mirror of
https://github.com/go-gitea/gitea.git
synced 2026-05-28 02:38:44 +09:00
2fde11dfbb9d7fd09580837ea9d454abebdc92a7
20839 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Lunny Xiao
|
f9b7b65371 |
fix(security): enforce wiki git writes and LFS token access at request time (#37695)
This PR fixes two permission-checking gaps in Git and LFS request handling. ## What it changes - keep wiki Git HTTP pushes on the normal write-permission path, even when proc-receive support is enabled - revalidate LFS bearer token requests against the current user state and current repository permissions before allowing access - add regression coverage for unauthorized wiki HTTP pushes - add LFS tests for blocked users, revoked repository access, read-only upload attempts, and valid write access ## Why - wiki repositories should not inherit the relaxed refs/for handling used for normal code repositories - LFS authorization tokens should not remain usable after a user is disabled or loses repository access Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
 agyss
|
5b3575a8be |
fix(repo): /generate must sync the branch table for the new repo (#37693)
Two bugs in GenerateGitContent, the function behind
`POST /api/v1/repos/{owner}/{template}/generate`:
1. The new repository's refs were not written `branch` DB table
2. The function re-fetched the new repo row from the database
but reassigned its local pointer
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
||
 Kausthubh J Rao
|
5c887d68ca |
feat(api): encrypt AWS creds (#37679)
## Description As mentioned in #37654 `AWSSecretAccessKey` are not encrypted and stored as is. ## Update Follow the existing `AuthToken` flow of setting the `Encrypted` fields, `Decrypting` them later and `Clearing` them at the end. Closes #37654 --------- Signed-off-by: Kausthubh J Rao <105716675+Exgene@users.noreply.github.com> Co-authored-by: Lauris B <lauris@nix.lv> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
 GiteaBot
|
2450127c56 | [skip ci] Updated translations via Crowdin | ||
|
Lunny Xiao
|
929962833d |
fix: snap build (main branch) (#37685)
1. make "pull" and "build" testable and debuggable 2. add more comments for how the build works 3. separate 1.26 and main build tags 4. fix incorrect tag describe (the current `snap info gitea` outputs version 1.22) Legacy logic is kept as is although some of them don't seem good (e.g.: snap version grep, tag finding, etc) --------- Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
 wxiaoguang
|
523822090c | chore: introduce HTMLBuilder (#37688) | ||
|
wxiaoguang
|
701908a945 |
chore: clean up "contrib" dir (#37690)
1. remove useless files like "backport.go", "update_dependencies.sh" 2. remove outdated "init" scripts, only keep one in sysvinit, gentoo dir is also kept because it still uses openrc 3. move "service" related config and scripts into "service" directory |
||
 Matt Schoen
|
a564f0587a |
feat(api): add sort and order query parameters to job list endpoints (#37672)
Adds `sort` and `order` query parameters to all action job list API
endpoints (`/admin/actions/jobs`, `/repos/{owner}/{repo}/actions/jobs`,
`/repos/{owner}/{repo}/actions/runs/{run}/jobs`, `/user/actions/jobs`),
following the existing `OrderByMap` pattern used by repo/user search
endpoints.
- Default is `id` / `asc` (backwards compatible — matches previous DB
natural order)
- Only `id` sort field for now; the map is extensible for future fields
- Returns 422 for invalid sort/order values
- `ToOrders()` returns empty string when `OrderBy` is unset, so internal
callers (webhook dispatch, concurrency checks) are unaffected
Closes: #37666
Supersedes: #37667
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: silverwind <me@silverwind.io>
|
||
 Nicolas
|
187daac598 |
fix: Sort action run jobs by JobID and Name with matrix examples (#37046)
Fix the sorting of jobs out of a matrix ## Before <img width="415" height="487" alt="grafik" src="https://github.com/user-attachments/assets/b628adb9-9158-4106-89f1-d8ecaa98f17d" /> ## After <img width="423" height="365" alt="grafik" src="https://github.com/user-attachments/assets/d26223d5-96da-4bdc-bbfe-389101d28cc8" /> --------- Signed-off-by: Nicolas <bircni@icloud.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> |
||
|
wxiaoguang
|
3738809219 |
fix: catch and fix more lint problems (#37674)
Changes are done by "make lint-go-fix" |
||
 silverwind
|
ffd5e0698b |
docs(agents): update AGENTS.md (#37684)
Add two rules to `AGENTS.md` for recurring issues. Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
79f7062d9e |
fix(actions): run TransferLogs on UpdateLog{Rows:[], NoMore:true} (#37631)
`UpdateLog` short-circuits on `len(Rows)==0` before honoring `NoMore`,
so a final empty `UpdateLog{NoMore:true}` never runs `TransferLogs`. The
task's `dbfs_data` rows are then never moved to log storage and never
deleted.
Fix: let `NoMore=true` with no new rows fall through to `TransferLogs`.
Bail when the runner has outrun the server (`Index > ack`) even with
`NoMore`, since archiving a log with a gap is worse than retrying.
Always call `WriteLogs` so `offset==0` bootstraps an empty DBFS file in
the no-output case (otherwise `TransferLogs` would fail at `dbfs.Open`).
Fixes: https://github.com/go-gitea/gitea/issues/37623
Ref: https://gitea.com/gitea/runner/pulls/952
Ref: https://gitea.com/gitea/runner/pulls/950
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
|
||
|
GiteaBot
|
f01953e764 | [skip ci] Updated translations via Crowdin | ||
|
Giteabot
|
6a27066269 |
fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test (#37662)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [mermaid](https://redirect.github.com/mermaid-js/mermaid) | [`11.14.0` → `11.15.0`](https://renovatebot.com/diffs/npm/mermaid/11.14.0/11.15.0) |  |  | --- ### Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection [CVE-2026-41148](https://nvd.nist.gov/vuln/detail/CVE-2026-41148) / [GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) <details> <summary>More information</summary> #### Details ##### Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures `classDef` values with an unrestricted regex: ```jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 <CLASSDEFID>[^\n]* { this.popState(); return 'CLASSDEF_STYLEOPTS' } ``` The value passes unsanitized through `addStyleClass()` -> `createCssStyles()` -> `style.innerHTML` (mermaidAPI.ts:418). A `}` in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page. ##### PoC ``` stateDiagram-v2 classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")} ``` Live demo: <https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU> ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102)) ##### Workarounds Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Impact Enables page defacement, user tracking via `url()` callbacks, and DOM attribute exfiltration via CSS `:has()` selectors. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r) - [https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102) - [https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) - [https://github.com/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection [CVE-2026-41149](https://nvd.nist.gov/vuln/detail/CVE-2026-41149) / [GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) <details> <summary>More information</summary> #### Details ##### Impact Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS. ##### Proof-of-concept ``` stateDiagram-v2 classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b [*] --> A:::xss ``` ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)) ##### Workarounds If you can not update to a patched version, setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Credits Thanks to @​zsxsoft from @​KeenSecurityLab for reporting this vulnerability. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr) - [https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056) - [https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) - [https://github.com/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of configuration leads to CSS injection [CVE-2026-41159](https://nvd.nist.gov/vuln/detail/CVE-2026-41159) / [GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) <details> <summary>More information</summary> #### Details ##### Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the `fontFamily`, `themeCSS`, and `altFontFamily` configuration options. Live demo: [mermaid.live](https://mermaid.live/edit#pako:eNpNjktLxDAUhf9KvFBR6JS-60QQfODKlUvJ5k6TtsEmKTHFGUP-u-mI6Nmdy3fOPR56wwVQSBIvtXSUeAaD0e4ZlZxPDChhcLxFfwiEauOuLq_9Afv30ZpVczpaITS5kGox1qF2gfSeBwYhJAnThAyz-ewntI68vG5-0z3Z7e7IA9OQwmglB-rsKlJQwircLPgNZeAmocTPAi4GXGfHgOkQYwvqN2PUbzJuGSegA84f0a0LRyeeJI4W_xChubCPcbQD2pwbgHo4Aq2aKmvbqq3zoiu7pizqFE6RybN9VFfFY1HWXRVS-Dr_zLObrt7_V_gGGXZlGg) Example code: ``` %%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%% flowchart LR A --> B ``` The injected CSS exploits stylis's `&` (scope reference) handling. `:not(&)` escapes the `#mermaid-xxx` automatic scoping, applying styles to all page elements. Global at-rules (`@font-face`, `@keyframes`, `@counter-style`) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS `:has()` selectors. ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76)) ##### Workarounds If you can't upgrade mermaid, you can set the [`secure`](https://mermaid.js.org/config/schema-docs/config.html#secure) config value in the mermaid config to avoid allowing diagrams to modify `fontFamily`, `themeCSS`, `altFontFamily`, and `themeVariables`. Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will also prevent this. ##### Credits Reported by @​zsxsoft on behalf of @​KeenSecurityLab #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p) - [https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa) - [https://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://github.com/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS [CVE-2026-41150](https://nvd.nist.gov/vuln/detail/CVE-2026-41150) / [GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) <details> <summary>More information</summary> #### Details ##### Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates. Example: ``` gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d ``` `mermaid.parse` is unaffected, unless you then call the `ganttDb.getTasks()` (which is called when rendering a diagram). ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6)) ##### Workarounds There are no workarounds available without updating to a newer version of mermaid. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh) - [https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6) - [https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://github.com/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS [CVE-2026-41150](https://nvd.nist.gov/vuln/detail/CVE-2026-41150) / [GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) <details> <summary>More information</summary> #### Details ##### Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates. Example: ``` gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d ``` `mermaid.parse` is unaffected, unless you then call the `ganttDb.getTasks()` (which is called when rendering a diagram). ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6)) ##### Workarounds There are no workarounds available without updating to a newer version of mermaid. