feat(github-release): update flux group (minor)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
fluxcd/flux2	Kustomization	minor	v2.1.2 -> v2.3.0
ghcr.io/fluxcd/flux-manifests		minor	v2.1.2 -> v2.3.0
ghcr.io/miniflux/miniflux (source)		minor	2.0.48 -> 2.1.3

---

Release Notes

fluxcd/flux2 (fluxcd/flux2)

v2.3.0

Compare Source

v2.2.3

Compare Source

Highlights

Flux v2.2.3 is a patch release which comes with various fixes and improvements. Users are encouraged to upgrade for the best experience.

💡 For upgrading to Flux v2.2, please see the procedure documented in 2.2.0.

This release updates the Kubernetes dependencies to v1.28.6 and various other dependencies to their latest version to patch upstream CVEs.

All controllers are built with Go 1.21.6 using Alpine Linux 3.19.1 base image.

[!NOTE]
Due to breaking changes in Helm v3.14.0, the helm-controller version included in this patch release comes with Helm SDK v3.13.3.
A preview build of the helm-controller with the latest Helm SDK is available at helm-controller#879.

Fixes:

• Reconciling empty directories and directories without Kubernetes manifests no longer results in an error. This regressing bug was introduced with the kustomize-controller upgrade to Kustomize v5.3 and has been fixed in this patch release.
• The regression due to which Roles and ClusterRoles with aggregated roles were continuous reconciled by kustomize-controller has been fixed.
• Fix the Git revision displaying when notification-controller sends alerts to Grafana.
• The HelmRelease status reporting has been improved by ensuring that the stale failure conditions get updated after failure recovery.

See the components changelog for a full list of bug fixes.

Components changelog

• source-controller v1.2.4
• kustomize-controller v1.2.2
• notification-controller v1.2.4
• helm-controller v0.37.4
• image-reflector-controller v0.31.2
• image-automation-controller v0.37.1

CLI Changelog

• PR #​4589 - @​stefanprodan - Update dependencies
• PR #​4585 - @​dependabot[bot] - build(deps): bump the ci group with 3 updates
• PR #​4583 - @​fluxcdbot - Update toolkit components
• PR #​4575 - @​stefanprodan - Update dependencies to Kubernetes v1.28.6
• PR #​4573 - @​dependabot[bot] - build(deps): bump the ci group with 5 updates
• PR #​4558 - @​twinguy - flux check should error on unrecognised args
• PR #​4557 - @​twinguy - flux stats should error on unrecognised args
• PR #​4554 - @​dependabot[bot] - build(deps): bump the ci group with 3 updates
• PR #​4553 - @​twinguy - Properly detect unexpected arguments during uninstall
• PR #​4535 - @​dependabot[bot] - build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7
• PR #​4533 - @​darkowlzz - tests/int: Add separate resource cleanup step

v2.2.2

Compare Source

Highlights

Flux v2.2.2 is a patch release that addresses an issue with the label selector sharding functionality in the helm-controller. Users are encouraged to upgrade for the best experience.

💡 For upgrading to Flux v2.2, please see the procedure documented in 2.2.0.

Components changelog

• helm-controller v0.37.2

CLI Changelog

• PR #​4505 - @​hiddeco - Update helm-controller to v0.37.2 in tests
• PR #​4501 - @​fluxcdbot - Update toolkit components
• PR #​4499 - @​stuebingerb - Fix typo in Git bootstrap
• PR #​4495 - @​dependabot[bot] - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /tests/integration
• PR #​4494 - @​dependabot[bot] - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0
• PR #​4493 - @​dependabot[bot] - build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 in /tests/azure
• PR #​4491 - @​dependabot[bot] - build(deps): bump the ci group with 3 updates

v2.2.1

Compare Source

Highlights

Flux v2.2.1 is a patch release that comes with fixes to API backwards compatibility.
Users are encouraged to upgrade for the best experience.

💡 For upgrading to Flux v2.2, please see the procedure documented in 2.2.0.

This version was tested with the latest Kubernetes release, and extends Flux support to Kubernetes v1.29.

The Helm SDK was updated to the latest version, v3.13.3.

Logging in kustomize-controller and helm-controller has been improved to provide faster feedback on any HTTP errors encountered while fetching artifacts from source-controller.

