summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Implement FSFE REUSE for golang files (#21840)flynnnnnnnnnn2022-11-271872-3749/+1887
| | | | | | | | | Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Correct the fallbacks for mailer configuration (#21945)zeripath2022-11-275-94/+96
| | | | | | | | | | | | | | | Unfortunately the fallback configuration code for [mailer] that were added in #18982 are incorrect. When you read a value from an ini section that key is added. This leads to a failure of the fallback mechanism. Further there is also a spelling mistake in the startTLS configuration. This PR restructures the mailer code to first map the deprecated settings on to the new ones - and then use ini.MapTo to map those on to the struct with additional validation as necessary. Ref #21744 Signed-off-by: Andrew Thornton <art27@cantab.net>
* [skip ci] Updated licenses and gitignoresKN4CK3R2022-11-272-0/+20
|
* Fix typos (#21947)KN4CK3R2022-11-272-5/+5
| | | | | | | | | | | | | Two typos The `recieve` typo is also present in a translation. https://github.com/go-gitea/gitea/blob/5f38acd9a08958024e8bbf47bcc482c79d844e44/options/locale/locale_sv-SE.ini#L1760 Someone with a Crowdin account should fix that. ... and in a license file but I don't think we can change that because that's the official text. https://github.com/go-gitea/gitea/blob/5f38acd9a08958024e8bbf47bcc482c79d844e44/options/license/xinetd#L21
* Fix markdown anchor re-clicking (#21931)silverwind2022-11-261-6/+9
| | | | | | | | | The hashchange event did not fire on re-click of a active anchor. Instead, use the click event which always fires. Fixes: https://github.com/go-gitea/gitea/issues/21680 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Prevent NPE if trying to restore an already restored deleted branch (#21940)zeripath2022-11-252-0/+10
| | | | | | | | | | If a deleted-branch has already been restored, a request to restore it again will cause a NPE. This PR adds detection for this case, but also disables buttons when they're clicked in order to help prevent accidental repeat requests. Fix #21930 Signed-off-by: Andrew Thornton <art27@cantab.net>
* add rel="me" to org.website link (#21941)Meisam2022-11-251-1/+1
| | | This lets organizations verify their link on 3rd party websites.
* Fix typo in sidebar (#21934)KN4CK3R2022-11-251-1/+1
| | | | | Same as #21922 I used the npm file as template which was a bad idea to spot these casing errors...
* fix(web): keep the pages of the navigation in the center (#21867)Percy Ma2022-11-252-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | Keep the pages of the navigation in the center <table> <tr> <th>Before</th> <th>After</th> </tr> <tr> <td> <img width="200" alt="image" src="https://user-images.githubusercontent.com/45708948/202838756-d6d57b3f-8144-4a43-a33b-ea7c8ab3a495.png"> </td> <td> <img width="192" alt="image" src="https://user-images.githubusercontent.com/45708948/202838740-bbae1e86-b14c-421d-92d4-d0e53d5952a2.png"> </td> </tr> </table> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Workaround for container registry push/pull errors (#21862)KN4CK3R2022-11-255-4/+103
| | | | | | | | | | | | | | | This PR addresses #19586 I added a mutex to the upload version creation which will prevent the push errors when two requests try to create these database entries. I'm not sure if this should be the final solution for this problem. I added a workaround to allow a reupload of missing blobs. Normally a reupload is skipped because the database knows the blob is already present. The workaround checks if the blob exists on the file system. This should not be needed anymore with the above fix so I marked this code to be removed with Gitea v1.20. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix scroll over mermaid frame (#21925)silverwind2022-11-241-1/+1
| | | | | | | | | | When starting a scroll while the mouse is over a mermaid diagram, the scroll sometimes propagates to the iframe, preventing the parent page from scrolling. Fix this by disabling scroll inside the iframe. This is not a problem because those frames are never meant to scroll. Bug seems to affect Firefox only. ![scroll](https://user-images.githubusercontent.com/115237/203847578-6831e3c8-9df4-4577-8501-822fb9ea1278.gif)
* Add support for HEAD requests in Maven registry (#21834)KN4CK3R2022-11-2419-39/+161