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh) - [https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6) - [https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-6m6c-36f7-fhxh) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of configuration leads to CSS injection [CVE-2026-41159](https://nvd.nist.gov/vuln/detail/CVE-2026-41159) / [GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) <details> <summary>More information</summary> #### Details ##### Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the `fontFamily`, `themeCSS`, and `altFontFamily` configuration options. Live demo: [mermaid.live](https://mermaid.live/edit#pako:eNpNjktLxDAUhf9KvFBR6JS-60QQfODKlUvJ5k6TtsEmKTHFGUP-u-mI6Nmdy3fOPR56wwVQSBIvtXSUeAaD0e4ZlZxPDChhcLxFfwiEauOuLq_9Afv30ZpVczpaITS5kGox1qF2gfSeBwYhJAnThAyz-ewntI68vG5-0z3Z7e7IA9OQwmglB-rsKlJQwircLPgNZeAmocTPAi4GXGfHgOkQYwvqN2PUbzJuGSegA84f0a0LRyeeJI4W_xChubCPcbQD2pwbgHo4Aq2aKmvbqq3zoiu7pizqFE6RybN9VFfFY1HWXRVS-Dr_zLObrt7_V_gGGXZlGg) Example code: ``` %%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%% flowchart LR A --> B ``` The injected CSS exploits stylis's `&` (scope reference) handling. `:not(&)` escapes the `#mermaid-xxx` automatic scoping, applying styles to all page elements. Global at-rules (`@font-face`, `@keyframes`, `@counter-style`) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS `:has()` selectors. ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76)) ##### Workarounds If you can't upgrade mermaid, you can set the [`secure`](https://mermaid.js.org/config/schema-docs/config.html#secure) config value in the mermaid config to avoid allowing diagrams to modify `fontFamily`, `themeCSS`, `altFontFamily`, and `themeVariables`. Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will also prevent this. ##### Credits Reported by @​zsxsoft on behalf of @​KeenSecurityLab #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p) - [https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa) - [https://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-87f9-hvmw-gh4p) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection [CVE-2026-41149](https://nvd.nist.gov/vuln/detail/CVE-2026-41149) / [GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) <details> <summary>More information</summary> #### Details ##### Impact Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS. ##### Proof-of-concept ``` stateDiagram-v2 classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b [*] --> A:::xss ``` ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)) ##### Workarounds If you can not update to a patched version, setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Credits Thanks to @​zsxsoft from @​KeenSecurityLab for reporting this vulnerability. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr) - [https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056) - [https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-ghcm-xqfw-q4vr) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection [CVE-2026-41148](https://nvd.nist.gov/vuln/detail/CVE-2026-41148) / [GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) <details> <summary>More information</summary> #### Details ##### Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures `classDef` values with an unrestricted regex: ```jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 <CLASSDEFID>[^\n]* { this.popState(); return 'CLASSDEF_STYLEOPTS' } ``` The value passes unsanitized through `addStyleClass()` -> `createCssStyles()` -> `style.innerHTML` (mermaidAPI.ts:418). A `}` in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page. ##### PoC ``` stateDiagram-v2 classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")} ``` Live demo: <https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU> ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102)) ##### Workarounds Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Impact Enables page defacement, user tracking via `url()` callbacks, and DOM attribute exfiltration via CSS `:has()` selectors. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r) - [https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102) - [https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-xcj9-5m2h-648r) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>mermaid-js/mermaid (mermaid)</summary> ### [`v11.15.0`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) [Compare Source](https://redirect.github.com/mermaid-js/mermaid/compare/mermaid@11.14.0...mermaid@11.15.0) ##### Minor Changes - [#​7174](https://redirect.github.com/mermaid-js/mermaid/pull/7174) [`0aca217`](https://redirect.github.com/mermaid-js/mermaid/commit/0aca21739c0d1fcaaa206e04a6cd574ebc415483) Thanks [@​milesspencer35](https://redirect.github.com/milesspencer35)! - feat(sequence): Add support for decimal start and increment values in the `autonumber` directive - [#​7512](https://redirect.github.com/mermaid-js/mermaid/pull/7512) [`8e17492`](https://redirect.github.com/mermaid-js/mermaid/commit/8e17492f7365ba50896382feb69a23efd9d8a22d) Thanks [@​aruncveli](https://redirect.github.com/aruncveli)! - feat(flowchart): add datastore shape In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with `A@{ shape: datastore, label: "Datastore" }`. - [#​6440](https://redirect.github.com/mermaid-js/mermaid/pull/6440) [`9ad8dde`](https://redirect.github.com/mermaid-js/mermaid/commit/9ad8dde6d049adde85d8ed2d476c09b5820f3f4b) Thanks [@​yordis](https://redirect.github.com/yordis), [@​lgazo](https://redirect.github.com/lgazo)! - feat: add Event Modeling diagram - [#​7707](https://redirect.github.com/mermaid-js/mermaid/pull/7707) [`27db774`](https://redirect.github.com/mermaid-js/mermaid/commit/27db774627be1cee881961dfd0d2cb21cd01b79d) Thanks [@​txmxthy](https://redirect.github.com/txmxthy)! - feat(architecture): expose four fcose layout knobs for `architecture-beta` diagrams (`nodeSeparation`, `idealEdgeLengthMultiplier`, `edgeElasticity`, `numIter`) so authors can tune layout density and spread overlapping siblings without changing diagram source - [#​7604](https://redirect.github.com/mermaid-js/mermaid/pull/7604) [`bf9502f`](https://redirect.github.com/mermaid-js/mermaid/commit/bf9502fb6012a4b724679b401ac928f5ee55161c) Thanks [@​M-a-c](https://redirect.github.com/M-a-c)! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting If you have namespaces in class diagrams that use `.`s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set `class.hierarchicalNamespaces=false` in your mermaid config: ```yaml config: class: hierarchicalNamespaces: false ``` - [#​7272](https://redirect.github.com/mermaid-js/mermaid/pull/7272) [`88cdd3d`](https://redirect.github.com/mermaid-js/mermaid/commit/88cdd3dc0aab9577174561b04e14760c565a232b) Thanks [@​xinbenlv](https://redirect.github.com/xinbenlv)! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colors ##### Patch Changes - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`e9b0f34`](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: prevent unbalanced CSS styles in classDefs - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`37ff937`](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: create CSS styles using the CSSOM This removes some invalid CSS and normalizes some CSS formatting. - [#​7508](https://redirect.github.com/mermaid-js/mermaid/pull/7508) [`bfe60cc`](https://redirect.github.com/mermaid-js/mermaid/commit/bfe60cc67b9a6dec64f9161f58e4d24a06c42b65) Thanks [@​biiab](https://redirect.github.com/biiab)! - fix(stateDiagram): `end note` now only closes a note when used on a new line - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`faafb5d`](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix(gantt): add iteration limit for `excludes` field - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`65f8be2`](https://redirect.github.com/mermaid-js/mermaid/commit/65f8be2a42faf869b811469571983cba7eeeca99) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: disallow some CSS at-rules in custom CSS - [#​7726](https://redirect.github.com/mermaid-js/mermaid/pull/7726) [`1502f32`](https://redirect.github.com/mermaid-js/mermaid/commit/1502f32f3c5fb944925b0c527fbbde3c4f041824) Thanks [@​aloisklink](https://redirect.github.com/aloisklink)! - fix(wardley): fix unnecessary sanitization of text - [#​7578](https://redirect.github.com/mermaid-js/mermaid/pull/7578) [`1f98db8`](https://redirect.github.com/mermaid-js/mermaid/commit/1f98db8e326299ac97a2fa60abfd509d8f5f16e2) Thanks [@​Gaston202](https://redirect.github.com/Gaston202)! - fix(class): self-referential class multiplicity labels no longer rendered multiple times Fixes [#​7560](https://redirect.github.com/mermaid-js/mermaid/issues/7560). Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions. - [#​7592](https://redirect.github.com/mermaid-js/mermaid/pull/7592) [`2343e38`](https://redirect.github.com/mermaid-js/mermaid/commit/2343e38498a3b31f8ce5e79f1f009e0b56fbe086) Thanks [@​knsv-bot](https://redirect.github.com/knsv-bot)! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams - [#​7589](https://redirect.github.com/mermaid-js/mermaid/pull/7589) [`7fb9509`](https://redirect.github.com/mermaid-js/mermaid/commit/7fb9509b8b5cb1dc48519dc60cf6cdc6afba0462) Thanks [@​NYCU-Chung](https://redirect.github.com/NYCU-Chung)! - fix(block): prevent column widths from shrinking when mixing different column spans - [#​7632](https://redirect.github.com/mermaid-js/mermaid/pull/7632) [`3f9e0f1`](https://redirect.github.com/mermaid-js/mermaid/commit/3f9e0f15bedc1e2c71ddb6b34192d1a21124cfc2) Thanks [@​ekiauhce](https://redirect.github.com/ekiauhce)! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams - [#​7642](https://redirect.github.com/mermaid-js/mermaid/pull/7642) [`7a8fb85`](https://redirect.github.com/mermaid-js/mermaid/commit/7a8fb8532c57ecc55b3711454ab0e505a4291445) Thanks [@​tractorjuice](https://redirect.github.com/tractorjuice)! - fix(wardley): allow hyphens in unquoted component names Multi-word names containing hyphens — e.g. `real-time processing`, `end-user`, `on-call engineer` — now parse without quoting, bringing the grammar in line with the OnlineWardleyMaps (OWM) convention. `A->B` (no-space arrow) still tokenises correctly. - [#​7523](https://redirect.github.com/mermaid-js/mermaid/pull/7523) [`5144ed4`](https://redirect.github.com/mermaid-js/mermaid/commit/5144ed4b138ae0f4836bab4c163c575e0a767dd3) Thanks [@​darshanr0107](https://redirect.github.com/darshanr0107)! - fix(block): Arrow blocks in block-beta diagrams not spanning the specified number of columns when using `:n` syntax. - [#​7262](https://redirect.github.com/mermaid-js/mermaid/pull/7262) [`13d9bfa`](https://redirect.github.com/mermaid-js/mermaid/commit/13d9bfa4748e845a9eec7d6265ba496d2278f26e) Thanks [@​darshanr0107](https://redirect.github.com/darshanr0107)! - fix(block): Ensure block diagram hexagon blocks respect column spanning syntax - [#​7684](https://redirect.github.com/mermaid-js/mermaid/pull/7684) [`e14bb88`](https://redirect.github.com/mermaid-js/mermaid/commit/e14bb88bdb940124cdb0a107025653bf93745c99) Thanks [@​aloisklink](https://redirect.github.com/aloisklink)! - fix: loosen `uuid` dependency range to allow v14 Mermaid does not use any of the vulnerable code in CVE-2026-41907, but this allows users to silence any `npm audit` alerts on it. - [#​7633](https://redirect.github.com/mermaid-js/mermaid/pull/7633) [`9217c0d`](https://redirect.github.com/mermaid-js/mermaid/commit/9217c0d8b221b423af80e420b7adae901acf6c8c) Thanks [@​Felix-Garci](https://redirect.github.com/Felix-Garci)! - fix(block): add support for all arrow types in block diagrams - [#​7587](https://redirect.github.com/mermaid-js/mermaid/pull/7587) [`5e7eb62`](https://redirect.github.com/mermaid-js/mermaid/commit/5e7eb62e3aba6b5df559f5c839a868e5b7f40e72) Thanks [@​MaddyGuthridge](https://redirect.github.com/MaddyGuthridge)! - chore: drop lodash-es in favour of es-toolkit - [#​7693](https://redirect.github.com/mermaid-js/mermaid/pull/7693) [`afaf306`](https://redirect.github.com/mermaid-js/mermaid/commit/afaf3062381d115d66744413151b642f124dd9ba) Thanks [@​dull-bird](https://redirect.github.com/dull-bird)! - fix(quadrant-chart): allow CJK, emoji, Latin-1 accented characters, and other non-ASCII text in unquoted axis/quadrant/point labels. Previously the lexer only matched ASCII `[A-Za-z]+` for text tokens, even though the grammar referenced `UNICODE_TEXT`. Bare Chinese, Japanese, Korean, emoji, and accented Latin characters in labels caused a parse error. Added a `[^\x00-\x7F]+` lexer rule to emit `UNICODE_TEXT` and included it in the `alphaNumToken` grammar rule. Fixes [#​7120](https://redirect.github.com/mermaid-js/mermaid/issues/7120). - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`4755553`](https://redirect.github.com/mermaid-js/mermaid/commit/4755553d5fb6d1217809e43ffb8fc54d6a73e482) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: improve D3 types for mermaidAPI funcs - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`6476973`](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: handle `&` when namespacing CSS rules - [#​7520](https://redirect.github.com/mermaid-js/mermaid/pull/7520) [`8c1a0c1`](https://redirect.github.com/mermaid-js/mermaid/commit/8c1a0c1fd19587c6772d6966fe9d217e5cd1356c) Thanks [@​RodrigojndSantos](https://redirect.github.com/RodrigojndSantos)! - fix(stateDiagram): comments starting with one `%` are no longer treated as comments Switch to using two `%%` if you want to write a comment. - Updated dependencies \[[`7a8fb85`](https://redirect.github.com/mermaid-js/mermaid/commit/7a8fb8532c57ecc55b3711454ab0e505a4291445), [`675a64c`](https://redirect.github.com/mermaid-js/mermaid/commit/675a64ca0e3cde8728ca715991623c3fc055ce88)]: - [@​mermaid-js/parser](https://redirect.github.com/mermaid-js/parser)@​1.1.1 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Nicolas
