Commit graph

366 commits

Author SHA1 Message Date
Renovate Bot
4bff06dafb Update module github.com/blevesearch/bleve/v2 to v2.4.0 2024-05-08 19:31:56 +00:00
Earl Warren
a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Earl Warren
99d1ae52fc Merge pull request 'Update module github.com/PuerkitoBio/goquery to v1.9.2' (#3634) from renovate/github.com-puerkitobio-goquery-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3634
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-07 11:28:32 +00:00
silverwind
fb693442f5
Remove external API calls in TestPassword (#30716)
The test had a dependency on `https://api.pwnedpasswords.com` which
caused many failures on CI recently:

```
--- FAIL: TestPassword (2.37s)
    pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
FAIL
coverage: 82.9% of statements
```

(cherry picked from commit 9235442ba58524c8d12ae54865d583acfa1f439d)
2024-05-05 12:15:40 +01:00
Renovate Bot
aa8a757fe2 Update module github.com/PuerkitoBio/goquery to v1.9.2 2024-05-05 00:05:34 +00:00
Renovate Bot
58bf120eba Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed 2024-05-02 00:05:56 +00:00
Earl Warren
425d64a023 Merge pull request 'Update module connectrpc.com/connect to v1.16.1' (#3491) from renovate/connectrpc.com-connect-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3491
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-30 07:10:13 +00:00
Renovate Bot
95f8b1bbc5 Update module github.com/urfave/cli/v2 to v2.27.2 2024-04-28 00:05:53 +00:00
Otto
98589b487c Merge pull request 'Update module github.com/minio/minio-go/v7 to v7.0.70' (#3469) from renovate/github.com-minio-minio-go-v7-7.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3469
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-27 19:15:38 +00:00
Renovate Bot
004fe91d37 Update module gitea.com/gitea/act to v0.261.1 2024-04-27 02:04:59 +00:00
Renovate Bot
01d9faefa5 Update module connectrpc.com/connect to v1.16.1 2024-04-27 00:07:16 +00:00
Renovate Bot
ca9c039ba6 Update module github.com/minio/minio-go/v7 to v7.0.70 2024-04-26 02:05:51 +00:00
Renovate Bot
aec0e1c43a Update module github.com/klauspost/compress to v1.17.8 2024-04-10 02:10:00 +00:00
Earl Warren
2d3705bb81 Merge pull request '[CHORE] Remove Microsoft SQL Server support' (#3040) from gusted/forgejo-rm-mssql into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3040
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-09 05:34:54 +00:00
Gusted
2d9afd0c21
[CHORE] Remove Microsoft SQL Server Support
- Per https://codeberg.org/forgejo/discussions/issues/122
2024-04-05 23:37:36 +02:00
Gusted
32134e3a43
[CHORE] Remove u2f dependency
- It was only used to parse old U2F data to webauthn credentials. We
only used the public key and keyhandle. This functiontionality was
reworked to `parseU2FRegistration`.
- Tests are already present, `Test_RemigrateU2FCredentials`.
2024-04-05 16:23:10 +02:00
Gusted
ded1080bc2
[CHORE] Update golang.org/x/net
Per https://pkg.go.dev/vuln/GO-2024-2687
2024-04-04 06:17:41 +02:00
Renovate Bot