| | | | | Related #18543 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix button in branch list, avoid unexpected page jump before restore branch ↵Xinyu Zhou2022-11-241-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | actually done (#21562) This patch: - Use `<button>` replace anchor link `<a>` in **_Delete/Restore Branch_** button to avoid unexpected page jump before restore branch actually done. - Also replace right side buttons with `<button>` in branch list, let some screen readers know they are buttons. ## Before click restore branch -> restore triggered -> page refreshed, but branch status not update -> manually refresh page <details> https://user-images.githubusercontent.com/76462613/197389108-5a0bd259-0455-40b2-92ac-4326900276f8.mp4 </details> ## After waiting restore done -> page refresh -> branch status update <details> https://user-images.githubusercontent.com/76462613/197428683-616fcbd2-70f9-4572-bf76-e0b7f77b6dd7.mp4 </details> Signed-off-by: baronbunny <its@baronbunny.cn> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix typo in sidebar (#21922)KN4CK3R2022-11-241-1/+1
|
* Fix table misalignments and tweak webhook and githook lists (#21917)silverwind2022-11-243-13/+13
| | | | | | | | - Fix regression from #21893 which had misaligned a few tables like repo lists and e-mails - Bring githooks list in line with webhooks list for styling - Change webhook list icons to just colored dots, like githook list - Increase size of dot in webhook and githook list from 16 to 22px
* Fix flex layout for repo list icons (#21896)Xinyu Zhou2022-11-231-2/+2
| | | | | | #20241 Added a tooltip, which does not satisfy the flex layout, and the icons are not aligned Signed-off-by: Xinyu Zhou <i@sourcehut.net>
* Add index for access_token (#21908)Jason Song2022-11-233-1/+20
| | | | The `token_last_eight` field has been used in `GetAccessTokenBySHA `:
* Fix vertical align of committer avatar rendered by email address (#21884)Xinyu Zhou2022-11-232-5/+9
| | | | | | | | Committer avatar rendered by `func AvatarByEmail` are not vertical align as `func Avatar` does. - Replace literals `ui avatar` and `ui avatar vm` with the constant `DefaultAvatarClass`
* Improve docker rootless documentation (#21913)Xinyu Zhou2022-11-231-4/+20
| | | | | | | | Emphasize folder creation/permission granting Signed-off-by: Xinyu Zhou <i@sourcehut.net> Signed-off-by: Xinyu Zhou <i@sourcehut.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Ensure that Webhook tasks are not double delivered (#21558)zeripath2022-11-234-32/+99
| | | | | | | | | | | | | | | | | | When re-retrieving hook tasks from the DB double check if they have not been delivered in the meantime. Further ensure that tasks are marked as delivered when they are being delivered. In addition: * Improve the error reporting and make sure that the webhook task population script runs in a separate goroutine. * Only get hook task IDs out of the DB instead of the whole task when repopulating the queue * When repopulating the queue make the DB request paged Ref #17940 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move migration test fixtures to the correct directories (#21901)zeripath2022-11-2320-0/+0
| | | | | | | | | Unfortunately #21549 changed the name of Testcases without changing their associated fixture directories. Fix #21854 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* feat: add button to quickly clear merge message (#21548)kolaente2022-11-233-0/+16
| | | | | | | | | | | | | | | | | | | This PR adds a button to allow quickly clearing the merge message of a PR. The button will remove everything but the git trailers. I found myself often pruning the commit message before merging, especially for PRs generated by renovate - renovate puts a very long and detailed comment with the full changelog in each PR it opens. This clutters the commit message. However, I want to explicitly preserve the git commit trailers. Doing this manually works, but having a button is a lot easier. Screenshot: ![image](https://user-images.githubusercontent.com/13721712/197337525-d456d0f8-1f7c-43a9-815d-ca93b1e7a90a.png) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: delvh <dev.lh@web.de>
* Handle empty author names (#21902)zeripath2022-11-232-2/+8
| | | | | | | | | | | Although git does expect that author names should be of the form: `NAME <EMAIL>` some users have been able to create commits with: `<EMAIL>` Fix #21900 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move all remaining colors into CSS variables (#21903)silverwind2022-11-238-43/+199
| | | | | This should eliminate all non-variable color usage in the styles, making gitea fully themeable via CSS variables. Also, it adds a linter to enforce variables for colors.
