22195 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Gusted	ad949404b7	fix: correct logging if caller has generics ... - If the caller function has generics then `runtime.FuncForPC(...).Name()` will not show the generic types and instead collapse it to `[...]`. Remove this suffix from the function name. - This fixes an issue where the logging of functions that use generics such as `db.Find` to be logged as `]()` instead of `Find()`, as the last dot in `[...]` was being used as a cutoff point. - Unit test added. (cherry picked from commit 101efdd2e7)	2025-03-06 11:43:48 +00:00
Renovate Bot	6e0f449fb9	Update module golang.org/x/crypto to v0.35.0 (v10.0/forgejo) (#7072) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7072 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-03-02 17:09:15 +00:00
forgejo-backport-action	a830b4de6b	[v10.0/forgejo] chore(ci): ensure the manually cached Go can be run (#7079) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/7078 ``` go version go1.24.0 linux/amd64 go env drwx------ 1 root root 4096 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/../../../../.. drwxr-xr-x 4 root root 4096 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/../../../.. drwxr-xr-x 4 root root 4096 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/../../.. drwxr-xr-x 4 root root 4096 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/../.. drwxr-xr-x 3 root root 4096 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/.. dr-xr-xr-x 6 root root 4096 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64 -r-xr-xr-x 1 root root 14314681 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/bin/go -r-xr-xr-x 1 root root 14314681 Feb 28 15:52 /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/bin/go bash: line 1: /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/bin/go: Permission denied bash: line 1: /root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.24.0.linux-amd64/bin/go: Permission denied mkdir: cannot create directory ‘’: No such file or directory mkdir: cannot create directory ‘’: No such file or directory ``` Refs: https://codeberg.org/forgejo/forgejo/actions/runs/61591#jobstep-3-22 Co-authored-by: Earl Warren <contact@earl-warren.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7079 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-28 16:21:28 +00:00
Earl Warren	6fcb8f646f	[v10.0/forgejo] chore(ci): Get Go binary from GOROOT instead of hardcoded path (#7073) ... Backport: https://codeberg.org/forgejo/forgejo/pulls/6590 Co-authored-by: fnetX <otto@codeberg.org> Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7073 Reviewed-by: Otto <otto@codeberg.org>	2025-02-28 15:36:13 +00:00
0ko	c7bd6f4a3d	[v10.0/forgejo] i18n: update of translations from multiple sources (#7067) ... Translation updates that are applicable to v10 strings were picked from these commits: * 94e782038d * 75b9bd82e8 * 7296f11288 * 535408143a Changes to strings that are only present in the v11 branch were not picked. New locales ga-IE and ro were not picked because they're not used even in the v11 branch yet and languages are usually to be added in major versions. This commit contains chanes backported from Gitea, but attribution is not possible due to it being missing in the origin repo commits in the first place. You might have luck finding transators responsible for these changes in Gitea project on Crowdin: https://crowdin.com/project/gitea. Changes from Gitea are up to commit fc1b383da9/options/locale Below is a list of co-authors of the ported commits. It may contain co-authors who's changes were not picked due to being v11-only. Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org> Co-authored-by: adriand <adriand@users.noreply.translate.codeberg.org> Co-authored-by: amearb <amearb@users.noreply.translate.codeberg.org> Co-authored-by: Anonymous <anonymous@users.noreply.translate.codeberg.org> Co-authored-by: anze <anze@users.noreply.translate.codeberg.org> Co-authored-by: artnay <artnay@users.noreply.translate.codeberg.org> Co-authored-by: be4zad <be4zad@users.noreply.translate.codeberg.org> Co-authored-by: Benedikt Straub <benedikt-straub@web.de> Co-authored-by: Coral Pink <coralpink@users.noreply.translate.codeberg.org> Co-authored-by: Dirk <dirk@users.noreply.translate.codeberg.org> Co-authored-by: DKMellow <dkmellow@users.noreply.translate.codeberg.org> Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org> Co-authored-by: Edgarsons <edgarsons@users.noreply.translate.codeberg.org> Co-authored-by: Fjuro <fjuro@users.noreply.translate.codeberg.org> Co-authored-by: gedankenstuecke <gedankenstuecke@users.noreply.translate.codeberg.org> Co-authored-by: Gitea translators on Crowdin <teabot@gitea.io> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org> Co-authored-by: IndieHum <indiehum@users.noreply.translate.codeberg.org> Co-authored-by: Juno Takano <jutty@users.noreply.translate.codeberg.org> Co-authored-by: kbruen <kbruen@users.noreply.translate.codeberg.org> Co-authored-by: Kenneth Bruen <kbruen@users.noreply.translate.codeberg.org> Co-authored-by: Kenneth Bruen <kenny@kbruen.ro> Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com> Co-authored-by: laegnur <laegnur@users.noreply.translate.codeberg.org> Co-authored-by: Laxystem <laxystem@users.noreply.translate.codeberg.org> Co-authored-by: Laxystem <the@laxla.quest> Co-authored-by: Lzebulon <lzebulon@users.noreply.translate.codeberg.org> Co-authored-by: marat2509 <marat2509@users.noreply.translate.codeberg.org> Co-authored-by: noiro <noiro@users.noreply.translate.codeberg.org> Co-authored-by: nykula <nykula@users.noreply.translate.codeberg.org> Co-authored-by: otf31 <otf31@users.noreply.translate.codeberg.org> Co-authored-by: Outbreak2096 <outbreak2096@users.noreply.translate.codeberg.org> Co-authored-by: Panagiotis \"Ivory\" Vasilopoulos <git@n0toose.net> Co-authored-by: RealEnder <realender@users.noreply.translate.codeberg.org> Co-authored-by: Ricky-Tigg <ricky-tigg@users.noreply.translate.codeberg.org> Co-authored-by: SomeTr <sometr@users.noreply.translate.codeberg.org> Co-authored-by: tacaly <frederick@tacaly.com> Co-authored-by: Wuzzy <wuzzy@disroot.org> Co-authored-by: xtex <xtexchooser@duck.com> Co-authored-by: yeager <yeager@users.noreply.translate.codeberg.org> Co-authored-by: yorunin <yorunin@users.noreply.translate.codeberg.org> Co-authored-by: Zughy <zughy@users.noreply.translate.codeberg.org> <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Localization - [PR](https://codeberg.org/forgejo/forgejo/pulls/7067): <!--number 7067 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIG11bHRpcGxlIHNvdXJjZXM=-->i18n: update of translations from multiple sources<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7067 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: 0ko <0ko@noreply.codeberg.org> Co-committed-by: 0ko <0ko@noreply.codeberg.org>	2025-02-28 05:19:31 +00:00
Renovate Bot	2e76237e26	Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.3.4 (v10.0/forgejo) (#7052) ... This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [https://data.forgejo.org/forgejo/forgejo-build-publish](https://data.forgejo.org/forgejo/forgejo-build-publish) | action | patch | `v5.3.1` -> `v5.3.4` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>forgejo/forgejo-build-publish (https://data.forgejo.org/forgejo/forgejo-build-publish)</summary> ### [`v5.3.4`](https://code.forgejo.org/forgejo/forgejo-build-publish/compare/v5.3.3...v5.3.4) [Compare Source](https://data.forgejo.org/forgejo/forgejo-build-publish/compare/v5.3.3...v5.3.4) ### [`v5.3.3`](https://code.forgejo.org/forgejo/forgejo-build-publish/compare/v5.3.2...v5.3.3) [Compare Source](https://data.forgejo.org/forgejo/forgejo-build-publish/compare/v5.3.2...v5.3.3) ### [`v5.3.2`](https://code.forgejo.org/forgejo/forgejo-build-publish/compare/v5.3.1...v5.3.2) [Compare Source](https://data.forgejo.org/forgejo/forgejo-build-publish/compare/v5.3.1...v5.3.2) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - "* 0-3 * * *" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzguMSIsInVwZGF0ZWRJblZlciI6IjM5LjE3OC4xIiwidGFyZ2V0QnJhbmNoIjoidjEwLjAvZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7052 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-02-24 10:51:56 +00:00
Earl Warren	a6a1b11670	[v10.0/forgejo] fix(release): the rootless image version label is not set (#7046) ... Backport: https://codeberg.org/forgejo/forgejo/pulls/7038 There is a test for that but it was a false positive. Refs: https://code.forgejo.org/forgejo/forgejo-build-publish/pulls/27 (cherry picked from commit 078ca85d87) ``` Conflicts: Dockerfile.rootless trivial context conflict ``` Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7046 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Earl Warren <contact@earl-warren.org> Co-committed-by: Earl Warren <contact@earl-warren.org>	2025-02-24 09:07:14 +00:00
Renovate Bot	b2c3f99901	Update dependency go to v1.23.6 (v10.0/forgejo) (#6812) ... This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [go](https://go.dev/) ([source](https://github.com/golang/go)) | toolchain | patch | `1.23.5` -> `1.23.6` | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - "* 0-3 * * *" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNTguMiIsInVwZGF0ZWRJblZlciI6IjM5LjE1OC4yIiwidGFyZ2V0QnJhbmNoIjoidjEwLjAvZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6812 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-02-23 08:29:21 +00:00
forgejo-backport-action	52fb476fb1	[v10.0/forgejo] fix: do not allow SSH url for migration (#7018) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/7004 - Add a new function `IsPushMirrorURLAllowed` that will allow `ssh://` url and make the existing `IsMigrateURLAllowed` not allow such URLs anymore. - Resolves forgejo/forgejo#6960 - Existing integration tests make sure that SSH urls are still allowed for the push mirror feature and added unit test to ensure that `IsMigrateURLAllowed` no longer allows SSH urls. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7018 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-21 11:46:08 +00:00
