9542895e03
Improve theme picker
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 17:02:05 +01:00
d71c372080
Dynamic theme loading
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:53:21 +01:00
5c351d11d7
Add important not to ABOUT-FORK.md
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:49:48 +01:00
43c7cdbbde
Update ABOUT-FORK.md to point to latest major release branch
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:49:39 +01:00
7fe06ea71c
Add about fork
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:49:17 +01:00
5979129aa6
Remove "API" from footer
...
It's better to show it only to those that are looking for it
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:49:09 +01:00
d965f00802
Remove hover transition from buttons
...
Subjective though
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:46:50 +01:00
22a13d2800
Improve checkboxes
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:46:38 +01:00
b2cab7b18e
Add feedback to certain buttons
...
Previously button and hover colors were the same
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:46:22 +01:00
403a755a8a
Make captcha more readable
...
Especially on dark theme
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:46:14 +01:00
90553f17f3
Tweak captcha length
...
From 6 to 4-5 (random) chars
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:45:59 +01:00
2eefc2c68a
Tweak version in footer
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:44:53 +01:00
43b4a57be3
Privacy policy support
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:44:38 +01:00
cbdce79d8b
Fix footer link margin
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:43:24 +01:00
8ce85c11fd
Center padlock icon on profile page
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:43:12 +01:00
c17f373837
Move user RSS icon (WIP)
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:42:09 +01:00
a94e53c017
Theme picker warning with hardcoded link
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:41:49 +01:00
6f2a441ed5
Issue popup message that the issue doesn't exist
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:41:13 +01:00
22a74730d3
Fix issue popup for non-JSON responses
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:40:41 +01:00
6eeb0009ef
"Fix" https://codeberg.org/forgejo/forgejo/issues/7250
...
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:40:22 +01:00
f722397711
Tweak repo desc (WIP)
...
WIP because I'd like it to be visible even if repo is empty
Signed-off-by: Minecon724 <minecon724@noreply.git.m724.eu>
2025-03-27 16:39:52 +01:00
forgejo-backport-action
0a6a6d351d
[v11.0/forgejo] fix(ui): Do not check for vertical-align ( #7345 )
...
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (redis) (push) Blocked by required conditions
testing / test-remote-cacher (valkey) (push) Blocked by required conditions
testing / test-remote-cacher (garnet) (push) Blocked by required conditions
testing / test-remote-cacher (redict) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/7344
- This makes the `repo-settings` e2e testing happy.
- There's no point into checking `vertical-align`; it has no effect when `position: absolute` is set, which is is currently set unconditionally for checkboxes and radios on forms.
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7345
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-03-26 13:47:17 +00:00
Renovate Bot
d85f4f2cce
Update module code.forgejo.org/forgejo/act to v1.25.1 (forgejo) ( #7340 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [code.forgejo.org/forgejo/act](https://code.forgejo.org/forgejo/act ) | replace | minor | `v1.23.1` -> `v1.25.1` |
---
### Release Notes
<details>
<summary>forgejo/act (code.forgejo.org/forgejo/act)</summary>
### [`v1.25.1`](https://code.forgejo.org/forgejo/act/compare/v1.25.0...v1.25.1 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.25.0...v1.25.1 )
### [`v1.25.0`](https://code.forgejo.org/forgejo/act/compare/v1.24.1...v1.25.0 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.24.1...v1.25.0 )
### [`v1.24.1`](https://code.forgejo.org/forgejo/act/compare/v1.24.0...v1.24.1 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.24.0...v1.24.1 )
### [`v1.24.0`](https://code.forgejo.org/forgejo/act/compare/v1.23.1...v1.24.0 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.23.1...v1.24.0 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMTIuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIxMi4wIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7340
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-26 08:35:03 +00:00
Renovate Bot
f7df87621a
Update module github.com/caddyserver/certmagic to v0.22.2 (forgejo) ( #7323 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7323
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-26 00:42:44 +00:00
Gusted
f009c6ec4a
fix: fix ci dashboard e2e test ( #7338 )
...
- Add the necessary branch row for the workflow repository. This is required for the dashboard search to return any commit status for the default branch.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7338
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-26 00:19:31 +00:00
Renovate Bot
89fbd4867e
Update module github.com/buildkite/terminal-to-html/v3 to v3.16.8 (forgejo) ( #7326 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7326
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-25 23:13:48 +00:00
Michael Kriese
c45a1d9984
build: require node v20 ( #7333 )
...
