Update package version to 1.27.0

| datasource      | package           | from   | to     |
| --------------- | ----------------- | ------ | ------ |
| github-releases | FreshRSS/FreshRSS | 1.27.1 | 1.28.0 |

CHANGELOG.md

@@ -399,3 +399,59 @@
 * Improve favicons hash to avoid favicon pollution [#7505](https://github.com/FreshRSS/FreshRSS/pull/7505), [CVE-2025-46339](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-8f79-3q3w-43c4)
 * Add `Content-Security-Policy` HTTP headers to favicons [#7471](https://github.com/FreshRSS/FreshRSS/pull/7471), [CVE-2025-31136](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-f6r4-jrvc-cfmr)
 
+[1.25.2]
+* Update FreshRSS to 1.26.3
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.3)
+* Keep sort and order criteria during navigation [#​7585](https://github.com/FreshRSS/FreshRSS/pull/7585)
+* Add info about `PDO::ATTR_CLIENT_VERSION` (relevant for MySQL / MariaDB with obsolete driver) [#​7591](https://github.com/FreshRSS/FreshRSS/pull/7591)
+* Fix SQL request for user labels with custom sort (affecting PostgreSQL) [#​7588](https://github.com/FreshRSS/FreshRSS/pull/7588)
+* Fix regression for favicon in GReader and Fever APIs [#​7573](https://github.com/FreshRSS/FreshRSS/pull/7573)
+* Fix newest articles (within last second) not shown [#​7577](https://github.com/FreshRSS/FreshRSS/pull/7577)
+* Fix duplicate HTTP header for POST [#​7556](https://github.com/FreshRSS/FreshRSS/pull/7556)
+* Fix important articles on reader view [#​7602](https://github.com/FreshRSS/FreshRSS/pull/7602)
+* Fix remove last share method [#​7613](https://github.com/FreshRSS/FreshRSS/pull/7613)
+* Fix API handling of default category [#​7610](https://github.com/FreshRSS/FreshRSS/pull/7610)
+* Fix user self-deletion [#​7626](https://github.com/FreshRSS/FreshRSS/pull/7626)
+
+[1.26.0]
+* Update FreshRSS to 1.27.0
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0)
+* Implement support for HTTP `429 Too Many Requests` and `503 Service Unavailable`, obey `Retry-After` [#​7760](https://github.com/FreshRSS/FreshRSS/pull/7760)  
+* Add sort by category title, or by feed title [#​7702](https://github.com/FreshRSS/FreshRSS/pull/7702)  
+* Add search operator `c:` for categories like `c:23,34` or `!c:45,56` [#​7696](https://github.com/FreshRSS/FreshRSS/pull/7696)  
+* Custom feed favicons [#​7646](https://github.com/FreshRSS/FreshRSS/pull/7646), [#​7704](https://github.com/FreshRSS/FreshRSS/pull/7704), [#​7717](https://github.com/FreshRSS/FreshRSS/pull/7717), [#​7792](https://github.com/FreshRSS/FreshRSS/pull/7792)  
+* Rework fetch favicons for fewer HTTP requests [#​7767](https://github.com/FreshRSS/FreshRSS/pull/7767)  
+* Add more unicity criteria based on title and/or content [#​7789](https://github.com/FreshRSS/FreshRSS/pull/7789)  
+* Automatically restore user configuration from backup [#​7682](https://github.com/FreshRSS/FreshRSS/pull/7682)  
+* API add support for states in `s` parameter of `streamId` [#​7695](https://github.com/FreshRSS/FreshRSS/pull/7695)  
+* Improve sharing via Print [#​7728](https://github.com/FreshRSS/FreshRSS/pull/7728)  
+* Redirect to the login page from bookmarklet instead of 403 [#​7782](https://github.com/FreshRSS/FreshRSS/pull/7782)
+
+[1.26.1]
+* Update FreshRSS to 1.27.1
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.1)
+* Automatic database recovery: skip broken entries during CLI export/import [#​7949](https://github.com/FreshRSS/FreshRSS/pull/7949)  
+* Add security option for CSP `frame-ancestors` [#​7857](https://github.com/FreshRSS/FreshRSS/pull/7857), [#​8021](https://github.com/FreshRSS/FreshRSS/pull/8021)  
+* Lazy-load `<track src>` [#&#8203;7997](https://github.com/FreshRSS/FreshRSS/pull/7997)  
+* Regenerate session ID on login [#&#8203;7829](https://github.com/FreshRSS/FreshRSS/pull/7829)  
+* Disallow setting non-existent language [#&#8203;7878](https://github.com/FreshRSS/FreshRSS/pull/7878), [#&#8203;7934](https://github.com/FreshRSS/FreshRSS/pull/7934)  
+* Safer calling of `install.php` [#&#8203;7971](https://github.com/FreshRSS/FreshRSS/pull/7971)  
+* Prevent log CR/LF injection [#&#8203;7883](https://github.com/FreshRSS/FreshRSS/pull/7883)  
+* Restrict allowed cURL parameters [#&#8203;7979](https://github.com/FreshRSS/FreshRSS/pull/7979), [#&#8203;8009](https://github.com/FreshRSS/FreshRSS/pull/8009)  
+* Fix reauthentication while updating [#&#8203;7989](https://github.com/FreshRSS/FreshRSS/pull/7989)  
+* Fix some CSRFs [#&#8203;8000](https://github.com/FreshRSS/FreshRSS/pull/8000)
+
+[1.27.0]
+* Update FreshRSS to 1.28.0
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.28.0)
+* Move unsafe autologin to an extension [#7958](https://github.com/FreshRSS/FreshRSS/pull/7958)
+* Housekeeping of `lib_rss.php` with potential breaking changes for some extensions [#8193](https://github.com/FreshRSS/FreshRSS/pull/8193)
+* New sorting and filtering by date of *User modified* [#7886](https://github.com/FreshRSS/FreshRSS/pull/7886), [#8090](https://github.com/FreshRSS/FreshRSS/pull/8090), [#8105](https://github.com/FreshRSS/FreshRSS/pull/8105), [#8118](https://github.com/FreshRSS/FreshRSS/pull/8118), [#8130](https://github.com/FreshRSS/FreshRSS/pull/8130)
+* New sorting by article length [#8119](https://github.com/FreshRSS/FreshRSS/pull/8119)
+* New advanced search form [#8103](https://github.com/FreshRSS/FreshRSS/pull/8103), [#8122](https://github.com/FreshRSS/FreshRSS/pull/8122), [#8226](https://github.com/FreshRSS/FreshRSS/pull/8226)
+* Add compatibility with PCRE word boundary `\b` and `\B` for regex search using PostgreSQL [#8141](https://github.com/FreshRSS/FreshRSS/pull/8141)
+* More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read) [#8329](https://github.com/FreshRSS/FreshRSS/pull/8329)
+* New overview of dates with most unread articles [#8089](https://github.com/FreshRSS/FreshRSS/pull/8089)
+* Exclude local networks for domain-wide HTTP `Retry-After` [#8195](https://github.com/FreshRSS/FreshRSS/pull/8195)
+* Fix OpenID Connect with Debian 13 [#8032](https://github.com/FreshRSS/FreshRSS/pull/8032)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "RSS feed reader",
-  "version": "1.25.1",
-  "upstreamVersion": "1.26.2",
+  "version": "1.27.0",
+  "upstreamVersion": "1.28.0",
   "healthCheckPath": "/",
   "httpPort": 8000,
   "addons": {
@@ -51,6 +51,6 @@
   "postInstallMessage": "file://POSTINSTALL.md",
   "minBoxVersion": "8.1.0",
   "forumUrl": "https://forum.cloudron.io/category/27/freshrss",
-  "documentationUrl": "https://cloudron.io/documentation/apps/freshrss/",
+  "documentationUrl": "https://cloudron.io/documentation/packages/freshrss/",
   "optionalSso": true
 }