|
71f3e28fe5 | ci: Also lint json5 files (#37659) | ||
|
Nicolas
|
de290f2121 |
fix(templates): avoid misleading compare message when branches lack merge base (#37651)
## Summary When comparing branches with **no common merge base** (e.g. unrelated histories or orphan branches), `PageIsComparePull` is false and `CommitCount` is zero. The compare template still showed `repo.commits.nothing_to_compare`, which in German reads like the branches are identical—even though the flash already explains there is no merge base. ## Changes - **`templates/repo/diff/compare.tmpl`**: Only render the grey “nothing to compare” segment when `CompareInfo.CompareBase` is set. <img width="1962" height="564" src="https://github.com/user-attachments/assets/adc3b4a0-6f03-45da-b297-e15e5ad0aa79" /> Fixes #37642 --------- Signed-off-by: Nicolas <bircni@icloud.com> |
||
|
Giteabot
|
8cd8291ed0 |
fix(deps): update npm dependencies (#37647)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | @​codemirror/autocomplete | [`6.20.1` → `6.20.2`](https://renovatebot.com/diffs/npm/@codemirror%2fautocomplete/6.20.1/6.20.2) |  |  | | @​codemirror/lint | [`6.9.5` → `6.9.6`](https://renovatebot.com/diffs/npm/@codemirror%2flint/6.9.5/6.9.6) |  |  | | @​codemirror/view | [`6.41.1` → `6.42.0`](https://renovatebot.com/diffs/npm/@codemirror%2fview/6.41.1/6.42.0) |  |  | | [vue](https://vuejs.org/) ([source](https://redirect.github.com/vuejs/core)) | [`3.5.33` → `3.5.34`](https://renovatebot.com/diffs/npm/vue/3.5.33/3.5.34) |  |  | --- ### Release Notes <details> <summary>vuejs/core (vue)</summary> ### [`v3.5.34`](https://redirect.github.com/vuejs/core/blob/HEAD/CHANGELOG.md#3534-2026-05-06) [Compare Source](https://redirect.github.com/vuejs/core/compare/v3.5.33...v3.5.34) ##### Bug Fixes - **compiler-sfc:** infer Vue ref wrapper types when source is unresolvable ([#​14758](https://redirect.github.com/vuejs/core/issues/14758)) ([7f46fd4](https://redirect.github.com/vuejs/core/commit/7f46fd411b4e3f75ca755ee1318ea8e9aff43f56)), closes [#​14729](https://redirect.github.com/vuejs/core/issues/14729) - **compiler-sfc:** preserve hash hrefs on `<image>` elements ([#​14756](https://redirect.github.com/vuejs/core/issues/14756)) ([090b2e3](https://redirect.github.com/vuejs/core/commit/090b2e3a5149ec951c5313b270e5400a1fc870ce)) - **compiler-sfc:** resolve type re-exports inside declare global ([#​14766](https://redirect.github.com/vuejs/core/issues/14766)) ([acfffe3](https://redirect.github.com/vuejs/core/commit/acfffe34e7724a84c21bb8e51e8a5bc0da35f350)) - **reactivity:** prevent orphan effect when created in a stopped scope ([#​14778](https://redirect.github.com/vuejs/core/issues/14778)) ([c8e2d4a](https://redirect.github.com/vuejs/core/commit/c8e2d4adc9112d2529de0434acc1188dfc399bf4)), closes [#​14777](https://redirect.github.com/vuejs/core/issues/14777) - **runtime-core:** avoid symbol coercion during props validation ([#​8539](https://redirect.github.com/vuejs/core/issues/8539)) ([23d4fb5](https://redirect.github.com/vuejs/core/commit/23d4fb5a6a070df3d2d4a043f0f62c141e376095)), closes [#​8487](https://redirect.github.com/vuejs/core/issues/8487) - **suspense:** avoid DOM leak with out-in transition in v-if fragment ([#​14762](https://redirect.github.com/vuejs/core/issues/14762)) ([9667e0d](https://redirect.github.com/vuejs/core/commit/9667e0d498ab39273614682986a666c3e73024d9)), closes [#​14761](https://redirect.github.com/vuejs/core/issues/14761) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
wxiaoguang
|
2eb7b3c7da |
refactor: routing info middleware (#37653)
fix #37650 |
||
|
Giteabot
|
7621b65403 |
chore(deps): update action dependencies (major) (#37638)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | major | `2021.12.29` → `2025.7.23` | | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | major | `2023.12.23` → `2025.7.23` | | [bitnamilegacy/mysql](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/mysql)) | service | major | `8.4` → `9.4` | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Giteabot
|
510b729212 |
fix(deps): update go dependencies (major) (#37639)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/dlclark/regexp2](https://redirect.github.com/dlclark/regexp2) | `v1.12.0` → `v2.0.1` |  |  | | [github.com/google/go-github/v84](https://redirect.github.com/google/go-github) | `v84.0.0` → `v85.0.0` |  |  | | [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `v1.46.0` → `v2.24.1` |  |  | --- ### Release Notes <details> <summary>dlclark/regexp2 (github.com/dlclark/regexp2)</summary> ### [`v2.0.1`](https://redirect.github.com/dlclark/regexp2/compare/v2.0.0...v2.0.1) [Compare Source](https://redirect.github.com/dlclark/regexp2/compare/v2.0.0...v2.0.1) ### [`v2.0.0`](https://redirect.github.com/dlclark/regexp2/compare/v1.12.0...v2.0.0) [Compare Source](https://redirect.github.com/dlclark/regexp2/compare/v1.12.0...v2.0.0) </details> <details> <summary>google/go-github (github.com/google/go-github/v84)</summary> ### [`v85.0.0`](https://redirect.github.com/google/go-github/releases/tag/v85.0.0) [Compare Source](https://redirect.github.com/google/go-github/compare/v84.0.0...v85.0.0) This release contains the following breaking API changes: - fix!: Resolve inconsistent options for `create` and `update` on custom org role ([#​4075](https://redirect.github.com/google/go-github/issues/4075)) BREAKING CHANGE: `GetOrgRole`, `CreateCustomOrgRole`, and `UpdateCustomOrgRole` have new params and return values. - fix!: Change `id` from `int64` to `string` in `ActivityService.MarkThreadDone` ([#​4056](https://redirect.github.com/google/go-github/issues/4056)) BREAKING CHANGE: `ActivityService.MarkThreadDone` accepts `string` `id` instead of `int64`. ...and the following additional changes: - chore: Bump version of go-github to v85.0.0 ([#​4173](https://redirect.github.com/google/go-github/issues/4173)) - chore: Update `openapi_operations.yaml` ([#​4172](https://redirect.github.com/google/go-github/issues/4172)) - security: Reject cross-host redirects to prevent Authorization leak ([#​4171](https://redirect.github.com/google/go-github/issues/4171)) - chore: Improve GitHub Actions workflows lint and testing ([#​4169](https://redirect.github.com/google/go-github/issues/4169)) - chore: Switch legacy redirect handling to new pattern ([#​4161](https://redirect.github.com/google/go-github/issues/4161)) - feat: Add `CodeSecurity` to `SecurityAndAnalysis` ([#​4155](https://redirect.github.com/google/go-github/issues/4155)) - fix: Reject URL path segments containing ".." in all request methods ([#​4150](https://redirect.github.com/google/go-github/issues/4150)) - feat: Refactor repositories download contents ([#​4153](https://redirect.github.com/google/go-github/issues/4153)) - chore: Bump google.org/x/tools to v0.44.0 in /tools ([#​4168](https://redirect.github.com/google/go-github/issues/4168)) - docs: Fix broken blog post link ([#​4160](https://redirect.github.com/google/go-github/issues/4160)) - build(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 in /example ([#​4156](https://redirect.github.com/google/go-github/issues/4156)) - chore: Update openapi\_operations.yaml ([#​4157](https://redirect.github.com/google/go-github/issues/4157)) - feat: Remove Google App Engine standard support ([#​4152](https://redirect.github.com/google/go-github/issues/4152)) - feat: Add `DownloadCopilotMetrics` helper method ([#​4149](https://redirect.github.com/google/go-github/issues/4149)) - docs: Add `apiVersion` to GitHub API link ([#​4147](https://redirect.github.com/google/go-github/issues/4147)) - chore: Simplify `redundantptr` custom linter ([#​4148](https://redirect.github.com/google/go-github/issues/4148)) - docs: Deprecate old Copilot metrics endpoints closed on April 2, 2026 ([#​4137](https://redirect.github.com/google/go-github/issues/4137)) - refactor: Remove redundant `github.Ptr` calls ([#​4145](https://redirect.github.com/google/go-github/issues/4145)) - fix: Add missing `User` fields ([#​4146](https://redirect.github.com/google/go-github/issues/4146)) - fix: Preserve `Marketplace.Stubbed` during client copy ([#​4144](https://redirect.github.com/google/go-github/issues/4144)) - refactor: Simplify array copying ([#​4143](https://redirect.github.com/google/go-github/issues/4143)) - build(deps): Bump golang.org/x/crypto from 0.49.0 to 0.50.0 in /example ([#​4141](https://redirect.github.com/google/go-github/issues/4141)) - build(deps): Bump github.com/getkin/kin-openapi from 0.134.0 to 0.135.0 in /tools ([#​4142](https://redirect.github.com/google/go-github/issues/4142)) - build(deps): Bump golang.org/x/term from 0.41.0 to 0.42.0 in /example ([#​4140](https://redirect.github.com/google/go-github/issues/4140)) - build(deps): Bump golang.org/x/net from 0.52.0 to 0.53.0 in /scrape ([#​4139](https://redirect.github.com/google/go-github/issues/4139)) - build(deps): Bump go.opentelemetry.io/otel to v1.43.0 ([#​4135](https://redirect.github.com/google/go-github/issues/4135)) - fix: Expand `sanitizeURL` secrets redactions ([#​4126](https://redirect.github.com/google/go-github/issues/4126)) - build(deps): Bump github.com/alecthomas/kong from 1.14.0 to 1.15.0 in /tools ([#​4132](https://redirect.github.com/google/go-github/issues/4132)) - build(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 in the actions group ([#​4131](https://redirect.github.com/google/go-github/issues/4131)) - feat: Add support for custom names and methods that return structs with multiple `[]*T` fields in `gen-iterators.go` ([#​4128](https://redirect.github.com/google/go-github/issues/4128)) - fix: Limit webhook payload size in `ValidatePayloadFromBody` ([#​4125](https://redirect.github.com/google/go-github/issues/4125)) - build(deps): Bump codecov/codecov-action from 5.5.3 to 6.0.0 ([#​4123](https://redirect.github.com/google/go-github/issues/4123)) - fix: Synchronize `requestCount` in rate limit tests ([#​4124](https://redirect.github.com/google/go-github/issues/4124)) - chore: Simplify `generate.sh` by removing `git worktree` and using generator-based check ([#​4120](https://redirect.github.com/google/go-github/issues/4120)) - docs: Improve comments in /examples ([#​4122](https://redirect.github.com/google/go-github/issues/4122)) - chore: Use `golangci-lint-action`; remove `newreposecretwithlibsodium` ([#​4119](https://redirect.github.com/google/go-github/issues/4119)) - feat: Add custom image endpoints for GitHub-hosted runners ([#​4101](https://redirect.github.com/google/go-github/issues/4101)) - chore: Cache custom golangci-lint binaries in GHA workflow ([#​4116](https://redirect.github.com/google/go-github/issues/4116)) - build(deps): Bump github.com/ProtonMail/go-crypto from 1.4.0 to 1.4.1 in /example ([#​4115](https://redirect.github.com/google/go-github/issues/4115)) - build(deps): Bump golang.org/x/tools from 0.29.0 to 0.43.0 in /tools/extraneous-new ([#​4114](https://redirect.github.com/google/go-github/issues/4114)) - build(deps): Bump codecov/codecov-action from 5.5.2 to 5.5.3 ([#​4112](https://redirect.github.com/google/go-github/issues/4112)) - build(deps): Bump github.com/golangci/plugin-module-register from 0.1.1 to 0.1.2 in /tools/extraneous-new ([#​4113](https://redirect.github.com/google/go-github/issues/4113)) - build(deps): Bump github.com/getkin/kin-openapi from 0.133.0 to 0.134.0 in /tools ([#​4111](https://redirect.github.com/google/go-github/issues/4111)) - build(deps): Bump github.com/PuerkitoBio/goquery from 1.11.0 to 1.12.0 in /scrape ([#​4110](https://redirect.github.com/google/go-github/issues/4110)) - chore: Upgrade deps for linters using dependabot ([#​4107](https://redirect.github.com/google/go-github/issues/4107)) - chore: Use `structfield.Settings` in `check-structfield-settings` ([#​4108](https://redirect.github.com/google/go-github/issues/4108)) - build(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.3 in /example ([#​4109](https://redirect.github.com/google/go-github/issues/4109)) - chore: Remove unnecessary use of `new` and `&SomeStruct{}` and add new `extraneousnew` custom linter ([#​4106](https://redirect.github.com/google/go-github/issues/4106)) - feat: Add `NetworkConfigurationID` and `HostedRunnersURL` to enterprise runner group types ([#​4099](https://redirect.github.com/google/go-github/issues/4099)) - feat: Generate accessors for all fields ([#​4105](https://redirect.github.com/google/go-github/issues/4105)) - feat: Add `ListRunnerGroupHostedRunners` for org runner groups ([#​4100](https://redirect.github.com/google/go-github/issues/4100)) - chore: Enable `default: none` linters; remove duplicated ([#​4097](https://redirect.github.com/google/go-github/issues/4097)) - fix: Use `Cursor` pagination for `*.ListHookDeliveriesIter` ([#​4096](https://redirect.github.com/google/go-github/issues/4096)) - chore: Remove duplicated formatters ([#​4094](https://redirect.github.com/google/go-github/issues/4094)) - chore: Fix typos in comments and tests ([#​4093](https://redirect.github.com/google/go-github/issues/4093)) - chore: Fix typo in CONTRIBUTING.md ([#​4092](https://redirect.github.com/google/go-github/issues/4092)) - chore: Update openapi\_operations.yaml ([#​4091](https://redirect.github.com/google/go-github/issues/4091)) - build(deps): Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.17.0 to 2.18.0 in /example ([#​4084](https://redirect.github.com/google/go-github/issues/4084)) - chore: Bump go.opentelemetry.io/otel to v1.42.0 ([#​4090](https://redirect.github.com/google/go-github/issues/4090)) - build(deps): Bump golang.org/x/crypto from 0.48.0 to 0.49.0 in /example ([#​4081](https://redirect.github.com/google/go-github/issues/4081)) - build(deps): Bump golang.org/x/sync from 0.19.0 to 0.20.0 in /tools ([#​4078](https://redirect.github.com/google/go-github/issues/4078)) - build(deps): Bump golang.org/x/net from 0.51.0 to 0.52.0 in /scrape ([#​4079](https://redirect.github.com/google/go-github/issues/4079)) - test: Add fuzz test for `ParseWebHook` ([#​4076](https://redirect.github.com/google/go-github/issues/4076)) - feat: Add enterprise budgets API ([#​4069](https://redirect.github.com/google/go-github/issues/4069)) - feat: Add list organization fine-grained permissions ([#​4072](https://redirect.github.com/google/go-github/issues/4072)) - feat: Make `script/lint.sh` output simpler to read ([#​4073](https://redirect.github.com/google/go-github/issues/4073)) - chore: Speed up linting ([#​4071](https://redirect.github.com/google/go-github/issues/4071)) - build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.41.0 in /otel ([#​4065](https://redirect.github.com/google/go-github/issues/4065)) - build(deps): Bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /otel ([#​4068](https://redirect.github.com/google/go-github/issues/4068)) - build(deps): Bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.40.0 to 1.41.0 in /example ([#​4062](https://redirect.github.com/google/go-github/issues/4062)) - build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.41.0 in /example ([#​4064](https://redirect.github.com/google/go-github/issues/4064)) - build(deps): Bump github.com/ProtonMail/go-crypto from 1.3.0 to 1.4.0 in /example ([#​4063](https://redirect.github.com/google/go-github/issues/4063)) - feat: Add `client_id` field to `App` ([#​4060](https://redirect.github.com/google/go-github/issues/4060)) - test: Simplify `CopilotService` tests ([#​4058](https://redirect.github.com/google/go-github/issues/4058)) - test: Fix flaky `TestDo_rateLimit_abuseRateLimitError_xRateLimitReset` ([#​4057](https://redirect.github.com/google/go-github/issues/4057)) - feat: Add support for enterprise audit log streaming API ([#​4035](https://redirect.github.com/google/go-github/issues/4035)) - feat: Add repository-level immutable releases settings ([#​4039](https://redirect.github.com/google/go-github/issues/4039)) - chore: Add `SAS` as a common initialism to `structfield` ([#​4054](https://redirect.github.com/google/go-github/issues/4054)) - fix: Fix data race on Windows ([#​4051](https://redirect.github.com/google/go-github/issues/4051)) - docs: Fix grammar in `README.md` ([#​4053](https://redirect.github.com/google/go-github/issues/4053)) - chore: Simplify form value assertions in tests ([#​4048](https://redirect.github.com/google/go-github/issues/4048)) - chore: Bump go-github from v83 to v84 in /scrape ([#​4050](https://redirect.github.com/google/go-github/issues/4050)) </details> <details> <summary>gitlab-org/api/client-go (gitlab.com/gitlab-org/api/client-go)</summary> ### [`v2.24.1`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.24.1) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.24.0...v2.24.1) #### 2.24.1 ##### 🐛 Bug Fixes - fix: add FormattedText field to OrbitGraphStatus and OrbitStatus ([!2876](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2876)) by [Dmitry Gruzd](https://gitlab.com/dgruzd) #### [2.24.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.24.0...v2.24.1) (2026-05-05) ##### Bug Fixes * add FormattedText field to OrbitGraphStatus and OrbitStatus ([9457ddc](https://gitlab.com/gitlab-org/api/client-go/commit/9457ddc690600ea50953bfb8df632ac0b39cd90c)) ### [`v2.24.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.24.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.23.0...v2.24.0) #### 2.24.0 ##### 🚀 Features - feat: Add search_type as attribute to search endpoints ([!2851](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2851)) by [Heidi Berry](https://gitlab.com/heidi.berry) ### [2.24.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.23.0...v2.24.0) (2026-05-04) ##### Features * Add search_type as attribute to search endpoints ([4d345e9](https://gitlab.com/gitlab-org/api/client-go/commit/4d345e9f76af8ebd016d3d55fbe039250a1fafb4)) ### [`v2.23.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.23.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.22.0...v2.23.0) #### 2.23.0 ##### 🚀 Features - feat: add OrbitService for Knowledge Graph endpoints ([!2870](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2870)) by [Dmitry Gruzd](https://gitlab.com/dgruzd) ##### 🔄 Other Changes - chore(deps): update module buf.build/go/protovalidate to v1.2.0 ([!2865](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2865)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.23.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.22.0...v2.23.0) (2026-05-04) ##### Features * add OrbitService for Knowledge Graph endpoints ([2ff460f](https://gitlab.com/gitlab-org/api/client-go/commit/2ff460f3a809e3ad9f2065b0144dfcb4d4f5e6d3)) ### [`v2.22.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.22.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.21.0...v2.22.0) #### 2.22.0 ##### 🚀 Features - Add package pipeline data. ([!2834](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2834)) by [Jimmy Spagnola](https://gitlab.com/jspagnola) ##### 🔄 Other Changes - chore(deps): update module golang.org/x/text to v0.36.0 ([!2874](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2874)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golang docker tag ([!2873](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2873)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update docker docker tag to v29.4.1 ([!2869](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2869)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor(no-release): use HTTP status code constants ([!2868](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2868)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [2.22.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.21.0...v2.22.0) (2026-05-04) ### [`v2.21.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.21.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.1...v2.21.0) #### 2.21.0 ##### 🚀 Features - Add BulkImports API functions and tests ([!2846](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2846)) by [Kalyaan Kanugula](https://gitlab.com/kalyaan09) ##### 🔄 Other Changes - Add missing `URLVariables` attribute to group_hooks ([!2866](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2866)) by [Mark Nessen](https://gitlab.com/mness) - docs: fix incorrect phrase 'to that' -> 'so' ([!2861](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2861)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - docs: fix missing 'of' in contributing guide ([!2860](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2860)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - style: remove duplicated wording in Go version sentence ([!2859](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2859)) by [Bob Singh](https://gitlab.com/bobsingh.dev) ### [2.21.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.1...v2.21.0) (2026-04-27) ### [`v2.20.1`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#2210-2026-04-27) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) #### 2.20.1 ##### 🐛 Bug Fixes - Fix potential panic in MergeRequest.UnmarshalJSON label detail loop ([!2858](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2858)) by [Zubeen](https://gitlab.com/syedzubeen) #### [2.20.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) (2026-04-20) #### 2.20.0 ##### 🚀 Features - Add missing system hook api options ([!2847](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2847)) by [Zack Knight](https://gitlab.com/zachkknowbe4) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.4.0 ([!2854](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2854)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module github.com/google/cel-go to v0.28.0 ([!2855](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2855)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.20.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#2210-2026-04-27) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.19.0...v2.20.0) #### 2.20.1 ##### 🐛 Bug Fixes - Fix potential panic in MergeRequest.UnmarshalJSON label detail loop ([!2858](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2858)) by [Zubeen](https://gitlab.com/syedzubeen) #### [2.20.