Set minimum node version to v20 (from v18)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7333
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2025-03-25 22:32:46 +00:00
klausfyhn
c531b8f020
feat(api): return run_number in workflow dispatch ( #7286 )
...
- This is a follow up on #7193 and resolves #6312 .
- The ID by itself is not very useful, so also return the index of the workflow run.
Co-authored-by: Klaus Fyhn <klausfyhn@gmail.com>
Co-authored-by: Klaus Fyhn <klfj@mir-robots.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7286
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: klausfyhn <klausfyhn@noreply.codeberg.org>
Co-committed-by: klausfyhn <klausfyhn@noreply.codeberg.org>
2025-03-25 21:22:32 +00:00
Renovate Bot
513319c1ec
Update Node.js to v22 (forgejo) ( #7332 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [data.forgejo.org/oci/node](https://hub.docker.com/_/node ) ([source](https://github.com/nodejs/docker-node )) | container | major | `20-bookworm` -> `22-bookworm` |
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMTIuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIxMi4wIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7332
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-25 19:00:34 +00:00
Michael Kriese
587044cba1
chore(renovate): update settings for latest version ( #7329 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7329
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2025-03-25 08:39:26 +00:00
Renovate Bot
3593d995a9
Update renovate to v39.211.4 (forgejo) ( #7316 )
...
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-24 06:47:27 +00:00
Renovate Bot
e84db8113a
Lock file maintenance (forgejo) ( #7317 )
...
This PR contains the following updates:
| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |
🔧 This Pull Request updates lock files to use the latest dependency versions.
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * 1" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions ) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7317
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-24 06:45:11 +00:00
benjidial
2e7ccb42ac
fix(ui): remove extra } in issue dependencies template ( #7313 )
...
Bug showcase:
https://codeberg.org/forgejo/forgejo/attachments/a0c6215c-8274-4b91-b2a2-b14a31a4947e
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7313
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: benjidial <benjidial@noreply.codeberg.org>
Co-committed-by: benjidial <benjidial@noreply.codeberg.org>
2025-03-23 17:34:29 +00:00
forgejo-release-manager
dae08c5084
chore(release-notes): Forgejo v10.0.3 ( #7311 )
...
https://codeberg.org/forgejo/forgejo/milestone/12777
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7311
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
2025-03-23 08:50:48 +00:00
Gusted
cff284fdc3
fix: use correct input for strip slashes middleware ( #7295 )
...
- The router must use the escaped path in order to ensure correct functionality (at least, that is what they say). However `req.URL.Path` shouldn't be set to the escaped path, which is fixed in this patch.
- Simplify the logic and no longer try to use `rctx.RoutePath`, this is only useful if the middleware was placed after some routing parsing was done.
- Resolves forgejo/forgejo#7294
- Resolves forgejo/forgejo#7292
- Add unit test
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7295
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-22 16:49:05 +00:00
Tacaly
2d54cbc8fd
i18n: make Danish available in UI ( #7287 )
...
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/ ) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md ). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org ).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests )).
- I tested via manual method for the changes
- [X] in terminal using the "make" command.
### Documentation
- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs ) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-- >
- Localization
