Update package version to 1.26.1

| datasource      | package           | from   | to     |
| --------------- | ----------------- | ------ | ------ |
| github-releases | FreshRSS/FreshRSS | 1.27.0 | 1.27.1 |

CHANGELOG.md

@@ -427,3 +427,17 @@
 * Improve sharing via Print [#​7728](https://github.com/FreshRSS/FreshRSS/pull/7728)  
 * Redirect to the login page from bookmarklet instead of 403 [#​7782](https://github.com/FreshRSS/FreshRSS/pull/7782)
 
+[1.26.1]
+* Update FreshRSS to 1.27.1
+* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.1)
+* Automatic database recovery: skip broken entries during CLI export/import [#​7949](https://github.com/FreshRSS/FreshRSS/pull/7949)  
+* Add security option for CSP `frame-ancestors` [#​7857](https://github.com/FreshRSS/FreshRSS/pull/7857), [#​8021](https://github.com/FreshRSS/FreshRSS/pull/8021)  
+* Lazy-load `<track src>` [#&#8203;7997](https://github.com/FreshRSS/FreshRSS/pull/7997)  
+* Regenerate session ID on login [#&#8203;7829](https://github.com/FreshRSS/FreshRSS/pull/7829)  
+* Disallow setting non-existent language [#&#8203;7878](https://github.com/FreshRSS/FreshRSS/pull/7878), [#&#8203;7934](https://github.com/FreshRSS/FreshRSS/pull/7934)  
+* Safer calling of `install.php` [#&#8203;7971](https://github.com/FreshRSS/FreshRSS/pull/7971)  
+* Prevent log CR/LF injection [#&#8203;7883](https://github.com/FreshRSS/FreshRSS/pull/7883)  
+* Restrict allowed cURL parameters [#&#8203;7979](https://github.com/FreshRSS/FreshRSS/pull/7979), [#&#8203;8009](https://github.com/FreshRSS/FreshRSS/pull/8009)  
+* Fix reauthentication while updating [#&#8203;7989](https://github.com/FreshRSS/FreshRSS/pull/7989)  
+* Fix some CSRFs [#&#8203;8000](https://github.com/FreshRSS/FreshRSS/pull/8000)
+

CloudronManifest.json

@@ -5,8 +5,8 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "RSS feed reader",
-  "version": "1.26.0",
-  "upstreamVersion": "1.27.0",
+  "version": "1.26.1",
+  "upstreamVersion": "1.27.1",
   "healthCheckPath": "/",
   "httpPort": 8000,
   "addons": {

Dockerfile

@@ -6,7 +6,7 @@ RUN mkdir -p /app/code
 WORKDIR /app/code
 
 # renovate: datasource=github-releases depName=FreshRSS/FreshRSS versioning=semver
-ARG FRESHRSS_VERSION=1.27.0
+ARG FRESHRSS_VERSION=1.27.1
 
 RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz | tar -zxvf - --strip-components=1 && \
     mv data data-orig && ln -s /app/data data

