Commit graph

495 commits

Author SHA1 Message Date
Earl Warren
c5028d72a6 Merge pull request 'Update module github.com/microcosm-cc/bluemonday to v1.0.27' (#4333) from renovate/github.com-microcosm-cc-bluemonday-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4333
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-05 05:25:08 +00:00
Earl Warren
860b33696d Merge pull request 'Update module github.com/buildkite/terminal-to-html/v3 to v3.13.0' (#4313) from renovate/github.com-buildkite-terminal-to-html-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4313
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-05 05:04:36 +00:00
Renovate Bot
a8df27e5a1
Update module github.com/microcosm-cc/bluemonday to v1.0.27 2024-07-05 06:36:35 +02:00
Renovate Bot
1c49047390 Update module google.golang.org/grpc to v1.65.0 2024-07-04 22:19:07 +00:00
Gusted
3eb178db49
[CHORE] Update terminal-to-html dependency
- Update the `github.com/buildkite/terminal-to-html/v3` dependency from
version v3.10.1 to v3.13.0.
- Version v3.12.0 introduced an incompatible change, the return type of
`AsHTML` changed from `[]byte` to `string`. That same version also
introduced streaming mode
https://github.com/buildkite/terminal-to-html/pull/126, which allows us
to avoid reading the whole input into memory.
- Closes #4313
2024-07-04 23:41:17 +02:00
Renovate Bot
319c4efbe7 Update module github.com/blevesearch/bleve/v2 to v2.4.1 2024-07-04 00:02:31 +00:00
Renovate Bot
4101260d6e Update module github.com/minio/minio-go/v7 to v7.0.73 2024-07-03 18:07:19 +00:00
Renovate Bot
fa1a853db0 Update dependency go to v1.22.5 2024-07-03 08:23:00 +00:00
Earl Warren
a3a8b0e7d1 Merge pull request 'Update module github.com/yuin/goldmark to v1.7.4' (#4240) from renovate/github.com-yuin-goldmark-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4240
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-06-26 07:51:29 +00:00
Renovate Bot
d9b83719d6 Update module github.com/yuin/goldmark to v1.7.4 2024-06-26 06:19:55 +00:00
Renovate Bot
83d7be3447 Update module golang.org/x/image to v0.18.0 2024-06-26 06:19:47 +00:00
Earl Warren
91f16dfcb7
fix(security): GO-2024-2947
Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.7.5
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
      #1: services/migrations/gitlab.go:500:74: migrations.GitlabDownloader.GetComments calls gitlab.DiscussionsService.ListMergeRequestDiscussions, which eventually calls retryablehttp.Client.Do
2024-06-26 07:35:19 +02:00
Renovate Bot
e91961224d
Update module github.com/yuin/goldmark to v1.7.3 2024-06-24 08:03:18 +02:00
Renovate Bot
11e847ac74 Update module github.com/go-chi/chi/v5 to v5.0.14 2024-06-23 00:03:30 +00:00
Renovate Bot
c07cc28d88 Update module code.forgejo.org/f3/gof3/v3 to v3.4.0 (#4196)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| code.forgejo.org/f3/gof3/v3 | require | minor | `v3.3.1` -> `v3.4.0` |

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MDkuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQwOS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiXX0=-->

Co-authored-by: Twenty Panda <twenty-panda@posteo.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4196
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-06-21 13:51:59 +00:00
Renovate Bot
07e26508b0 Update module github.com/go-chi/chi/v5 to v5.0.13 2024-06-19 00:02:33 +00:00
Renovate Bot
a815eb552a
Update module github.com/gorilla/feeds to v1.2.0
Refs: https://github.com/go-gitea/gitea/pull/31400
2024-06-18 09:06:46 +02:00
Renovate Bot
aa9c164940 Update module github.com/yuin/goldmark to v1.7.2 2024-06-15 00:02:33 +00:00
Earl Warren
e99d3f7055
feat(F3): CLI: f3 mirror to convert to/from Forgejo
feat(F3): driver stub