- [PR](https://codeberg.org/forgejo/forgejo/pulls/7287 ): <!--number 7287 --><!--line 0 --><!--description aTE4bjogbWFrZSBEYW5pc2ggYXZhaWxhYmxlIGluIFVJ-->i18n: make Danish available in UI<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7287
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Tacaly <frederick@tacaly.com>
Co-committed-by: Tacaly <frederick@tacaly.com>
2025-03-22 16:18:54 +00:00
Renovate Bot
c399b8b135
Update module github.com/go-sql-driver/mysql to v1.9.1 (forgejo) ( #7293 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql ) | require | minor | `v1.8.1` -> `v1.9.1` |
---
### Release Notes
<details>
<summary>go-sql-driver/mysql (github.com/go-sql-driver/mysql)</summary>
### [`v1.9.1`](https://github.com/go-sql-driver/mysql/blob/HEAD/CHANGELOG.md#v191-2025-03-21 )
[Compare Source](https://github.com/go-sql-driver/mysql/compare/v1.9.0...v1.9.1 )
##### Major Changes
- Add Charset() option. ([#​1679](https://github.com/go-sql-driver/mysql/issues/1679 ))
##### Bugfixes
- go.mod: fix go version format ([#​1682](https://github.com/go-sql-driver/mysql/issues/1682 ))
- Fix FormatDSN missing ConnectionAttributes ([#​1619](https://github.com/go-sql-driver/mysql/issues/1619 ))
### [`v1.9.0`](https://github.com/go-sql-driver/mysql/blob/HEAD/CHANGELOG.md#v190-2025-02-18 )
[Compare Source](https://github.com/go-sql-driver/mysql/compare/v1.8.1...v1.9.0 )
##### Major Changes
- Implement zlib compression. ([#​1487](https://github.com/go-sql-driver/mysql/issues/1487 ))
- Supported Go version is updated to Go 1.21+. ([#​1639](https://github.com/go-sql-driver/mysql/issues/1639 ))
- Add support for VECTOR type introduced in MySQL 9.0. ([#​1609](https://github.com/go-sql-driver/mysql/issues/1609 ))
- Config object can have custom dial function. ([#​1527](https://github.com/go-sql-driver/mysql/issues/1527 ))
##### Bugfixes
- Fix auth errors when username/password are too long. ([#​1625](https://github.com/go-sql-driver/mysql/issues/1625 ))
- Check if MySQL supports CLIENT_CONNECT_ATTRS before sending client attributes. ([#​1640](https://github.com/go-sql-driver/mysql/issues/1640 ))
- Fix auth switch request handling. ([#​1666](https://github.com/go-sql-driver/mysql/issues/1666 ))
##### Other changes
- Add "filename:line" prefix to log in go-mysql. Custom loggers now show it. ([#​1589](https://github.com/go-sql-driver/mysql/issues/1589 ))
- Improve error handling. It reduces the "busy buffer" errors. ([#​1595](https://github.com/go-sql-driver/mysql/issues/1595 ), [#​1601](https://github.com/go-sql-driver/mysql/issues/1601 ), [#​1641](https://github.com/go-sql-driver/mysql/issues/1641 ))
- Use `strconv.Atoi` to parse max_allowed_packet. ([#​1661](https://github.com/go-sql-driver/mysql/issues/1661 ))
- `rejectReadOnly` option now handles ER_READ_ONLY_MODE (1290) error too. ([#​1660](https://github.com/go-sql-driver/mysql/issues/1660 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7293
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-22 16:13:54 +00:00
Renovate Bot
3700db6dd5
Update module github.com/golang-jwt/jwt/v5 to v5.2.2 [SECURITY] (forgejo) ( #7296 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt ) | require | patch | `v5.2.1` -> `v5.2.2` |
---
### jwt-go allows excessive memory allocation during header parsing
[CVE-2025-30204](https://nvd.nist.gov/vuln/detail/CVE-2025-30204 ) / [GHSA-mh63-6h87-95cp](https://github.com/advisories/GHSA-mh63-6h87-95cp )
<details>
<summary>More information</summary>
#### Details
##### Summary
Function [`parse.ParseUnverified`](c035977d9e/parser.go (L138-L139)https://pkg.go.dev/strings#Split )) its argument (which is untrusted data) on periods.
As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html )
##### Details
See [`parse.ParseUnverified`](c035977d9e/parser.go (L138-L139)https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp ](https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp )
- [0951d18428https://github.com/golang-jwt/jwt ](https://github.com/golang-jwt/jwt )
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mh63-6h87-95cp ) and the [GitHub Advisory Database](https://github.com/github/advisory-database ) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md )).
