Bump github.com/tdewolff/minify/v2 from 2.12.4 to 2.12.5
...
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify ) from 2.12.4 to 2.12.5.
- [Release notes](https://github.com/tdewolff/minify/releases )
- [Commits](https://github.com/tdewolff/minify/compare/v2.12.4...v2.12.5 )
---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-16 18:04:23 -07:00
Frédéric Guillot
9ae6922bdc
Fix null reference in toggle entry attachments shortcut
...
Fixes #1723
2023-03-13 20:20:35 -07:00
Frédéric Guillot
ea8c3c801a
Update Security policy
2023-03-13 19:56:47 -07:00
Frédéric Guillot
eb9508502c
Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler
...
Creating an RSS feed item with the inline description containing an `<img>` tag
with a `srcset` attribute pointing to an invalid URL like
`http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error
condition where the invalid URL is returned unescaped and in full.
This results in JavaScript execution on the Miniflux instance as soon as the
user is convinced to open the broken image.
2023-03-12 22:36:03 -07:00
Frédéric Guillot
b46b5dfb2a
Use r.RemoteAddr to check /metrics endpoint network access
...
HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
such, it cannot be used to test if the client IP is allowed.
The recommendation is to use HTTP Basic authentication to protect the
metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
2023-03-11 20:53:12 -08:00
Frédéric Guillot
877dbed5e8
Add HTTP Basic authentication for /metrics endpoint
2023-03-11 20:13:52 -08:00
fructurj
79ff381c4c
Update es_ES.json
2023-03-11 17:38:07 -08:00
dependabot[bot]
f6a672738a
Bump golang.org/x/crypto from 0.6.0 to 0.7.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 20:38:55 -08:00
dependabot[bot]
e4964d6933
Bump golang.org/x/oauth2 from 0.5.0 to 0.6.0
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/oauth2/releases )
- [Commits](https://github.com/golang/oauth2/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 20:27:58 -08:00
Davide Masserut
755c9af47d
Update scraping rules for ilpost.it
2023-03-01 20:04:25 -08:00
Frédéric Guillot
02e4b8eadc
Update GitHub Actions to use Go 1.20
2023-03-01 19:56:06 -08:00
Frédéric Guillot
aaa1625724
Ignore empty link when discovering feeds
2023-02-26 17:19:26 -08:00
Frédéric Guillot
bb5f3ec6a8
Disable CGO explicitly to make sure the binary is statically linked
...
Apparently this behavior has been changed in Go 1.20: https://tip.golang.org/doc/go1.20#cgo
2023-02-25 16:55:11 -08:00
Sigsign
8804eb9a78
Update Japanese translation
2023-02-25 15:58:39 -08:00
Romain de Laage
2c2700a31d
Proxy support for several media types
...
closes #615
closes #635
2023-02-25 15:57:59 -08:00
privatmamtora
8f9ccc6540
Parse <category>
from Feeds (RSS, Atom and JSON)
2023-02-24 20:52:45 -08:00
dependabot[bot]
ff8d68c151
Bump github.com/PuerkitoBio/goquery from 1.8.0 to 1.8.1
...
Bumps [github.com/PuerkitoBio/goquery](https://github.com/PuerkitoBio/goquery ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/PuerkitoBio/goquery/releases )
- [Commits](https://github.com/PuerkitoBio/goquery/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/PuerkitoBio/goquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 19:24:57 -08:00
the7thNightmare
1fb0bc29db
Update the plural for Indonesian
...
Copied from the zh_CN plural
2023-02-19 19:53:06 -08:00
Ananta Krsna dasa
a1593b8942
Run the application in one command
2023-02-19 11:56:51 -08:00
Ananta Krsna dasa
20c4cb770e
Bring back the health check condition to depends_on
2023-02-19 11:56:51 -08:00
Ananta Krsna dasa
db7a4ae7e9
Remove deprecated version
element
2023-02-19 11:56:51 -08:00
the7thNightmare
aabb766fad
Add Indonesian Language
2023-02-19 11:49:17 -08:00
the7thNightmare
8dce3099d9
Add Indonesian Language
2023-02-19 11:49:17 -08:00
dependabot[bot]
fb2b43176f
Bump golang.org/x/net from 0.6.0 to 0.7.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 19:06:58 -08:00
dependabot[bot]
2f6034c63c
Bump golang.org/x/crypto from 0.5.0 to 0.6.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-09 17:54:31 -08:00
dependabot[bot]
67190fc988
Bump golang.org/x/oauth2 from 0.4.0 to 0.5.0
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/oauth2/releases )
- [Commits](https://github.com/golang/oauth2/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-09 17:49:00 -08:00
dependabot[bot]
e4c0495646
Bump golang.org/x/net from 0.5.0 to 0.6.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-08 20:15:36 -08:00
dependabot[bot]
a7508b2746
Bump golang.org/x/term from 0.4.0 to 0.5.0
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/golang/term/releases )
- [Commits](https://github.com/golang/term/compare/v0.4.0...v0.5.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-07 20:16:21 -08:00
Wojtek
34408b50a7
Add CSS classes to differentiate between category/feed/entry view and icons
2023-02-06 20:46:42 -08:00
Marie Ramlow
48acd1feca
Add rewrite and scraper rules for blog.cloudflare.com
2023-02-05 21:01:42 -08:00
Ryan Cao
8d51fd8ff5
fix: add color-scheme
to themes
2023-02-05 20:58:23 -08:00
Martin Vietz
a44ba4abcb
Add toggle open/close entry attachments shortcut
2023-02-05 20:51:51 -08:00
dependabot[bot]
b338c9b3c2
Bump github.com/yuin/goldmark from 1.5.3 to 1.5.4
...
Bumps [github.com/yuin/goldmark](https://github.com/yuin/goldmark ) from 1.5.3 to 1.5.4.
- [Release notes](https://github.com/yuin/goldmark/releases )
- [Commits](https://github.com/yuin/goldmark/compare/v1.5.3...v1.5.4 )
---
updated-dependencies:
- dependency-name: github.com/yuin/goldmark
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-02 20:07:07 -08:00
xdavidwu
08f7835f5d
sanitizer: allow id in <sup>
...
One of blogs I read uses anchor on <sup> to link a footnote back to its
reference.
2023-01-31 17:53:45 -08:00
dependabot[bot]
d38fc80bad
Bump docker/build-push-action from 3 to 4
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-01-30 17:04:35 -08:00
Frédéric Guillot
b2fd84e0d3
Update ChangeLog
2023-01-29 17:01:14 -08:00
Sigsign
e64f488654
Update Japanese translations
2023-01-28 17:58:56 -08:00
Sigsign
8017ed2cf6
Sort like en_US.json
2023-01-28 17:58:56 -08:00
Davide Masserut
65febebd40
Fix header items wrapping
2023-01-17 20:00:13 -08:00
Frédéric Guillot
2e047dff98
Add option to enable or disable double tap
2023-01-14 16:59:52 -08:00
Frédéric Guillot
6612e42668
Improve PWA display mode label in settings page
2023-01-14 15:39:09 -08:00