forgejo-backport-action	3eacbfead9	[v10.0/forgejo] fix: return 404 for empty repositories (#7014) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/7003 Some endpoints (`/api/v1/repos/*/*/raw`, `/api/v1/repos/*/*/media`, ...; anything that uses both `context.ReferencesGitRepo()` and `context.RepoRefForAPI` really) returned a 500 when the repository was completely empty. This resulted in some confusion in https://github.com/datalad/datalad-usage-dashboard/issues/47 because the same request for a non-existent file in a repository could sometimes generate a 404 and sometimes a 500, depending on if the git repository is initialized at all or not. Returning a 404 seems more appropriate here, since this isn't an unexpected internal error, but just another way of not finding the requested data. Co-authored-by: Matthias Riße <m.risse@fz-juelich.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7014 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-20 22:26:30 +00:00
forgejo-backport-action	932afb2036	[v10.0/forgejo] fix: delay deleting authorization token (#6976) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6937 - 1ce33aa38d extended the LTA table with a purpose column so it could be extended to other tokens. However some are single-use tokens and should be deleted after use. - This did not result in a good UX for activating user as they needed to also fill in their passwords and in the case that the password was incorrect the token would no longer be usable. - This patch modifies the code to allow for a little delay before deleting authorization tokens to do additional verification such as the password check. This cannot be done before the authorization token check as that the authorization token determines who the user is. - Resolves forgejo/forgejo#6912 - Adjusted existing unit test. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6976 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-19 07:06:01 +00:00
forgejo-backport-action	cc8a05f693	[v10.0/forgejo] fix: native parsing of ssh certificate key (#6954) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6953 - In the case of parsing an public SSH certificate key, use the underlying key type instead of the certificate type. This means `ed25519-cert-v01` would be seen as `ed25519` type and thus correctly parsed. Certificates do not change the keysize or otherwise parsing of the key. - Add unit test. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6954 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-15 17:28:48 +00:00
forgejo-backport-action	0fe56e6059	[v10.0/forgejo] fix: disable forgotten password for external signin only (#6930) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6680 - Make it such that `[service].ENABLE_INTERNAL_SIGNIN = false` disables the forgotten password prompt on the login page. Co-authored-by: davrot <davrot@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6930 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-14 13:37:46 +00:00
forgejo-backport-action	4802c33acb	[v10.0/forgejo] fix: show internal login prompt for account linking (#6929) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6920 Fixes #6878. Co-authored-by: Matthias Riße <m.risse@fz-juelich.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6929 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-14 13:25:46 +00:00
forgejo-backport-action	c56bbddf62	[v10.0/forgejo] enable ssh mirrors in rootless images (#6915) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6896 This mini-PR fixes mirror feature on docker rootless images, as discussed in #6894. Thank you, regards ## Testing - 24h After the PR is merged - Visit https://v11.next.forgejo.org and create a ssh based mirror Co-authored-by: Alessandro Ogier <alessandro.ogier@gmail.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6915 Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-13 00:56:48 +00:00
forgejo-backport-action	a7ae98ff93	[v10.0/forgejo] fix(ui): hide extra PR property labels on title edit (#6905) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6898 * hide labels [AGit](https://codeberg.org/forgejo/forgejo/pulls/2444) and [Editable](https://codeberg.org/forgejo/forgejo/pulls/6863) on title edit mode: they make layout broken and are not really needed at edit state * make the code slightly less boring Co-authored-by: 0ko <0ko@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6905 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-12 09:05:43 +00:00
