summaryrefslogtreecommitdiffstats
path: root/go.sum
Commit message (Collapse)AuthorAgeFilesLines
* Remove legacy unmaintained packages, refactor to support change default ↵wxiaoguang2022-04-031-5/+0
| | | | | | | | | | locale (#19308) Remove two unmaintained vendor packages `i18n` and `paginater`. Changes: * Rewrite `i18n` package with a more clear fallback mechanism. Fix an unstable `Tr` behavior, add more tests. * Refactor the legacy `Paginater` to `Paginator`, test cases are kept unchanged. Trivial enhancement (no breaking for end users): * Use the first locale in LANGS setting option as the default, add a log to prevent from surprising users.
* Upgrade xorm/builder from v0.3.9 to v0.3.10 (#19296)Lunny Xiao2022-04-021-1/+2
| | | | xorm/builder v0.3.10 add support to EXISTS and NOT EXISTS.
* go.mod: update kevinburke/ssh_config to v1.2.0 (#19286)Kevin Burke2022-04-011-2/+2
| | | | | | | | | | | | | | | Previously if you tried to read a HostName in a config file that looked like this: ``` Host github HostName github.com # This is the host for code review ``` DefaultUserSettings.Get("HostName") would return "github.com ", which I think is unintuitive and unexpected. This behavior is fixed in v1.2 which would return "github.com" in the above example.
* Add Goroutine stack inspector to admin/monitor (#19207)zeripath2022-03-311-0/+1
| | | | | | | | | | | | | | | | | | | Continues on from #19202. Following the addition of pprof labels we can now more easily understand the relationship between a goroutine and the requests that spawn them. This PR takes advantage of the labels and adds a few others, then provides a mechanism for the monitoring page to query the pprof goroutine profile. The binary profile that results from this profile is immediately piped in to the google library for parsing this and then stack traces are formed for the goroutines. If the goroutine is within a context or has been created from a goroutine within a process context it will acquire the process description labels for that process. The goroutines are mapped with there associate pids and any that do not have an associated pid are placed in a group at the bottom as unbound. In this way we should be able to more easily examine goroutines that have been stuck. A manager command `gitea manager processes` is also provided that can export the processes (with or without stacktraces) to the command line. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Redis Sentinel Authentication Support (#19213)Justin Sievenpiper2022-03-301-5/+9
| | | | | Gitea was not able to supply any authentication parameters to it. So this brings support to do that, along with some light extraction of a couple of bits into some separate functions for easier testing. I looked at other libraries supporting similar RedisUri-style connection strings (e.g. Lettuce), but it looks like this type of configuration is beyond what would typically be done in a connection string. Since gitea doesn't have configuration options for manually specifying all this redis connection detail, I went ahead and just chose straightforward names for these new parameters.
* Bump goldmark to v1.4.11 (#19201)Robert Kaussow2022-03-241-2/+2
| | | | | | | | | * Bump goldmark to v1.4.11 * add testcase Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Update golang.org/x/crypto (#19097)Gusted2022-03-161-2/+2
| | | | | | | | | | | | | | | | | | | | * Update golang.org/x/crypto - Update dependency to include fix for CVE. - See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer * Fix deprecation notice * Remove workaround - Introduced in https://github.com/go-gitea/gitea/pull/17281 - Fixed in x/crypto: - https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf - & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a * Update Kex Algorithms - Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a - Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
* Upgrading binding package (#19034)Lunny Xiao2022-03-091-2/+2
| | | Fix #18855
* bump go deps (#19021)techknowlogick2022-03-081-186/+779
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * update gitea.com/go-chi/binding * update gitea.com/go-chi/cache * update github.com/42wim/sshsig * update github.com/PuerkitoBio/goquery * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/denisenkom/go-mssqldb * update github.com/duo-labs/webauthn * update github.com/dustin/go-humanize * update github.com/editorconfig/editorconfig-core-go/v2 * update github.com/ethantkoenig/rupture * update github.com/go-chi/chi/v5 * update github.com/go-git/go-git/v5 * update github.com/go-ldap/ldap/v3 * update github.com/go-redis/redis/v8 * update github.com/go-swagger/go-swagger * update github.com/gogs/chardet * update github.com/golang-jwt/jwt/v4 * update github.com/hashicorp/go-version * update github.com/jaytaylor/html2text * update github.com/klauspost/compress * update github.com/lib/pq * update github.com/markbates/goth * update github.com/mattn/go-sqlite3 * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/msteinert/pam * update github.com/niklasfasching/go-org * update github.com/olivere/elastic/v7 * update github.com/prometheus/client_golang * update github.com/quasoft/websspi * update github.com/stretchr/testify * update github.com/unknwon/i18n * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting * update github.com/yuin/goldmark-meta * post make vendor Signed-off-by: Andrew Thornton <art27@cantab.net> * add make vendor back into update_dependencies.sh Signed-off-by: Andrew Thornton <art27@cantab.net> * Update update_dependencies.sh * Update contrib/update_dependencies.sh Co-authored-by: zeripath <art27@cantab.net> * update mvdan.cc/xurls/v2 Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Update `go-enry` to v2.8.0 (#18993)Gusted2022-03-041-2/+2