feat(F3): util.Logger

feat(F3): driver compliance tests

feat(F3): driver/users implementation

feat(F3): driver/user implementation

feat(F3): driver/{projects,project} implementation

feat(F3): driver/{labels,label} implementation

feat(F3): driver/{milestones,milestone} implementation

feat(F3): driver/{repositories,repository} implementation

feat(F3): driver/{organizations,organization} implementation

feat(F3): driver/{releases,release} implementation

feat(F3): driver/{issues,issue} implementation

feat(F3): driver/{comments,comment} implementation

feat(F3): driver/{assets,asset} implementation

feat(F3): driver/{pullrequests,pullrequest} implementation

feat(F3): driver/{reviews,review} implementation

feat(F3): driver/{topics,topic} implementation

feat(F3): driver/{reactions,reaction} implementation

feat(F3): driver/{reviewComments,reviewComment} implementation

feat(F3): CLI: f3 mirror

chore(F3): move to code.forgejo.org

feat(f3): upgrade to gof3 3.1.0

repositories in pull requests are represented with a reference instead
of an owner/project pair of names
2024-06-14 12:52:12 +02:00
Renovate Bot
7f89eeb365 Update module github.com/klauspost/compress to v1.17.9 2024-06-13 00:03:41 +00:00
Renovate Bot
b25f5265b1 Update module code.forgejo.org/forgejo/reply to v1.0.2 2024-06-09 00:05:02 +00:00
Earl Warren
dedcd6c647 Merge pull request 'Update module github.com/huandu/xstrings to v1.5.0' (#4050) from renovate/github.com-huandu-xstrings-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4050
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 16:48:16 +00:00
Earl Warren
da948ae6bb Merge pull request 'Update github.com/google/pprof digest to 186aa03' (#4055) from renovate/github.com-google-pprof-digest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4055
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 15:59:56 +00:00
Renovate Bot
5b82e43da5 Update module golang.org/x/net to v0.26.0 2024-06-07 10:03:08 +00:00
Earl Warren
3f0859658d Merge pull request 'Update module golang.org/x/oauth2 to v0.21.0' (#4058) from renovate/golang.org-x-oauth2-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4058
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 09:41:34 +00:00
Earl Warren
ed2c651429 Merge pull request 'Update module golang.org/x/image to v0.17.0' (#4056) from renovate/golang.org-x-image-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4056
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 09:07:46 +00:00
Renovate Bot
6fb5cef962 Update module golang.org/x/oauth2 to v0.21.0 2024-06-07 08:04:08 +00:00
Renovate Bot
c64afa1bfc Update module golang.org/x/image to v0.17.0 2024-06-07 08:03:51 +00:00
Renovate Bot
b4d8021ce0 Update github.com/google/pprof digest to 186aa03 2024-06-07 08:03:41 +00:00
Renovate Bot
28c9bd3f7e Update dependency go to v1.22.4 2024-06-07 08:03:30 +00:00
Renovate Bot
e13972b9da Update module golang.org/x/crypto to v0.24.0 2024-06-07 02:05:07 +00:00
Renovate Bot
884eb07793 Update module github.com/huandu/xstrings to v1.5.0 2024-06-07 00:05:55 +00:00
Earl Warren
3bfec270ac
chore(dependency): whitelist mholt/archiver/v3 CVE-2024-0406
It is not possible to tell vulncheck that Forgejo is not affected by
CVE-2024-0406. Use a mirror of the repository to do that.

Refs: https://github.com/mholt/archiver/issues/404
2024-06-05 22:07:40 +02:00
Earl Warren
b3bcae8bd6
Update dependency go to v1.22
There is no need to pin the patch release for the build
environment. They are backward compatible and it prevents security
upgrades to be taken into account.
2024-06-05 07:38:42 +02:00
Victoria Nadasdi
b80677d009
chore(deps): update module github.com/redis/go-redis/v9 to v9.5.2
Renovate tried to update redis/go-redis, but failed because they changes
the interface, they added two new functions: `BitFieldRO` and
`ObjectFreq`.

