Miniflux 2.0.43

* Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592)

    Creating an RSS feed item with the inline description containing an `<img>` tag
    with a `srcset` attribute pointing to an invalid URL like
    `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error
    condition where the invalid URL is returned unescaped and in full.

    This results in JavaScript execution on the Miniflux instance as soon as the
    user is convinced to open the broken image.

* Use `r.RemoteAddr` to check `/metrics` endpoint network access (CVE-2023-27591)

    HTTP headers like `X-Forwarded-For` or `X-Real-Ip` can be easily spoofed. As
    such, it cannot be used to test if the client IP is allowed.

    The recommendation is to use HTTP Basic authentication to protect the
    metrics endpoint, or run Miniflux behind a trusted reverse-proxy.

* Add HTTP Basic authentication for `/metrics` endpoint
* Add proxy support for several media types
* Parse feed categories from RSS, Atom and JSON feeds
* Ignore empty link when discovering feeds
* Disable CGO explicitly to make sure the binary is statically linked
* Add CSS classes to differentiate between category/feed/entry view and icons
* Add rewrite and scraper rules for `blog.cloudflare.com`
* Add `color-scheme` to themes
* Add new keyboard shortcut to toggle open/close entry attachments section
* Sanitizer: allow `id` attribute in `<sup>` element
* Add Indonesian Language
* Update translations
* Update Docker Compose examples:
    - Run the application in one command
    - Bring back the health check condition to `depends_on`
    - Remove deprecated `version` element
* Update scraping rules for `ilpost.it`
* Bump `github.com/PuerkitoBio/goquery` from `1.8.0` to `1.8.1`
* Bump `github.com/tdewolff/minify/v2` from `2.12.4` to `2.12.5`
* Bump `github.com/yuin/goldmark` from `1.5.3` to `1.5.4`
* Bump `golang.org/x/*` dependencies
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEDyJ0pjYevysxzdTfu2P1hSdzd04FAmQT0koACgkQu2P1hSdz
d063CxAAutNyUlIff2QUrLLMld5Pr7Qp7zCghJ6gSm6RUXDKOzuszevbYcMn1vmC
Lb4T+VzvClOkkGvAiGtZyiFllrFRlumteKG26YfJAK3VS6JTI57A8pbwsOnUFFga
bfqqVCUwerg70VwV/FkcKO/4nJid1oYHoF17kD3bD0+EoYoiggDh9inw6u5SEny6
lM/+NDhpPim9Bhs0yoa7n/m81ofipGrxSV6/0cBJ2UpoVG34eLRUVee/zg8XALv1
WkrnoaaB1mS60fdSE8M2c5pE+qqgGM4/VURcTIOPiesa8K57MOt8lGiaIwSOrJEg
MIl/X1OcO+o6OYKpvzzbYcLlKtwE9EGnbJ6SZ5tnOfnt9WULpusIG4FDm6Y84xMr
7gyuZPhRtc1qHmeGLQuHOXLDmBX2RTZX2PJKoICp1bG/35kSbgec+jEa5flaXjvD
tssZKrhICiQ9pUHXtJ3odmxOqOMXB/+VPH3i6lNd2ZdCG5CC3ANR3xCmhDkXuksJ
ic7JUb1HoXPjDPGHYfFQI/mttfvh6ZQ2mqAuEsUlMrOdoIJYSxPIMbPwXxs9dVHT
yReWQNSxy+d7SKbMKsQdRtKX4BNnPQK/s7Kktt0yaU6uOXNSTeFGWwAtT0seTZur
t4WGZUPjMKl4QldFdTmP7ARmUbusGEumcH5UmNEYRBMQKLcv1ec=
=hEcb
-----END PGP SIGNATURE-----