Components changelog

• source-controller v1.2.3
• kustomize-controller v1.2.1
• notification-controller v1.2.3
• helm-controller v0.37.1

CLI Changelog

• PR #​4488 - @​hiddeco - tests: update API dependencies
• PR #​4484 - @​stefanprodan - Run conformance tests for Kubernetes v1.29.0
• PR #​4483 - @​fluxcdbot - Update toolkit components
• PR #​4481 - @​hoexter - Remove duplicate part of the reconcile hr --reset help message
• PR #​4478 - @​stefanprodan - Remove deprecated monitoring configs
• PR #​4476 - @​hiddeco - Properly detect unsupported API errors
• PR #​4468 - @​hiddeco - Add 2.2.x backport label

v2.2.0

Compare Source

Highlights

Flux v2.2.0 is a feature release. Users are encouraged to upgrade for the best experience.

The Flux CLI and controllers have been updated to Kustomize v5.3.0 and Kubernetes v1.28.4.

Flux helm-controller's reconciliation model underwent a significant overhaul, addressing persistent issues such as the automatic recovery of releases stuck in a pending state. In addition, it improves the observability of the release status, and it introduces the ability to enable drift detection on a per-object basis. For more details on the helm-controller improvements, please see the Announcing Flux 2.2 GA blog post.

The Flux CLI can now be used to force or reset the reconciliation state of a HelmRelease v2beta2 object using flux reconcile hr --force and flux reconcile hr --reset.

Flux CLI comes with support for bootstrapping Gitea repositories and adds guardrails to flux install and flux bootstrap to protect users from destructive operations. The flux version and flux check commands now print the Flux distribution version deployed on the cluster.

The Flux alerting capabilities have been extended with NATS and Bitbucket Server & Data Center support.

Starting with this release, Flux minor versions are benchmark to measure the Mean Time To Production (MTTP). The results for this version can be found at
github.com/fluxcd/flux-benchmark.

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version	Minimum required
v1.26	>= 1.26.0
v1.27	>= 1.27.1
v1.28	>= 1.28.0

Note that Flux may work on older versions of Kubernetes e.g. 1.25, but we don't recommend running end-of-life versions in production nor do we offer support for these versions.

API changes

HelmRelease v2beta2

The HelmRelease kind was promoted from v2beta1 to v2beta2.

The v2beta2 API is backwards compatible with v2beta1, the v2beta1 API is deprecated and will be removed in a future release.

Deprecated fields:

• The .patchesStrategicMerge and .patchesJson6902 Kustomize post-rendering fields have been deprecated in favor of .patches.
• The .status.lastAppliedRevision and .status.lastReleaseRevision fields have been deprecated in favor of .status.history.
• The .status.lastAttemptedValuesChecksum has been deprecated in favor of .status.lastAttemptedConfigDigest.

New fields:

• Drift detection and correction is now enabled on a per-release basis using the .spec.driftDetection.mode field.
• Ignoring specific fields during drift detection and correction is now supported using the .spec.driftDetection.ignore
• Helm tests can now be selectively run using the .spec.test.filters field.
• A history of metadata from Helm releases up to the previous successful release is now available in the .status.history field. This includes any Helm test results when enabled.
• The .status.lastHandledForceAt and .status.lastHandledResetAt fields have been introduced to track the last time a force upgrade or reset was handled.

Alert and Provider v1beta3

The Alert and Provider kinds were promoted from v1beta2 to v1beta3.

The v1beta3 API is backwards compatible with v1beta2, the .status field was removed making the resources static objects. Any errors encountered while sending notifications are now recorded as Kubernetes Events associated with the Alert objects.

Bucket v1beta2

A new field, .spec.prefix, has been added to the Bucket API, which enables server-side filtering of files if the object's .spec.provider is set to generic, aws or gcp.

OCIRepository and HelmChart v1beta2

Two new fields, .spec.verify.matchOIDCIdentity.issuer and .spec.verify.matchOIDCIdentity.subject have been added to the HelmChart and OCIRepository APIs. If the image has been keylessly signed via Cosign, these fields can be used to verify the OIDC issuer of the Fulcio certificate and the
OIDC identity's subject respectively.

HelmRepository and ImageRepository v1beta2

A new boolean field, .spec.insecure, has been introduced to the
HelmRepository and ImageRepository APIs, which allows connecting to a non-TLS HTTP container registry. For HelmRepositories it is only considered if the object's .spec.type is set to oci.

From this release onwards, HelmRepository objects of type OCI are treated as static objects, i.e. they have an empty status.

