news

What's Changed

🚓 Security

• Use IClientService (with SSRF protection) instead of straight Guzzle Client by @SMillerDev in https://github.com/nextcloud/news/pull/3672

🚀 Changed

• make future github release notes a bit more organized by @Grotax in https://github.com/nextcloud/news/pull/3688
• fix(starred): stop endless item requests in Starred view by @Copilot in https://github.com/nextcloud/news/pull/3694
• chore(devcontainer): devcontainer enhancements by @Grotax in https://github.com/nextcloud/news/pull/3698

📦 Dependency Updates

• build(deps): Bump crate-ci/typos from 1.45.0 to 1.45.1 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3689
• build(deps): Bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3690
• build(deps-dev): Bump @types/node from 25.5.2 to 25.6.0 in the types group across 1 directory by @dependabot[bot] in https://github.com/nextcloud/news/pull/3691
• build(deps): Bump postcss from 8.5.8 to 8.5.10 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3696
• build(deps): Bump actions/setup-node from 6.3.0 to 6.4.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3699
• build(deps-dev): Bump the vite group with 2 updates by @dependabot[bot] in https://github.com/nextcloud/news/pull/3700
• build(deps): Bump @nextcloud/axios from 2.5.2 to 2.6.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3702
• build(deps): Bump the vue group with 2 updates by @dependabot[bot] in https://github.com/nextcloud/news/pull/3701

Full Changelog: https://github.com/nextcloud/news/compare/28.2.0...28.3.0

What's Changed

• build(deps): Bump fast-xml-parser from 5.4.1 to 5.5.6 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3626
• build(deps): Bump vue from 3.5.29 to 3.5.30 in the vue group by @dependabot[bot] in https://github.com/nextcloud/news/pull/3619
• build(deps-dev): Bump @types/node from 25.3.5 to 25.4.0 in the types group by @dependabot[bot] in https://github.com/nextcloud/news/pull/3624
• build(deps): Bump @nextcloud/password-confirmation from 6.0.2 to 6.0.3 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3625
• Update npm audit fix workflow by @wofferl in https://github.com/nextcloud/news/pull/3632
• build(deps): Bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3618
• Refactor full text scraper to use guzzle http client by @wofferl in https://github.com/nextcloud/news/pull/3630
• build(deps-dev): Bump @types/node from 25.4.0 to 25.5.0 in the types group by @dependabot[bot] in https://github.com/nextcloud/news/pull/3636
• build(deps-dev): Bump flatted from 3.4.1 to 3.4.2 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3634
• build(deps): Bump fast-xml-parser from 5.5.6 to 5.5.7 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3633
• Rework FeedItemDisplayTest by @wofferl in https://github.com/nextcloud/news/pull/3638
• Limit full text scraper to download only new or updated articles by @wofferl in https://github.com/nextcloud/news/pull/3631
• build(deps-dev): Bump the vite group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/nextcloud/news/pull/3637
• Release 28.2.0-beta.1 by @Grotax in https://github.com/nextcloud/news/pull/3639
• build(deps): Bump @nextcloud/vue from 9.5.0 to 9.6.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3642
• build(deps-dev): Bump jsdom from 28.1.0 to 29.0.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3643
• build(deps): Bump @nextcloud/password-confirmation from 6.0.3 to 6.1.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3645
• build(deps): Bump codecov/codecov-action from 5.5.2 to 5.5.3 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3650
• build(deps): Bump picomatch by @dependabot[bot] in https://github.com/nextcloud/news/pull/3648
• build(deps): Bump yaml from 2.8.2 to 2.8.3 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3651
• build(deps): Bump vue-router from 5.0.3 to 5.0.4 in the vue group by @dependabot[bot] in https://github.com/nextcloud/news/pull/3652
• build(deps-dev): Bump jsdom from 29.0.0 to 29.0.1 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3653
• build(deps): Bump brace-expansion by @dependabot[bot] in https://github.com/nextcloud/news/pull/3654
• Add a feature to download the web version of an article on demand by @wofferl in https://github.com/nextcloud/news/pull/3647
• fix: show move feed errors in the UI by @Maa-ly in https://github.com/nextcloud/news/pull/3649
• Rework feed options menu and feed settings by @wofferl in https://github.com/nextcloud/news/pull/3655
• build(deps-dev): Bump @vue/tsconfig from 0.9.0 to 0.9.1 in the vue group by @dependabot[bot] in https://github.com/nextcloud/news/pull/3656
• build(deps-dev): Bump the vite group with 2 updates by @dependabot[bot] in https://github.com/nextcloud/news/pull/3657
• build(deps): Bump dorny/paths-filter from 3.0.2 to 4.0.1 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3641
• HTML Sanitizer options adjusted to fix broken layouts by @wofferl in https://github.com/nextcloud/news/pull/3658
• [master] Fix npm audit by @nextcloud-command in https://github.com/nextcloud/news/pull/3667
• build(deps-dev): Bump the vite group across 1 directory with 2 updates by @dependabot[bot] in https://github.com/nextcloud/news/pull/3666
• build(deps): Bump vue from 3.5.30 to 3.5.31 in the vue group across 1 directory by @dependabot[bot] in https://github.com/nextcloud/news/pull/3660
• build(deps-dev): Bump vite from 7.3.1 to 7.3.2 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3669
• build(deps): Bump codecov/codecov-action from 5.5.3 to 6.0.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3665
• Fix Mark as unread on update feed setting by @wofferl in https://github.com/nextcloud/news/pull/3668
• build(deps): Bump shivammathur/setup-php from 2.36.0 to 2.37.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3640
• Release 28.2.0-beta.2 by @Grotax in https://github.com/nextcloud/news/pull/3670
• build(deps): Bump crate-ci/typos from 1.44.0 to 1.45.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3673
• build(deps): Bump axios from 1.13.5 to 1.15.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3674
• build(deps): Bump vue from 3.5.31 to 3.5.32 in the vue group by @dependabot[bot] in https://github.com/nextcloud/news/pull/3675
• build(deps-dev): Bump @types/node from 25.5.0 to 25.5.2 in the types group by @dependabot[bot] in https://github.com/nextcloud/news/pull/3676
• build(deps): Bump follow-redirects from 1.15.11 to 1.16.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3683
• build(deps): Bump dompurify from 3.3.3 to 3.4.0 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3684
• build(deps-dev): Bump the vite group with 2 updates by @dependabot[bot] in https://github.com/nextcloud/news/pull/3680
• build(deps-dev): Bump jsdom from 29.0.1 to 29.0.2 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3681
• Eslint fixes by @wofferl in https://github.com/nextcloud/news/pull/3686
• build(deps-dev): Bump @nextcloud/eslint-config from 9.0.0-rc.8 to 9.0.0-rc.9 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3682
• fix: update existing items when reloaded from backend by @wofferl in https://github.com/nextcloud/news/pull/3677
• build(deps): Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 by @dependabot[bot] in https://github.com/nextcloud/news/pull/3685
• Release 28.2.0 by @Grotax in https://github.com/nextcloud/news/pull/3687

New Contributors

• @Maa-ly made their first contribution in https://github.com/nextcloud/news/pull/3649

Full Changelog: https://github.com/nextcloud/news/compare/28.1.0...28.2.0