Changes:
- Update redis/go-redis
- Run mockgen:
  ```
  mockgen -package mock -destination ./modules/queue/mock/redisuniversalclient.go  github.com/redis/go-redis/v9 UniversalClient
  ```

References:
- https://codeberg.org/forgejo/forgejo/pulls/4009
2024-06-04 12:38:35 +02:00
Earl Warren
3a469d72a0 Merge pull request 'Update module github.com/go-testfixtures/testfixtures/v3 to v3.11.0' (#3955) from renovate/github.com-go-testfixtures-testfixtures-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3955
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-31 13:51:08 +00:00
Renovate Bot
5e33f2d50f Update module github.com/go-testfixtures/testfixtures/v3 to v3.11.0 2024-05-31 00:05:11 +00:00
Earl Warren
e417e424fa
Update module github.com/alecthomas/chroma/v2 to v2.14.0 (take 2)
Because the branch of the other PR was deleted by mistake.

Refs: https://codeberg.org/forgejo/forgejo/pulls/3922
2024-05-30 22:52:26 +02:00
Earl Warren
8cfe353061 Merge pull request 'Update module github.com/jhillyerd/enmime to v1.2.0' (#3791) from renovate/github.com-jhillyerd-enmime-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3791
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 10:21:31 +00:00
Earl Warren
c66c4d8fd5 Merge pull request 'Update module github.com/markbates/goth to v1.80.0' (#3808) from renovate/github.com-markbates-goth-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3808
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 09:26:08 +00:00
Renovate Bot
1602f60e53 Update module github.com/markbates/goth to v1.80.0 2024-05-21 20:07:52 +00:00
Victoria Nadasdi
e195b47ffc
go mod tidy
Signed-off-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-21 18:02:37 +02:00
Victoria Nadasdi
54acfa8880
refactor: redis queue backend test cleanup
Summary:
- Move existing test under a `testify` Suite as `baseRedisWithServerTestSuite`
  - Those tests require real redis server.
- Add `go.uber.org/mock/mockgen@latest` as dependency
  - as a tool (Makefile).
  - in the `go.mod` file.
- Mock redis client lives under a `mock` directory under the queue module.
  - That mock module has an extra hand-written mock in-memory redis-like struct.
- Add tests using the mock redis client.
- Changed the logic around queue provider creation.
  - Now the `getNewQueue` returns a Queue provider directly, not an init
    function to create it.

The whole Queue module is close to impossible to test properly because
everything is private, everything goes through a struct route. Because
of that, we can't test for example what keys are used for given queue.

To overcome this, as a first step I removed one step from that hard
route by allowing custom calls to create new queue provider. To achieve
this, I moved the creation logic into the `getNewQueue` (previously it
was `getNewQueueFn`). That changes nothing on that side, everything goes
as before, except the `newXXX` call happens directly in that function
and not outside that.

That made it possible to add extra provider specific parameters to those
function (`newXXX`). For example a client on redis. Calling it through
the `getNewQueue` function, it gets `nil`.

- If the provided client is not `nil`, it will use that instead of the
connection string.
- If it's `nil` (default behaviour), it creates a new redis client as it
  did before, no changes to that.

The rest of the provider code is unchanged. All these changes were
required to make it possible to generate mock clients for providers and
use them.

For the tests, the existing two test cases are good with redis server,
and they need some extra helpers, for example to start a new redis
server if required, or waiting on a redis server to be ready to use.
These helpers are only required for test cases using real redis server.

For better isolation, moved existing test under a testify Suite, and
moved them into a new test file called `base_redis_with_server_test.go`
because, well they test the code with server. These tests do exactly the
same as before, calling the same sub-tests the same way as before, the
only change is the structure of the test (remove repetition, scope
server related helper functions).

Finally, we can create unit tests without redis server. The main focus of
this group of tests are higher level overview of operations. With the
mock redis client we can set up expectations about used queue names,
received values, return value to simulate faulty state.

These new unit test functions don't test all functionality, at least
it's not aimed for it now. It's more about the possibility of doing that
and add extra tests around parts we couldn't test before, for example
key.

What extra features can test the new unit test group:
- What is the received key for given queue? For example using `prefix`,
  or if all the `SXxx` calls are expected to use `queue_unique` if
  it's a unique queue.
- If it's not a unique queue, no `SXxx` functions are called, because
  those sets are used only to check if a value is unique or not.
- `HasItem` return `false` always if it's a non-unique queue.
- All functions are called exactly `N` times, and we don't have any
  unexpected calls to redis from the code.

