chore(deps): update ghcr.io/miniflux/miniflux docker tag to v2.2.18

[gabe565-renovate]

This PR contains the following updates:

Package	Update	Change
ghcr.io/miniflux/miniflux (source)	patch	2.2.17 → 2.2.18

---

Release Notes

miniflux/v2 (ghcr.io/miniflux/miniflux)

v2.2.18: Miniflux 2.2.18

Compare Source

Security

• Block outbound requests to private networks made by the fetcher by default.
• Add SSRF protection for integration HTTP clients by blocking connections to private network addresses at connect time.
• Fix a possible SSRF TOCTOU / DNS-rebinding issue in the fetcher private network check.
• Ensure private network protections also apply to redirect targets.
• Treat RFC 6598 shared address space (100.64.0.0/10) as non-public.

Breaking Changes

To prevent potential SSRF, Miniflux now blocks access to services hosted on private networks by default.

• FETCHER_ALLOW_PRIVATE_NETWORKS=1 must now be enabled to access feeds hosted on a local network.
• INTEGRATION_ALLOW_PRIVATE_NETWORKS=1 must now be enabled to access third-party integration services hosted on a local network.

Improvements

• Apply entry blocking rules both before and after scraping to avoid unnecessary requests and allow matching on fetched content.
• Add ignore_entry_updates feed option to skip updating existing entries during scheduled polling.
• Add Arabic (ar_SA) translation.
• Add Galician (gl_ES) translation.
• Update Polish translation.
• Various performance improvements across multiple components (fetcher, parser, sanitizer, readability, URL cleaner, feed discovery, and Google Reader API).
• Simplify parts of the Google Reader code and reduce allocations in several hot paths.
• Reduce fetcher request size slightly to improve packet efficiency.

Bug Fixes

• Fix multiple bugs and inconsistencies across integration sub-packages (error handling, logging, status checks, and naming).
• Fix potential panic in the Omnivore integration when handling empty error arrays.
• Correct error prefixes and typos in several integrations.

Dependencies

• Update golang.org/x/net to 0.52.0.
• Update golang.org/x/crypto to 0.49.0.
• Update golang.org/x/image to 0.37.0.
• Update golang.org/x/oauth2 to 0.36.0.
• Update github.com/go-webauthn/webauthn to 0.16.1.
• Update github.com/tdewolff/minify/v2 to 2.24.10.

Other Changes

• Upgrade to Go 1.26.
• Add go:fix directive for deprecated client.New() to ease migration to NewClient().
• Add KOI8-R encoding tests with a sample XML feed.
• Add additional tests for CharsetReader.
• Update several GitHub Actions used for CI and container builds.
• Avoid building Debian packages bi-weekly on forks.

---

As always, thank you to all contributors who helped improve Miniflux in this release.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Kustomization Diff

Cluster	gabernetes
Changes

Click to expand

--- kubernetes/gabernetes/apps/miniflux/app Kustomization: miniflux/app HelmRelease: miniflux/miniflux

+++ kubernetes/gabernetes/apps/miniflux/app Kustomization: miniflux/app HelmRelease: miniflux/miniflux

@@ -41,13 +41,13 @@

               RUN_MIGRATIONS: '1'
               TRUSTED_REVERSE_PROXY_NETWORKS: 10.42.0.0/16
               TZ: America/Chicago
             image:
               pullPolicy: IfNotPresent
               repository: ghcr.io/miniflux/miniflux
-              tag: 2.2.17@sha256:802ab7d045826d047883476e2310bf59f5d9b3875f7a8106fa0c43638d01fd64
+              tag: 2.2.18@sha256:a3ca6bbc1f744b7b262c8ebf286b37ce938770d6d4d62e8bd73cce7f3939d887
             probes:
               liveness:
                 enabled: true
                 path: /liveness
                 type: HTTP
               readiness:

[github-actions]

HelmRelease Diff

Cluster	gabernetes
Changes

Click to expand

--- HelmRelease: miniflux/miniflux Deployment: miniflux/miniflux

+++ HelmRelease: miniflux/miniflux Deployment: miniflux/miniflux

@@ -71,13 +71,13 @@

         - name: RUN_MIGRATIONS
           value: '1'
         - name: TRUSTED_REVERSE_PROXY_NETWORKS
           value: 10.42.0.0/16
         - name: TZ
           value: America/Chicago
-        image: ghcr.io/miniflux/miniflux:2.2.17@sha256:802ab7d045826d047883476e2310bf59f5d9b3875f7a8106fa0c43638d01fd64
+        image: ghcr.io/miniflux/miniflux:2.2.18@sha256:a3ca6bbc1f744b7b262c8ebf286b37ce938770d6d4d62e8bd73cce7f3939d887
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 3
           httpGet:
             path: /liveness
             port: 8080