Dockerfile

@@ -6,7 +6,7 @@ RUN mkdir -p /app/code
 WORKDIR /app/code
 
 # renovate: datasource=github-releases depName=FreshRSS/FreshRSS versioning=semver
-ARG FRESHRSS_VERSION=1.26.2
+ARG FRESHRSS_VERSION=1.28.0
 
 RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz | tar -zxvf - --strip-components=1 && \
     mv data data-orig && ln -s /app/data data

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^136.0.0",
+    "chromedriver": "^143.0.3",
     "expect.js": "^0.3.1",
-    "mocha": "^11.2.2",
-    "selenium-webdriver": "^4.32.0",
-    "superagent": "^10.2.0"
+    "mocha": "^11.7.5",
+    "selenium-webdriver": "^4.39.0",
+    "superagent": "^10.2.3"
   }
 }

test/test.js

@@ -119,17 +119,18 @@ describe('Application life cycle test', function () {
         await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
     }
 
-    async function addUser(username, password) {
-        await browser.get(`${baseUrl()}/i/?c=user&a=manage`);
-        await waitForElement(By.id('new_user_name'));
-        await browser.findElement(By.id('new_user_name')).sendKeys(username);
-        await browser.findElement(By.id('new_user_passwordPlain')).sendKeys(password);
-        await browser.findElement(By.xpath('//button[text()="Create"]')).click();
-        await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
-    }
-
-    async function enableApi() {
+    async function enableApi(relogin = true) {
         await browser.get(`${baseUrl()}/i/?c=auth`);
+
+        if (relogin) {
+            // needs a relogin for admin confirmation
+            await waitForElement(By.id('passwordPlain'));
+            await browser.findElement(By.id('passwordPlain')).sendKeys(admin_password);
+            await browser.sleep(3000);
+            console.log('Clicking the login button');
+            await browser.findElement(By.xpath('//button[contains(.,"Login")]')).click();
+        }
+
         await waitForElement(By.id('api_enabled'));
         await browser.findElement(By.id('api_enabled')).click();
         await browser.findElement(By.xpath('//button[text()="Submit"]')).click();
@@ -163,8 +164,7 @@ describe('Application life cycle test', function () {
 
     it('can login', login.bind(null, admin_username, admin_password));
     it('can subscribe', addSubscription);
-    it('can add users', addUser.bind(null, 'test', admin_password));
-    it('can enable API', enableApi);
+    it('can enable API', enableApi.bind(null, true /* relogin */));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -179,7 +179,7 @@ describe('Application life cycle test', function () {
     it('can make user Administrator', function () { execSync(`cloudron exec --app ${app.id} -- bash -c "php cli/reconfigure.php --default-user ${USERNAME}"`); });
     it('can login OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('can subscribe', addSubscription);
-    it('can enable API', enableApi);
+    it('can enable API', enableApi.bind(null, false /* relogin */));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -229,7 +229,6 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     });
 
-    it('can add users', addUser.bind(null, 'test', admin_password));
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);