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) (2026-04-20) #### 2.20.0 ##### 🚀 Features - Add missing system hook api options ([!2847](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2847)) by [Zack Knight](https://gitlab.com/zachkknowbe4) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.4.0 ([!2854](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2854)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module github.com/google/cel-go to v0.28.0 ([!2855](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2855)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.19.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.19.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.18.0...v2.19.0) #### 2.19.0 ##### 🚀 Features - feat: Add PackageRegistryAccessLevel to Project structs ([!2852](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2852)) by [Caleb Madara](https://gitlab.com/calebmadara58) ### [2.19.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.18.0...v2.19.0) (2026-04-15) ##### Features * Add PackageRegistryAccessLevel to Project structs ([4ce63da](https://gitlab.com/gitlab-org/api/client-go/commit/4ce63da9528e6e0da40fd7240a41236a385d7bfe)) ### [`v2.18.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.18.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.17.0...v2.18.0) #### 2.18.0 ##### 🚀 Features - Feat: Add support for application setting secret_push_protection_available ([!2849](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2849)) by [Rizart Dona](https://gitlab.com/rizart_d) ##### 🔄 Other Changes - fix: Correct Example Section in README ([!2850](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2850)) by [Jonathan Bowe](https://gitlab.com/boweflex) ### [2.18.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.17.0...v2.18.0) (2026-04-14) ##### Bug Fixes * Correct Example Section in README ([c0759d9](https://gitlab.com/gitlab-org/api/client-go/commit/c0759d99b2eefbd4501a0e960530ee5a73ec0084)) ### [`v2.17.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.17.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.16.0...v2.17.0) #### 2.17.0 ##### 🚀 Features - Resolve "Add endpoint support for archiving/unarchiving groups" ([!2848](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2848)) by [Jonathan Bowe](https://gitlab.com/boweflex) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.3.1 ([!2841](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2841)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(no-release): enable gocritic linter ([!2842](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2842)) by [Oleksandr Redko](https://gitlab.com/alexandear) - chore(deps): update module golang.org/x/oauth2 to v0.36.0 ([!2835](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2835)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module golang.org/x/text to v0.35.0 ([!2837](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2837)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.17.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.16.0...v2.17.0) (2026-04-10) ### [`v2.16.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.16.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.15.0...v2.16.0) #### 2.16.0 ##### 🚀 Features - feat: Add PagesUniqueDomainDefaultEnabled to Settings API ([!2845](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2845)) by [Mohamed Mongy](https://gitlab.com/mohamedmongy96) ### [2.16.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.15.0...v2.16.0) (2026-04-04) ##### Features * Add PagesUniqueDomainDefaultEnabled to Settings API ([d27f3af](https://gitlab.com/gitlab-org/api/client-go/commit/d27f3af69ae8569117c51f716d00b3b116e9f88c)) ### [`v2.15.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.15.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.14.0...v2.15.0) #### 2.15.0 ##### 🚀 Features - feat: Add approved_at field in merge request approvals API ([!2844](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2844)) by [Mohamed Asan N](https://gitlab.com/hassyyy) ### [2.15.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.14.0...v2.15.0) (2026-04-04) ##### Features * Add approved_at field in merge request approvals API ([528ac9e](https://gitlab.com/gitlab-org/api/client-go/commit/528ac9ea36377454fcae3cd7eb27b9d47f69a1cd)) ### [`v2.14.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.14.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.13.0...v2.14.0) #### 2.14.0 ##### 🚀 Features - feat: add support for DisablePasswordAuthenticationForUsersWithSSOIdentities... ([!2839](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2839)) by [Lorenz Vonlanthen](https://gitlab.com/loelu) ### [2.14.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.13.0...v2.14.0) (2026-04-03) ##### Features * add support for DisablePasswordAuthenticationForUsersWithSSOIdentities... ([6b88f05](https://gitlab.com/gitlab-org/api/client-go/commit/6b88f05609dfc6861da406b205fe1c2750c0b3e8)) ### [`v2.13.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.13.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.12.0...v2.13.0) #### 2.13.0 ##### 🚀 Features - feat: Added WithAuthSourceStrategy option to allow configuring multiple token source priority ([!2815](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2815)) by [Павлов Александр](https://gitlab.com/alexpts) ### [2.13.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.12.0...v2.13.0) (2026-04-01) ##### Features * Added WithAuthSourceStrategy option to allow configuring multiple token source priority ([2261c80](https://gitlab.com/gitlab-org/api/client-go/commit/2261c80c289d94a0053997f203544847bc961f12)) ### [`v2.12.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.12.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.11.0...v2.12.0) #### 2.12.0 ##### 🚀 Features - fix: update HostKey field name to FingerprintSHA256 for consistency ([!2840](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2840)) by [Oleksandr Redko](https://gitlab.com/alexandear) - Add push mirror host_keys to the go client. ([!2832](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2832)) by [Jimmy Spagnola](https://gitlab.com/jspagnola) ##### 🔄 Other Changes - Fix: improve URL validation warning logging context and correct typo ([!2830](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2830)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - chore(no-release): fix typos in comments and unexported function ([!2831](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2831)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [2.12.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.11.0...v2.12.0) (2026-04-01) ##### Bug Fixes * update HostKey field name to FingerprintSHA256 for consistency ([1b7fcfb](https://gitlab.com/gitlab-org/api/client-go/commit/1b7fcfb0ed002b007b8cadcc8e81ba529e48705b)) ### [`v2.11.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.11.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.10.0...v2.11.0) #### 2.11.0 ##### 🚀 Features - Deprecate project approval password auth, add reauth to approve ([!2825](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2825)) by [Heidi Berry](https://gitlab.com/heidi.berry) ##### 🔄 Other Changes - Fix typo in UpdateLabel comment ([!2827](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2827)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - Fix runner comment typo ([!2828](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2828)) by [Bob Singh](https://gitlab.com/bobsingh.dev) ### [2.11.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.10.0...v2.11.0) (2026-03-30) ### [`v2.10.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1380-2026-02-19) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.9.0...v2.10.0) ##### Features - **events:** Add missing parameters for label operations and update documentation links ([11b9f08](https://gitlab.com/gitlab-org/api/client-go/commit/11b9f08b37a4c2ada9413259282f163f28b94051)) - **labels:** add missing params and edit links ([ec1b92b](https://gitlab.com/gitlab-org/api/client-go/commit/ec1b92bff403c10446ab1ff6566a3a638871bb7e)) #### 1.37.0 ##### 🚀 Features - Support system & system\_action fields for merge event attributes ([!2737](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2737)) by [Artem Mikheev](https://gitlab.com/renbou) ##### 🔄 Other Changes - Update links of geo\_sites.go ([!2782](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2782)) by [Mohamed Mongy](https://gitlab.com/mohamedmongy96) - chore(deps): update dependency golangci-lint to v2.10.1 ([!2770](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2770)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.10.1 ([!2771](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2771)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.10.0 ([!2769](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2769)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update dependency golangci-lint to v2.10.0 ([!2768](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2768)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.9.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1330-2026-02-13) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.8.0...v2.9.0) #### 1.32.0 ##### 🚀 Features - Implement endpoints for runner controller scopes ([!2758](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2758)) by [Timo Furrer](https://gitlab.com/timofurrer) ##### 🔄 Other Changes - test(namespaces): Address test feedback to simplify the test ([!2744](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2744)) by [Patrick Rice](https://gitlab.com/PatrickRice) - chore(deps): update golangci/golangci-lint docker tag to v2.9.0 ([!2755](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2755)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update dependency golangci-lint to v2.9.0 ([!2754](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2754)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.8.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1130-2026-01-12) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.7.0...v2.8.0) ##### Features - **groups:** add Active parameter to ListGroupProjects ([dec511a](https://gitlab.com/gitlab-org/api/client-go/commit/dec511a199b0adb7ba87f5a02a50651049b68b71)) #### 1.12.0 ##### 🚀 Features - feat: add EmojiEvents field support to Project Webhooks ([!2653](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2653)) by [Yugan](https://gitlab.com/yugannkt) ##### 🔄 Other Changes - chore(deps): update dependency golangci-lint to v2.8.0 ([!2650](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2650)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor(no-release): use errors.New instead of fmt.Errorf ([!2644](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2644)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [`v2.7.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#170-2025-12-06) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.6.0...v2.7.0) ##### Features - **users:** Add support for a user to see only one file diff per page ([e2a9e09](https://gitlab.com/gitlab-org/api/client-go/commit/e2a9e09e79e7949e0b19dcfc97e3b7b533541856)) #### 1.6.0 ##### 🚀 Features - feat: add admin compliance policy settings API ([!2610](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2610)) by [Hannes Lange](https://gitlab.com/hlange4) ##### 🔄 Other Changes - doc: fix typo ([!2603](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2603)) by [Guilhem Bonnefille](https://gitlab.com/gbonnefille) - chore(deps): update golangci/golangci-lint docker tag to v2.7.1 ([!2611](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2611)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update docker docker tag to v29.1.2 ([!2609](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2609)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.7.0 ([!2608](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2608)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.6.