| | | | | | | - It was reported in the Matrix channel that Chroma [has support](https://github.com/alecthomas/chroma/commit/d40210297631298bde98a8fcfd52c3d2555cc367) for the Fennel language, go-enry only added detection support for this [in v2.7.2](https://github.com/go-enry/go-enry/commit/0affa3ccca37cd781600760956581c5f94ef8a3c). Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update go-org to v1.6.1 (#18932)Gusted2022-02-271-5/+3
| | | | | - v1.6.0 has a inconsistency with the proxy and github's tagged version, updating to v1.6.1 should fix this issue. - Resolves #18864
* Update go-org to 1.6.0 (#18824)zeripath2022-02-201-6/+11
| | | | | | Fix #14074 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update gitea-vet (#18640)Gusted2022-02-061-1/+2
| | | | | | | | | | | | * Update gitea-vet - Update gitea-vet to include latest 2 changes https://gitea.com/gitea/gitea-vet/compare/7c98703580bef612b10f6a603883052f79acf9c0...master * Tidy up go.sum Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net>
* Future proof for 1.18 (#18644)Gusted2022-02-061-2/+4
| | | | | | - Update json-iterator/go to handle 1.18's new memory model with slices. - Don't panic while running gitea with go 1.18
* Update Goldmark to Goldmark 1.4.4 (#18420)zeripath2022-01-291-2/+2
| | | | | | * Update Goldmark to Goldmark 1.4.4 * nolint the deprecation Signed-off-by: Andrew Thornton <art27@cantab.net>
* Validate migration files (#18203)Aravinth Manivannan2022-01-261-0/+2
| | | | | | | JSON Schema validation for data used by Gitea during migrations Discussion at https://forum.forgefriends.org/t/common-json-schema-for-repository-information/563 Co-authored-by: Loïc Dachary <loic@dachary.org>
* Update github.com/duo-labs/webauthn (#18357)65432022-01-221-5/+4
|
* Updated Chroma to v0.10.0 (#18270)Jelle Hulter2022-01-201-2/+2
|
* replace satori/go.uuid with gofrs/uuid (#18311)zeripath2022-01-181-5/+2
| | | Signed-off-by: Andrew Thornton <art27@cantab.net>
* Support webauthn (#17957)Lunny Xiao2022-01-141-4/+16
| | | | | | | Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Don't store assets modified time into generated files (#18193)Lunny Xiao2022-01-061-2/+2
|
* code.gitea.io/sdk/gitea v0.14.0 -> v0.15.1 (#18186)65432022-01-051-2/+2
|
* Upgrade certmagic from v0.14.1 to v0.15.2 (#18138)Lunny Xiao2022-01-011-6/+4
|
* Upgrade bleve from v2.0.6 to v2.3.0 (#18132)Lunny Xiao2022-01-011-29/+23
|
* Reset Session ID on login (#18018)zeripath2021-12-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Reset Session ID on login When logging in the SessionID should be reset and the session cleaned up. Signed-off-by: Andrew Thornton <art27@cantab.net> * with new session.RegenerateID function Signed-off-by: Andrew Thornton <art27@cantab.net> * update go-chi/session Signed-off-by: Andrew Thornton <art27@cantab.net> * Ensure that session id is changed after oauth data is set and between account linking pages too Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update chroma (#18033)zeripath2021-12-201-11/+2
| | | | | | Update chroma to 0.9.4 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add support for ssh commit signing (#17743)Wim2021-12-191-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add support for ssh commit signing * Split out ssh verification to separate file * Show ssh key fingerprint on commit page * Update sshsig lib * Make sure we verify against correct namespace * Add ssh public key verification via ssh signatures When adding a public ssh key also validate that this user actually owns the key by signing a token with the private key. * Remove some gpg references and make verify key optional * Fix spaces indentation * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update templates/user/settings/keys_ssh.tmpl Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update models/ssh_key_commit_verification.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * Reword ssh/gpg_key_success message * Change Badsignature to NoKeyFound * Add sign/verify tests * Fix upstream api changes to user_model User * Match exact on SSH signature * Fix code review remarks Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update chi/middleware to chi/v5/middleware (#17888)zeripath2021-12-021-2/+0
| | | | | | Fix #17880 Co-authored-by: Lauris BH <lauris@nix.lv>
* Better builtin avatar generator (#17707)wxiaoguang2021-11-201-4/+0
| | | | | | | This PR fixes the builtin avatar generator. 1. The random background color makes some images very dirty. So now we only use white background for avatars. 2. We use left-right mirror avatars to satisfy #14799 3. Fix a small padding error in the algorithm
* Simplify Gothic to use our session store instead of creating a different ↵zeripath2021-11-031-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | store (#17507) * Simplify Gothic to use our session store instead of creating a different store We have been using xormstore to provide a separate session store for our OAuth2 logins however, this relies on using gorilla context and some doubling of our session storing. We can however, simplify and simply use our own chi-based session store. Thus removing a cookie and some of the weirdness with missing contexts. Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net> * Handle MaxTokenLength Signed-off-by: Andrew Thornton <art27@cantab.net> * oops Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Upgrade go-github to v39 (#17437)Lunny Xiao2021-10-261-2/+2
|
* Upgrade Bluemonday to v1.0.16 (#17372)zeripath2021-10-201-2/+2
| | | | | | | Upgrade Bluemonday to latest version Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Add RSS/Atom feed support for user actions (#16002)65432021-10-161-0/+2
| | | Return rss/atom feed for user based on rss url suffix or Content-Type header.
