aboutsummaryrefslogtreecommitdiffstats
path: root/go.mod
Commit message (Collapse)AuthorAgeFilesLines
* Remove external API calls in `TestPassword` (#30716)silverwind2024-05-021-0/+2
| | | | | | | | | | | The test had a dependency on `https://api.pwnedpasswords.com` which caused many failures on CI recently: ``` --- FAIL: TestPassword (2.37s) pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers) FAIL coverage: 82.9% of statements ```
* Upgrade chi-binding (#30826)Lunny Xiao2024-05-021-1/+1
| | | Front port #30742
* Bump `github.com/google/go-github` to v61 (#30738)Chongyi Zheng2024-04-281-1/+1
|
* Use `ProtonMail/go-crypto` for `opengpg` in tests (#30736)Chongyi Zheng2024-04-271-1/+1
|
* Use maintained gziphandler (#30592)Lunny Xiao2024-04-211-2/+1
| | | | | | | | Replace #27894 --------- Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Replace MSSQL driver with a better maintained version (#30390)Lunny Xiao2024-04-111-1/+1
| | | | | | | | As the latest tag of `github.com/denisenkom/go-mssqldb` is in 2022, but as a fork of it, `github.com/microsoft/go-mssqldb` has more activities than the original repository. We can convert the driver to the fork. Since the interface of Go database driver are the same, it should have no any affect for the end users.
* Upgrade `golang.org/x/net` to v0.24.0 (#30283)silverwind2024-04-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Result of `go get -u golang.org/x/net; make tidy`. This is related to the following vulncheck warning: ``` There are 2 vulnerabilities in modules that you require that are neither imported nor called. You may not need to take any action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck for details. Vulnerability #1: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Module: golang.org/x/net Found in: golang.org/x/net@v0.22.0 Fixed in: golang.org/x/net@v0.23.0 Vulnerability #2: GO-2022-0470 No access control in github.com/blevesearch/bleve and bleve/v2 More info: https://pkg.go.dev/vuln/GO-2022-0470 Module: github.com/blevesearch/bleve/v2 Found in: github.com/blevesearch/bleve/v2@v2.3.10 Fixed in: N/A ```
* Upgrade Go 1.22 and upgrade dependency (#29869)wxiaoguang2024-03-171-76/+77
|
* Update Chroma to v2.13.0 (#29732)JakobDev2024-03-121-2/+2
| | | | | | | | | This adds new lexers and includes some fixes. See https://github.com/alecthomas/chroma/releases/tag/v2.13.0 for the full changelog. --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Make runs-on support variable expression (#29468)sillyguodong2024-03-081-1/+1
| | | | | | | | As title. Close issue: https://gitea.com/gitea/act_runner/issues/445 Follow: https://gitea.com/gitea/act/pulls/91 Move `getSecretsOfTask` and `getVariablesOfTask` under `models` because of circular dependency issues.
* Partially enable MSSQL case-sensitive collation support (#29238)wxiaoguang2024-03-081-5/+5
| | | Follow #28662
* bump protobuf module (#29617)techknowlogick2024-03-051-1/+1
|
* Use `crypto/sha256` (#29386)KN4CK3R2024-02-251-1/+1
| | | | | | | | Go 1.21 improved the performance of `crypto/sha256`. It's now similar to `minio/sha256-simd`, so we should just use the standard libs. https://go.dev/doc/go1.21#crypto/sha256 https://go-review.googlesource.com/c/go/+/408795 https://github.com/multiformats/go-multihash/pull/173
* Revert "Support SAML authentication (#25165)" (#29358)65432024-02-241-5/+0
| | | | | | | | | | This reverts #25165 (5bb8d1924d77c675467694de26697b876d709a17), as there was a chance some important reviews got missed. so after reverting this patch it will be resubmitted for reviewing again https://github.com/go-gitea/gitea/pull/25165#issuecomment-1960670242 temporary Open #5512 again
* Support SAML authentication (#25165)techknowlogick2024-02-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Closes https://github.com/go-gitea/gitea/issues/5512 This PR adds basic SAML support - Adds SAML 2.0 as an auth source - Adds SAML configuration documentation - Adds integration test: - Use bare-bones SAML IdP to test protocol flow and test account is linked successfully (only runs on Postgres by default) - Adds documentation for configuring and running SAML integration test locally Future PRs: - Support group mapping - Support auto-registration (account linking) Co-Authored-By: @jackHay22 --------- Co-authored-by: jackHay22 <jack@allspice.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: morphelinho <morphelinho@users.noreply.github.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Yarden Shoham <git@yardenshoham.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io>
* Use new RPM constants (#28931)KN4CK3R2024-01-251-1/+1
| | | https://github.com/sassoftware/go-rpmutils/pull/24 got merged.