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-21 18:02:33 +02:00
Renovate Bot
a2dc3cb388 Update module github.com/jhillyerd/enmime to v1.2.0 2024-05-15 02:07:19 +00:00
Renovate Bot
16f7f0501f Update module connectrpc.com/connect to v1.16.2 2024-05-14 02:07:44 +00:00
Beowulf
2810b9ae0a Replace reply with a forked version to fix the cut-off of the incoming mail text (#3747)
replace reply with forgejos forked version

If plain text is selected as the message format in e.g. Apple Mail, the inline attachments are no longer at the end of the mail, but instead directly where they are in the mail. When parsing the mail, these inline attachments are replaced by "--". The new reply version no longer cuts the text at the first "--".

Tests for this are present in reply (7dc5750c6d).

Fixes https://codeberg.org/forgejo/forgejo/issues/3496#issuecomment-1798416

---

Additionally, I reduced the allocations for the inline attachments.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3747
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2024-05-13 21:24:58 +00:00
Earl Warren
d09a6d130c Merge pull request 'Update module github.com/go-enry/go-enry/v2 to v2.8.8' (#3723) from renovate/github.com-go-enry-go-enry-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3723
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-13 18:28:44 +00:00
Renovate Bot
8672ad12b1 Update module github.com/caddyserver/certmagic to v0.21.0 (#3724)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | require | minor | `v0.20.0` -> `v0.21.0` |

---

### Release Notes

<details>
<summary>caddyserver/certmagic (github.com/caddyserver/certmagic)</summary>

### [`v0.21.0`](https://github.com/caddyserver/certmagic/releases/tag/v0.21.0)

[Compare Source](https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0)

CertMagic v0.21 introduces some big changes:

-   Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status.
-   New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accesed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support.
-   DNS challenges should be smoother in some cases as we've improved propagation checking.
-   In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.)
-   ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA).

Please try it out and report any issues!

Thanks to [@&#8203;Framer](https://github.com/Framer) for their contributions to this release!

#### What's Changed

-   Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/certmagic/pull/264
-   Demote "storage cleaning happened too recently" from WARN to INFO by [@&#8203;francislavoie](https://github.com/francislavoie) in https://github.com/caddyserver/certmagic/pull/270
-   Check DNS propagation at authoritative nameservers only with default resolvers by [@&#8203;pgeh](https://github.com/pgeh) in https://github.com/caddyserver/certmagic/pull/274
-   Retry with new account if account disappeared remotely by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/269
-   Update readme examples to use TLS-ALPN const from ACMEz by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/277
-   Initial implementation of ZeroSSL API issuer by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/279
-   Allow deleting directories via FileStorage by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/282
-   Use the `email` configuration in the ACME issuer to "pin" an account to a key by [@&#8203;ankon](https://github.com/ankon) in https://github.com/caddyserver/certmagic/pull/283
-   Initial implementation of ARI by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/286

#### New Contributors

-   [@&#8203;pgeh](https://github.com/pgeh) made their first contribution in https://github.com/caddyserver/certmagic/pull/274
-   [@&#8203;goksan](https://github.com/goksan) made their first contribution in https://github.com/caddyserver/certmagic/pull/277

**Full Changelog**: https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6W119-->

Co-authored-by: Earl Warren <contact@earl-warren.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-05-12 14:56:39 +00:00
Renovate Bot
95b2821824 Update module github.com/go-enry/go-enry/v2 to v2.8.8 2024-05-12 00:05:15 +00:00
Renovate Bot
4bff06dafb Update module github.com/blevesearch/bleve/v2 to v2.4.0 2024-05-08 19:31:56 +00:00
Earl Warren
f3045f0519
fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
2024-05-08 14:25:08 +02:00
Earl Warren
a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Earl Warren
99d1ae52fc Merge pull request 'Update module github.com/PuerkitoBio/goquery to v1.9.2' (#3634) from renovate/github.com-puerkitobio-goquery-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3634
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-07 11:28:32 +00:00
Michael Jerger
2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
silverwind
fb693442f5
Remove external API calls in TestPassword (#30716)
The test had a dependency on `https://api.pwnedpasswords.com` which
caused many failures on CI recently:

```
--- FAIL: TestPassword (2.37s)
    pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
FAIL
coverage: 82.9% of statements
```