* Add option to enable CAPTCHA validation for login (#21638)Xinyu Zhou2022-11-2214-180/+128
| | | | | | | | | | | | | | | | | Enable this to require captcha validation for user login. You also must enable `ENABLE_CAPTCHA`. Summary: - Consolidate CAPTCHA template - add CAPTCHA handle and context - add `REQUIRE_CAPTCHA_FOR_LOGIN` config and docs - Consolidate CAPTCHA set-up and verification code Partially resolved #6049 Signed-off-by: Xinyu Zhou <i@sourcehut.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Prepend refs/heads/ to issue template refs (#20461)zeripath2022-11-224-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix #20456 At some point during the 1.17 cycle abbreviated refishs to issue branches started breaking. This is likely due serious inconsistencies in our management of refs throughout Gitea - which is a bug needing to be addressed in a different PR. (Likely more than one) We should try to use non-abbreviated `fullref`s as much as possible. That is where a user has inputted a abbreviated `refish` we should add `refs/heads/` if it is `branch` etc. I know people keep writing and merging PRs that remove prefixes from stored content but it is just wrong and it keeps causing problems like this. We should only remove the prefix at the time of presentation as the prefix is the only way of knowing umambiguously and permanently if the `ref` is referring to a `branch`, `tag` or `commit` / `SHA`. We need to make it so that every ref has the appropriate prefix, and probably also need to come up with some definitely unambiguous way of storing `SHA`s if they're used in a `ref` or `refish` field. We must not store a potentially ambiguous `refish` as a `ref`. (Especially when referring a `tag` - there is no reason why users cannot create a `branch` with the same short name as a `tag` and vice versa and any attempt to prevent this will fail. You can even create a `branch` and a `tag` that matches the `SHA` pattern.) To that end in order to fix this bug, when parsing issue templates check the provided `Ref` (here a `refish` because almost all users do not know or understand the subtly), if it does not start with `refs/` add the `BranchPrefix` to it. This allows people to make their templates refer to a `tag` but not to a `SHA` directly. (I don't think that is particularly unreasonable but if people disagree I can make the `refish` be checked to see if it matches the `SHA` pattern.) Next we need to handle the issue links that are already written. The links here are created with `git.RefURL` Here we see there is a bug introduced in #17551 whereby the provided `ref` argument can be double-escaped so we remove the incorrect external escape. (The escape added in #17551 is in the right place - unfortunately I missed that the calling function was doing the wrong thing.) Then within `RefURL()` we check if an unprefixed `ref` (therefore potentially a `refish`) matches the `SHA` pattern before assuming that is actually a `commit` - otherwise is assumed to be a `branch`. This will handle most of the problem cases excepting the very unusual cases where someone has deliberately written a `branch` to look like a `SHA1`. But please if something is called a `ref` or interpreted as a `ref` make it a full-ref before storing or using it. By all means if something is a `branch` assume the prefix is removed but always add it back in if you are using it as a `ref`. Stop storing abbreviated `branch` names and `tag` names - which are `refish` as a `ref`. It will keep on causing problems like this. Fix #20456 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fixes #21895: standardize UTC tz for util tests (#21897)Felipe Leopoldo Sologuren Gutiérrez2022-11-221-2/+2
| | | Standardize UTC timezone for `translateMonth` and `translateDay` tests.