forgejo-backport-action	0aa872c4e3	[v10.0/forgejo] fix: always set stripped slashes on http request (#6884) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6866 - The middleware that takes care of normalizing `//user2/////repo1` to `/user2/repo1` would only set the normalized value to the Chi (Forgejo's http router) `RoutePath` field, so Chi would correctly do the routing. However not all components in Forgejo (like Forgejo's `context` module) rely on Chi to get this updated path and some still rely on the value of `(http.Request).URL.Path`, so always set the normalized value to the http request. - Adjusted unit test. - Resolves forgejo/forgejo#6822 - The related issue was caused by 751a3da979/services/context/context.go (L115) using the value of the http request on not that was set in the Chi context. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6884 Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-10 20:00:25 +00:00
forgejo-backport-action	ee49a62bed	[v10.0/forgejo] fix(ui): hide 'New migration' button on org pages with migrations disabled (#6850) (#6860) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6851 When migrations are disabled via `[repository].DISABLE_MIGRATIONS = true`, on organisation pages next to the 'New repository' button, the 'New migration' button is still shown. This is caused by a logic error in the templates: instead of checking for disabled migrations, it checks for disabled pull mirrors. This patch fixes that to use `DisableMigrations` instead of `DisableNewPullMirrors`. Signed-off-by: Daniel Baumann <daniel@debian.org> Co-authored-by: Daniel Baumann <daniel@debian.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6860 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-08 15:45:58 +00:00
forgejo-backport-action	89c4c9c477	[v10.0/forgejo] fix: render link in heading correctly in TOC (#6859) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6853 - When you use a link in a heading such as `# [Text](link)` (instead of the conventional `# Text`) the TOC should only show `Text` and not `[Text](link)`. - Use the `mdutil.Text` to only get the text from actual text nodes and not the text that was provided in the markdown input. - Regression of e2fddcf681 - Resolves forgejo/forgejo#6847 - Added integration test. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6859 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-08 14:33:01 +00:00
forgejo-backport-action	bdb78d42b6	[v10.0/forgejo] ui: update language stats layout and click behavior (#6854) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6700 Fix regression of https://codeberg.org/forgejo/forgejo/pulls/6344. It was reported by @Beowulf. JS toggle [used](49c5102b40/templates/repo/sub_menu.tmpl (L38)) a selector which was broken by that PR, which caused the legend to appear separately instead of replacing the primary repo info. ## Changes * use clear IDs `language-stats-bar` and `language-stats-legend` * add simple e2e test Instead of restoring the previous behavior, I moved the legend under the stats bar. To me it didn't make a lot of sense in the first place to replace the information in the primary bar with with completely different information. It did not save much space either. Co-authored-by: 0ko <0ko@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6854 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-08 13:52:03 +00:00
Earl Warren	6ef900899e	fix(sec): Forgejo Actions web routes (#6839) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6839	2025-02-08 06:21:18 +00:00
Earl Warren	a9f0bb9f68	fix(sec): permission check for project issue (#6838) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6838	2025-02-08 06:20:29 +00:00
Gusted	3b4f1b3469	fix(sec): add tests for private issues on projects ... - Add integration and unit tests to ensure that private issues on projects are not shown in any way, shape or form when the doer has no access to it. (cherry picked from commit 55dcc1d06cb12ddb750a0289fbb6e212f93957a8)	2025-02-08 06:06:06 +00:00
Gusted	77fc232e5b	fix(sec): permission check for project issue ... - Do an access check when loading issues for a project column, currently this is not done and exposes the title, labels and existence of a private issue that the viewer of the project board may not have access to. - The number of issues cannot be calculated in a efficient manner and stored in the database because their number may vary depending on the visibility of the repositories participating in the project. The previous implementation used the pre-calculated numbers stored in each project, which did not reflect that potential variation. - The code is derived from https://github.com/go-gitea/gitea/pull/22865 (cherry picked from commit 2193afaeb9954a5778f5a47aafd0e6fbbf48d000)	2025-02-08 06:06:03 +00:00
Gusted	5a7d70658d	fix(sec): web route test edit and delete variable ... Exhaustively test each combination of deleting and updating a action action variable via the web route.	2025-02-08 06:04:14 +00:00
Gusted	5046a10aec	fix(sec): add tests for web route delete runner ... Exhaustively test each combination of deleting and updating a action runner via the web route. Although updating an action runner was not impacted, its good to have a test nonetheless.	2025-02-08 06:04:14 +00:00