(cherry picked from commit 9235442ba58524c8d12ae54865d583acfa1f439d)
2024-05-05 12:15:40 +01:00
Renovate Bot
aa8a757fe2 Update module github.com/PuerkitoBio/goquery to v1.9.2 2024-05-05 00:05:34 +00:00
Renovate Bot
58bf120eba Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed 2024-05-02 00:05:56 +00:00
Earl Warren
425d64a023 Merge pull request 'Update module connectrpc.com/connect to v1.16.1' (#3491) from renovate/connectrpc.com-connect-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3491
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-30 07:10:13 +00:00
Earl Warren
79ffb2de47 Merge pull request '[gitea] week 2024-18 cherry pick (gitea-github/main -> forgejo)' (#3513) from earl-warren/wcp/2024-18 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3513
Reviewed-by: jean-daricade <jean-daricade@noreply.codeberg.org>
2024-04-30 06:42:26 +00:00
Chongyi Zheng
7517e70740
Use ProtonMail/go-crypto for opengpg in tests (#30736)
(cherry picked from commit 8b8b48ef5fb1c5c164d5534ea4b8049f1db26ce9)

Conflicts:
	go.mod
	trivial context confllict
2024-04-28 15:39:02 +02:00
Renovate Bot
95f8b1bbc5 Update module github.com/urfave/cli/v2 to v2.27.2 2024-04-28 00:05:53 +00:00
Otto
98589b487c Merge pull request 'Update module github.com/minio/minio-go/v7 to v7.0.70' (#3469) from renovate/github.com-minio-minio-go-v7-7.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3469
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-27 19:15:38 +00:00
Renovate Bot
004fe91d37 Update module gitea.com/gitea/act to v0.261.1 2024-04-27 02:04:59 +00:00
Renovate Bot
01d9faefa5 Update module connectrpc.com/connect to v1.16.1 2024-04-27 00:07:16 +00:00
Renovate Bot
ca9c039ba6 Update module github.com/minio/minio-go/v7 to v7.0.70 2024-04-26 02:05:51 +00:00
Renovate Bot
aec0e1c43a Update module github.com/klauspost/compress to v1.17.8 2024-04-10 02:10:00 +00:00
Earl Warren
2d3705bb81 Merge pull request '[CHORE] Remove Microsoft SQL Server support' (#3040) from gusted/forgejo-rm-mssql into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3040
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-09 05:34:54 +00:00
Gusted
2d9afd0c21
[CHORE] Remove Microsoft SQL Server Support
- Per https://codeberg.org/forgejo/discussions/issues/122
2024-04-05 23:37:36 +02:00
Gusted
32134e3a43
[CHORE] Remove u2f dependency
- It was only used to parse old U2F data to webauthn credentials. We
only used the public key and keyhandle. This functiontionality was
reworked to `parseU2FRegistration`.
- Tests are already present, `Test_RemigrateU2FCredentials`.
2024-04-05 16:23:10 +02:00
Gusted
ded1080bc2
[CHORE] Update golang.org/x/net
Per https://pkg.go.dev/vuln/GO-2024-2687
2024-04-04 06:17:41 +02:00
Renovate Bot
e6da9c6cd9 Update dependency go to v1.22.2 2024-04-04 04:04:38 +00:00
Earl Warren
4aebf52129 Merge pull request 'Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.2' (#2987) from renovate/github.com-editorconfig-editorconfig-core-go-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2987
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-03 16:56:21 +00:00
Michael Kriese
99efe01a08
fix: set proper go directive 2024-04-03 14:50:34 +02:00
Renovate Bot
8f3b2096a8 Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.2 2024-04-03 04:08:11 +00:00
Renovate Bot
85cbdefaaa Update module github.com/go-sql-driver/mysql to v1.8.1 2024-03-30 14:46:43 +00:00
Gusted
bc04183e47 Merge pull request 'Update module github.com/felixge/fgprof to v0.9.4' (#2805) from renovate/github.com-felixge-fgprof-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2805
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-30 13:47:43 +00:00
Earl Warren
0761207cc2 Merge pull request 'Update module github.com/minio/minio-go/v7 to v7.0.69' (#2851) from renovate/github.com-minio-minio-go-v7-7.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2851
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-30 11:11:37 +00:00
Renovate Bot
02dcd07437 Update module github.com/felixge/fgprof to v0.9.4 2024-03-30 10:11:45 +00:00
Renovate Bot
0cb9ea64a6 Update module github.com/opencontainers/image-spec to v1.1.0 2024-03-30 06:05:12 +00:00
Renovate Bot
a517e4aeb1 Update module github.com/minio/minio-go/v7 to v7.0.69 2024-03-30 06:05:07 +00:00
Gusted
f579bde69d
[CHORE] Cleanup dependency
- Remove `gitea.com/lunny/dingtalk_webhook` as dependency, we only use
two structs which are small enough to be recreated in Forgejo and don't
need to rely on the dependency.
- Existing tests (thanks @oliverpool) prove that this has no effect.
2024-03-30 00:01:42 +01:00
Earl Warren
168c56d7d4 Merge pull request 'Update module github.com/gliderlabs/ssh to v0.3.7' (#2806) from renovate/github.com-gliderlabs-ssh-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2806
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-28 14:01:48 +00:00
Renovate Bot
9ff9036377 Update module github.com/klauspost/compress to v1.17.7 2024-03-25 20:07:17 +00:00
Earl Warren
5194bd15ef Merge pull request 'Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.1' (#2804) from renovate/github.com-editorconfig-editorconfig-core-go-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2804
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-25 19:48:58 +00:00
Renovate Bot
a6fdab95f8 Update module github.com/go-enry/go-enry/v2 to v2.8.7 2024-03-25 19:05:23 +00:00
Renovate Bot
ac08242493 Update module github.com/gliderlabs/ssh to v0.3.7 2024-03-25 18:24:23 +00:00
Renovate Bot
eccd824b01 Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.1 2024-03-25 17:37:18 +00:00
Renovate Bot
6e968e0ce3 Update gitea.com/go-chi/session digest to 16768d9 2024-03-25 15:18:21 +00:00
Renovate Bot
46aaecc2b8 Update gitea.com/go-chi/captcha digest to fb487f6 2024-03-25 13:37:57 +00:00
Earl Warren
84f28f36b0
go: upgrade to go v1.22 2024-03-25 06:52:23 +01:00
JakobDev
0a88259df4
Update Chroma to v2.13.0 (#29732)
This adds new lexers and includes some fixes. See
https://github.com/alecthomas/chroma/releases/tag/v2.13.0 for the full
changelog.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 3e7ae79f99ef0e5ba3d1201c38f491121ea2a156)
2024-03-20 08:46:28 +01:00
sillyguodong
6cb9e8d869
Make runs-on support variable expression (#29468)
As title.
Close issue: https://gitea.com/gitea/act_runner/issues/445
Follow: https://gitea.com/gitea/act/pulls/91