</details>
---
### Release Notes
<details>
<summary>golang-jwt/jwt (github.com/golang-jwt/jwt/v5)</summary>
### [`v5.2.2`](https://github.com/golang-jwt/jwt/releases/tag/v5.2.2 )
[Compare Source](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2 )
#### What's Changed
- Fixed https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp by [@​mfridman](https://github.com/mfridman )
- Fixed some typos by [@​Ashikpaul](https://github.com/Ashikpaul ) in https://github.com/golang-jwt/jwt/pull/382
- build: add go1.22 to ci workflows by [@​mfridman](https://github.com/mfridman ) in https://github.com/golang-jwt/jwt/pull/383
- Bump golangci/golangci-lint-action from 4 to 5 by [@​dependabot](https://github.com/dependabot ) in https://github.com/golang-jwt/jwt/pull/387
- Bump golangci/golangci-lint-action from 5 to 6 by [@​dependabot](https://github.com/dependabot ) in https://github.com/golang-jwt/jwt/pull/389
- chore: bump ci tests to include go1.23 by [@​mfridman](https://github.com/mfridman ) in https://github.com/golang-jwt/jwt/pull/405
- Fix jwt -show by [@​AlexanderYastrebov](https://github.com/AlexanderYastrebov ) in https://github.com/golang-jwt/jwt/pull/406
- docs: typo by [@​kvii](https://github.com/kvii ) in https://github.com/golang-jwt/jwt/pull/407
- Update SECURITY.md by [@​oxisto](https://github.com/oxisto ) in https://github.com/golang-jwt/jwt/pull/416
- Update `jwt.Parse` example to use `jwt.WithValidMethods` by [@​mattt](https://github.com/mattt ) in https://github.com/golang-jwt/jwt/pull/425
#### New Contributors
- [@​Ashikpaul](https://github.com/Ashikpaul ) made their first contribution in https://github.com/golang-jwt/jwt/pull/382
- [@​kvii](https://github.com/kvii ) made their first contribution in https://github.com/golang-jwt/jwt/pull/407
- [@​mattt](https://github.com/mattt ) made their first contribution in https://github.com/golang-jwt/jwt/pull/425
**Full Changelog**: https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7296
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-22 15:51:41 +00:00
forgejo-release-manager
c5c0948ae5
chore(release-notes): Forgejo v10.0.2 ( #7280 )
...
https://codeberg.org/forgejo/forgejo/milestone/9818
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7280
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
2025-03-21 12:32:18 +00:00
Renovate Bot
bec2659bfb
Update mcr.microsoft.com/devcontainers/go Docker tag to v1.24 (forgejo) ( #7281 )
...
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-21 09:56:19 +00:00
Renovate Bot
03c50c54bb
Update module github.com/redis/go-redis/v9 to v9.7.3 (forgejo) ( #7279 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7279
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-21 09:07:22 +00:00
0ko
0b73a1da00
Merge commit: i18n: update of translations from Codeberg Translate ( #7240 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7240
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2025-03-20 15:24:48 +00:00
Codeberg Translate
5a7af0dae2
i18n: update of translations from Codeberg Translate
...
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Baempaieo <baempaieo@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Edgarsons <edgarsons@noreply.codeberg.org>
Co-authored-by: EssGeeEich <essgeeeich@noreply.codeberg.org>
Co-authored-by: Juno Takano <jutty@noreply.codeberg.org>
Co-authored-by: Zughy <zughy@noreply.codeberg.org>
Co-authored-by: banaanihillo <banaanihillo@noreply.codeberg.org>
Co-authored-by: httpsterio <httpsterio@noreply.codeberg.org>
Co-authored-by: ozgur <ozgur@noreply.codeberg.org>
Co-authored-by: tacaly <frederick@tacaly.com>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/da/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/tr/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
2025-03-20 14:55:14 +00:00
Gusted
72ee7f3b00
fix: consider issues in repository accessible via access table ( #7270 )
...
- Consider the following scenario: a private repository in an organization with a team that has no specific access to that repository. Members of that team are still able to visit the repository because of entries in the `access` table.
- Consider this specific scenario for the gathering of issues for project tables.
- Unit test added
- Resolves forgejo/forgejo#7217
- Ref: forgejo/forgejo#6843
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-19 16:45:42 +00:00
fauno
2cd9872b10
Include platform information on rubygems compact index API #6507 ( #7257 )
...
Per #6507 , platform information was missing from the rubygems package registry, so binary gems where not served correctly. This change adds the platform information when necessary.
Co-authored-by: f <f@sutty.nl>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7257
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: fauno <fauno@noreply.codeberg.org>
Co-committed-by: fauno <fauno@noreply.codeberg.org>
2025-03-19 11:28:55 +00:00
forgejo-release-manager
e033967eee
chore(release-notes): Forgejo v7.0.14 ( #7266 )
...
https://codeberg.org/forgejo/forgejo/milestone/9819
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7266
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
2025-03-19 07:01:17 +00:00
Earl Warren
316682f17b
chore(dependency): upgrade gof3 v3.10.6 ( #7258 )
...
cherry-pick from the forgefriends fork, except for the F3 API for mirroring which is a functional change that is not safe enough to introduce in Forgejo.
Refs: 3aad1f4e64https://codeberg.org/forgejo/forgejo/pulls/7258
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2025-03-18 14:18:00 +00:00
viceice
30b438ff84
chore(renovate): add yamllint to automerge ( #7262 )
...