8f3b2096a8 Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.2 2024-04-03 04:08:11 +00:00
Renovate Bot
85cbdefaaa Update module github.com/go-sql-driver/mysql to v1.8.1 2024-03-30 14:46:43 +00:00
Gusted
bc04183e47 Merge pull request 'Update module github.com/felixge/fgprof to v0.9.4' (#2805) from renovate/github.com-felixge-fgprof-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2805
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-30 13:47:43 +00:00
Earl Warren
0761207cc2 Merge pull request 'Update module github.com/minio/minio-go/v7 to v7.0.69' (#2851) from renovate/github.com-minio-minio-go-v7-7.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2851
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-30 11:11:37 +00:00
Renovate Bot
02dcd07437 Update module github.com/felixge/fgprof to v0.9.4 2024-03-30 10:11:45 +00:00
Renovate Bot
0cb9ea64a6 Update module github.com/opencontainers/image-spec to v1.1.0 2024-03-30 06:05:12 +00:00
Renovate Bot
a517e4aeb1 Update module github.com/minio/minio-go/v7 to v7.0.69 2024-03-30 06:05:07 +00:00
Gusted
f579bde69d
[CHORE] Cleanup dependency
- Remove `gitea.com/lunny/dingtalk_webhook` as dependency, we only use
two structs which are small enough to be recreated in Forgejo and don't
need to rely on the dependency.
- Existing tests (thanks @oliverpool) prove that this has no effect.
2024-03-30 00:01:42 +01:00
Earl Warren
168c56d7d4 Merge pull request 'Update module github.com/gliderlabs/ssh to v0.3.7' (#2806) from renovate/github.com-gliderlabs-ssh-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2806
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-28 14:01:48 +00:00
Renovate Bot
9ff9036377 Update module github.com/klauspost/compress to v1.17.7 2024-03-25 20:07:17 +00:00
Earl Warren
5194bd15ef Merge pull request 'Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.1' (#2804) from renovate/github.com-editorconfig-editorconfig-core-go-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2804
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-25 19:48:58 +00:00
Renovate Bot
a6fdab95f8 Update module github.com/go-enry/go-enry/v2 to v2.8.7 2024-03-25 19:05:23 +00:00
Renovate Bot
ac08242493 Update module github.com/gliderlabs/ssh to v0.3.7 2024-03-25 18:24:23 +00:00
Renovate Bot
eccd824b01 Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.1 2024-03-25 17:37:18 +00:00
Renovate Bot
6e968e0ce3 Update gitea.com/go-chi/session digest to 16768d9 2024-03-25 15:18:21 +00:00
Renovate Bot
46aaecc2b8 Update gitea.com/go-chi/captcha digest to fb487f6 2024-03-25 13:37:57 +00:00
JakobDev
0a88259df4
Update Chroma to v2.13.0 (#29732)
This adds new lexers and includes some fixes. See
https://github.com/alecthomas/chroma/releases/tag/v2.13.0 for the full
changelog.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 3e7ae79f99ef0e5ba3d1201c38f491121ea2a156)
2024-03-20 08:46:28 +01:00
sillyguodong
6cb9e8d869
Make runs-on support variable expression (#29468)
As title.
Close issue: https://gitea.com/gitea/act_runner/issues/445
Follow: https://gitea.com/gitea/act/pulls/91