Move `getSecretsOfTask` and `getVariablesOfTask` under `models` because
of circular dependency issues.

(cherry picked from commit a1f5dd767729e30d07ab42fda80c19f30a72679f)
2024-03-11 23:36:59 +07:00
wxiaoguang
abb0294996
Partially enable MSSQL case-sensitive collation support (#29238)
Follow #28662

(cherry picked from commit 29a8c8de779924694fadad80b31cc855dd62c0f2)
2024-03-11 23:36:59 +07:00
Gusted
578f0b3335
[DEPS] Bump mysql driver
- Bump the SQL driver for MySQL to
[v1.8.0](https://github.com/go-sql-driver/mysql/releases/tag/v1.8.0),
which notably includes support for ed25519 authentication scheme (by
yours truly).
- Resolves #1868
2024-03-10 14:57:56 +01:00
techknowlogick
2c26b187ea
bump protobuf module (#29617)
(cherry picked from commit 06039bf0b7ec4dffe74ae323b8bbbbedec69d0c8)
2024-03-06 11:39:07 +08:00
Gusted
0c4872f839
[CHORE] Update connect-go to maintained fork
- Update github.com/bufbuild/connect-go to
https://github.com/connectrpc/connect-go.
- This is a fork that's actively maintained and is recommend by the
original library. Looking at the recent release notes, it looks like
going in the right direction what one would expect of a library, no
strange features being added, lots of improvements.
- There's still an indirect dependency by
`code.gitea.io/actions-proto-go` on a old version of `connect-go`.
2024-02-28 09:40:56 +01:00
Gusted
295cd6be94
[GITEA] Use existing error functionality
- There's no need to use `github.com/pkg/errors` when the standard
library already has the functionality to wrap and create errors.