* Update go dependencies and fix go-git (#28893)wxiaoguang2024-01-231-49/+47
| | | | | More details are in the comment of repo_base_gogit.go And ref: https://github.com/go-git/go-git/issues/1006
* Upgrade xorm to v1.3.7 to fix a resource leak problem caused by Iterate (#28891)Lunny Xiao2024-01-221-1/+1
| | | Mainly fix an error https://gitea.com/xorm/xorm/issues/2393
* Set the `isPermaLink` attribute to `false` in the `guid` sub-element (#28860)Yarden Shoham2024-01-201-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Our `guid` is not a valid URL so according to the RSS spec the `isPermaLink` attribute needs to be set to `false`. Example: ```diff <item> <title>yardenshoham opened issue &lt;a href=&#34;https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2&#34;&gt;yardenshoham/test#2&lt;/a&gt;</title> <link>https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</link> <description>2#hey</description> <content:encoded><![CDATA[2#hey]]></content:encoded> <author>yardenshoham</author> - <guid>355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid> + <guid isPermaLink="false">355: https://3000-yardenshoham-gitea-jqlxjixsez9.ws-us107.gitpod.io/yardenshoham/test/issues/2</guid> <pubDate>Tue, 16 Jan 2024 18:54:36 +0000</pubDate> </item> ``` References: - https://www.rssboard.org/rss-specification#ltguidgtSubelementOfLtitemgt - Fixes https://github.com/go-gitea/gitea/issues/28734 - https://github.com/gorilla/feeds/issues/78 - https://github.com/go-gitea/gitea/pull/21550 - https://github.com/gorilla/feeds/pull/107 Signed-off-by: Yarden Shoham <git@yardenshoham.com>
* Update github.com/cloudflare/circl (#28789)Chongyi Zheng2024-01-151-1/+1
| | | | | | cloudflare/circl: https://github.com/advisories/GHSA-9763-4f94-gfch Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)wxiaoguang2024-01-101-1/+1
| | | | | | | | | | | | | | | | | | Mainly for MySQL/MSSQL. It is important for Gitea to use case-sensitive database charset collation. If the database is using a case-insensitive collation, Gitea will show startup error/warning messages, and show the errors/warnings on the admin panel's Self-Check page. Make `gitea doctor convert` work for MySQL to convert the collations of database & tables & columns. * Fix #28131 ## :warning: BREAKING :warning: It is not quite breaking, but it's highly recommended to convert the database&table&column to a consistent and case-sensitive collation.
* Upgrade xorm to new version which supported update join for all supported ↵Lunny Xiao2023-12-311-1/+1
| | | | | | | | | | | | | | | | | | | | | | | databases (#28590) Fix https://github.com/go-gitea/gitea/pull/28547#issuecomment-1867740842 Since https://gitea.com/xorm/xorm/pulls/2383 merged, xorm now supports UPDATE JOIN. To keep consistent from different databases, xorm use `engine.Join().Update`, but the actural generated SQL are different between different databases. For MySQL, it's `UPDATE talbe1 JOIN table2 ON join_conditions SET xxx Where xxx`. For MSSQL, it's `UPDATE table1 SET xxx FROM TABLE1, TABLE2 WHERE join_conditions`. For SQLITE per https://www.sqlite.org/lang_update.html, sqlite support `UPDATE table1 SET xxx FROM table2 WHERE join conditions` from 3.33.0(2020-8-14). POSTGRES is the same as SQLITE.
* Update go dependencies (#28518)wxiaoguang2023-12-191-82/+82
| | | | | Update golang.org/x/crypto for CVE-2023-48795 and update other packages. `go-git` is not updated because it needs time to figure out why some tests fail.