Gusted	77db7655e0	fix(sec): web route update and delete runner variables ... The web route to update and delete variables of runners did not check if the ID that was given belonged to the context it was requested in, this made it possible to update and delete every existing runner variable of a instance for any authenticated user. The code has been reworked to always take into account the context of the request (owner and repository ID).	2025-02-08 06:04:14 +00:00
Gusted	c324910c31	fix(sec): web route delete runner ... The web route to delete action runners did not check if the ID that was given belonged to the context it was requested in, this made it possible to delete every existing runner of a instance by a authenticated user. The code was reworked to ensure that the caller of the delete runner function retrieved the runner by ID and then checks if it belongs to the context it was requested in, although this is not an optimal solution it is consistent with the context checking of other code for runners.	2025-02-08 06:04:14 +00:00
0ko	57ad0b868d	[v10.0/forgejo] i18n: update of translations from Codeberg Translate (#6834) ... Backport: https://codeberg.org/forgejo/forgejo/pulls/6745 Feel free to leave merge to me. My strategy is to use squash-merge, but copy the description of the actual commit into squash description, so attribution is preserved. https://codeberg.org/forgejo/forgejo/pulls/6745 was quite large, so I decided it will be ok to backport just one PR before a new release. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Localization - [PR](https://codeberg.org/forgejo/forgejo/pulls/6834): <!--number 6834 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZQ==-->i18n: update of translations from Codeberg Translate<!--description--> <!--end release-notes-assistant--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6834 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: 0ko <0ko@noreply.codeberg.org> Co-committed-by: 0ko <0ko@noreply.codeberg.org>	2025-02-08 00:01:24 +00:00
forgejo-backport-action	34d2a8531c	[v10.0/forgejo] fix(ui): display verified icon for default gpg key (#6833) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6803 ## Description Thank you for this amazing project! I recently noticed that the icon next to the GPG key reference appears to be incorrect for commits signed by the default GPG key: | Default GPG Key | User GPG Key | |---------|---------| |  |  | Looking into the commit history of the template file, I noticed that Forgejo-signed commits originally had a distinct icon: [gitea-unlock-cog](b918609acc) --> [octicon-shield-lock](12ddc48c5c) --> octicon-unverified (current) Since `octicon-unverified` is also used when a commit cannot be verified (.Verification.Warning), I find it misleading for successfully signed commits. This PR changes the icon to the verified variant for better clarity. ### Tests 1. Set up automatic commit signing by Forgejo ([guide](https://forgejo.org/docs/latest/admin/signing/#automatic-signing)) 2. Trigger automatic commit signing in any of the following scenarios: - Repository Initialisation (should be the easiest) - Wiki Changes - CRUD actions using the editor or the API - Merges from Pull Requests 3. Open the commit signed by Forgejo 4. Verify that the icon next to the GPG key id is `octicon-verified`:  ### Documentation - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] I want the title to show in the release notes with a link to this pull request. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - User Interface bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/6803): <!--number 6803 --><!--line 0 --><!--description Zml4KHVpKTogZGlzcGxheSB2ZXJpZmllZCBpY29uIGZvciBkZWZhdWx0IGdwZyBrZXk=-->fix(ui): display verified icon for default gpg key<!--description--> <!--end release-notes-assistant--> Co-authored-by: shgew <shgew@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6833 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Beowulf <beowulf@beocode.eu> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-07 13:16:23 +00:00
forgejo-backport-action	d260013a51	[v10.0/forgejo] fix: avoid y-axis clipping for branch name (#6832) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6817 - `gt-ellipsis` is set on elements to avoid overflowing its text contents and in the case of overflowing it would show an ellipsis. To force it to not overflow `overflow: hidden` is set, however this also hides the overflow on the y-axis, `overflow-x: hidden` has the same behavior. - To avoid avoid the branch name from being clipped, add a very small amount of padding on the y-axis. This is a workaround and not a proper solution. There does not seem a good cross-platform solution available to fix this in a proper way. - Resolves forgejo/forgejo#6811 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6832 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-07 10:46:08 +00:00