Upgrade procedure

Upgrade Flux from v2.x to v2.2.0 either by rerunning bootstrap or by using the Flux GitHub Action.

To upgrade the APIs, make sure the new CRDs and controllers are deployed, and then change the manifests in Git:

1. Set apiVersion: helm.toolkit.fluxcd.io/v2beta2 in the YAML files that contain HelmRelease definitions.
2. Set apiVersion: notification.toolkit.fluxcd.io/v1beta3 in the YAML files that contain Alert and Provider definitions.
3. Commit, push and reconcile the API version changes.

Bumping the APIs version in manifests can be done gradually. It is advised to not delay this procedure as the deprecated versions will be removed after 6 months.

New Documentation

• HelmRelease v2beta2 specification
• Enable in-memory kustomize builds guide

Components changelog

• source-controller v1.2.2
• kustomize-controller v1.2.0
• notification-controller v1.2.2
• helm-controller v0.37.0
• image-reflector-controller v0.31.1
• image-automation-controller v0.37.0

CLI Changelog

• PR #​4467 - @​stefanprodan - Drop support for Kubernetes EOL versions
• PR #​4465 - @​stefanprodan - build: Update alpine and kubectl in flux-cli image
• PR #​4464 - @​souleb - Update go-git-providers to v0.19.2
• PR #​4463 - @​stefanprodan - Update Git dependencies
• PR #​4461 - @​fluxcdbot - Update toolkit components
• PR #​4455 - @​chewong - Fix typos in flux bootstrap documentation
• PR #​4454 - @​fluxcdbot - Update toolkit components
• PR #​4437 - @​stefanprodan - Add force and reset flags to flux reconcile hr
• PR #​4433 - @​darkowlzz - Update Helm OCI RFC - static HelmRepository design
• PR #​4424 - @​somtochiama - Show distribution name in flux check and flux version
• PR #​4422 - @​somtochiama - bootstrap: More details for context deadline exceeded error
• PR #​4416 - @​stefanprodan - Update dependencies to Kubernetes v1.28
• PR #​4409 - @​somtochiama - Make events cmd work well with lowercased and only kind selector
• PR #​4404 - @​VinGarcia - Fix flux install command so it returns an error when unexpected arguments are passed
• PR #​4402 - @​mclarke47 - fix build_artifact.go typo
• PR #​4388 - @​stefanprodan - [RFC-0003] OIDC identity matching for keyless verification
• PR #​4382 - @​darkowlzz - tests/int: Set exit code 1 on tf destroy fail
• PR #​4380 - @​hiddeco - Tweak permissions on created files
• PR #​4355 - @​somtochiama - Confirm before overriding installation by another manager
• PR #​4345 - @​somtochiama - Prevent flux install from overriding bootrapped cluster
• PR #​4332 - @​matheuscscp - Add CLI flags for OCIRepository signature verification
• PR #​4329 - @​hiddeco - Address various issues throughout code base
• PR #​4324 - @​somtochiama - bootstrap: Fix error msg when the Git token doesn't match the repo owner
• PR #​4323 - @​stefanprodan - e2e: Update Go dependencies
• PR #​4317 - @​Jaykul - Correct "sync" to "component" in log lines
• PR #​4313 - @​fluxcdbot - Update toolkit components
• PR #​4311 - @​darkowlzz - Check readiness of Flux kinds using kstatus
• PR #​4298 - @​darkowlzz - Add support for HelmRepo OCI and NC v1beta3 static objects
• PR #​4296 - @​Skarlso - fix: only wait for changeset if the result is not empty
• PR #​4285 - @​matheuscscp - Add badge for SLSA Level 3
• PR #​4284 - @​errordeveloper - Make flux pull work for OCI artifacts produced by other tools
• PR #​4270 - @​Azhovan - feat: add bootstrap gitea command
• PR #​4255 - @​hiddeco - tests/azure: update controller dependencies
• PR #​4251 - @​fluxcdbot - Update toolkit components
• PR #​4238 - @​makkes - Upgrade github.com/fluxcd/pkg/{git,git/gogit}
• PR #​4233 - @​sonbui00 - chore: remove support armv6h for aur package
• PR #​4228 - @​sonbui00 - Improve AUR package templates
• PR #​4226 - @​somtochiama - Update description of kubeconfig specific flag
• PR #​4198 - @​makkes - Add 2.1.x backport label
• PR #​4197 - @​stefanprodan - Fix links to fluxcd.io