* Clarify logging documentation (#21665)mpeter502022-11-221-100/+168
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | My pull request changes the logging documentation that is visible here: https://docs.gitea.io/en-us/logging-configuration/ The reason behind the changes is that for some time I've found the logging documentation confusing, and wanted to give a try at making it more clear. --- If you find the existing changes to be ok, please don't merge yet, as I have further ideas which I want to discuss with you before making the changes. ### Swap the "Log Groups" and "Log outputs" sections. I want to move the "Log outputs" section before the "Log Groups" section. The reason is that the "Log Groups" section refers to ini sections that are only later explained, and to concepts that are general and should be documented in "Log outputs" or a different section. This change is essentially a swap of the "Log Groups" and "Log outputs" sections. That way the doumentation would follow the structure in which the ini file is built: first explaining the outer sections, and then the inner ones ([log], [log.name], [log.name.default], ...) ### Explain the workings of ambigous settings below the settings listing Right now the basics of a setting is shown later than the explanation of its special workings, for example with `FILE_NAME` at [the file output mode](https://docs.gitea.io/en-us/logging-configuration/#file-mode) (well, if the first changes are taken into account). Currently I have `TODO` witten at 2 settings, which I have to figure out how do they exactly work before I can document them. ### New section about [log] New section after "Collecting Logs for Help" about how the top level [log] itself works and what can go there. Currently, variables that directly go into [log] are noted throughout the whole document. --- Please let me know what you think about the changes. A counterargument that I myself see is that some of this is already present in the cheatsheet, but I think it would be better to have [this document](https://docs.gitea.io/en-us/logging-configuration/) as a throrough explanation of how logging is configured, and the cheatsheet would only have a short outline of the possible sections and variables. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update JS dependencies (#21881)silverwind2022-11-2219-1332/+1077
| | | | | | | | - Update all JS deps - Regenerate SVGs - Add new eslint rules, fix issues - Tested Mermaid, Swagger, Vue, Webpack, Citation Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Webhook list enhancements (#21893)silverwind2022-11-225-10/+14
|
* Embed Matrix icon as SVG (#21890)silverwind2022-11-218-9/+9
| | | | | | | | | | Embed the SVG icon directly, making further invertion unnecessary because the icon color can now follow text color. <img width="240" alt="Screenshot 2022-11-21 at 20 16 32" src="https://user-images.githubusercontent.com/115237/203142189-89f20de9-c0bd-4d05-92c0-44dadf20d78f.png"> <img width="245" alt="Screenshot 2022-11-21 at 20 16 46" src="https://user-images.githubusercontent.com/115237/203142191-658239ba-1859-49c6-91ad-10ddf14780d0.png">
* fix(web): add `alt` for logo in home page (#21887)Percy Ma2022-11-211-1/+1
| | | add `alt` for logo in home page
* Improvements for Content Copy (#21842)silverwind2022-11-2112-29/+144
| | | | | | | | | It now supports copying Markdown, SVG and Images (not in Firefox currently because of lacking [`ClipboardItem`](https://developer.mozilla.org/en-US/docs/Web/API/ClipboardItem) support, but can be enabled in `about:config` and works). It will fetch the data if in a rendered view or when it's an image. Followup to https://github.com/go-gitea/gitea/pull/21629.
* Replace yaml.v2 with yaml.v3 (#21832)Jason Song2022-11-2110-16/+15
| | | | I don't see why we have to use two versions of yaml. The difference between the two versions has nothing to do with our usage.
* Allow disable RSS/Atom feed (#21622)Xinyu Zhou2022-11-2110-15/+40
| | | | | | | This patch provide a mechanism to disable RSS/Atom feed. Signed-off-by: Xinyu Zhou <i@sourcehut.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Consolidate security-check into checks-backend (#21882)silverwind2022-11-212-12/+2
| | | Also, run it via exact version instead of relying on global binary.