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#01590-2025-11-04) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.5.0...v2.6.0) ##### Features - **integrations:** add group integration API endpoints for Jira ([09e18ee](https://gitlab.com/gitlab-org/api/client-go/commit/09e18ee598bb7805ac8221f6a05426b1785f9011)) #### 0.158.0 ##### 🚀 Features - Add support to send variables for GraphQL queries ([!2562](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2562)) by [rafasf](https://gitlab.com/rafasf) ##### 🔄 Other Changes - chore(deps): update module cel.dev/expr to v0.25.0 ([!2560](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2560)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(no-release): standardize GitLab name capitalization ([!2551](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2551)) by [Zubeen](https://gitlab.com/syedzubeen) - chore(deps): update golangci/golangci-lint docker tag to v2.6.0 ([!2558](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2558)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor: moved comments to interface 2 ([!2557](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2557)) by [Zubeen](https://gitlab.com/syedzubeen) - refactor: moved comments to interface ([!2556](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2556)) by [Zubeen](https://gitlab.com/syedzubeen) - refactor(test): avoid panic in tests with goroutines ([!2553](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2553)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [`v2.5.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.5.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.4.0...v2.5.0) #### 2.5.0 ##### 🚀 Features - feat(workitems): Implement `UpdateWorkItem()` ([!2793](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2793)) by [Carlos Corona](https://gitlab.com/ccorona2) ##### 🔄 Other Changes - chore(deps): update dependency golangci-lint to v2.11.2 ([!2810](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2810)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - test(no-release): replace reflect.DeepEqual with testify ([!2809](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2809)) by [Oleksandr Redko](https://gitlab.com/alexandear) - feat: allow OAuth success callback page to self-close when possible ([!2808](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2808)) by [Case Taintor](https://gitlab.com/case.taintor) - chore(deps): update dependency golangci-lint to v2.11.1 ([!2806](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2806)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.5.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.4.0...v2.5.0) (2026-03-09) ##### Features * allow OAuth success callback page to self-close when possible ([dca2e12](https://gitlab.com/gitlab-org/api/client-go/commit/dca2e12095fe0c2f185784469a8ea904db1a1be5)) * **workitems:** Implement `UpdateWorkItem()` ([b93a55e](https://gitlab.com/gitlab-org/api/client-go/commit/b93a55e316ae95db3d23ff404c46c081db0ad3c7)) ### [`v2.4.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.4.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.3.0...v2.4.0) #### 2.4.0 ##### 🚀 Features - Reflect latest runner controller API changes ([!2803](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2803)) by [Timo Furrer](https://gitlab.com/timofurrer) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.3.0 ([!2804](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2804)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.4.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.3.0...v2.4.0) (2026-03-06) ### [`v2.3.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.3.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.1...v2.3.0) #### 2.3.0 ##### 🚀 Features - feat: add new endpoint for fetching all the runner manager information ([!2802](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2802)) by [Aayush](https://gitlab.com/Aayush-Saini) ### [2.3.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.1...v2.3.0) (2026-03-05) ##### Features * add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) ### [`v2.2.1`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#230-2026-03-05) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) ##### Features - add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) #### 2.2.1 ##### 🐛 Bug Fixes - fix: Add `/v2` suffix to module path. ([!2801](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2801)) by [Florian Forster](https://gitlab.com/fforster) #### [2.2.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) (2026-03-04) ##### Bug Fixes - Add `/v2` suffix to module path. ([4237f6a](https://gitlab.com/gitlab-org/api/client-go/commit/4237f6aa292dd8a8eeeca64adeac1a1f121293a6)), closes [#​2239](https://gitlab.com/gitlab-org/api/client-go/issues/2239) #### 2.2.0 ##### 🚀 Features - feat(workitems): Implement `CreateWorkItem()`. ([!2751](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2751)) by [Florian Forster](https://gitlab.com/fforster) ### [`v2.2.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#230-2026-03-05) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.1.0...v2.2.0) ##### Features - add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) #### 2.2.1 ##### 🐛 Bug Fixes - fix: Add `/v2` suffix to module path. ([!2801](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2801)) by [Florian Forster](https://gitlab.com/fforster) #### [2.2.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) (2026-03-04) ##### Bug Fixes - Add `/v2` suffix to module path. ([4237f6a](https://gitlab.com/gitlab-org/api/client-go/commit/4237f6aa292dd8a8eeeca64adeac1a1f121293a6)), closes [#​2239](https://gitlab.com/gitlab-org/api/client-go/issues/2239) #### 2.2.0 ##### 🚀 Features - feat(workitems): Implement `CreateWorkItem()`. ([!2751](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2751)) by [Florian Forster](https://gitlab.com/fforster) ### [`v2.1.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.1.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.0.0...v2.1.0) #### 2.1.0 ##### 🚀 Features - feat(workitems): Add more fields to WorkItem ([!2795](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2795)) by [Florian Forster](https://gitlab.com/fforster) ##### 🔄 Other Changes - Implement body preserver to enable HTTP response body streaming ([!2746](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2746)) by [Timo Furrer](https://gitlab.com/timofurrer) ### [2.1.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.0.0...v2.1.0) (2026-03-03) ##### Features * **workitems:** Add more fields to WorkItem ([7088f6f](https://gitlab.com/gitlab-org/api/client-go/commit/7088f6f22945efd7b87a473e0e5ec9dade34c811)) ### [`v2.0.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.0.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v1.46.0...v2.0.0) #### 2.0.0 ##### 💥 Breaking Changes - Release client-go 2.0 ([!2763](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2763)) by [Patrick Rice](https://gitlab.com/PatrickRice) ##### 🔄 Other Changes - Addtl 2 0 changes ([!2796](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2796)) by [Patrick Rice](https://gitlab.com/PatrickRice) ### [2.0.0](https://gitlab.com/gitlab-org/api/client-go/compare/v1.46.0...v2.0.0) (2026-03-02) * Release client-go 2.0 ([47b65ee](https://gitlab.com/gitlab-org/api/client-go/commit/47b65ee9079e2cdb328eb381a7b9bd1ef6801dd0)) ##### Bug Fixes * **ci:** update gocover-cobertura to v1.4.0 for Go 1.24+ compatibility ([1d03b20](https://gitlab.com/gitlab-org/api/client-go/commit/1d03b20802fb2fcb64e5c7a322bbea7b475fd11c)) * **group_members:** using ISOTime instead of time.Time for BillableUserMembership.ExpiresAt ([e7e58c6](https://gitlab.com/gitlab-org/api/client-go/commit/e7e58c69c1c22c91aa75f85816dd835e0163b839)) * package protection access level variable type ([5574bbb](https://gitlab.com/gitlab-org/api/client-go/commit/5574bbbf2f63b47d67ddfbf98528a3f1bad8e3c3)) * **workitems:** Handle absent status widget in `WorkItem`. ([859fb26](https://gitlab.com/gitlab-org/api/client-go/commit/859fb26f2896ae803343366ad575656a8b7aafad)) ##### Features * use Nullable[int64] for label priority ([096ed09](https://gitlab.com/gitlab-org/api/client-go/commit/096ed098d18dd1e5445bf5d9a953290f2b08a6dc)) ##### BREAKING CHANGES * Release 2.0 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
b29af98a36 |
ci(renovate): update Go import paths on major bumps (#37641)
Enable `gomodUpdateImportPaths` so Renovate rewrites import paths (e.g. `foo/v2` → `foo/v3`) across the repo when bumping Go modules across major versions. --- This PR was written with the help of Claude Opus 4.7 Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Lunny Xiao
|
5d87a70af9 |
fix(packages): Add label for private and internal package and fix composor package source permission check (#37610)
- Add permission checks for Composer package source links - Add private/internal visibility labels for packages, similar to repository visibility labels <img width="969" height="571" alt="image" src="https://github.com/user-attachments/assets/8a8ec3a0-bfbd-4dd6-b45b-58eda5db1a2d" /> - Add a link to change package visibility <img width="1309" height="208" alt="image" src="https://github.com/user-attachments/assets/3fa82b23-4c63-4a5e-b3f0-d37a103231ee" /> - Update link package descriptions <img width="1308" height="265" alt="image" src="https://github.com/user-attachments/assets/2c80b50e-5ffe-4d96-aedd-aa15964c4e05" /> --------- Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> |
||
|
silverwind
|
5dc9d621fd |
refactor: replace Fomantic search module with first-party code (#37443)
- Replace fomantic `search` code with minimal first-party code - Added a small fix to vertically align search box and search button - Manually tested all search forms. - Add `errorName` helper, similar to `errorMessage`. Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Giteabot
|
a603f89fce |
fix(deps): update npm dependencies (#37636)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@typescript-eslint/parser](https://typescript-eslint.io/packages/parser)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser))
| [`8.59.1` →
`8.59.2`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.59.1/8.59.2)
|
|
|
| [eslint-plugin-vue](https://eslint.vuejs.org)
([source](https://redirect.github.com/vuejs/eslint-plugin-vue)) |
[`10.9.0` →
`10.9.1`](https://renovatebot.com/diffs/npm/eslint-plugin-vue/10.9.0/10.9.1)
|
|
|
| [jiti](https://redirect.github.com/unjs/jiti) | [`2.6.1` →
`2.7.0`](https://renovatebot.com/diffs/npm/jiti/2.6.1/2.7.0) |
|
|
| [postcss](https://postcss.org/)
([source](https://redirect.github.com/postcss/postcss)) | [`8.5.13` →
`8.5.14`](https://renovatebot.com/diffs/npm/postcss/8.5.13/8.5.14) |
|
|
| [stylelint](https://stylelint.io)
([source](https://redirect.github.com/stylelint/stylelint)) | [`17.10.0`
→
`17.11.0`](https://renovatebot.com/diffs/npm/stylelint/17.10.0/17.11.0)
|
|
|
|
[typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint))
| [`8.59.1` →
`8.59.2`](https://renovatebot.com/diffs/npm/typescript-eslint/8.59.1/8.59.2)
|
|
|
| [updates](https://redirect.github.com/silverwind/updates) | [`17.16.8`
→ `17.16.9`](https://renovatebot.com/diffs/npm/updates/17.16.8/17.16.9)
|
|
|
---
### Release Notes
<details>
<summary>typescript-eslint/typescript-eslint
(@​typescript-eslint/parser)</summary>
###
[`v8.59.2`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8592-2026-05-04)
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.1...v8.59.2)
This was a version bump only for parser to align it with other projects,
there were no code changes.