miniflux/v2 (ghcr.io/miniflux/miniflux)

v2.1.3

Compare Source

• api: rand.Intn(math.MaxInt64) causes tests to fail on 32-bit architectures (use rand.Int() instead)
• ci: use docker/metadata-action instead of deprecated shell-scripts
• database: remove entries_feed_url_idx index because entry URLs can exceeds btree index size limit
• finder: find feeds from YouTube playlist
• http/response: add brotli compression support
• integration/matrix: fix function name in comment
• packaging: specify container registry explicitly (e.g., Podman does not use docker.io by default)
• packaging: use make miniflux instead of duplicating go build arguments (this leverages Go's PIE build mode)
• reader/fetcher: add brotli content encoding support
• reader/processor: minimize feed entries HTML content
• reader/rewrite: add a rule for oglaf.com
• storage: change GetReadTime() function to use entries_feed_id_hash_key index
• ui: add seek and speed controls to media player
• ui: add tag entries page
• ui: fix JavaScript error when clicking on unread counter
• ui: use FORCE_REFRESH_INTERVAL config for category refresh
• Bump github.com/tdewolff/minify/v2 from 2.20.19 to 2.20.20
• Bump golang.org/x/net from 0.22.0 to 0.24.0
• Bump golang.org/x/term from 0.18.0 to 0.19.0
• Bump golang.org/x/oauth2 from 0.18.0 to 0.19.0
• Bump github.com/yuin/goldmark from 1.7.0 to 1.7.1

v2.1.2

Compare Source

• api: rewrite API integration tests without build tags
• ci: add basic ESLinter checks
• ci: enable go-critic linter and fix various issues detected
• ci: fix JavaScript linter path in GitHub Actions
• cli: avoid misleading error message when creating an admin user automatically
• config: add FILTER_ENTRY_MAX_AGE_DAYS option
• config: bump the number of simultaneous workers
• config: rename PROXY_* options to MEDIA_PROXY_*
• config: use crypto.GenerateRandomBytes instead of doing it by hand
• http/request: refactor conditions to be more idiomatic
• http/response: remove legacy X-XSS-Protection header
• integration/rssbrige: fix rssbrige import
• integration/shaarli: factorize the header+payload concatenation as data
• integration/shaarli: no need to base64-encode then remove the padding when we can simply encode without padding
• integration/shaarli: the JWT token was declared as using HS256 as algorithm, but was using HS512
• integration/webhook: add category title to request body
• locale: update Turkish translations
• man page: sort config options in alphabetical order
• mediaproxy: reduce the internal indentation of ProxifiedUrl by inverting some conditions
• mediaproxy: simplify and refactor the package
• model: replace Optional{Int,Int64,Float64} with a generic function OptionalNumber()
• model: use struct embedding for FeedCreationRequestFromSubscriptionDiscovery to reduce code duplication
• reader/atom: avoid debug message when the date is empty
• reader/atom: change if !a { a = } if !a {a = } constructs into if !a { a = ; if !a {a = }} to reduce the number of comparisons and improve readability
• reader/atom: Move the population of the feed's entries into a new function, to make BuildFeed easier to understand/separate concerns/implementation details
• reader/atom: refactor Atom parser to use an adapter
• reader/atom: use sort+compact instead of compact+sort to remove duplicates
• reader/atom: when detecting the format, detect its version as well
• reader/encoding: inline a one-liner function
• reader/handler: fix force refresh feature
• reader/json: refactor JSON Feed parser to use an adapter
• reader/media: remove a superfluous error-check: strconv.ParseInt returns 0 when passed an empty string
• reader/media: simplify switch-case by moving a common condition above it
• reader/processor: compile block/keep regex only once per feed
• reader/rdf: refactor RDF parser to use an adapter
• reader/rewrite: inline some one-line functions
• reader/rewrite: simplify removeClickbait
• reader/rewrite: transform a free-standing function into a method
• reader/rewrite: use a proper constant instead of a magic number in applyFuncOnTextContent
• reader/rss: add support for <media:category> element
• reader/rss: don't add empty tags to RSS items
• reader/rss: refactor RSS parser to use a default namespace to avoid some limitations of the Go XML parser
• reader/rss: refactor RSS Parser to use an adapter
• reader/rss: remove some duplicated code in RSS parser
• reader: ensure that enclosure URLs are always absolute
• reader: move iTunes and GooglePlay XML definitions to their own packages
• reader: parse podcast categories
• reader: remove trailing space in SiteURL and FeedURL
• storage: do not store empty tags
• storage: simplify removeDuplicates() to use a sort+compact construct instead of doing it by hand with a hashmap
• storage: Use plain strings concatenation instead of building an array and then joining it
• timezone: make sure the tests pass when the timezone database is not installed on the host
• ui/css: align min-width with the other min-width values
• ui/css: fix regression: "Add to Home Screen" button is unreadable
• ui/js: don't use lambdas to return a function, use directly the function instead
• ui/js: enable trusted-types
• ui/js: fix download button loading label
• ui/js: fix JavaScript error on the login page when the user not authenticated
• ui/js: inline one-line functions
• ui/js: inline some querySelectorAll calls
• ui/js: reduce the scope of some variables
• ui/js: remove a hack for "Chrome 67 and earlier" since it was released in 2018
• ui/js: replace DomHelper.findParent with .closest
• ui/js: replace let with const
• ui/js: simplify DomHelper.getVisibleElements by using a filter instead of a loop with an index
• ui/js: use a Set instead of an array in a KeyboardHandler's member
• ui/js: use some ternaries where it makes sense
• ui/static: make use of HashFromBytes everywhere
• ui/static: set minifier ECMAScript version
• ui: add keyboard shortcuts for scrolling to top/bottom of the item list
• ui: add media player control playback speed
• ui: remove unused variables and improve JSON decoding in saveEnclosureProgression()
• validator: display an error message on edit feed page when the feed URL is not unique
• Bump github.com/coreos/go-oidc/v3 from 3.9.0 to 3.10.0
• Bump github.com/go-webauthn/webauthn from 0.10.1 to 0.10.2
• Bump github.com/tdewolff/minify/v2 from 2.20.18 to 2.20.19
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0