(cherry picked from commit 40f603a538036ce7e150adf404374d794eb46993)
(cherry picked from commit aa68a2753f204dfe44a037ccc91dacc2a0a53803)
(cherry picked from commit 48e252d73961ae17b56544bae79bc812dac10c44)
(cherry picked from commit cc6f40ccd208a6fd1527ba08e3123e9b01b218ab)
(cherry picked from commit 03c4b9735824bfaed19df14550ef458d52667b40)
(cherry picked from commit f25eeb76958b78fbe00fc6556aec8a37aba0ecdf)
(cherry picked from commit 989d8fa1cb81e0ff017ac575fdd1cf12507eb42b)
(cherry picked from commit 10e890ed8e7205c140677ff74db393fc0052da14)
(cherry picked from commit 581519389d3a35e775f7d3fdc15c251a3e0828b6)
(cherry picked from commit 03d00b11ac4880fd897631180c40bc1dedf5d7e5)
(cherry picked from commit 04e6c853d48b0dab767046c968717f3982304c40)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 2c4c29f7bc20e31321c4932998692dd1ef73aa14)
2024-02-05 16:09:40 +01:00
Gusted
92413041bd
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d82001babd8d40c87d03169f21c14cd)
(cherry picked from commit 99ba56a8761dd08e08d9499cab2ded1a6b7b970f)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193daa2311e2ead6249a47dcec47b4e335)
(cherry picked from commit 9c12a37fde6fa84414bf332ff4a066facdb92d38)
(cherry picked from commit d13065345431a499f9e0b7a3c2043d7487b8aa5b)
(cherry picked from commit 45a16f8c3c6f7d5e4aab8fdde6a621cf36e4801c)
(cherry picked from commit a497acb31f76d580c8b0567f9461274bd78080f4)
(cherry picked from commit fe87fd828973945192b98310c5c3b2001c6e0f86)
(cherry picked from commit 6ac12e6693cf45cb12109028dabd868957c4b74c)
(cherry picked from commit 981ec37e1e72ab19c20067ff4d2a7e20a60d3305)
(cherry picked from commit 5d6892ec10086f0ba63f26693faa82d0fd4e3f4a)
(cherry picked from commit 9df7968f4fc72de9788d84ca3f349e4c98ee630e)
(cherry picked from commit 7d588d183329cd760053663ea2e1e82e62958409)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit defb101281f5a6ba410abc763674bafa7b63dffd)
(cherry picked from commit 5830f204a17767fda3e45d16dbf3af8c32e7f387)
(cherry picked from commit 029f4e98636a7776f430684e9d7142d69a444f96)
(cherry picked from commit 816fe558126d0ecce969fdf2a196fa6afdcca792)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 99866d804560b415b6158371eb0efd17d097cfe0)
2024-02-05 16:09:40 +01:00
Gusted
662c8ee341
[GITEA] Use existing jsonschema library
- Use the 'existing' jsonschema library for the nodeinfo integration test.