* Improve documentation for PAM and static deployment (#21866)Andrew Buettner2022-11-202-6/+47
| | | | | | | | | | | ## Changes proposed in [referenced issue 21845][1] - Expand PAM configuration description with working examples. - Clarify `STATIC_URL_PREFIX` use (include "assets" and only works after database has been initialized) - Add note for HTTPS proxy support VIA Apache. [1]: https://github.com/go-gitea/gitea/issues/21845
* Add package registry cleanup rules (#21658)KN4CK3R2022-11-2027-36/+1243
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes #20514 Fixes #20766 Fixes #20631 This PR adds Cleanup Rules for the package registry. This allows to delete unneeded packages automatically. Cleanup rules can be set up from the user or org settings. Please have a look at the documentation because I'm not a native english speaker. Rule Form ![grafik](https://user-images.githubusercontent.com/1666336/199330792-c13918a6-e196-4e71-9f53-18554515edca.png) Rule List ![grafik](https://user-images.githubusercontent.com/1666336/199331261-5f6878e8-a80c-4985-800d-ebb3524b1a8d.png) Rule Preview ![grafik](https://user-images.githubusercontent.com/1666336/199330917-c95e4017-cf64-4142-a3e4-af18c4f127c3.png) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Support comma-delimited string as labels in issue template (#21831)Jason Song2022-11-197-133/+362
| | | | | | | | | | | | | | | The [labels in issue YAML templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms#top-level-syntax) can be a string array or a comma-delimited string, so a single string should be valid labels. The old codes committed in #20987 ignore this, that's why the warning is displayed: <img width="618" alt="image" src="https://user-images.githubusercontent.com/9418365/202112642-93dc72d0-71c3-40a2-9720-30fc2d48c97c.png"> Fixes #17877.
* Fix wechatwork webhook sends empty content in PR review (#21762)Jim Kirisame2022-11-191-1/+1
| | | | | | | | | | | Wechatwork webhook is sending the following string for pull request reviews: ``` markdown # > ``` This commit fixes this problem.
* Show syntax lexer name in file view/blame (#21814)silverwind2022-11-1911-72/+132
| | | | | | | | | | | | | | | | | | | | | | Show which Chroma Lexer is used to highlight the file in the file header. It's useful for development to see what was detected, and I think it's not bad info to have for the user: <img width="233" alt="Screenshot 2022-11-14 at 22 31 16" src="https://user-images.githubusercontent.com/115237/201770854-44933dfc-70a4-487c-8457-1bb3cc43ea62.png"> <img width="226" alt="Screenshot 2022-11-14 at 22 36 06" src="https://user-images.githubusercontent.com/115237/201770856-9260ce6f-6c0f-442c-92b5-201e5b113188.png"> <img width="194" alt="Screenshot 2022-11-14 at 22 36 26" src="https://user-images.githubusercontent.com/115237/201770857-6f56591b-80ea-42cc-8ea5-21b9156c018b.png"> Also, I improved the way this header overflows on small screens: <img width="354" alt="Screenshot 2022-11-14 at 22 44 36" src="https://user-images.githubusercontent.com/115237/201774828-2ddbcde1-da15-403f-bf7a-6248449fa2c5.png"> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* Add `context.Context` to more methods (#21546)KN4CK3R2022-11-19148-1561/+1408
| | | | | | | This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Timeline and color tweaks (#21799)silverwind2022-11-1914-47/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to https://github.com/go-gitea/gitea/pull/21784. - Restore muted effect on timeline author and issuelist comment icon - Remove whitespace inside shared user templates, fixing link hover underline - Use shared author link template more - Use `bold` class instead of CSS - Fix grey-light color being too dark on arc-green - Add missing black-light color - Fix issuelist progress bar color - Fix various other cases of missing `.muted` <img width="416" alt="Screenshot 2022-11-13 at 12 15 22" src="https://user-images.githubusercontent.com/115237/201519497-1d4725c6-bc8b-47b5-9f68-1278ac9a8c92.png"> <img width="324" alt="Screenshot 2022-11-13 at 12 16 