Commit graph

20935 commits

Author SHA1 Message Date
Renovate Bot
75966ddef6 Update module golang.org/x/tools/gopls to v0.16.1 2024-07-03 16:03:58 +00:00
Renovate Bot
e510f2e84d Update dependency @playwright/test to v1.45.1 2024-07-03 16:03:51 +00:00
Earl Warren
d1139ac55f Merge pull request 'Update dependency go to v1.22.5' (#4286) from renovate/patch-golang-packages into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4286
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-03 14:57:04 +00:00
Earl Warren
ee7f568aed
fix(ci): do not block pull request CI when go-versions lags behind
When a new go version is published, it takes about 24h for
https://github.com/actions/go-versions to be updated (see
https://github.com/actions/go-versions/pull/102 for example).

In the meantime the setup-go action that depends on it will install a
version of go that fails golang.org/x/vuln/cmd/govulncheck.

Move the security check to be the last step of the test job instead of
the first. It will still block the PRs from being merged but it will
allow the PR authors to keep working and look at the test results in
the meantime.

Fixes: https://codeberg.org/forgejo/forgejo/issues/4294
2024-07-03 15:57:35 +02:00
Renovate Bot
fa1a853db0 Update dependency go to v1.22.5 2024-07-03 08:23:00 +00:00
Renovate Bot
f752ab5edd Update dependency katex to v0.16.11 2024-07-03 00:02:23 +00:00
Earl Warren
17139b649b Merge pull request 'fix(hook): ignore unknown push options instead of failing' (#4253) from twenty-panda/forgejo:pr-3706 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4253
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-02 20:17:51 +00:00
Twenty Panda
5561e80b04 fix(hook): ignore unknown push options instead of failing
If a repository has

git config --add push.pushOption submit=".sourcehut/*.yml"

it failed when pushed because of the unknown submit push
option. It will be ignored instead.

Filtering out the push options is done in an earlier stage, when the
hook command runs, before it submits the options map to the private
endpoint.

* move all the push options logic to modules/git/pushoptions
* add 100% test coverage for modules/git/pushoptions

Test coverage for the code paths from which code was moved to the
modules/git/pushoptions package:

* cmd/hook.go:runHookPreReceive
* routers/private/hook_pre_receive.go:validatePushOptions
  tests/integration/git_push_test.go:TestOptionsGitPush runs through
  both. The test verifying the option is rejected was removed and, if
  added again, will fail because the option is now ignored instead of
  being rejected.

* cmd/hook.go:runHookProcReceive
* services/agit/agit.go:ProcReceive
  tests/integration/git_test.go: doCreateAgitFlowPull runs through
  both. It uses variations of AGit related push options.

* cmd/hook.go:runHookPostReceive
* routers/private/hook_post_receive.go:HookPostReceive
  tests/integration/git_test.go:doPushCreate called by TestGit/HTTP/sha1/PushCreate
  runs through both.
  Note that although it provides coverage for this code path it does not use push options.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3651
2024-07-02 21:39:01 +02:00
Earl Warren
a0d9d8d576
test(js): false negative in sleep test
It is entirely possible that the difference between the specified
sleep time and the actual sleep time is greater than 15 seconds.

https://developer.mozilla.org/en-US/docs/Web/API/setTimeout#Notes

> Note that in either case, the actual delay may be longer than
> intended; see Reasons for delays longer than specified below.

It is however an error for the delay to be shorter.

⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯
 FAIL  web_src/js/utils.test.js > sleep
AssertionError: expected false to be truthy
 ❯ testSleep web_src/js/utils.test.js:192:48
    190|   const endTime = Date.now();    // Record the end time
    191|   const actualSleepTime = endTime - startTime;
    192|   expect(Math.abs(actualSleepTime - ms) <= 15).toBeTruthy();
       |                                                ^
    193| }
    194|
 ❯ web_src/js/utils.test.js:184:3
2024-07-02 19:35:35 +02:00
Earl Warren
c7bb90bc6b Merge pull request '[gitea] week 2024-27 cherry pick (gitea/main -> forgejo)' (#4266) from earl-warren/wcp/2024-27 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4266
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-02 08:29:04 +00:00
Earl Warren
9524361bb4
docs(release-notes): development continues to Forgejo 9.0.0 2024-07-01 18:17:11 +02:00
Renovate Bot
1576ea38f8 Update dependency esbuild-loader to v4.2.0 2024-07-01 14:02:08 +00:00
Earl Warren
c521e58190 Merge pull request 'Lock file maintenance' (#4280) from renovate/lock-file-maintenance into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4280
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-01 13:35:05 +00:00
Earl Warren
f9ad844fd6 Merge pull request 'ci(release): upgrade v*.next.forgejo.org when the release is ready' (#4281) from earl-warren/forgejo:wip-demo-upgrade into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4281
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-01 13:25:22 +00:00
Earl Warren
abf72a42e7
ci(release): upgrade v*.next.forgejo.org when the release is ready
The https://v$major.next.forgejo.org instances are polling for new
releases with a cron job every hour. This is not only a waste of
resources because there is nothing most of the time, it also imposes a
delay of maximum one hour when there is a new release.

When the release is published, notify the corresponding instance that
an upgrade is ready. In the request will 404 but leave a trace in the
logs which can trigger an upgrade script if wakeup-on-logs is
configured accordingly.

  GET https://v$major.next.forgejo.org/.well-known/wakeup-on-logs/forgejo-v$major

* v8 - a daemon watching on the web server logs was installed for
  https://v8.next.forgejo.org and will perform the upgrade.
* v7 - nothing will happen for https://v7.next.forgejo.org because
  it still relies on the hourly cron job.
* v1.21 - nothing will happen because https://v1.next.forgejo.org does
  not exist.

See also:

* https://forgejo.org/docs/next/developer/infrastructure
* https://code.forgejo.org/infrastructure/wakeup-on-logs
2024-07-01 12:52:59 +02:00
Earl Warren
c5362d5f9e Merge pull request 'Update renovate to v37.421.2' (#4278) from renovate/renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4278
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-01 05:15:47 +00:00
Renovate Bot
15f9dde1c9 Lock file maintenance 2024-07-01 00:03:45 +00:00
Renovate Bot
db8fb0021f Update renovate to v37.421.2 2024-07-01 00:01:26 +00:00
Danko Aleksejevs
36b6444f34 Remove tab key handling in markdown editor, add toolbar buttons instead, re #4072 #4142 (#4263)
We haven't decided much (to my knowledge), and I've been using the main branch in production (as one does) and found out even I myself rely on Tab sometimes working to move focus and have been caught off guard by it indenting lines instead.

So this removes Tab handling and instead adds two new buttons to the toolbar. The indentation logic is unchanged (other than now focusing the textarea during button handling, to ensure execCommand works, and thus undo history is preserved).

I'm not sure which terminology to use in tooltips. Could also add keyboard shortcuts for the whole toolbar eventually, but as is this is hopefully an better solution to the problems I previously created than un-merging the whole thing :)

<img width="414" alt="Screenshot with two new buttons" src="/attachments/b7af3aa4-a195-48d1-be0a-1559f25dce8e">

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4263
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Danko Aleksejevs <danko@very.lv>
Co-committed-by: Danko Aleksejevs <danko@very.lv>
2024-06-30 13:03:32 +00:00
Earl Warren
7b80ac476f Merge pull request 'Fixes git references wrongly transmitted to the action run' (#4272) from Mai-Lapyst/forgejo:fix-workflow_dispatch-gitrefs into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4272
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-30 08:26:12 +00:00
Mai-Lapyst
9b225b56a9
Fixes git references wrongly transmitted to the action run 2024-06-30 06:17:40 +02:00
mritunjayr
9634d954d4 test: add test coverage for web_src/js/utils/time.test.js (#4252)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4252
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: mritunjayr <mritunjaykumar694@gmail.com>
Co-committed-by: mritunjayr <mritunjaykumar694@gmail.com>
2024-06-29 09:08:29 +00:00
Shiny Nematoda
8546b01249 [FEAT] branch/tag dropdown for git-grep (#4262)
#3654 introduced support for searching non-default branches and tags.