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.2)
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning) and
[releases](https://typescript-eslint.io/users/releases) on our website.
</details>
<details>
<summary>vuejs/eslint-plugin-vue (eslint-plugin-vue)</summary>
###
[`v10.9.1`](https://redirect.github.com/vuejs/eslint-plugin-vue/blob/HEAD/CHANGELOG.md#1091)
[Compare
Source](https://redirect.github.com/vuejs/eslint-plugin-vue/compare/v10.9.0...v10.9.1)
##### Patch Changes
- Updated peer dependency version for
[`vue-eslint-parser`](https://redirect.github.com/vuejs/vue-eslint-parser)
to fix parsing errors in Vue SFCs
([#​3075](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3075))
</details>
<details>
<summary>unjs/jiti (jiti)</summary>
###
[`v2.7.0`](https://redirect.github.com/unjs/jiti/blob/HEAD/CHANGELOG.md#v270)
[Compare
Source](https://redirect.github.com/unjs/jiti/compare/v2.6.1...v2.7.0)
[compare
changes](https://redirect.github.com/unjs/jiti/compare/v2.6.1...v2.7.0)
##### 🚀 Enhancements
- Add explicit resource management (using/await using) support
([#​422](https://redirect.github.com/unjs/jiti/pull/422))
- Support opt-in `tsconfigPaths`
([#​427](https://redirect.github.com/unjs/jiti/pull/427))
- Support virtual modules option
([#​428](https://redirect.github.com/unjs/jiti/pull/428))
- Add `jiti/static` export
([#​430](https://redirect.github.com/unjs/jiti/pull/430))
##### 🔥 Performance
- **interopDefault:** Add caching to reduce proxy overhead by \~2x
([#​421](https://redirect.github.com/unjs/jiti/pull/421))
##### 🩹 Fixes
- **require:** Passthrough resolve options
([#​412](https://redirect.github.com/unjs/jiti/pull/412))
- **ci:** Skip `--coverage` flag for node 18
([fe264b4](https://redirect.github.com/unjs/jiti/commit/fe264b4))
- **require:** Fallback to transpilation when `tryNative` fails
([#​413](https://redirect.github.com/unjs/jiti/pull/413))
- Fallback for `ENAMETOOLONG` when evaluating esm
([#​429](https://redirect.github.com/unjs/jiti/pull/429))
##### 📦 Build
- Upgrade rspack
([55194fb](https://redirect.github.com/unjs/jiti/commit/55194fb))
- Experimental rolldown config
([8c0243f](https://redirect.github.com/unjs/jiti/commit/8c0243f))
##### 🏡 Chore
- Fix lint issues
([4045c7a](https://redirect.github.com/unjs/jiti/commit/4045c7a))
- Update deps
([e88ac44](https://redirect.github.com/unjs/jiti/commit/e88ac44))
- Update deps
([498e8d7](https://redirect.github.com/unjs/jiti/commit/498e8d7))
- Add missing prettier dep
([650bc48](https://redirect.github.com/unjs/jiti/commit/650bc48))
- Lint ([058d91a](https://redirect.github.com/unjs/jiti/commit/058d91a))
- Init agents.md
([c49c54e](https://redirect.github.com/unjs/jiti/commit/c49c54e))
- Update agents.md
([4deba16](https://redirect.github.com/unjs/jiti/commit/4deba16))
- Update deps
([
|
||
|
Giteabot
|
e1f0f9e896 |
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 (#37637)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | code.gitea.io/sdk/gitea | `v0.24.1` → `v0.25.0` |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> |
||
 pomidorry
|
67f86bc3fe |
feat(api): add last_sync to repository API (#37566)
This PR adds a new repository API field, `mirror_last_sync_at`, to expose the timestamp of the last successful pull mirror sync. Unlike `mirror_updated`, this field does not affect mirror scheduling and is updated only after a successful pull sync. Failed sync attempts leave the value unchanged. What changed - added `mirror_last_sync_at` to the repository API response - updated pull mirror sync flow to persist the timestamp only on successful sync - kept `mirror_updated` behavior unchanged for queue/scheduling purposes `mirror_updated` is currently tied to mirror queue behavior, so it cannot safely represent the last successful sync time. The new field makes that state explicit for API consumers without changing scheduling semantics. --------- Signed-off-by: pomidorry <106489913+Pomidorry@users.noreply.github.com> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
 TheFox0x7
|
c78c84c3ca |
test(e2e): run playwright via container (#37300)
Enable running playwright tests on unsupported platforms as well Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
a61598884f |
feat(editor): broaden language detection in web code editor (#37619)
Use https://github.com/github-linguist/linguist/blob/main/lib/linguist/languages.yml to substantially improve syntax higlighting in Codemirror. File is generated on-demand only. Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
 Copilot
|
0a3aaeafe7 |
refactor(log): replace log.Critical with log.Error (#37624)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> |
||
|
wxiaoguang
|
093c9e8ee6 |
fix: "run as root" check (#37622)
Remove the hacky and fragile `sed os.Getuid()` patch. |
||
|
silverwind
|
ce089f498b |
fix: improve actions status icons and texts (#37206)
Action runs, jobs and steps have 8 statuses but the UI only showed 5
(from the commit status api) for the latter two. Align all 8 to GitHub
as closely as possible:
- waiting — `octicon-circle` (hollow circle), gray
- blocked — `octicon-blocked` (slashed circle), yellow
- running — `gitea-running` (rotating spinner), yellow
- cancelled — `octicon-stop` (gray), was `octicon-x` (red)
Descriptions also aligned with GitHub:
- "Has started running" → "In progress"
- "Has been cancelled" → "Cancelled after {dur}"
- "Has been skipped" → "Skipped"
Fixes: https://github.com/go-gitea/gitea/issues/32228
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Nicolas <bircni@icloud.com>
|
||
|
silverwind
|
a5d81d9ce2 |
perf: replace goheader linter with custom check (#37599)
Replace the [slow `goheader` linter](https://github.com/denis-tingaikin/go-header/issues/70) with a custom check. Local go lint time is down from 247s to 32s. 6 new files that were previously undetected because of `//go:build ignore` are fixed. The exit code of the make target preserves the golangci-lint exit code, if present. Also refactors and consolidates the linting targets. Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
 dependabot[bot]
|
73c0239f94 |
build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#37616)
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.1.0 to 3.1.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastify/fast-uri/releases">fast-uri's releases</a>.</em></p> <blockquote> <h2>v3.1.2</h2> <h2>⚠️ Security Release</h2> <ul> <li>Fix for <a href="https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc">https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Handle malformed fragment decoding as a parse error by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/171">fastify/fast-uri#171</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2">https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2</a></p> <h2>v3.1.1</h2> <h2>⚠️ Security Release</h2> <ul> <li>Fix for <a href="https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6">https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6</a></li> </ul> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/148">fastify/fast-uri#148</a></li> <li>build(deps): bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/149">fastify/fast-uri#149</a></li> <li>chore(.npmrc): ignore scripts by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/150">fastify/fast-uri#150</a></li> <li>build(deps-dev): remove <code>@fastify/pre-commit</code> by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/151">fastify/fast-uri#151</a></li> <li>build(deps): bump actions/setup-node from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/152">fastify/fast-uri#152</a></li> <li>ci(ci): add concurrency config by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/153">fastify/fast-uri#153</a></li> <li>build(deps): bump actions/setup-node from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/154">fastify/fast-uri#154</a></li> <li>build(deps): bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/156">fastify/fast-uri#156</a></li> <li>chore(license): standardise license notice by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/159">fastify/fast-uri#159</a></li> <li>style: remove trailing whitespace by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/161">fastify/fast-uri#161</a></li> <li>ci: remove unused github files by <a href="https://github.com/Tony133"><code>@Tony133</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/162">fastify/fast-uri#162</a></li> <li>chore: update readme by <a href="https://github.com/Tony133"><code>@Tony133</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/164">fastify/fast-uri#164</a></li> <li>build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/165">fastify/fast-uri#165</a></li> <li>build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/166">fastify/fast-uri#166</a></li> <li>build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/167">fastify/fast-uri#167</a></li> <li>ci: add lock-threads workflow by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/169">fastify/fast-uri#169</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Tony133"><code>@Tony133</code></a> made their first contribution in <a href="https://redirect.github.com/fastify/fast-uri/pull/162">fastify/fast-uri#162</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1">https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9"><code>919dd8e</code></a> Bumped v3.1.2</li> <li><a href="https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07"><code>c65ba57</code></a> fixup: linting</li> <li><a href="https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293"><code>6c86c17</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796"><code>a95158a</code></a> Handle malformed fragment decoding without throwing (<a href="https://redirect.github.com/fastify/fast-uri/issues/171">#171</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d"><code>cea547c</code></a> Bumped v3.1.1</li> <li><a href="https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35"><code>876ce79</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0"><code>dcdf690</code></a> ci: add lock-threads workflow (<a href="https://redirect.github.com/fastify/fast-uri/issues/169">#169</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c"><code>c860e65</code></a> build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (<a href="https://redirect.github.com/fastify/fast-uri/issues/167">#167</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f"><code>9b4c6dc</code></a> build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (<a href="https://redirect.github.com/fastify/fast-uri/issues/166">#166</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24"><code>85d09a9</code></a> build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...</li> <li>Additional commits viewable in <a href="https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/go-gitea/gitea/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
wxiaoguang
|
1ed935f911 |
fix: make clone URL respect public URL detection setting (#37615)
Fix #37614 |
||
 techknowlogick
|
ef040c5fc4 |
chore(deps): bump go-git/go-git/v5 to 5.19.0 (#37608)
Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Giteabot
|
c81eca9904 |
