dependabot[bot]
8d2dab44d8
Bump github.com/lib/pq from 1.10.8 to 1.10.9
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.10.8 to 1.10.9.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.10.8...v1.10.9 )
---
updated-dependencies:
- dependency-name: github.com/lib/pq
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-02 16:19:33 -07:00
dependabot[bot]
d435e67a36
Bump mvdan.cc/xurls/v2 from 2.4.0 to 2.5.0
...
Bumps [mvdan.cc/xurls/v2](https://github.com/mvdan/xurls ) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/mvdan/xurls/releases )
- [Commits](https://github.com/mvdan/xurls/compare/v2.4.0...v2.5.0 )
---
updated-dependencies:
- dependency-name: mvdan.cc/xurls/v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-17 16:58:42 -07:00
Romain de Laage
33c4b5188c
Add a rewrite rule to remove clickbait titles
2023-04-15 18:25:43 -07:00
dependabot[bot]
8161085714
Bump github.com/lib/pq from 1.10.7 to 1.10.8
...
Bumps [github.com/lib/pq](https://github.com/lib/pq ) from 1.10.7 to 1.10.8.
- [Release notes](https://github.com/lib/pq/releases )
- [Commits](https://github.com/lib/pq/compare/v1.10.7...v1.10.8 )
---
updated-dependencies:
- dependency-name: github.com/lib/pq
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-14 19:13:51 -07:00
dependabot[bot]
6493239484
Bump github.com/prometheus/client_golang from 1.14.0 to 1.15.0
...
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang ) from 1.14.0 to 1.15.0.
- [Release notes](https://github.com/prometheus/client_golang/releases )
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md )
- [Commits](https://github.com/prometheus/client_golang/compare/v1.14.0...v1.15.0 )
---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-13 20:48:57 -07:00
dependabot[bot]
a143681af3
Bump golang.org/x/crypto from 0.7.0 to 0.8.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.7.0...v0.8.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 16:12:41 -07:00
Emiel Wiedijk
5a88e0465e
Update rewrite rules for theverge.com
...
Articles on The Verge sometimes contain a section for related articles.
This section can be distracting in reader mode. Therefore, filter the
related article section using the scraper rules.
2023-04-07 16:12:19 -07:00
dependabot[bot]
30bb901d7c
Bump golang.org/x/oauth2 from 0.6.0 to 0.7.0
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/oauth2/releases )
- [Commits](https://github.com/golang/oauth2/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-07 16:02:42 -07:00
dependabot[bot]
40418fcf6f
Bump golang.org/x/net from 0.8.0 to 0.9.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.8.0 to 0.9.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.8.0...v0.9.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-06 17:42:43 -07:00
dependabot[bot]
ad85e5be80
Bump golang.org/x/term from 0.6.0 to 0.7.0
...
Bumps [golang.org/x/term](https://github.com/golang/term ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/term/releases )
- [Commits](https://github.com/golang/term/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/term
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-04-05 20:06:59 -07:00
Frédéric Guillot
aa9b18a8d6
Make sure PROXY_IMAGES option is backward compatible
...
Bug introduced in PR #1610
Fixes #1753
2023-04-02 18:35:43 -07:00
Jake Walker
8b6dd3e599
Keep other table rows and columns
2023-04-02 17:50:19 -07:00
Jake Walker
49d2596fc6
Basic table removal rule
2023-04-02 17:50:19 -07:00
rook1e
9a826bbe6f
feat: support searching well-known urls in subdirectory
2023-04-02 17:44:14 -07:00
rook1e
acc9186a59
fix: extra-long title overflow
2023-04-02 17:37:25 -07:00
dzaikos
7d252ea45b
Add swipe as option for gesture navigation between entries.
...
* Refactor `TouchHandler` to handle double-tap and swipe gestures.
* Renamed existing `onTouch` JavaScript methods to `onItemTouch` and
added `onContentTouch` methods for swipe gesture.
* Refactor double-tap. It's now a method in `TouchHandler` versus
anonymous functions in `listen()` method.
* Updated CSS classes.
* Added `touch-action` CSS for `.entry-content`.
* Renamed CSS classes for adding events in `TouchHandler`.
* Updated users settings to replace checkbox for double tap with select
for none, double tap, or swipe.
* Added database migrations for new gesture_nav option.
* Rename `users.double_tap` to `users.gesture_nav` and migrate
existing user settings.
* Updated translation files. (Non-English updated with Google
Translate.)
Resolves #1449 , closes #1495
2023-03-28 18:00:57 -07:00
Frédéric Guillot
140a40acaf
Use secrets.GITHUB_TOKEN to push images instead of a PAT
2023-03-27 21:29:33 -07:00
toastal
56efba66f5
Prefer typographic punctuation
...
For a long time, we’ve not been limited to ASCII and have machines that
can properly render the typographically-correct punctuation symbols for
our languages. This leads to a better, clearer reading experience and
also matches the `<meta charset="utf-8">` and the the use of such
punctuation on FAQs.
Changes:
• Ellipsis: `...` → `…` (https://en.wikipedia.org/wiki/Ellipsis )
• Apostrophe: `'` → `’` (https://en.wikipedia.org/wiki/Apostrophe )
While I could try to do research on other languages, I’m not a native
speaker in them and wouldn’t feel comfortable making any adjustments
outside of English.
2023-03-27 20:55:25 -07:00
Frédéric Guillot
7e612cddd3
Update issue templates
2023-03-26 19:13:53 -07:00
Davide Masserut
034e46700c
Process older entries first
...
Feed entries are usually ordered from most to least recent.
Processing older entries first ensures that their creation timestamp
is lower than that of newer entries.
This is useful when we order by creation, because then we get a
consistent timeline.