However, the results page lacked any indicator (aside from the url) on which branch/tag the searcg was performed. A branch dropdown was introduced to the code search page when git-grep is used both as an indicator and as a intrusive way to switch between branches/tags.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-06-29 06:57:34 +00:00
Earl Warren
a2426e2f90
docs(release-notes): week 2024-27 cherry pick 2024-06-29 08:03:51 +02:00
Royce Remer
45181ee945
Support legacy _links LFS batch responses (#31513)
Support legacy _links LFS batch response.

Fixes #31512.

This is backwards-compatible change to the LFS client so that, upon
mirroring from an upstream which has a batch api, it can download
objects whether the responses contain the `_links` field or its
successor the `actions` field. When Gitea must fallback to the legacy
`_links` field a logline is emitted at INFO level which looks like this:
```
...s/lfs/http_client.go:188:performOperation() [I] <LFSPointer ee95d0a27ccdfc7c12516d4f80dcf144a5eaf10d0461d282a7206390635cdbee:160> is using a deprecated batch schema response!
```

I've only run `test-backend` with this code, but added a new test to
cover this case. Additionally I have a fork with this change deployed
which I've confirmed syncs LFS from Gitea<-Artifactory (which has legacy
`_links`) as well as from Gitea<-Gitea (which has the modern `actions`).

Signed-off-by: Royce Remer <royceremer@gmail.com>
(cherry picked from commit df805d6ed0458dbec258d115238fde794ed4d0ce)
2024-06-29 07:56:18 +02:00
kiatt210
9d1c72ae7c
Fix web notification icon not updated once you read all notifications (#31447)
Fix #29065
Remove status filtering from GetUIDsAndNotificationCounts sql.

---------

Co-authored-by: kiatt210 <kiatt210@github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6a96deb5898745d957ffd7860b2b6821c673e907)
2024-06-29 07:33:37 +02:00
Earl Warren
153758d4de Merge pull request 'Update dependency vue to v3.4.31' (#4264) from renovate/patch-vue-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4264
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-29 05:21:46 +00:00
Renovate Bot
699e4fec73 Update dependency vue to v3.4.31 2024-06-29 04:01:21 +00:00
0ko
f703399770 Merge pull request 'Improve button gap consistency' (#4254) from 0ko/forgejo:ui-button-row into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4254
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
2024-06-29 03:23:17 +00:00
0ko
28ceec6fad ui: fix wrong string used in a search box (#4258)
Resolves https://codeberg.org/forgejo/forgejo/issues/4256.
Fixes regression caused by https://github.com/go-gitea/gitea/pull/29530/files#diff-b46ae540c8eb41d1ccaa1659489fcc47d72eee4c4f04dc83c5ccf4d6d1a3395eR45.

Preview:
Before - https://codeberg.org/forgejo/forgejo/attachments/d629f2e9-0d07-4719-9250-52d3ba9f4a9e
After - https://codeberg.org/forgejo/forgejo/attachments/6a5f5cb2-124d-4673-a387-8483125a89eb

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4258
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-06-28 16:28:03 +00:00
Earl Warren
616291485e Merge pull request 'Update module golang.org/x/tools/gopls to v0.16.0' (#4242) from renovate/golang.org-x-tools-gopls-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4242
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-28 14:10:33 +00:00
Renovate Bot
6f423143ea
Update module golang.org/x/tools/gopls to v0.16.0 2024-06-28 15:35:02 +02:00
0ko
dc0d3a40ab ui: improve button gap consistency 2024-06-28 13:11:32 +05:00
0ko
7299b2def4 chore: rename class issue-title-buttons to button-row 2024-06-28 13:11:16 +05:00
Mai-Lapyst
51735c415b Add support for workflow_dispatch (#3334)
Closes #2797

I'm aware of https://github.com/go-gitea/gitea/pull/28163 exists, but since I had it laying around on my drive and collecting dust, I might as well open a PR for it if anyone wants the feature a bit sooner than waiting for upstream to release it or to be a forgejo "native" implementation.