v2.1.1

Compare Source

• Move search form to a dedicated page
• Add Readeck integration
• Add feed option to disable HTTP/2 to avoid fingerprinting
• Add Enter key as a hotkey to open selected item
• Proxify video element poster attribute
• Add a couple of new possible locations for feeds
  • Hugo likes to generate index.xml
  • feed.atom and feed.rss are used by enterprise-scale/old-school gigantic CMS
• Fix categories import from Thunderbird's OPML
• Fix logo misalignment when using languages that are more verbose than English
• Google Reader: Do not return a 500 error when no items is returned
• Handle RDF feeds with duplicated <title> elements
• Sort integrations alphabetically
• Add more URL validation in media proxy
• Add unit test to ensure each translation has the correct number of plurals
• Add missing plurals for some languages
• Makefile: quiet git describe and rev-parse stderr: When building from a tarball instead of a cloned git repo, there would be two fatal: not a git repository errors emitted even though the build succeeds. This is because of how VERSION and COMMIT are set in the Makefile. This PR suppresses the stderr for these variable assignments.
• Makefile: do not force CGO_ENABLED=0 for miniflux target
• Add GitHub Action pipeline to build packages on-demand
• Remove Golint (deprecated), use staticcheck and golangci-lint instead
• Build amd64/arm64 Debian packages with CGO disabled
• Update go.mod and add .exe suffix to Windows binary
• Add a couple of fuzzers
• Fix CodeQL workflow
• Code and performance improvements:
  • Use an io.ReadSeeker instead of an io.Reader to parse feeds
  • Speed up the sanitizer:
    • Allow Youtube URLs to start with www
    • Use strings.Builder instead of a bytes.Buffer
    • Use a strings.NewReader instead of a bytes.NewBufferString
    • Sprinkles a couple of continue to make the code-flow more obvious
    • Inline calls to inList, and put their parameters in the right order
    • Simplify isPixelTracker
    • Simplify isValidIframeSource, by extracting the hostname and comparing it directly, instead of using the full url and checking if it starts with multiple variations of the same one (//, http:, https:// multiplied by /www.)
    • Add a benchmark
    • Instead of having to allocate a ~100 keys map containing possibly dynamic values (at least to the go compiler), allocate it once in a global variable. This significantly speeds things up, by reducing the garbage
    • Use constant time access for maps instead of iterating on them
    • Build a ~large whitelist map inline instead of constructing it item by item (and remove a duplicate key/value pair)
    • Use slices instead of hand-rolled loops
      collector/allocator involvements.
  • Reuse a Reader instead of copying to a buffer when parsing an Atom feed
  • Preallocate memory when exporting to OPML: This should marginally increase performance when exporting a large amount of feeds to OPML
  • Delay call of view.New after logging the user in: There is no need to do extra work like creating a session and its associated view until the user has been properly identified and as many possibly-failing sql request have been successfully run
  • Use constant-time comparison for anti-csrf tokens: This is probably completely overkill, but since anti-csrf tokens are secrets, they should be compared against untrusted inputs in constant time
  • Simplify and optimize genericProxyRewriter
    • Reduce the amount of nested loops: it's preferable to search the whole page once and filter on it (even with filters that should always be false), than searching it again for every element we're looking for.
    • Factorize the proxying conditions into a shouldProxy function to reduce the copy-pasta.
  • Speed up removeUnlikelyCandidates: .Not returns a brand new Selection, copied element by element
  • Improve EstimateReadingTime's speed by a factor 7
    • Refactorise the tests and add some
    • Use 250 signs instead of the whole text
    • Only check for Korean, Chinese and Japanese script
    • Add a benchmark
    • Use a more idiomatic control flow
  • Don't compute reading-time when unused: If the user doesn't display reading times, there is no need to compute them. This should speed things up a bit, since whatlanggo.Detect is abysmally slow.