* Bump google/go-github to v57 (#28514)Yevhen Pavlov2023-12-181-1/+1
|
* Improve CLI code and descriptions (#28482)wxiaoguang2023-12-151-1/+1
| | | | | | | | | | * Close #28444 * Actually, it doesn't need to use that trick because it looks like it is not necessary, no user really needs it * Remove the hidden (legacy) "doctor" subcommand and update documents * Fix "actions" usage ![image](https://github.com/go-gitea/gitea/assets/2114189/3c2b34a7-4f92-4a6c-96fd-9505e413d4ec)
* Remove SSH workaround (#27893)Earl Warren2023-11-031-1/+1
| | | Revert the workaround of #26409 and fix #26411, update github.com/gliderlabs/ssh to include https://github.com/gliderlabs/ssh/commit/02f9d573009f8c13755b6b90fa14a4f549b17b22
* Upgrade xorm to 1.3.4 (#27807)Nanguan Lin2023-10-271-1/+1
| | | | | | | Noticeable change: Remove the `OrderBy("1") ` [patch](https://github.com/go-gitea/gitea/pull/27673#issuecomment-1768570142) for mssql since xorm has [fixed it](https://gitea.com/xorm/xorm/commit/0f085408afd85707635eadb2294ab52be04f3c0f).
* Chroma v2.10.0 (#27803)bt902023-10-261-1/+1
| | | | | | | Bump the chroma version to v2.10.0: https://github.com/alecthomas/chroma/releases/tag/v2.10.0 This release includes a better Java lexer https://github.com/alecthomas/chroma/pull/873
* Upgrade xorm (#27673)Nanguan Lin2023-10-191-1/+1
| | | Related to https://gitea.com/xorm/xorm/pulls/2341
* Upgrade go dependencies (#27599)Chongyi Zheng2023-10-131-20/+24
| | | | | | | | | | Upgrade all dependencies in `go.mod` `golang.org/x/net` v0.17.0 also fixes [CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8) --------- Co-authored-by: delvh <dev.lh@web.de>
* Downgrade `go-co-op/gocron` to v1.31.1 (#27511)silverwind2023-10-071-1/+1
|
* bump go-deps (#27489)techknowlogick2023-10-071-45/+42
|
* bump bleve (#27300)techknowlogick2023-09-271-10/+10
| | | | | Co-authored-by: yp05327 <576951401@qq.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update go-enry to 2.8.5 (#27215)delvh2023-09-231-1/+1
| | | Fixes #27214
* Update chroma to v2.9.1 (#26990)silverwind2023-09-091-1/+1
|
* Use Go 1.21 and update dependencies (#26878)wxiaoguang2023-09-031-20/+20
| | | | | | To make sure Gitea's next release's lifecycle could have active Golang support. And min/max are builtin now.
* chore(actions): support cron schedule task (#26655)Lunny Xiao2023-08-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace #22751 1. only support the default branch in the repository setting. 2. autoload schedule data from the schedule table after starting the service. 3. support specific syntax like `@yearly`, `@monthly`, `@weekly`, `@daily`, `@hourly` ## How to use See the [GitHub Actions document](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule) for getting more detailed information. ```yaml on: schedule: - cron: '30 5 * * 1,3' - cron: '30 5 * * 2,4' jobs: test_schedule: runs-on: ubuntu-latest steps: - name: Not on Monday or Wednesday if: github.event.schedule != '30 5 * * 1,3' run: echo "This step will be skipped on Monday and Wednesday" - name: Every time run: echo "This step will always run" ``` Signed-off-by: Bo-Yi.Wu <appleboy.tw@gmail.com> --------- Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Update go dependencies (#26534)wxiaoguang2023-08-161-38/+39
|
* Upgrade x/net to 0.13.0 (#26297)Lunny Xiao2023-08-031-1/+1
|
* Update xorm version (#26128)Lunny Xiao2023-07-251-2/+2
| | | | | | | Test new xorm version compatible with Gitea --------- Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Replace gogs/cron with go-co-op/gocron (#25977)Chongyi Zheng2023-07-241-1/+2
| | | | | | | | Replace `github.com/gogs/cron` with `github.com/go-co-op/gocron` as the former package is not maintained for many years. --------- Co-authored-by: delvh <dev.lh@web.de>
* Refactor to use urfave/cli/v2 (#25959)wxiaoguang2023-07-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Replace #10912 And there are many new tests to cover the CLI behavior There were some concerns about the "option order in hook scripts" (https://github.com/go-gitea/gitea/pull/10912#issuecomment-1137543314), it's not a problem now. Because the hook script uses `/gitea hook --config=/app.ini pre-receive` format. The "config" is a global option, it can appear anywhere. ---- ## ⚠️ BREAKING ⚠️ This PR does it best to avoid breaking anything. The major changes are: * `gitea` itself won't accept web's options: `--install-port` / `--pid` / `--port` / `--quiet` / `--verbose` .... They are `web` sub-command's options. * Use `./gitea web --pid ....` instead * `./gitea` can still run the `web` sub-command as shorthand, with default options * The sub-command's options must follow the sub-command * Before: `./gitea --sub-opt subcmd` might equal to `./gitea subcmd --sub-opt` (well, might not ...) * After: only `./gitea subcmd --sub-opt` could be used * The global options like `--config` are not affected
* Remove nfnt/resize and oliamb/cutter (#25999)harryzcy2023-07-201-2/+0
| | | | | The package `github.com/nfnt/resize` is deprecated and archived by the author. `github.com/oliamb/cutter` is not maintained since 2018. We could use `golang.org/x/image/draw` instead.