forgejo-backport-action	3168330425	[v10.0/forgejo] chore(i18n): lint errors (#6809) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6808 settings.hidden_comment_types_description: Rodzaje komentarzy zaznaczone tutaj nie będą wyświetlały się na stronach zgłoszeń. Zaznaczenie "Etykieta" na przykład usunie wszystkie komentarze "<użytkownik> dodał/usunął <etykieta>". repo.settings.add_web_hook_desc: Zintegruj <a target="_black" rel="noreferrer" href="https://TO-BE-REPLACED.COM">%s</a> ze swoim repozytorium. Add user & label in Polish. Co-authored-by: Earl Warren <contact@earl-warren.org> Co-authored-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6809 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-06 12:37:53 +00:00
forgejo-backport-action	2491bbfa69	[v10.0/forgejo] ci: fix go version check (#6810) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6646 Allow ci go version to be higher than the tool chain. This will fix the current build issues on forgejo branch Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6810 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-06 08:15:36 +00:00
forgejo-backport-action	ac01c7a384	[v10.0/forgejo] fix: make author search case insenstive (#6783) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6782 - Make the author search in the issues and pull request list case insenstive. - Background: Forgejo mandates that all columns are case senstive and only SQLite ignores this for ASCII characters with the `LIKE` operator any other database will indeed do case senstive searching. Codeberg recently made all columns case senstive, hence why this issue now surfaces. - Added integration test. - Resolves forgejo/forgejo#6744 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6783 Reviewed-by: Beowulf <beowulf@beocode.eu> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-04 17:06:20 +00:00
forgejo-backport-action	b615d41457	[v10.0/forgejo] fix(ui): add triangle down octicon to code search options dropdown (#6770) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6620 This adds the triangle down oction to the code search options dropdown to match the other search option dropdowns (issue, pull). Co-authored-by: Beowulf <beowulf@beocode.eu> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6770 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-02-03 08:35:41 +00:00
0ko	184bdef340	[v10.0/forgejo] i18n: backport of translation updates 6565 and 6665 (#6764) ... Translation updates that are applicable to v10 strings were picked from these commits: * dac7d5e73b * 7678386138 Changes to strings that are only present in the v11 branch were not picked. Below is a list of co-authors of the ported commits. It may contain co-authors who's changes were not picked due to being v11-only. Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org> Co-authored-by: artnay <artnay@users.noreply.translate.codeberg.org> Co-authored-by: Atul_Eterno <atul_eterno@users.noreply.translate.codeberg.org> Co-authored-by: Dirk <dirk@users.noreply.translate.codeberg.org> Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org> Co-authored-by: Edgarsons <edgarsons@users.noreply.translate.codeberg.org> Co-authored-by: Fjuro <fjuro@alius.cz> Co-authored-by: Fjuro <fjuro@users.noreply.translate.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: Ikuyo Mita <searinminecraft@outlook.ph> Co-authored-by: jedik <jedik@users.noreply.translate.codeberg.org> Co-authored-by: Juno Takano <jutty@users.noreply.translate.codeberg.org> Co-authored-by: justbispo <justbispo@users.noreply.translate.codeberg.org> Co-authored-by: killawabbit <killawabbit@users.noreply.translate.codeberg.org> Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com> Co-authored-by: mahlzahn <mahlzahn@posteo.de> Co-authored-by: Miguel P.L <miguel_pl@users.noreply.translate.codeberg.org> Co-authored-by: Outbreak2096 <outbreak2096@users.noreply.translate.codeberg.org> Co-authored-by: Ricky-Tigg <ricky-tigg@users.noreply.translate.codeberg.org> Co-authored-by: SomeTr <sometr@users.noreply.translate.codeberg.org> Co-authored-by: tacaly <frederick@tacaly.com> Co-authored-by: Wuzzy <wuzzy@disroot.org> Co-authored-by: xtex <xtexchooser@duck.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6764 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>	2025-02-02 18:38:07 +00:00
forgejo-backport-action	27276ff26e	[v10.0/forgejo] fix: set explore pages to configurable default sort (#6749) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6708 - Currently, the explore/organizations page always defaults to using "newest" as its sort. Instead, use the pre-existing config option (`setting.UI.ExploreDefaultSort`) so server administrators can change the default sort order. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests (Sorry, not sure how to add a test for this change) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes I don't mind either way. - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Co-authored-by: John Moon <john.moon@vts-i.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6749 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-31 11:12:01 +00:00