(cherry picked from commit 73864840f27274d4cdaef23d47a6a71fc60529c3)
(cherry picked from commit da36df306b7a75434c75ed5f63608e06266ca480)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8eacd2e6b2318f26e327ec59b804ea23)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344eb0d797838f8444a6d5c0e3d425716)
(cherry picked from commit 0ccefc633e5cd206bd51f642c9fe7be56dae51ec)
(cherry picked from commit 19e647b531c5cfaba5beabbd1de2fe65dfd44da0)
(cherry picked from commit 2bcc04889d4d765eba0ebdffe7ba788c91923d35)
(cherry picked from commit 2fd1932699572a666ef616b7fb191ab5f56d75c6)
(cherry picked from commit b9a3e1e5258e1896550cc3750b7f688fdab1bb22)
(cherry picked from commit 92d932d23f2fcab4b38b72bb6b39778026418ecd)
(cherry picked from commit c125217fea154d6eb87ae86735906c90575bbff3)
(cherry picked from commit f9801ba57b58fefe5a4cc8c9da91a3593129f656)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 2558a8a764ff6d35c70beb7510626cdeac38771d)
(cherry picked from commit f53b2d31127ddf17b6593d1bb3ec536ee04c8937)
(cherry picked from commit c098055f0a3266a94651bc2783330cf7b12efff2)
(cherry picked from commit 0e1591554a275d14da09114db8572bf731c5f112)
(cherry picked from commit 876d9d5c6f272120d31bdb18df39c3a9d25e2917)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 7110bb6a783cb37db3a75abd08534760812d05fd)
2024-02-05 16:09:40 +01:00
Gusted
fa37a211fb
[GITEA] Drop sha256-simd in favor of stdlib
- In Go 1.21 the crypto/sha256 [got a massive
improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the
SHA instructions for AMD64 CPUs, which sha256-simd already was doing.
The performance is now on par and I think it's preferable to use the
standard library rather than a package when possible.

```
cpu: AMD Ryzen 5 3600X 6-Core Processor
                │  simd.txt   │               go.txt                │
                │   sec/op    │    sec/op     vs base               │
Hash/8Bytes-12    63.25n ± 1%    73.38n ± 1%  +16.02% (p=0.002 n=6)
Hash/64Bytes-12   98.73n ± 1%   105.30n ± 1%   +6.65% (p=0.002 n=6)
Hash/1K-12        567.2n ± 1%    572.8n ± 1%   +0.99% (p=0.002 n=6)
Hash/8K-12        4.062µ ± 1%    4.062µ ± 1%        ~ (p=0.396 n=6)
Hash/1M-12        512.1µ ± 0%    510.6µ ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        2.556m ± 1%    2.564m ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       5.112m ± 0%    5.127m ± 0%        ~ (p=0.093 n=6)
geomean           13.82µ         14.27µ        +3.28%

                │   simd.txt   │               go.txt                │
                │     B/s      │     B/s       vs base               │
Hash/8Bytes-12    120.6Mi ± 1%   104.0Mi ± 1%  -13.81% (p=0.002 n=6)
Hash/64Bytes-12   618.2Mi ± 1%   579.8Mi ± 1%   -6.22% (p=0.002 n=6)
Hash/1K-12        1.682Gi ± 1%   1.665Gi ± 1%   -0.98% (p=0.002 n=6)
Hash/8K-12        1.878Gi ± 1%   1.878Gi ± 1%        ~ (p=0.310 n=6)
Hash/1M-12        1.907Gi ± 0%   1.913Gi ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        1.911Gi ± 1%   1.904Gi ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       1.910Gi ± 0%   1.905Gi ± 0%        ~ (p=0.093 n=6)
geomean           1.066Gi        1.032Gi        -3.18%
```

(cherry picked from commit abd94ff5b59c86e793fd9bf12187ea6cfd1f3fa1)
(cherry picked from commit 15e81637abf70576a564cf9eecaa9640228afb5b)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 325d92917f655c999b81b08832ee623d6b669f0f)

Conflicts:
	modules/context/context_cookie.go
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 358819e8959886faa171ac16541097500d0a703e)
(cherry picked from commit 362fd7aae17832fa922fa017794bc564ca43060d)
(cherry picked from commit 4f64ee294ee05c93042b6ec68f0a179ec249dab9)
(cherry picked from commit 4bde77f7b13c5f961c141c01b6da1f9eda5ec387)
(cherry picked from commit 1311e30a811675eb623692349e4e808a85aabef6)
(cherry picked from commit 57b69e334c2973118488b9b5dbdc8a2c88135756)
(cherry picked from commit 52dc892fadecf39e89c3c351edc9efb42522257b)
(cherry picked from commit 77f54f4187869c6eabcc837742fd3f908093a76c)
(cherry picked from commit 0d0392f3a510ce3683bb649dee1e65b45dd91354)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 92798364e8fe3188a2100b54f3adea943f8309e9)
(cherry picked from commit 43d218127752aa9251c4c3ef71b9c060f109dffc)
(cherry picked from commit 45c88b86a35729fc0b2dc6b72bc33caf9f69265f)
(cherry picked from commit a1cd6f4e3a7956773cbc0aef8abb80d17b62eb49)
(cherry picked from commit 01191dc2adf8c57ae448be37e73158005a8ff74d)
(cherry picked from commit 151e07f37e2854ad633f1352fb0ce3cd06f4b2ae)
2024-02-05 16:09:40 +01:00