  • Simplify username generation for the integration tests: No need to generate random numbers 10 times, generate a single big-enough one. A single int64 should be more than enough
  • Add missing regex anchor detected by CodeQL
  • Don't mix up slices capacity and length
  • Use prepared statements for intervals, ArchiveEntries and updateEnclosures
  • Use modern for-loops introduced with Go 1.22
  • Remove a superfluous condition: No need to check if the length of line is positive since we're checking afterwards that it contains the = sign
  • Close resources as soon as possible, instead of using defer() in a loop
  • Remove superfluous escaping in a regex
  • Use strings.ReplaceAll instead of strings.Replace(…, -1)
  • Use strings.EqualFold instead of strings.ToLower(…) ==
  • Use .WriteString( instead of .Write([]byte(…
  • Use %q instead of "%s"
  • Make internal/worker/worker.go read-only
  • Use a switch-case construct in internal/locale/plural.go instead of an avalanche of if
  • Template functions: simplify formatFileSize and duration implementation
  • Inline some templating functions
  • Make use of printer.Print when possible
  • Add a printer.Print to internal/locale/printer.go: No need to use variadic functions with string format interpolation to generate static strings
  • Minor code simplification in internal/ui/view/view.go: No need to create the map item by item when we can create it in one go
  • Build the map inline in CountAllFeeds(): No need to build an empty map to then add more fields in it one by one
  • Miscellaneous improvements to internal/reader/subscription/finder.go:
    • Surface localizedError in FindSubscriptionsFromWellKnownURLs via slog
    • Use an inline declaration for new subscriptions, like done elsewhere in the
      file, if only for consistency's sake
    • Preallocate the subscriptions slice when using an RSS-bridge,
  • Use an update-where for MarkCategoryAsRead instead of a subquery
  • Simplify CleanOldUserSessions' query: No need for a subquery, filtering on created_at directly is enough
  • Simplify cleanupEntries' query
    • NOT (hash=ANY(%4)) can be expressed as hash NOT IN $4
    • There is no need for a subquery operating on the same table, moving the conditions out is equivalent.
  • Reformat ArchiveEntries's query for consistency's sake and replace the =ANY with an IN
  • Reformat the query in GetEntryIDs and GetReadTime's query for consistency's sake
  • Simplify WeeklyFeedEntryCount: No need for a BETWEEN: we want to filter on entries published in the last week, no need to express is as "entries published between now and last week", "entries published after last week" is enough
  • Add some tests for add_image_title
  • Remove github.com/google/uuid dependencies: Replace it with a hand-rolled implementation. Heck, an UUID isn't even a requirement according to Omnivore API docs
  • Simplify internal/reader/icon/finder.go:
    • Use a simple regex to parse data uri instead of a hand-rolled parser, and document what fields are considered mandatory.
    • Use case-insensitive matching to find (fav)icons, instead of doing the same query twice with different letter cases
    • Add apple-touch-icon-precomposed.png as a fallback favicon
    • Reorder the queries to have icon first, since it seems to be the most popular one. It used to be last, meaning that pages had to be parsed completely 4 times, instead of one now.
    • Minor factorisation in findIconURLsFromHTMLDocument
  • Small refactoring of internal/reader/date/parser.go:
    • Split dates formats into those that require local times and those who don't, so that there is no need to have a switch-case in the for loop with around 250 iterations at most.
    • Be more strict when it comes to timezones, previously invalid ones like -13 were accepted. Also add a test for this.
    • Bail out early if the date is an empty string.
  • Make use of Go ≥ 1.21 slices package instead of hand-rolled loops
  • Reorder the fields of the Entry struct to save some memory
• Dependencies update:
  • Bump golang.org/x/oauth2 from 0.17.0 to 0.18.0
  • Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
  • Bump github.com/tdewolff/minify/v2 from 2.20.16 to 2.20.18
  • Bump github.com/PuerkitoBio/goquery from 1.8.1 to 1.9.1
  • Bump golang.org/x/crypto from 0.19.0 to 0.20.0
  • Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3