Move `getSecretsOfTask` and `getVariablesOfTask` under `models` because
of circular dependency issues.

(cherry picked from commit a1f5dd767729e30d07ab42fda80c19f30a72679f)
2024-03-11 23:36:59 +07:00
wxiaoguang
abb0294996
Partially enable MSSQL case-sensitive collation support (#29238)
Follow #28662

(cherry picked from commit 29a8c8de779924694fadad80b31cc855dd62c0f2)
2024-03-11 23:36:59 +07:00
Gusted
578f0b3335
[DEPS] Bump mysql driver
- Bump the SQL driver for MySQL to
[v1.8.0](https://github.com/go-sql-driver/mysql/releases/tag/v1.8.0),
which notably includes support for ed25519 authentication scheme (by
yours truly).
- Resolves #1868
2024-03-10 14:57:56 +01:00
techknowlogick
2c26b187ea
bump protobuf module (#29617)
(cherry picked from commit 06039bf0b7ec4dffe74ae323b8bbbbedec69d0c8)
2024-03-06 11:39:07 +08:00
Gusted
0c4872f839
[CHORE] Update connect-go to maintained fork
- Update github.com/bufbuild/connect-go to
https://github.com/connectrpc/connect-go.
- This is a fork that's actively maintained and is recommend by the
original library. Looking at the recent release notes, it looks like
going in the right direction what one would expect of a library, no
strange features being added, lots of improvements.
- There's still an indirect dependency by
`code.gitea.io/actions-proto-go` on a old version of `connect-go`.
2024-02-28 09:40:56 +01:00
Gusted
92413041bd
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d82001babd8d40c87d03169f21c14cd)
(cherry picked from commit 99ba56a8761dd08e08d9499cab2ded1a6b7b970f)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193daa2311e2ead6249a47dcec47b4e335)
(cherry picked from commit 9c12a37fde6fa84414bf332ff4a066facdb92d38)
(cherry picked from commit d13065345431a499f9e0b7a3c2043d7487b8aa5b)
(cherry picked from commit 45a16f8c3c6f7d5e4aab8fdde6a621cf36e4801c)
(cherry picked from commit a497acb31f76d580c8b0567f9461274bd78080f4)
(cherry picked from commit fe87fd828973945192b98310c5c3b2001c6e0f86)
(cherry picked from commit 6ac12e6693cf45cb12109028dabd868957c4b74c)
(cherry picked from commit 981ec37e1e72ab19c20067ff4d2a7e20a60d3305)
(cherry picked from commit 5d6892ec10086f0ba63f26693faa82d0fd4e3f4a)
(cherry picked from commit 9df7968f4fc72de9788d84ca3f349e4c98ee630e)
(cherry picked from commit 7d588d183329cd760053663ea2e1e82e62958409)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit defb101281f5a6ba410abc763674bafa7b63dffd)
(cherry picked from commit 5830f204a17767fda3e45d16dbf3af8c32e7f387)
(cherry picked from commit 029f4e98636a7776f430684e9d7142d69a444f96)
(cherry picked from commit 816fe558126d0ecce969fdf2a196fa6afdcca792)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 99866d804560b415b6158371eb0efd17d097cfe0)
2024-02-05 16:09:40 +01:00
Gusted
662c8ee341
[GITEA] Use existing jsonschema library
- Use the 'existing' jsonschema library for the nodeinfo integration test.

(cherry picked from commit 73864840f27274d4cdaef23d47a6a71fc60529c3)
(cherry picked from commit da36df306b7a75434c75ed5f63608e06266ca480)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8eacd2e6b2318f26e327ec59b804ea23)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344eb0d797838f8444a6d5c0e3d425716)
(cherry picked from commit 0ccefc633e5cd206bd51f642c9fe7be56dae51ec)
(cherry picked from commit 19e647b531c5cfaba5beabbd1de2fe65dfd44da0)
(cherry picked from commit 2bcc04889d4d765eba0ebdffe7ba788c91923d35)
(cherry picked from commit 2fd1932699572a666ef616b7fb191ab5f56d75c6)
(cherry picked from commit b9a3e1e5258e1896550cc3750b7f688fdab1bb22)
(cherry picked from commit 92d932d23f2fcab4b38b72bb6b39778026418ecd)
(cherry picked from commit c125217fea154d6eb87ae86735906c90575bbff3)
(cherry picked from commit f9801ba57b58fefe5a4cc8c9da91a3593129f656)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 2558a8a764ff6d35c70beb7510626cdeac38771d)
(cherry picked from commit f53b2d31127ddf17b6593d1bb3ec536ee04c8937)
(cherry picked from commit c098055f0a3266a94651bc2783330cf7b12efff2)
(cherry picked from commit 0e1591554a275d14da09114db8572bf731c5f112)
(cherry picked from commit 876d9d5c6f272120d31bdb18df39c3a9d25e2917)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 7110bb6a783cb37db3a75abd08534760812d05fd)
2024-02-05 16:09:40 +01:00
Gusted
8735fcdb7d
[GITEA] Vendor rupture dependency
- The [rupture](https://github.com/ethantkoenig/rupture) dependency was
essentially outdated in the sense it was using old version of
dependencies.
- The usage by Forgejo was rather a small portion, so that portion is
now vendored (with its tests).
- Removes old dependencies from go.sum (less dependencies is better for
reviewing what the heck we're importing). Just to note that they were
likely not being used by Go's build process (according to
https://go.dev/ref/mod#minimal-version-selection), so it's really a
matter of formal cleaning up dependencies we don't use and therefor
don't want to download and be in our go.sum.