This PR Contains:
- Support for the `workflow_dispatch` trigger
- Inputs: boolean, string, number, choice

Things still to be done:
- [x] API Endpoint `/api/v1/<org>/<repo>/actions/workflows/<workflow id>/dispatches`
- ~~Fixing some UI bugs I had no time figuring out, like why dropdown/choice inputs's menu's behave weirdly~~ Unrelated visual bug with dropdowns inside dropdowns
- [x] Fix bug where opening the branch selection submits the form
- [x] Limit on inputs to render/process

Things not in this PR:
- Inputs: environment (First need support for environments in forgejo)

Things needed to test this:
- A patch for https://code.forgejo.org/forgejo/runner to actually consider the inputs inside the workflow.
  ~~One possible patch can be seen here: https://code.forgejo.org/Mai-Lapyst/runner/src/branch/support-workflow-inputs~~
  [PR](https://code.forgejo.org/forgejo/runner/pulls/199)

![image](/attachments/2db50c9e-898f-41cb-b698-43edeefd2573)

## Testing

- Checkout PR
- Setup new development runner with [this PR](https://code.forgejo.org/forgejo/runner/pulls/199)
- Create a repo with a workflow (see below)
- Go to the actions tab, select the workflow and see the notice as in the screenshot above
- Use the button + dropdown to run the workflow
  - Try also running it via the api using the `` endpoint
- ...
- Profit!

<details>
<summary>Example workflow</summary>

```yaml
on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log Level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
      tags:
        description: 'Test scenario tags'
        required: false
        type: boolean
      boolean_default_true:
        description: 'Test scenario tags'
        required: true
        type: boolean
        default: true
      boolean_default_false:
        description: 'Test scenario tags'
        required: false
        type: boolean
        default: false
      number1_default:
        description: 'Number w. default'
        default: '100'
        type: number
      number2:
        description: 'Number w/o. default'
        type: number
      string1_default:
        description: 'String w. default'
        default: 'Hello world'
        type: string
      string2:
        description: 'String w/o. default'
        required: true
        type: string

jobs:
  test:
    runs-on: docker
    steps:
      - uses: actions/checkout@v3
      - run: whoami
      - run: cat /etc/issue
      - run: uname -a
      - run: date
      - run: echo ${{ inputs.logLevel }}
      - run: echo ${{ inputs.tags }}
      - env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - run: echo "abc"
```
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3334
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-28 05:17:11 +00:00
Chl
544cbc6f01 Optimization of labels handling in issue_search (#4228)
This PR optimizes the SQL query and de-duplicate the labels' ids when generating the query string, on the issue page.

<hr/>

### Background

Some time ago, BingBot and some other crawlers have been putting my instance on its knees with requests containing a lot of label ids, like this one :

```
[07/Aug/2023:11:28:37 +0200] "GET /Dolibarr/sendrecurringinvoicebymail/issues?q=&type=all&sort=&state=closed&labels=1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c2%2c10%2c2%2c1%2c1%2c10%2c10%2c7%2c6%2c10%2c10%2c3%2c2%2c1%2c5%2c10%2c1%2c6%2c2%2c7%2c3%2c7%2c6%2c10%2c1%2c10%2c1%2c1%2c7%2c7%2c1%2c1%2c1%2c1%2c10%2c10%2c1%2c2%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c2%2c1%2c12%2c6%2c6%2c10&milestone=0&project=-1&poster=0 HTTP/1.1" 499 0 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36"
```

Since each of the label ids implies a join, it grows exponentially expensive for the database engine (at least on PostgreSQL but SQLite suffers a little too).

Thus, this PR proposes two enhancements:

* rewrite the database query to use only one squashed condition,
* deduplicate the label ids when generating the URL.