test/package-lock.json

@@ -9,9 +9,9 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^139.0.1",
+        "chromedriver": "^140.0.4",
         "expect.js": "^0.3.1",
-        "mocha": "^11.7.1",
+        "mocha": "^11.7.2",
         "selenium-webdriver": "^4.35.0",
         "superagent": "^10.2.3"
       }
@@ -205,12 +205,13 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "node_modules/axios": {
-      "version": "1.7.5",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.5.tgz",
-      "integrity": "sha512-fZu86yCo+svH3uqJ/yTdQ0QHpQu5oL+/QE+QPSv6BZSkDAoky9vytxp7u5qk83OJFS3kEBcesWni9WTZAv3tSw==",
+      "version": "1.12.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
+      "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
+      "license": "MIT",
       "dependencies": {
         "follow-redirects": "^1.15.6",
-        "form-data": "^4.0.0",
+        "form-data": "^4.0.4",
         "proxy-from-env": "^1.1.0"
       }
     },
@@ -323,14 +324,14 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "139.0.1",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-139.0.1.tgz",
-      "integrity": "sha512-K16mpBWhVMY/85k+1pf2ZuCOCDNJxSfr/OuIh7YbWoVIT+baNlyB6OvVh2WQw+MYQK2fg7CS0rMUE8GvMY6oCA==",
+      "version": "140.0.4",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-140.0.4.tgz",
+      "integrity": "sha512-/NUoxYBNkJeoNj1B5ux3KxGShITlxJctkbApgVAa3ZC8EvCLKaBclwU3/IEj5MJHnBJzqOVDxs/eTyaF9k2fOg==",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@testim/chrome-version": "^1.1.4",
-        "axios": "^1.7.4",
+        "axios": "^1.12.0",
         "compare-versions": "^6.1.0",
         "extract-zip": "^2.0.1",
         "proxy-agent": "^6.4.0",
@@ -749,15 +750,16 @@
       }
     },
     "node_modules/follow-redirects": {
-      "version": "1.15.6",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
-      "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
+      "version": "1.15.11",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
+      "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==",
       "funding": [
         {
           "type": "individual",
           "url": "https://github.com/sponsors/RubenVerborgh"
         }
       ],
+      "license": "MIT",
       "engines": {
         "node": ">=4.0"
       },
@@ -1326,9 +1328,9 @@
       }
     },
     "node_modules/mocha": {
-      "version": "11.7.1",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.7.1.tgz",
-      "integrity": "sha512-5EK+Cty6KheMS/YLPPMJC64g5V61gIR25KsRItHw6x4hEKT6Njp1n9LOlH4gpevuwMVS66SXaBBpg+RWZkza4A==",
+      "version": "11.7.2",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.7.2.tgz",
+      "integrity": "sha512-lkqVJPmqqG/w5jmmFtiRvtA2jkDyNVUcefFJKb2uyX4dekk8Okgqop3cgbFiaIvj8uCRJVTP5x9dfxGyXm2jvQ==",
       "license": "MIT",
       "dependencies": {
         "browser-stdout": "^1.3.1",
@@ -2457,12 +2459,12 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "axios": {
-      "version": "1.7.5",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.5.tgz",
-      "integrity": "sha512-fZu86yCo+svH3uqJ/yTdQ0QHpQu5oL+/QE+QPSv6BZSkDAoky9vytxp7u5qk83OJFS3kEBcesWni9WTZAv3tSw==",
+      "version": "1.12.2",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
+      "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
       "requires": {
         "follow-redirects": "^1.15.6",
-        "form-data": "^4.0.0",
+        "form-data": "^4.0.4",
         "proxy-from-env": "^1.1.0"
       }
     },
@@ -2538,12 +2540,12 @@
       }
     },
     "chromedriver": {
-      "version": "139.0.1",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-139.0.1.tgz",
-      "integrity": "sha512-K16mpBWhVMY/85k+1pf2ZuCOCDNJxSfr/OuIh7YbWoVIT+baNlyB6OvVh2WQw+MYQK2fg7CS0rMUE8GvMY6oCA==",
+      "version": "140.0.4",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-140.0.4.tgz",
+      "integrity": "sha512-/NUoxYBNkJeoNj1B5ux3KxGShITlxJctkbApgVAa3ZC8EvCLKaBclwU3/IEj5MJHnBJzqOVDxs/eTyaF9k2fOg==",
       "requires": {
         "@testim/chrome-version": "^1.1.4",
-        "axios": "^1.7.4",
+        "axios": "^1.12.0",
         "compare-versions": "^6.1.0",
         "extract-zip": "^2.0.1",
         "proxy-agent": "^6.4.0",
@@ -2831,9 +2833,9 @@
       "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ=="
     },
     "follow-redirects": {
-      "version": "1.15.6",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
-      "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA=="
+      "version": "1.15.11",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz",
+      "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ=="
     },
     "foreground-child": {
       "version": "3.3.0",
@@ -3209,9 +3211,9 @@
       "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw=="
     },
     "mocha": {
-      "version": "11.7.1",
-      "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.7.1.tgz",
-      "integrity": "sha512-5EK+Cty6KheMS/YLPPMJC64g5V61gIR25KsRItHw6x4hEKT6Njp1n9LOlH4gpevuwMVS66SXaBBpg+RWZkza4A==",
+      "version": "11.7.2",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-11.7.2.tgz",
+      "integrity": "sha512-lkqVJPmqqG/w5jmmFtiRvtA2jkDyNVUcefFJKb2uyX4dekk8Okgqop3cgbFiaIvj8uCRJVTP5x9dfxGyXm2jvQ==",
       "requires": {
         "browser-stdout": "^1.3.1",
         "chokidar": "^4.0.1",

test/package.json

@@ -9,9 +9,9 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^139.0.1",
+    "chromedriver": "^140.0.4",
     "expect.js": "^0.3.1",
-    "mocha": "^11.7.1",
+    "mocha": "^11.7.2",
     "selenium-webdriver": "^4.35.0",
     "superagent": "^10.2.3"
   }

test/test.js

@@ -119,25 +119,18 @@ describe('Application life cycle test', function () {
         await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
     }
 
-    async function addUser(username, password, relogin = true) {
-        await browser.get(`${baseUrl()}/i/?c=user&a=manage`);
+    async function enableApi(relogin = true) {
+        await browser.get(`${baseUrl()}/i/?c=auth`);
 
         if (relogin) {
             // needs a relogin for admin confirmation
             await waitForElement(By.id('passwordPlain'));
             await browser.findElement(By.id('passwordPlain')).sendKeys(admin_password);
-            await browser.findElement(By.id('loginButton')).click();
+            await browser.sleep(3000);
+            console.log('Clicking the login button');
+            await browser.findElement(By.xpath('//button[contains(.,"Login")]')).click();
         }
 
-        await waitForElement(By.id('new_user_name'));
-        await browser.findElement(By.id('new_user_name')).sendKeys(username);
-        await browser.findElement(By.id('new_user_passwordPlain')).sendKeys(password);
-        await browser.findElement(By.xpath('//button[text()="Create"]')).click();
-        await waitForElement(By.xpath('//div[@id="notification" and contains(@class, "good")]'));
-    }
-
-    async function enableApi() {
-        await browser.get(`${baseUrl()}/i/?c=auth`);
         await waitForElement(By.id('api_enabled'));
         await browser.findElement(By.id('api_enabled')).click();
         await browser.findElement(By.xpath('//button[text()="Submit"]')).click();
@@ -171,8 +164,7 @@ describe('Application life cycle test', function () {
 
     it('can login', login.bind(null, admin_username, admin_password));
     it('can subscribe', addSubscription);
-    it('can add users', addUser.bind(null, 'test', admin_password));
-    it('can enable API', enableApi);
+    it('can enable API', enableApi.bind(null, true /* relogin */));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -187,7 +179,7 @@ describe('Application life cycle test', function () {
     it('can make user Administrator', function () { execSync(`cloudron exec --app ${app.id} -- bash -c "php cli/reconfigure.php --default-user ${USERNAME}"`); });
     it('can login OIDC', loginOIDC.bind(null, USERNAME, PASSWORD));
     it('can subscribe', addSubscription);
-    it('can enable API', enableApi);
+    it('can enable API', enableApi.bind(null, false /* relogin */));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
@@ -237,7 +229,6 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     });
 
-    it('can add users', addUser.bind(null, 'test', admin_password, false));
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);