52" src="https://user-images.githubusercontent.com/115237/201519501-c0d03700-f9af-4316-ab46-482f2c7c738b.png"> <img width="79" alt="Screenshot 2022-11-13 at 12 30 55" src="https://user-images.githubusercontent.com/115237/201519502-46dc2d73-bbdf-4a2e-84d3-d2976f793163.png"> <img width="440" alt="Screenshot 2022-11-13 at 12 41 03" src="https://user-images.githubusercontent.com/115237/201519876-ada33948-f84a-4aeb-a40d-5c873f9a49e9.png"> <img width="213" alt="Screenshot 2022-11-13 at 12 52 54" src="https://user-images.githubusercontent.com/115237/201520291-a4d7238e-aeca-46c7-9008-8b644b1b676e.png"> <img width="208" alt="Screenshot 2022-11-13 at 12 56 16" src="https://user-images.githubusercontent.com/115237/201520436-aa8ba109-b959-42fb-831a-021e806c7082.png"> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix webpack license warning (#21815)silverwind2022-11-181-1/+2
| | | | | | | | | | | | | | #19999 introduced a indirect dependency with a license that was not on our allowlist yet which produced this warning during webpack: ```` WARNING in License: citeproc@2.4.62 has disallowed license CPAL-1.0 OR AGPL-1.0 ```` I've added both licenses to the allowed list and made it so webpack will now abort on such license errors so that we don't miss those next time. Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* chore: add webpack export type check (#21857)Percy Ma2022-11-181-0/+1
| | | | | add webpack export type check Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Prevent dangling user redirects (#21856)Gusted2022-11-182-0/+4
| | | | | | - It's possible that the `user_redirect` table contains a user id that no longer exists. - Delete a user redirect upon deleting the user. - Add a check for these dangling user redirects to check-db-consistency.
* Fix "build from source" document to clarify the `bindata` tag is required. ↵wxiaoguang2022-11-181-6/+5
| | | | (#21853)
* Bump loader-utils from 2.0.3 to 2.0.4 (#21852)dependabot[bot]2022-11-171-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [loader-utils](https://github.com/webpack/loader-utils) from 2.0.3 to 2.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/webpack/loader-utils/releases">loader-utils's releases</a>.</em></p> <blockquote> <h2>v2.0.4</h2> <h3><a href="https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4">2.0.4</a> (2022-11-11)</h3> <h3>Bug Fixes</h3> <ul> <li>ReDoS problem (<a href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/225">#225</a>) (<a href="https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb">ac09944</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md">loader-utils's changelog</a>.</em></p> <blockquote> <h3><a href="https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4">2.0.4</a> (2022-11-11)</h3> <h3>Bug Fixes</h3> <ul> <li>ReDoS problem (<a href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/225">#225</a>) (<a href="https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb">ac09944</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/webpack/loader-utils/commit/6688b5028106f144ee9f543bebc8e6a87b57829f"><code>6688b50</code></a> chore(release): 2.0.4</li> <li><a href="https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb"><code>ac09944</code></a> fix: ReDoS problem (<a href="https://github-redirect.dependabot.com/webpack/loader-utils/issues/225">#225</a>)</li> <li>See full diff in <a href="https://github.com/webpack/loader-utils/compare/v2.0.3...v2.0.4">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=loader-utils&package-manager=npm_and_yarn&previous-version=2.0.3&new-version=2.0.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/go-gitea/gitea/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Do not allow Ghost access to limited visible user/org (#21849)KN4CK3R2022-11-171-2/+3
| | | | | | The Ghost user should not be allowed to have access to a limited visible user/org. Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix setting HTTP headers after write (#21833)KN4CK3R2022-11-185-54/+68
| | | The headers can't be modified after it was send to the client.