### Performance comparison

Here are some timings on Postgresql-backed, Forgejo 7.0.4 instances :
```sh
$ time curl -s -o /dev/null "http://localhost:3000/toto/tata/issues?q=&type=all&sort=&labels=19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25&state=open&milestone=0&project=0&assignee=0&poster=0"

real    0m10,491s
user    0m0,017s
sys     0m0,008s
```
...and with the patch:
```sh
$ time curl -s -o /dev/null "http://localhost:3000/toto/tata/issues?q=&type=all&sort=&labels=19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25&state=open&milestone=0&project=0&assignee=0&poster=0"

real    0m0,094s
user    0m0,012s
sys     0m0,013s
```

### Annex

This issue was originally proposed to [Gitea](https://github.com/go-gitea/gitea/pull/26460) but didn't get much attention, and I switched to Forgejo in the meantime :)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4228
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Chl <chl@xlii.si>
Co-committed-by: Chl <chl@xlii.si>
2024-06-28 05:11:57 +00:00
vikaschoudhary
2121a29f89 test: add test coverage for web_src/js/utils.js (#4235)
[Added tests for methods]
---------------------------------
- isDarkTheme
- getCurrentLocale
- parseDom
- serializeXml
- sleep
- toAbsoluteUrl

[Pending tests for methods]
---------------------------------
- convertImage
- blobToDataURI

Co-authored-by: Vikas Choudhary <vikaschoudharycs097@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4235
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: vikaschoudhary <vikaschoudhary@noreply.codeberg.org>
Co-committed-by: vikaschoudhary <vikaschoudhary@noreply.codeberg.org>
2024-06-27 15:46:46 +00:00
Codeberg Translate
8afdafebf9 i18n: Translations update from Weblate (#4168)
Translations update from https://translate.codeberg.org/projects/forgejo/forgejo/.

Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: overloop <overloop@users.noreply.translate.codeberg.org>
Co-authored-by: b1nar10 <b1nar10@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: yeziruo <yeziruo@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: bart <bart@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: kdh8219 <kdh8219@monamo.dev>
Co-authored-by: sunwoo1524 <sunwoo1524@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4168
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-06-26 11:07:32 +00:00
Earl Warren
282dfa1bea Merge pull request 'Clarify author label in tooltip' (#4201) from 0ko/forgejo:ui-author-tooltip into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4201
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-26 08:38:55 +00:00
Earl Warren
096afcb690 Merge pull request 'chore(renovate): add shared go preset' (#4246) from viceice/renovate-go-preset into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4246
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-26 08:36:39 +00:00
Earl Warren
a3a8b0e7d1 Merge pull request 'Update module github.com/yuin/goldmark to v1.7.4' (#4240) from renovate/github.com-yuin-goldmark-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4240
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-06-26 07:51:29 +00:00
Earl Warren
84f8aa9aa9 Merge pull request 'Update dependency minimatch to v9.0.5' (#4239) from renovate/minimatch-9.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4239
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-26 07:45:58 +00:00
Earl Warren
383677f3f1 Merge pull request 'Update module golang.org/x/image to v0.18.0' (#4241) from renovate/golang.org-x-image-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4241
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-26 07:32:01 +00:00
Michael Kriese
35b0181df0
chore(renovate): add shared go preset 2024-06-26 09:24:17 +02:00
Renovate Bot
bdd71ff840 Update dependency minimatch to v9.0.5 2024-06-26 06:20:05 +00:00
Renovate Bot
d9b83719d6 Update module github.com/yuin/goldmark to v1.7.4 2024-06-26 06:19:55 +00:00
Renovate Bot
83d7be3447 Update module golang.org/x/image to v0.18.0 2024-06-26 06:19:47 +00:00
Earl Warren
ae2d504beb Merge pull request 'chore(renovate): set group name for renovate' (#4236) from viceice/renovate-group into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4236
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-26 06:19:15 +00:00
Earl Warren
86b94c3b7f Merge pull request 'fix(security): GO-2024-2947' (#4245) from earl-warren/forgejo:wip-retryable into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4245
Reviewed-by: thefox <thefox@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-26 06:14:48 +00:00
Earl Warren
91f16dfcb7
fix(security): GO-2024-2947
Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.7.5
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
      #1: services/migrations/gitlab.go:500:74: migrations.GitlabDownloader.GetComments calls gitlab.DiscussionsService.ListMergeRequestDiscussions, which eventually calls retryablehttp.Client.Do
2024-06-26 07:35:19 +02:00