forgejo-backport-action	1b00bf2d26	[v10.0/forgejo] fix: Remove autofocus on the dashboard repository search box (#6748) ... - No longer autofocus on the searchbox for the repository list that is on the dashboard. There is no justification for doing so. - Fixes #6653 Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-31 10:40:23 +00:00
forgejo-backport-action	69bc17ea35	[v10.0/forgejo] fix inline file preview for files with encoded URL, fix #5069 (#6739) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6525 ### Screenshot #### Before See #5069. #### After  ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). - Manual testing: see https://codeberg.org/forgejo/forgejo/pulls/6525#issuecomment-2578814. Thanks @earl-warren. ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Co-authored-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6739 Reviewed-by: Robert Wolff <mahlzahn@posteo.de> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-30 11:49:16 +00:00
forgejo-backport-action	0db9a24a4b	[v10.0/forgejo] fix: check for webauthn in 2fa user search (#6730) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6726 - Check for webauthn credentials in the user search when the two factor filter is enabled. - Resolves forgejo/forgejo#6524 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6730 Reviewed-by: Otto <otto@codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-29 19:28:12 +00:00
forgejo-backport-action	4016f2890d	[v10.0/forgejo] fix: disallow blame on directories (#6720) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6716 - Don't allow the blame operation on directories. - Added integration test. - Resolves forgejo/forgejo#6533 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6720 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-29 09:34:03 +00:00
forgejo-backport-action	c198cb6e65	[v10.0/forgejo] fix(i18n): add forgotten translatable string (#6718) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6701 - Regression of 75ce1e2ac1 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6718 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-29 08:28:25 +00:00
forgejo-backport-action	114d8975b5	[v10.0/forgejo] fix: render issue titles consistently (#6717) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6715 - Render the issue titles in dashboard feed in consistent manner, by using the existing `RenderIssueTitle`. - Added integration tests (not exhaustive for all comment types, but exhaustive enough for the current code where some comment types are grouped together). - Resolves forgejo/forgejo#6705 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6717 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-29 08:24:37 +00:00
Michael Kriese	7ee19b4c6c	chore: consistent docker image and action references (#6704) ... backport of #6703 - replace `code.forgejo.org` ->`data.forgejo.org` on docker images - add `https://data.forgejo.org/` to actions where missing Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6704 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Co-committed-by: Michael Kriese <michael.kriese@visualon.de>	2025-01-28 15:46:07 +00:00
Renovate Bot	faa263d54a	Update dependency katex to v0.16.21 [SECURITY] (v10.0/forgejo) (#6694) ... This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [katex](https://katex.org) ([source](https://github.com/KaTeX/KaTeX)) | dependencies | patch | [`0.16.18` -> `0.16.21`](https://renovatebot.com/diffs/npm/katex/0.16.18/0.16.21) | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### KaTeX \htmlData does not validate attribute names [CVE-2025-23207](https://nvd.nist.gov/vuln/detail/CVE-2025-23207) / [GHSA-cg87-wmx4-v546](https://github.com/advisories/GHSA-cg87-wmx4-v546) <details> <summary>More information</summary> #### Details ##### Impact KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. ##### Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. ##### Workarounds - Avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands. - Forbid inputs containing the substring `"\\htmlData"`. - Sanitize HTML output from KaTeX. ##### Details `\htmlData` did not validate its attribute name argument, allowing it to generate invalid or malicious HTML that runs scripts. ##### For more information If you have any questions or comments about this advisory: - Open an issue or security advisory in the [KaTeX repository](https://github.com/KaTeX/KaTeX/) - Email us at [katex-security@mit.edu](mailto:katex-security@mit.edu) #### Severity - CVSS Score: 6.3 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L` #### References - [https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546](https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546) - [https://nvd.nist.gov/vuln/detail/CVE-2025-23207](https://nvd.nist.gov/vuln/detail/CVE-2025-23207) - [ff289955e8) - [https://github.com/KaTeX/KaTeX](https://github.com/KaTeX/KaTeX) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-cg87-wmx4-v546) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>KaTeX/KaTeX (katex)</summary> ### [`v0.16.21`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01621-2025-01-17) [Compare Source](https://github.com/KaTeX/KaTeX/compare/v0.16.20...v0.16.21) ##### Bug Fixes - escape \htmlData attribute name ([57914ad](57914ad91e)) ### [`v0.16.20`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01620-2025-01-12) [Compare Source](https://github.com/KaTeX/KaTeX/compare/v0.16.19...v0.16.20) ##### Bug Fixes - \providecommand does not overwrite existing macro ([#&#8203;4000](https://github.com/KaTeX/KaTeX/issues/4000)) ([6d30fe4](6d30fe47b0)), closes [#&#8203;3928](https://github.com/KaTeX/KaTeX/issues/3928) ### [`v0.16.19`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01619-2024-12-29) [Compare Source](https://github.com/KaTeX/KaTeX/compare/v0.16.18...v0.16.19) ##### Bug Fixes - **types:** improve `strict` function type ([#&#8203;4009](https://github.com/KaTeX/KaTeX/issues/4009)) ([4228b4e](4228b4eb52)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - "* 0-3 * * *" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMzYuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEzNi4xIiwidGFyZ2V0QnJhbmNoIjoidjEwLjAvZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6694 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org> Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>	2025-01-28 11:34:32 +00:00
forgejo-backport-action	0ecf28f37f	[v10.0/forgejo] Fix inline file preview for rendered files (#6685) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6572 ### What? This fixes the inline file preview for rendered files (e.g., markdown). [Here, a live issue in v11](https://v11.next.forgejo.org/mahlzahn/test-inline-file-preview/issues/1) and [the same in v7 (with even more bugs)](https://v7.next.forgejo.org/mahlzahn/test-inline-file-preview/issues/1). It fixes 1. the inline preview for possibly rendered files, when the link is specified with `?display=source`. This happens, e.g., if you are watching a (e.g., markdown) file in source and then want to link some of its lines. 2. the link to the source file inside the inline preview for possible rendered files (currently it links to the rendered version and then the `#L…` cannot point to the correct lines). This is done by always adding `?display=source` to the link. ### Screenshots <details><summary> #### Before </summary>  </details> <details><summary> #### After </summary>  </details> ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). I think that this minor edit does not need special tests. Some backend tests have been updated to reflect the addition of URL parameters. #### Manual testing - create a repository with a file that can be rendered with couple of lines inside, e.g., a markdown README.md - go to the source of this file (e.g., `…/src/branch/main/README.md`) - click on the `<> View Source` button (or add `?display=source` to the URL) - click on one of the lines, then on the three dots, then on ”Reference in a new issue“ - continue creating the issue ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Co-authored-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6685 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-25 11:38:02 +00:00
forgejo-backport-action	d10034f4d8	[v10.0/forgejo] fix: add non allowed domain translation (#6684) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6677 - Was added in 2559c80bec and accidentally removed in 5a16c9d9c0. - Reworded for clarity. - Resolves #6661 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6684 Reviewed-by: Otto <otto@codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-25 01:15:27 +00:00
forgejo-backport-action	553fc3cc42	[v10.0/forgejo] fix: load settings for valid user and email check (#6678) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/6674 - The doctor commands to check the validity of existing usernames and email addresses depend on functionality that have configurable behavior depending on the values of the `[service]` settings, so load them when running the doctor command. - Resolves #6664 - No unit test due to the architecture of doctor commands. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6678 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>	2025-01-24 12:25:00 +00:00
Earl Warren	6d7bf7369d	[v10.0/forgejo] chore(security): update security.txt with new expiration date (#6668) ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6668	2025-01-23 17:28:46 +00:00
Earl Warren	eb83b05430	chore(security): update security.txt with new expiration date ... Same as https://forgejo.org/.well-known/security.txt (cherry picked from commit 955f99b6a4)	2025-01-23 16:20:44 +00:00