Only used for linting, so safe for automerge. Also sort list alphabetically.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: viceice <michael.kriese@gmx.de>
Co-committed-by: viceice <michael.kriese@gmx.de>
2025-03-18 07:52:00 +00:00
Renovate Bot
5032388cc7
Update module gitlab.com/gitlab-org/api/client-go to v0.126.0 (forgejo) ( #7260 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go ) | require | minor | `v0.123.0` -> `v0.126.0` |
---
### Release Notes
<details>
<summary>gitlab-org/api/client-go (gitlab.com/gitlab-org/api/client-go)</summary>
### [`v0.126.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v0.126.0 )
[Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v0.125.0...v0.126.0 )
#### 0.126.0 (2025-03-17)
##### Improvements (6 changes)
- [Parallelize unit tests](8075babaf9https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2209 ))
- [Adding service ping API](e84bdb0357https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2196 ))
- [Exclude generated files from coverage report](e6484c32b9https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2203 ))
- [Enable SAST scans](2587cc7641https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2204 ))
- [bug: Add fallback for macOS version of readlink](8ecad42574https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2206 ))
- [Implement testing package for gomock based tests](ca46822612https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2199 ))
### [`v0.125.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v0.125.0 )
[Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v0.124.0...v0.125.0 )
#### 0.125.0 (2025-03-14)
##### Improvements (11 changes)
- [Add function for deleting a user's identity](8b7fe39f30https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2197 ))
- [Add `GetProjectMirrorPublicKey`, and add support for `auth_method` to `ProjectMirror`](8b74606a43https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2195 ))
- [Add custom role support to LDAP links](27ce4cb84chttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2194 ))
- [Add function for configuring a project pull mirror](4f1442ef76https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2192 ))
- [Add new user filter options: Humans, ExcludeActive and ExcludeHumans](0297e100fahttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2191 ))
- [Add support for `Usernames` in project-level MR approval rules](a7434e79b0https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2186 ))
- [add `ci_id_token_sub_claim_components` to EditProjectOptions](2632817f16https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2173 ))
- [feat: Add support for list shared projects group API](e34f2c78a1https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2187 ))
- [Fix pipeline for arbitrary fork location without Ultimate access](6b1baf787fhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2189 ))
- [Update access tokens to use alias type to reduce duplication](0e325d6335https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2178 ))
- [Add support for merge request approval settings API](165fd77adfhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2184 ))
### [`v0.124.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v0.124.0 )
[Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v0.123.0...v0.124.0 )
#### 0.124.0 (2025-02-28)
##### Breaking Changes (4 changes)
- [Refactor ShareWithGroup as a Named Struct instead of an Anonymous Struct](65524df62bhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2181 ))
- [Add support for instance member roles API, and align `CreateMemberRoleOptions`...](6d63332b57https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2179 ))
- [Switch to using BasicMergeRequest for API endpoints that use it](42ec248d8bhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2176 ))
- [Add state option when listing project access tokens. This requires that...](761f7de049https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2170 ))
##### Improvements (13 changes)
- [Add bundled reviewable command for ease of local development](fd06b55dbfhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2180 ))
- [Add function for uploading a wiki attachment](bf2d5c0f6bhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2177 ))
- [Add internal flag when creating different types of notes. Update documentation...](c103a6b83ehttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2172 ))
- [Add `Internal` support to `CreateIssueNoteOptions`](27f52bd13dhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2154 ))
- [Add support for Secure Files API](601d75bc57https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2171 ))
- [add ci_delete_pipelines_in_seconds to project edit and read](ece925e686https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2158 ))
- [Add filter to group variables update and delete](72e52c99dbhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2169 ))
- [Add support for group releases API](4c519f881chttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2162 ))
- [Add description to personal access token APIs](390a3caceahttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2165 ))
- [Add description to group access token APIs](23a6b28a8ehttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2166 ))
- [Add description to project access token APIs](bb10e8c656https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2167 ))
- [Add 'username' support to AddProjectMemberOptions](82645d9d45https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2163 ))
- [Update Group Hooks to add missing options and fix documentation links](380a7809d2https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2159 ))
##### Breaking Change (1 change)
- [Fix return value of CreateMergeRequestDependency to return a single...](a17c2255e1https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2174 ))
##### Features (1 change)
- [Add support for project security settings API](2826180657https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2157 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7260
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-18 07:49:36 +00:00
Renovate Bot
9ad3f2813b
Update dependency yamllint to v1.36.2 (forgejo) ( #7259 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7259
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-18 07:28:52 +00:00
