000c06d41b
Fix oauth2 session gob register ( #36017 )
...
`gob.Register` must be called before Sessioner
Fix #36016
2025-11-26 23:25:34 +07:00
98eb2b0aba
Bump golang.org/x/crypto from 0.43.0 to 0.45.0 ( #35985 )
...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto ) from
0.43.0 to 0.45.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4e0068c009e79546e28bf91f7a7c312df4153a03bcf6a849efb4f2b6207679ec3a51fc122a78f140c0531f9c340997000b45https://github.com/golang/crypto/compare/v0.43.0...v0.45.0 ">compare
view</a></li>
</ul>
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-19 20:10:35 +07:00
018156079b
Upgrade deps golang.org/x/crypto ( #35952 )
2025-11-14 03:19:51 +07:00
17a6a2bab1
upgrade go mail to 0.7.2 and fix the bug ( #35833 )
...
patch from
https://github.com/wneessen/go-mail/issues/504#issuecomment-3477890515 .
Thanks to @wneessen
2025-11-03 11:32:45 +07:00
5cb453c01b
Revert gomail to v0.7.0 to fix sending mail failed ( #35816 )
...
Revert gomail to the last work version to fix #35794
There is a problem between go mail v0.7.1 to prevent sending email work.
https://github.com/wneessen/go-mail/compare/v0.7.0...v0.7.1
2025-11-02 09:07:32 +07:00
bc50431e8b
Upgrade go mail to 0.7.2 ( #35748 )
2025-10-26 09:52:01 +07:00
c55a017225
Fix missing Close when error occurs and abused connection pool ( #35658 )
...
Fix #35649
* Use upstream `git-lfs-transfer`
* The Close should be called when error occurs (bug fix)
* The connection pool should be shared (bug fix)
* Add more tests to cover "LFS over SSH download"
2025-10-15 09:47:12 +07:00
3d264ba636
bump archives&rar dep ( #35637 )
2025-10-12 05:48:19 +07:00
cdc0733047
Use `inputs` context when parsing workflows ( #35590 )
...
Depends on [gitea/act#143 ](https://gitea.com/gitea/act/pulls/143 )
The [`inputs`
context](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#inputs-context )
is used when parsing workflows so that `run-name` like `run-name: Deploy
to ${{ inputs.deploy_target }}` can be parsed correctly.
2025-10-06 06:09:27 +07:00
c5d74e5869
Bump github.com/wneessen/go-mail from 0.6.2 to 0.7.1 ( #35557 )
2025-10-01 00:14:53 +07:00
fbe80e6df2
Add proper error message if session provider can not be created ( #35520 )
...
the middleware that creates the session provider just panics if on
creation the config is wrong.
this is not catched and so you just get an cryptic stacktrace with no
point where to look at (as user).
## Before
```
2025/09/16 03:56:37 ...xer/stats/indexer.go:87:populateRepoIndexer() [I] Done (re)populating the repo stats indexer with existing repositories
2025/09/16 03:56:37 modules/ssh/ssh.go:387:Listen() [I] Adding SSH host key: /var/lib/gitea/data/ssh/gitea.rsa
2025/09/16 03:56:37 modules/ssh/init.go:26:Init() [I] SSH server started on :1234. Cipher list ([chacha20-poly1305@openssh.com aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com ]), key exchange algorithms ([curve25519-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1]), MACs ([hmac-sha2-256-etm@openssh.com hmac-sha2-256 hmac-sha1])
2025/09/16 03:56:37 ...s/graceful/server.go:50:NewServer() [I] Starting new SSH server: tcp::1234 on PID: 83337
2025/09/16 03:56:38 cmd/web.go:231:func1() [F] PANIC: dial tcp 127.0.0.1:6379: connect: connection refused
gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96/session.go:239 (0x1cdb908)
code.gitea.io/gitea/routers/common/middleware.go:108 (0x2547f5a)
code.gitea.io/gitea/routers/web/web.go:270 (0x278b8e9)
code.gitea.io/gitea/routers/init.go:185 (0x2850d89)
code.gitea.io/gitea/cmd/web.go:211 (0x295c5ad)
code.gitea.io/gitea/cmd/web.go:262 (0x295cacb)
code.gitea.io/gitea/cmd/main.go:111 (0x2953422)
github.com/urfave/cli/v2@v2.27.2/command.go:276 (0x1cc3dfd)
github.com/urfave/cli/v2@v2.27.2/command.go:269 (0x1cc4084)
github.com/urfave/cli/v2@v2.27.2/app.go:333 (0x1cc086a)
github.com/urfave/cli/v2@v2.27.2/app.go:307 (0x2953f18)
code.gitea.io/gitea/cmd/main.go:172 (0x2953efc)
code.gitea.io/gitea/main.go:46 (0x2998498)
runtime/proc.go:283 (0x4471ca)
runtime/asm_amd64.s:1700 (0x484a20)
```
## After
```
2025/09/22 22:52:35 .../templates/htmlrenderer.go:118:initHTMLRenderer() [D] Creating static HTML Renderer
2025/09/22 22:52:35 routers/web/web.go:273:Routes() [F] common.Sessioner failed: failed to create session middleware: dial tcp 127.0.0.1:6379: connect: connection refused
```
---------
Signed-off-by: 6543 <6543@obermui.de>
2025-09-28 12:24:19 +07:00
151ef80e28
use experimental go json v2 library ( #35392 )
...
details: https://pkg.go.dev/encoding/json/v2
---------
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-09-28 08:03:36 +07:00
4fe1066a17
Replace gobwas/glob package ( #35478 )
...
https://github.com/gobwas/glob is unmaintained and has bugs.