(cherry picked from commit aa72a5f009b5027b2324106343f91b466ba46293)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2148
(cherry picked from commit fbe8d65f0b1836b2e771991b4d5d12f1bfa938ed)
(cherry picked from commit e18debcb6a9476f60d364e847265b4ac7fb76c8e)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2245
(cherry picked from commit 8c43c2ada82102a0df44fd874c4f5fe3a36ef758)
2024-02-05 15:08:04 +01:00
KN4CK3R
ba24e0ba61
Use new RPM constants (#28931)
https://github.com/sassoftware/go-rpmutils/pull/24 got merged.
2024-01-25 21:40:24 +00:00
wxiaoguang
82acf22d9c
Update go dependencies and fix go-git (#28893)
More details are in the comment of repo_base_gogit.go

And ref: https://github.com/go-git/go-git/issues/1006
2024-01-23 05:40:00 +00:00
Lunny Xiao
4abd63d378
Upgrade xorm to v1.3.7 to fix a resource leak problem caused by Iterate (#28891)
Mainly fix an error https://gitea.com/xorm/xorm/issues/2393
2024-01-22 18:24:55 +08:00
Yarden Shoham
5574968ecb
Set the isPermaLink attribute to false in the guid sub-element (#28860)
Our `guid` is not a valid URL so according to the RSS spec the
`isPermaLink` attribute needs to be set to `false`.

Example:
```diff
<item>
  <title>yardenshoham opened issue &lt;a href=&#34;https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2&#34;&gt;yardenshoham/test#2&lt;/a&gt;</title>
  <link>https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</link>
  <description>2#hey</description>
  <content:encoded><![CDATA[2#hey]]></content:encoded>
  <author>yardenshoham</author>
- <guid>355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid>
+ <guid isPermaLink="false">355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid>
  <pubDate>Tue, 16 Jan 2024 18:54:36 +0000</pubDate>
</item>
```

References:
-
https://www.rssboard.org/rss-specification#ltguidgtSubelementOfLtitemgt
- Fixes https://github.com/go-gitea/gitea/issues/28734
- https://github.com/gorilla/feeds/issues/78
- https://github.com/go-gitea/gitea/pull/21550
- https://github.com/gorilla/feeds/pull/107

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-01-20 02:38:16 +00:00
Chongyi Zheng
fee80a1847
Update github.com/cloudflare/circl (#28789)
cloudflare/circl: https://github.com/advisories/GHSA-9763-4f94-gfch

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-15 11:14:26 +08:00
wxiaoguang
2df7563f31
Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
Mainly for MySQL/MSSQL.

It is important for Gitea to use case-sensitive database charset
collation. If the database is using a case-insensitive collation, Gitea
will show startup error/warning messages, and show the errors/warnings
on the admin panel's Self-Check page.

Make `gitea doctor convert` work for MySQL to convert the collations of
database & tables & columns.

* Fix #28131

## ⚠️ BREAKING ⚠️

It is not quite breaking, but it's highly recommended to convert the
database&table&column to a consistent and case-sensitive collation.
2024-01-10 11:03:23 +00:00
Lunny Xiao
da58bb85fa
Upgrade xorm to new version which supported update join for all supported databases (#28590)
Fix https://github.com/go-gitea/gitea/pull/28547#issuecomment-1867740842

Since https://gitea.com/xorm/xorm/pulls/2383 merged, xorm now supports
UPDATE JOIN.
To keep consistent from different databases, xorm use
`engine.Join().Update`, but the actural generated SQL are different
between different databases.

For MySQL, it's `UPDATE talbe1 JOIN table2 ON join_conditions SET xxx
Where xxx`.

For MSSQL, it's `UPDATE table1 SET xxx FROM TABLE1, TABLE2 WHERE
join_conditions`.

For SQLITE per https://www.sqlite.org/lang_update.html, sqlite support
`UPDATE table1 SET xxx FROM table2 WHERE join conditions` from
3.33.0(2020-8-14).

POSTGRES is the same as SQLITE.
2023-12-31 05:00:35 +00:00
wxiaoguang
11f0519ad8
Update go dependencies (#28518)
Update golang.org/x/crypto for CVE-2023-48795 and update other packages.
`go-git` is not updated because it needs time to figure out why some
tests fail.
2023-12-19 09:18:42 +08:00