chore(deps): update action dependencies (#37603)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/labeler](https://redirect.github.com/actions/labeler) | action | minor | `v6.0.1` → `v6.1.0` | | [aws-actions/configure-aws-credentials](https://redirect.github.com/aws-actions/configure-aws-credentials) | action | patch | `v6.1.0` → `v6.1.1` | | [docker.elastic.co/elasticsearch/elasticsearch](https://www.elastic.co/products/elasticsearch) ([source](https://redirect.github.com/elastic/elasticsearch)) | service | patch | `8.19.14` → `8.19.15` | | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.12` → `v46.1.13` | --- ### Release Notes <details> <summary>actions/labeler (actions/labeler)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/labeler/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/labeler/compare/v6.0.1...v6.1.0) #### Enhancements - Add changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by [@​bluca](https://redirect.github.com/bluca) in [#​923](https://redirect.github.com/actions/labeler/pull/923) #### Bug Fixes - Improve Labeler Action documentation and permission error handling by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​897](https://redirect.github.com/actions/labeler/pull/897) - Preserve manually added labels during workflow runs and refine label synchronization logic by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​917](https://redirect.github.com/actions/labeler/pull/917) #### Dependency Updates - Upgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by [@​dependabot](https://redirect.github.com/dependabot) in [#​877](https://redirect.github.com/actions/labeler/pull/877) - Upgrade minimatch from 10.0.1 to 10.2.3 by [@​dependabot](https://redirect.github.com/dependabot) in [#​926](https://redirect.github.com/actions/labeler/pull/926) - Upgrade dependencies ([@​actions/core](https://redirect.github.com/actions/core), [@​actions/github](https://redirect.github.com/actions/github), js-yaml, minimatch, [@​typescript-eslint](https://redirect.github.com/typescript-eslint)) by [@​Copilot](https://redirect.github.com/Copilot) in [#​934](https://redirect.github.com/actions/labeler/pull/934) #### New Contributors - [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) made their first contribution in [#​897](https://redirect.github.com/actions/labeler/pull/897) - [@​bluca](https://redirect.github.com/bluca) made their first contribution in [#​923](https://redirect.github.com/actions/labeler/pull/923) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [#​934](https://redirect.github.com/actions/labeler/pull/934) **Full Changelog**: <https://github.com/actions/labeler/compare/v6...v6.1.0> </details> <details> <summary>aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)</summary> ### [`v6.1.1`](https://redirect.github.com/aws-actions/configure-aws-credentials/releases/tag/v6.1.1) [Compare Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1) ##### What's Changed - chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1722](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1722) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.0 to 25.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1723](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1723) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.12 to 4.2.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1724](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1724) - chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1726](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1726) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.5.1 to 4.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1725](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1725) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1020.0 to 3.1025.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1727](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1727) - chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1728](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1728) - chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1729](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1729) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.2 to 25.6.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1730](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1730) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.24 to 3.972.25 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1733](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1733) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1025.0 to 3.1030.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1732](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1732) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.10 to 2.4.11 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1734](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1734) - chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1736](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1736) - chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1737](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1737) - chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1740](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1740) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.13 to 4.2.14 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1741](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1741) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.25 to 3.972.28 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1742](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1742) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1030.0 to 3.1033.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1743](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1743) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.11 to 2.4.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1739](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1739) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.12 to 2.4.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1747](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1747) - chore(deps): bump postcss from 8.5.6 to 8.5.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1752](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1752) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.6.0 to 4.6.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1750](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1750) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.28 to 3.972.32 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1751](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1751) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1033.0 to 3.1038.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1749](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1749) - chore: release 6.1.1 by [@​lehmanmj](https://redirect.github.com/lehmanmj) in [#​1757](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1757) **Full Changelog**: <https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1> </details> <details> <summary>elastic/elasticsearch (docker.elastic.co/elasticsearch/elasticsearch)</summary> ### [`v8.19.15`](https://redirect.github.com/elastic/elasticsearch/releases/tag/v8.19.15): Elasticsearch 8.19.15 [Compare Source](https://redirect.github.com/elastic/elasticsearch/compare/v8.19.14...v8.19.15) Downloads: <https://elastic.co/downloads/elasticsearch> Release notes: <https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.15.html> </details> <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.13`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.13) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.12...v46.1.13) ##### Documentation - update references to renovatebot/github-action to v46.1.12 ([a871d4d](https://redirect.github.com/renovatebot/github-action/commit/a871d4d5460d222ef1b9b6d9c7c9a9224e582780)) ##### Miscellaneous Chores - **deps:** update dependency [@​commitlint/cli](https://redirect.github.com/commitlint/cli) to v20.5.2 ([67a74d1](https://redirect.github.com/renovatebot/github-action/commit/67a74d123d2876d138af089da96b130b49963b52)) - **deps:** update pnpm to v10.33.1 ([5932d6c](https://redirect.github.com/renovatebot/github-action/commit/5932d6c4e6423886397f74fa3e1f43f75d08b639)) - **deps:** update pnpm to v10.33.2 ([580c97f](https://redirect.github.com/renovatebot/github-action/commit/580c97f45b94ac6c4cf344cae6557fa67ffcf1e6)) ##### Build System - **deps:** lock file maintenance ([d044e7d](https://redirect.github.com/renovatebot/github-action/commit/d044e7df57b284a83ba0184247f960f00ca99d19)) ##### Continuous Integration - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.159.1 ([a7db9c3](https://redirect.github.com/renovatebot/github-action/commit/a7db9c38fdfec235881c95a3f634d0e98351a897)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.159.2 ([f9133ef](https://redirect.github.com/renovatebot/github-action/commit/f9133ef80db08316ae9064a6639804e2781bf4ac)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.0 ([212d525](https://redirect.github.com/renovatebot/github-action/commit/212d52574e89808037dd90d27dad2a1ea2f69f22)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.1 ([e3443ce](https://redirect.github.com/renovatebot/github-action/commit/e3443ceef9af4bfb10853b55f8a23c5625289bb8)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.2 ([833041b](https://redirect.github.com/renovatebot/github-action/commit/833041bb68593fa1d2e2704abedd40037914481b)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.4 ([60cc865](https://redirect.github.com/renovatebot/github-action/commit/60cc8654e18da2e1d7164c13b1437fcf26a1dce8)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.5 ([2c7567a](https://redirect.github.com/renovatebot/github-action/commit/2c7567a8f829497ca73badab029c722f61e0c561)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.6 ([35caad2](https://redirect.github.com/renovatebot/github-action/commit/35caad2c6a948000e0be2215db7dcdbf0c183541)) </details> --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
silverwind
|
479bcdb503 |
fix(actions): fix blank lines after ::endgroup:: (#37597)
`endLogGroup` was incorrectly appending empty `<div>`s, producing a useless blank line after every group. Before and after: <img width="250" alt="Screenshot 2026-05-07 at 22 40 40" src="https://github.com/user-attachments/assets/8baf0fd0-99c8-4648-bf3f-edc6c4b197ec" /> <img width="250" alt="Screenshot 2026-05-07 at 22 37 12" src="https://github.com/user-attachments/assets/c45f28ae-1bbf-4b25-9d7b-281c19421f63" /> --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
silverwind
|
29676adfd3 |
fix: treat email addresses case-insensitively (#37600)
Fixes #36184 and three more discovered cases. --- This PR was written with the help of Claude Opus 4.7 --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Lunny Xiao
|
7dc3087acd |
fix(git): Fix smart http request scope bug (#37583)
Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: silverwind <me@silverwind.io> |
||
|
Giteabot
|
243c2d7146 |
chore(deps): update dependency go to v1.26.3 (#37601)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [go](https://go.dev/) ([source](https://redirect.github.com/golang/go)) | golang | patch | `1.26.2` → `1.26.3` | --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> |
||
|
silverwind
|
82d40296b0 |
chore(deps): bump tool deps and pin, update golangci-lint (#37574)
1. Pin all makefile go deps to exact version, renovate will bump them in the future 2. Bump all deps and golangci-lint and fix all new issues, most are from modernize Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
b4085c7e3c |
build: update pnpm to v11 (#37591)
Update to https://github.com/pnpm/pnpm/releases/tag/v11.0.0 - move all pnpm settings to `pnpm-workspace.yaml`, pnpm v11 only reads that file - drop redundant or no-op settings - disable `strictDepBuilds` to avoid having to manually specify deps with build scripts, this is equivalent to v10 where it will not execute and warn. - add workarounds for https://github.com/SukkaW/nolyfill/issues/119 - remove dead eslintrc entry --- This PR was written with the help of Claude Opus 4.7 --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
|
silverwind
|
bba748e8b5 |
chore(renovate): detect Makefile tools, enable go bumps (#37595)
- fix detection of Makefile tools and group them separately - Enable `go.mod` `go` directive bumps, schedule it at any time and exempt it from the release-age delay Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
wxiaoguang
|
2b93eaf55b |
refactor: only reset a database table when the table's data was changed (#37573)
Reduce CI time Saves about 3 minutes for each test suit test-unit: 13min -> 10min (-race) test-pgsql: 24min -> 20min (-race) test-mysql: 15min -> 12min test-mssql: 16min -> 12min --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
6a509da96e |
refactor: lint bare fill/stroke colors, add vars for git graph color series (#37543)
- make `scale-unlimited/declaration-strict-value` cover fill and stroke - add new color vars for color series in gitgraph - move most rule disablement to per-line - remove dead highlight colors since https://github.com/go-gitea/gitea/pull/34948 - move stylelint config to ts now that the linked issue is fixed Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Nicolas
|
601c6eb1a0 |
fix(actions): report individual step status in workflow job API response (#37592)
When a workflow job failed, the API response reported all steps as failed — even steps that had completed successfully before the failing step. `ToActionWorkflowJob` was calling `ToActionsStatus(job.Status)` for every step instead of `ToActionsStatus(step.Status)`, so the job's overall conclusion was propagated to each step. Each `ActionTaskStep` has its own `Status` field that tracks the actual outcome of that step independently of the job result. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
||
|
silverwind
|
e9f82b0ee3 |
ci: allow chore type in PR title lint (#37575)
Follow-up to #37498, adds `chore` to the allowed PR title types so the set matches the standard [`@commitlint/config-conventional`](https://github.com/conventional-changelog/commitlint/tree/868983c18efcb6fa835197cc9b2275545e528ad4/%40commitlint/config-conventional#type-enum). --- This PR was written with the help of Claude Opus 4.7 --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
3e69d6adbe |
refactor: remove obsolete export (#37579)
Leftover from https://github.com/go-gitea/gitea/commit/2644bb8490e7d6e3be5c4548b02c76eacd196569, not needed because module no longer does top-level-await. Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Nicolas
|
c9b9e376fb | fix: Invalid UTF-8 commit messages in JSON API responses (#37542) | ||
|
Nicolas
|
2200ed7499 |
fix: use consistent GetUser family functions (#37553)
fixes adding collaborative owners in Actions settings when the user or organization name contains capital letters. Fixes #37548 --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> |