2025-09-13 18:01:00 +07:00
e96ef97989
Upgrade dependencies ( #35384 )
...
- ~Upgrade golang to 1.25~ blocked by the issue
https://github.com/go-swagger/go-swagger/issues/3220
- Upgrade minor versions of most dependencies
- Upgrade github.com/google/go-github version to v74
- Fix meilisearch because of sdk interface change
- Use github.com/Necoro/html2text which is a fork instead of html2text
because of https://github.com/jaytaylor/html2text/issues/67 which
resulted in complie failure.
- Fix some deprecated methods of gitlab go client.
2025-09-02 23:13:38 +07:00
ec75bdbe68
Use github.com/mholt/archives replace github.com/mholt/archiver ( #35390 )
...
Fix #32620
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: junoberryferry <user@example.tld>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-09-01 19:40:12 +07:00
0c6326e6ab
Upgrade xz to v0.5.15 ( #35377 )
2025-08-29 17:44:33 +07:00
9b5a3e9c9c
Update chroma to v2.20.0 ( #35220 )
...
https://github.com/alecthomas/chroma/releases/tag/v2.20.0
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-08-11 13:00:20 +07:00
54fe47fbca
Change some columns from text to longtext and fix column wrong type caused by xorm ( #35141 )
...
This PR upgrade xorm to v1.3.10 which fixed a bug when both `longtext
json` tags in the struct field. The `longtext` will be ignored and
`json` will be considered as `text`.
A migration has been introduced to modify the column directly to
longtext. And another two columns should also be migrated from text to
longtext.
All these changes only affect mysql database because for other databases
Gitea supported, text is the same as longtext.
Fix #27244
Fix #34764
Fix #35042
2025-07-23 22:24:44 +07:00
90eb831418
Upgrade chi to v5.2.2 ( #34798 )
2025-06-20 18:23:46 +07:00
ee334886f3
upgrade orgmode to v1.8.0 ( #34721 )
2025-06-17 19:30:43 +07:00
65986f423f
Refactor embedded assets and drop unnecessary dependencies ( #34692 )
...
Benefits:
1. smaller binary size (reduces more than 1MB)
2. better control of the assets details
3. fewer unmaintained dependencies
4. faster startup if the assets are not needed
5. won't hang up editors when open "bindata.go" by accident
2025-06-12 03:59:33 +07:00
e9f5105e95
Migrate to urfave v3 ( #34510 )
...
migrate cli to urfave v3
add more cli tests
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-06-10 12:35:12 +07:00
92e7e98c56
Update x/crypto package and make builtin SSH use default parameters ( #34667 )
2025-06-09 19:51:02 +07:00
0534eddd16
Use run-name and evaluate workflow variables ( #34301 )
...
This addresses https://github.com/go-gitea/gitea/issues/34247
depends on https://gitea.com/gitea/act/pulls/137
I couldn't find any previous implementation for `run-name` support on
workflows so I created one.
Key points:
All dispatched workflows, scheduled workflows and detected workflows
(from different hooks) will use and evaluate `run-name` if exists, with
the corresponding gitea context and variables. This will be used as the
Action run title and replace the default commit message being used
today.
Had to change act package jobparser (see link above)
and create two helpers
3a1320c70d/models/actions/utils.go (L86)3a1320c70d/services/actions/context.go (L169)https://github.com/go-gitea/gitea/pull/34301/files#diff-9c9c27cb61a33e55ad33dc2c2e6a3521957a3e5cc50ddf652fdcd1def87b044dR86 )
and
[WithGitContext](65c232c4a5/pkg/jobparser/jobparser.go (L84)https://github.com/user-attachments/assets/73cb03d0-23a0-4858-a466-bbf0748cea98 "
/>
2025-05-20 02:24:10 +07:00
2a660b4a1b
Upgrade go-github v61 -> v71 ( #34385 )
...
There will be a possible bug when migrating from Github
https://github.com/google/go-github/issues/3229
This PR upgrades go-github from v61 to v71 to resolve that problem.
2025-05-06 20:10:14 +07:00
648df8a5e1
Fix the ci build ( #34309 )
...
Fix
https://github.com/go-gitea/gitea/actions/runs/14722306878/job/41318217870
A fork has been created under https://gitea.com/gitea/go-xsd-duration
2025-04-28 20:47:16 +07:00
58d2a87c6c
update go&js dependencies ( #34262 )
2025-04-23 21:22:40 +07:00
42f45f1489
Update net package ( #34228 )
2025-04-17 06:06:58 +07:00
c57304ac3f
Add middleware for request prioritization ( #33951 )
...