2023-03-25 16:19:07 -07:00
Daniel Jakots
ac8f64d7a1
Set Prometheus as datasource everywhere
...
Requested by @lnicola.
2023-03-24 20:12:13 -07:00
Daniel Jakots
b536e05fee
Fix grafana dashboard
2023-03-24 20:12:13 -07:00
dependabot[bot]
6eed037186
Bump actions/setup-go from 3 to 4
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-20 20:20:59 -07:00
Frédéric Guillot
5912400dee
Push Docker images to Quay.io (RedHat)
2023-03-19 21:25:05 -07:00
Frédéric Guillot
ab209df78f
Update ChangeLog
2023-03-16 19:34:20 -07:00
dependabot[bot]
11a352dcfd
Bump github.com/tdewolff/minify/v2 from 2.12.4 to 2.12.5
...
Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify ) from 2.12.4 to 2.12.5.
- [Release notes](https://github.com/tdewolff/minify/releases )
- [Commits](https://github.com/tdewolff/minify/compare/v2.12.4...v2.12.5 )
---
updated-dependencies:
- dependency-name: github.com/tdewolff/minify/v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-16 18:04:23 -07:00
Frédéric Guillot
9ae6922bdc
Fix null reference in toggle entry attachments shortcut
...
Fixes #1723
2023-03-13 20:20:35 -07:00
Frédéric Guillot
ea8c3c801a
Update Security policy
2023-03-13 19:56:47 -07:00
Frédéric Guillot
eb9508502c
Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler
...
Creating an RSS feed item with the inline description containing an `<img>` tag
with a `srcset` attribute pointing to an invalid URL like
`http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error
condition where the invalid URL is returned unescaped and in full.
This results in JavaScript execution on the Miniflux instance as soon as the
user is convinced to open the broken image.
2023-03-12 22:36:03 -07:00
Frédéric Guillot
b46b5dfb2a
Use r.RemoteAddr to check /metrics endpoint network access
...
HTTP headers like X-Forwarded-For or X-Real-Ip can be easily spoofed. As
such, it cannot be used to test if the client IP is allowed.
The recommendation is to use HTTP Basic authentication to protect the
metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
2023-03-11 20:53:12 -08:00
Frédéric Guillot
877dbed5e8
Add HTTP Basic authentication for /metrics endpoint
2023-03-11 20:13:52 -08:00
fructurj
79ff381c4c
Update es_ES.json
2023-03-11 17:38:07 -08:00
dependabot[bot]
f6a672738a
Bump golang.org/x/crypto from 0.6.0 to 0.7.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 20:38:55 -08:00
dependabot[bot]
e4964d6933
Bump golang.org/x/oauth2 from 0.5.0 to 0.6.0
...
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2 ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/oauth2/releases )
- [Commits](https://github.com/golang/oauth2/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 20:27:58 -08:00
Davide Masserut
755c9af47d
Update scraping rules for ilpost.it
2023-03-01 20:04:25 -08:00
Frédéric Guillot
02e4b8eadc
Update GitHub Actions to use Go 1.20
2023-03-01 19:56:06 -08:00
Frédéric Guillot
aaa1625724
Ignore empty link when discovering feeds
2023-02-26 17:19:26 -08:00
Frédéric Guillot
bb5f3ec6a8
Disable CGO explicitly to make sure the binary is statically linked
...
Apparently this behavior has been changed in Go 1.20: https://tip.golang.org/doc/go1.20#cgo
2023-02-25 16:55:11 -08:00
Sigsign
8804eb9a78
Update Japanese translation
2023-02-25 15:58:39 -08:00
Romain de Laage
2c2700a31d
Proxy support for several media types
...
closes #615
closes #635
2023-02-25 15:57:59 -08:00
privatmamtora
8f9ccc6540
Parse <category>
from Feeds (RSS, Atom and JSON)
2023-02-24 20:52:45 -08:00
dependabot[bot]
ff8d68c151
Bump github.com/PuerkitoBio/goquery from 1.8.0 to 1.8.1
...
Bumps [github.com/PuerkitoBio/goquery](https://github.com/PuerkitoBio/goquery ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/PuerkitoBio/goquery/releases )
- [Commits](https://github.com/PuerkitoBio/goquery/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/PuerkitoBio/goquery
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-20 19:24:57 -08:00
the7thNightmare
1fb0bc29db
Update the plural for Indonesian
...
Copied from the zh_CN plural
2023-02-19 19:53:06 -08:00
Ananta Krsna dasa
a1593b8942
Run the application in one command
2023-02-19 11:56:51 -08:00
Ananta Krsna dasa
20c4cb770e
Bring back the health check condition to depends_on
2023-02-19 11:56:51 -08:00
Ananta Krsna dasa
db7a4ae7e9
Remove deprecated version
element
2023-02-19 11:56:51 -08:00
the7thNightmare
aabb766fad
Add Indonesian Language
2023-02-19 11:49:17 -08:00
the7thNightmare
8dce3099d9
Add Indonesian Language
2023-02-19 11:49:17 -08:00
dependabot[bot]
fb2b43176f
Bump golang.org/x/net from 0.6.0 to 0.7.0
...
Bumps [golang.org/x/net](https://github.com/golang/net ) from 0.6.0 to 0.7.0.
- [Release notes](https://github.com/golang/net/releases )
- [Commits](https://github.com/golang/net/compare/v0.6.0...v0.7.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/net
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-14 19:06:58 -08:00
dependabot[bot]
2f6034c63c
Bump golang.org/x/crypto from 0.5.0 to 0.6.0
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/golang/crypto/releases )
- [Commits](https://github.com/golang/crypto/compare/v0.5.0...v0.6.0 )
---
updated-dependencies:
- dependency-name: golang.org/x/crypto
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-02-09 17:54:31 -08:00