v2.1.0

Compare Source

• Add Linkwarden integration
• Add LinkAce integration
• Add FORCE_REFRESH_INTERVAL config option
• Add item-meta-info-reading-time CSS class
• Add add_dynamic_iframe rewrite function
• Add attribute data-original-mos to add_dynamic_image rewrite candidates
• Update entry processor to allow blocking/keeping entries by tags and/or authors
• Change default Accept header when fetching feeds
• Rewrite relative RSS Bridge URL to absolute URL
• Use numeric user ID in Alpine and distroless container image (avoid securityContext error in Kubernetes)
• Always try to use HTTP/2 when fetching feeds if available
• Add type attribute in OPML export as per OPML 2.0 specs
• Fix missing translation argument for the key error.unable_to_parse_feed
• Fix Debian package builder when using Go 1.22 and armhf architecture
• Fix typo in log message
• Fix incorrect label shown when saving an article
• Fix incorrect condition in refresh feeds cli
• Fix incorrect label for attribute
• Add missing label ID for custom CSS field
• Accessibility improvements:
  • Add workaround for macOS VoiceOver that didn't announce details and summary when expanded
  • Add alert role to alert message element
  • Add a h2 heading to the article element so that the screen reader users can navigate the article through the heading level
  • Add an aria-label attribute for the article element for screen readers
  • Remove the icon image alt attribute in feeds list to prevent screen reader to announce it before entry title
  • Add sr-only CSS class for screen reader users (provides more context)
  • Differentiate between buttons and links
  • Change links that could perform actions to buttons
  • Improve translation of hidden Aria elements
  • Remove the redundant article role
  • Add a search landmark for the search form so that the screen reader users can navigate to it
  • Add skip to content link
  • Add nav landmark to page header links
• Limit feed/category entry pagination to unread entries when coming from unread entry list
• Update German translation
• Update GitHub Actions to Go 1.22
• Bump golang.org/x/term from 0.16.0 to 0.17.0
• Bump github.com/google/uuid from 1.5.0 to 1.6.0
• Bump github.com/yuin/goldmark from 1.6.0 to 1.7.0
• Bump golang.org/x/oauth2 from 0.15.0 to 0.17.0
• Bump github.com/tdewolff/minify/v2 from 2.20.10 to 2.20.12
• Bump golang.org/x/term from 0.15.0 to 0.16.0
• Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0
• Bump github.com/tdewolff/minify/v2 from 2.20.9 to 2.20.16
• Bump golang.org/x/crypto from 0.16.0 to 0.19.0
• Bump github.com/go-webauthn/webauthn from 0.9.4 to 0.10.1
• Bump golang.org/x/net from 0.20.0 to 0.21.0

v2.0.51

Compare Source

• Add Omnivore integration
• Fixes for the regressions introduced in version 2.0.50:
  • Ensure all HTML documents are encoded in UTF-8
  • Send default User-Agent and HTTP caching headers when making HTTP requests
• Allow Youtube links to be opened outside the iframe (avoid ERR_BLOCKED_BY_RESPONSE error)
• Fix inaccessible metrics endpoint when listening on Unix socket
• Allow renaming and moving feed at the same time in the Google Reader API
• Log nb_jobs only when number of jobs is larger than 0 in background scheduler
• Deduplicate feed URLs when parsing HTML document during discovery process
• Calculate a virtual weekly count based on the average updating frequency (POLLING_SCHEDULER=entry_frequency)
• Update GitHub Actions workflow to be able to run the linter and tests on-demand
• Add SCHEDULER_ROUND_ROBIN_MIN_INTERVAL config option
• Add links to GitHub for the commit hash and the version in the about page
• Use "starred" rather than "bookmarked" in English translation
• Update Chinese (CN & TW) translation
• Bump github.com/google/uuid from 1.4.0 to 1.5.0
• Bump github.com/coreos/go-oidc/v3 from 3.7.0 to 3.9.0
• Bump github.com/tdewolff/minify/v2 from 2.20.6 to 2.20.9
• Bump github.com/go-webauthn/webauthn from 0.8.6 to 0.9.4
• Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0