This adds a middleware for overload protection that is intended to help protect against malicious scrapers.
It does this via [`codel`](https://github.com/bohde/codel ), which will perform the following:
1. Limit the number of in-flight requests to some user-defined max
2. When in-flight requests have reached their begin queuing requests.
Logged-in requests having priority above logged-out requests
3. Once a request has been queued for too long,
it has a probabilistic chance to be rejected based on how overloaded the entire system is.
When a server experiences more traffic than it can handle,
this keeps latency low for logged-in users and rejects just
enough requests from logged-out users to not overload the service.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2025-04-14 16:25:48 +07:00
32258e0f22
Update go mod dependencies ( #33988 )
...
blevesearch is skipped because it causes errors
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2025-03-25 05:51:52 +07:00
189873719b
update jwt and redis packages ( #33984 )
2025-03-23 10:13:16 +07:00
65bb837fa2
Upgrade golang net from 0.35.0 -> 0.36.0 ( #33795 )
2025-03-04 23:25:09 +07:00
2c8bdd2233
Upgrade act to 0.261.4 and actions-proto-go to v0.4.1 ( #33760 )
...
Include https://gitea.com/gitea/act/pulls/129 Fix #33657
And https://gitea.com/gitea/actions-proto-def/pulls/14
2025-03-01 20:02:58 +07:00
ae4a3d7708
upgrade go-crypto from 1.1.5 to 1.1.6 ( #33745 )
...
Fix #33296
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-02-28 14:06:47 +07:00
7535af20da
bump x/crypto & x/oauth2 ( #33704 )
2025-02-24 20:15:18 +07:00
e6759f356d
Update Go dependencies (skip blevesearch, meilisearch) ( #33655 )
2025-02-20 22:10:54 +07:00
517a367abe
Use ProtonMail/go-crypto to replace keybase/go-crypto ( #33402 )
...
Fix #33400
The keybase/go-crypto is no longer maintained and it generates malformed
signatures, ProtonMail/go-crypto is the actively maintained fork.
2025-01-27 09:14:08 +07:00
124079871b
Convert github.com/xanzy/go-gitlab into gitlab.com/gitlab-org/api/client-go ( #33126 )
...
Fix #32985
2025-01-08 13:10:43 +07:00
386c1ed908
Refactor HTMLFormat, update chroma render, fix js error ( #33136 )
...
A small refactor to improve HTMLFormat, to help to prevent low-level
mistakes.
And fix #33141 , fix #33139
2025-01-08 03:44:32 +07:00
a8e7caedfa
add submodule diff links ( #33097 )
...
This adds links to submodules in diffs, similar to the existing link
when viewing a repo at a specific commit. It does this by expanding diff
parsing to recognize changes to submodules, and find the specific refs
that are added, deleted or changed.
Related #25888
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-01-08 01:38:30 +07:00
df9d1fe8c5
Trivial fixes ( #33103 )
...
1. remove `gock` dependency, it is not needed
2. fix a regression from org private profile readme
2025-01-04 22:25:50 +07:00
8eecca3478
Remove aws go sdk package dependency ( #33029 )
...
This PR removed the dependency of `github.com/aws/aws-sdk-go/aws`
Patially fix for #33023
2024-12-30 06:30:28 +07:00
dafadf0028
Refactor fixture loading for testing ( #33024 )
...
To help binary size and testing performance
2024-12-30 04:06:57 +07:00
420cda18e6
bump x/net ( #32896 )
2024-12-18 22:40:04 +07:00
2910f384d5
Fix misuse of PublicKeyCallback ( #32810 )
...
Only upgrading the ssh package is not enough.
2024-12-13 03:57:37 +07:00
39a01016cd
Upgrade dependency crypto library ( #32750 )
2024-12-11 13:07:48 +07:00
5ab7aa700f
Use new mail package instead of an unmintained one ( #32682 )
...
Resolve #18664
2024-12-05 06:33:43 +07:00
cad313e64f
Update `github.com/meilisearch/meilisearch-go` ( #32484 )
...
Result of `go get -u github.com/meilisearch/meilisearch-go && make
tidy`.
Fixes: https://github.com/go-gitea/gitea/security/dependabot/78
2024-11-12 15:55:01 +07:00
5e6523aa57
Update go dependencies ( #32389 )
2024-10-31 12:05:54 +07:00
08c963c921
Update github.com/go-enry/go-enry to v2.9.1 ( #32295 )
...
`go-enry` v2.9.1 includes latest file patterns from Linguist, which can
identify more generated file type, eg. `pdm.lock`.
2024-10-19 20:51:55 +07:00
wxiaoguang
dependabot[bot]
Lunny Xiao
techknowlogick
Zettat123
6543
junoberryferry
Sebastian Ertz
TheFox0x7
badhezi
Rowan Bohde
yp05327
Rowan Bohde
silverwind
YR Chen