* Bump github.com/golang-jwt/jwt to v5 (#25975)harryzcy2023-07-191-2/+3
| | | | | | | | | | | | | | | | Bumping `github.com/golang-jwt/jwt` from v4 to v5. `github.com/golang-jwt/jwt` v5 is bringing some breaking changes: - standard `Valid()` method on claims is removed. It's replaced by `ClaimsValidator` interface implementing `Validator()` method instead, which is called after standard validation. Gitea doesn't seem to be using this logic. - `jwt.Token` has a field `Valid`, so it's checked in `ParseToken` function in `services/auth/source/oauth2/token.go` --------- Co-authored-by: Giteabot <teabot@gitea.io>
* Disallow dangerous url schemes (#25960)KN4CK3R2023-07-181-1/+1
| | | | | | | | | | | | Regression: https://github.com/go-gitea/gitea/pull/24805 Closes: #25945 - Disallow `javascript`, `vbscript` and `data` (data uri images still work) url schemes even if all other schemes are allowed - Fixed older `cbthunderlink` tests --------- Co-authored-by: delvh <dev.lh@web.de>
* Upgrade go dependencies (#25819)harryzcy2023-07-141-105/+106
|
* Fix wrong warn messages in migration steps (#25475)Lunny Xiao2023-06-241-1/+1
| | | | | | | | | | | | | | | | | | | The recent change on xorm for `Sync` is it will not warn when database have columns which is not listed on struct. So we just need this warn logs when `Sync` the whole database but not in the migrations Sync. This PR will remove almost unnecessary warning logs on migrations. Now below logs in CI will disappear. ```log 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column creator_id but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column is_closed but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column board_type but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column type but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column closed_date_unix but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column created_unix but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column updated_unix but struct has not related field 2023/06/23 17:51:32 models/db/engine.go:191:InitEngineWithMigration() [W] Table gtestschema.project has column card_type but struct has not related field ```
* Support changing labels of Actions runner without re-registration (#24806)sillyguodong2023-06-131-1/+1
| | | | | | | | | | | | | | | | | | | close #24540 related: - Protocol: https://gitea.com/gitea/actions-proto-def/pulls/9 - Runner side: https://gitea.com/gitea/act_runner/pulls/201 changes: - Add column of `labels` to table `action_runner`, and combine the value of `agent_labels` and `custom_labels` column to `labels` column. - Store `labels` when registering `act_runner`. - Update `labels` when `act_runner` starting and calling `Declare`. - Users cannot modify the `custom labels` in edit page any more. other changes: - Store `version` when registering `act_runner`. - If runner is latest version, parse version from `Declare`. But older version runner still parse version from request header.
* Update github.com/google/go-github to v53 (#25157)Yevhen Pavlov2023-06-091-1/+1
| | | | | | The new `go-github` version [53](https://github.com/google/go-github/releases/tag/v53.0.0) has been released.
* Update github.com/google/go-github to v52 (#24004)65432023-05-311-4/+4
| | | | | | | | | | based on https://github.com/google/go-github/pull/2743 because of https://github.com/go-gitea/gitea/pull/23946#discussion_r1160317554 --------- Co-authored-by: silverwind <me@silverwind.io>