v2.0.50

Compare Source

• Add WebAuthn / Passkey integration
• Add RSS-Bridge integration
• Take RSS TTL field into consideration to schedule next check date
• Show number of visible entries instead of number of read entries in feed list
• OpenID Connect: Redirect to configured user home page after successful authentication
• Google Reader API fixes:
  • user/{userID}/state/com.google/read is missing in categories section for read entries
  • Take ExcludeTargets into consideration in feed stream handler
• Allow iframes pointing to Twitch videos
• Filter feed entries based on URL or title
• Take into consideration hide_globally property defined for categories in /v1/entries API endpoint
• Add category ID to webhooks request body
• Update date parser to parse more invalid date formats
• Refactor feed discovery handler, and avoid an extra HTTP request if the URL provided is the feed
• Refactor HTTP Client and LocalizedError packages
• Refactor Batch Builder, and prevent accidental and excessive refreshes from the web UI
• Refactor icon finder:
  • Continue the discovery process when the feed icon is invalid
  • Search all icons from the HTML document and do not stop on the first one
• Add support for SVG icons with data URL without encoding
• Expose next_check_at in the web ui and API
• Add database indexes to improve performance
• Change log level to warning for failed feeds refresh in cronjob
• Do not log website without icon as warning
• Add GitHub workflow to build binaries
• Add GitHub extensions to devcontainer
• Make sure to pull the latest base image when building the Docker image
• Strip version prefix when building Debian package
• Add github-cli and docker-outside-of-docker features to devcontainer
• Bump golang.org/x/* dependencies
• Bump github.com/gorilla/mux from 1.8.0 to 1.8.1
• Bump github.com/tdewolff/minify/v2 from 2.19.9 to 2.20.6
• Bump github.com/yuin/goldmark from 1.5.6 to 1.6.0
• Bump github.com/coreos/go-oidc/v3 from 3.6.0 to 3.7.0

v2.0.49

Compare Source

• Implement structured logging using log/slog package. New config options available:
  • LOG_FORMAT: json or text
  • LOG_LEVEL: debug, info, warning, or error
  • LOG_FILE: sdterr, stdout, or a file path
  • The DEBUG option is now deprecated in favor of LOG_LEVEL
• API Improvements:
  • Add endpoint /v1/version
  • Add endpoint PUT /v1/entries to update entry title and content
  • Add endpoint /v1/icons/{iconID}
  • Add endpoint /v1/flush-history to flush history
  • Make the category optional when creating feeds for API clients who don't support categories
  • Add enclosures to GET /v1/entries endpoint
  • Add published_after, published_before, changed_after and changed_before options to /v1/entries endpoint
• Telegram integration improvements:
  • Replace feed HTML link with a button to avoid page preview issues
  • Add the possibility to disable buttons
• Add Bruno Miniflux API collection in contrib folder (Bruno is an open source alternative to Postman/Insomnia)
• Add command line argument to export user feeds as OPML
• Add new rewrite rules add_hn_links_using_hack and add_hn_links_using_opener to open HN comments with iOS apps
• Fix timestamp format for Expires response header
• Fix Javascript error when reading time option is disabled
• Fix Apprise logic to handle feed service URLs
• Fix missing word in force refresh message
• Remove deprecated PreferServerCipherSuites TLS option
• Replace github.com/rylans/getlang with github.com/abadojack/whatlanggo because getlang doesn't seems to be updated anymore
• Bump github.com/mccutchen/go-httpbin/v2 from 2.11.0 to 2.11.1
• Bump golang.org/x/* dependencies

---

Configuration

📅 Schedule: Branch creation - "before 6am" in timezone America/Detroit, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[madbuda-bot]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ COPYPASTE	jscpd	yes		no	1.19s
✅ REPOSITORY	git_diff	yes		no	0.04s
✅ REPOSITORY	secretlint	yes		no	1.76s
⚠️ YAML	prettier	3		1	0.71s
✅ YAML	yamllint	3		0	0.36s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by