* Upgrade chi to v5 (#17298)Lunny Xiao2021-10-131-9/+11
|
* upgrade xorm to v1.2.5 (#17177)Lunny Xiao2021-09-291-2/+2
|
* Upgrade xorm to v1.2.4 (#17059) (#17068)Lunny Xiao2021-09-161-2/+2
| | | Co-authored-by: zeripath <art27@cantab.net>
* Update go-chi/session (fixes "race" in tests) (#17031)zeripath2021-09-131-2/+2
| | | | | | | | | | | | | | | Update to latest go-chi/session where the NewManager causes a new Provider instantiation instead of reconfiguring an old one. (https://gitea.com/go-chi/session/pulls/1) The NewManager call is now concurrency safe and would allow live reconfiguration in future but for now this PR simply fixes an intermittent "data-race" detected in our tests. (See https://drone.gitea.io/go-gitea/gitea/43900/2/14) Related #17027 Related #1441 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update caddyserver/certmagic (#16789)zeripath2021-08-231-23/+16
| | | | | | | Fixes issue with windows users & letsencrypt Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Upgrade levelqueue 0.4.1 (#16696)Lunny Xiao2021-08-151-2/+2
|
* Upgrade xorm to v1.2.2 (#16663)Lunny Xiao2021-08-131-27/+175
| | | | | * Upgrade xorm to v1.2.2 * Change the Engine interface to match xorm v1.2.2
* Upgrade github.com/google/go-github v32.1.0 -> v37.0.0 (#16661)65432021-08-101-3/+4
| | | | | * Upgrade github.com/google/go-github vv32.1.0 -> v37.0.0 * refactor: use GetX() func to reduce code
* Add microsoft oauth2 providers (#16544)zeripath2021-08-051-0/+1
| | | | | | | | | | | | | | | | | * Clean up oauth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers Signed-off-by: Andrew Thornton <art27@cantab.net> * Apply suggestions from code review * remove unused Scopes Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Upgrade to golang-jwt 3.2.2 (#16590)zeripath2021-08-031-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Upgrade to golang-jwt 3.2.2 Upgrade to the latest version of golang-jwt Signed-off-by: Andrew Thornton <art27@cantab.net> * Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2. Further given golang-jwt/jwts stated policy of only supporting supported go versions we should just raise our minimal version of go to 1.16 for 1.16 as by time of release 1.15 will be out of support. Signed-off-by: Andrew Thornton <art27@cantab.net> * update minimal go required Signed-off-by: Andrew Thornton <art27@cantab.net> * update config.yaml Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Upgrade levelqueue to v0.4.0 (#16560)Lunny Xiao2021-07-271-0/+2
| | | Fix #16546
* bump github.com/markbates/goth from v1.67.1 to v1.68.0 (#16538)65432021-07-241-3/+4
|
* switch to maintained lib (#16532)techknowlogick2021-07-241-1/+2
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Update bluemonday to v1.0.15 (#16379)65432021-07-091-3/+2
| | | | | | | * update github.com/microcosm-cc/bluemonday * add exec flag to contrib/update_dependencies.sh * Fix TESTS
* Update vendor 20210707 (#16366)techknowlogick2021-07-071-10/+12
| | | | | | | | | | | | | | | | | * update gitea.com/go-chi/binding * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/go-git/go-git/v5 * update github.com/lafriks/xormstore * update github.com/yuin/goldmark * Revert "update gitea.com/go-chi/binding" This reverts commit dea2f292b116114f9316fab95c5fd124174da404.
* Upgrade xorm to v1.1.1 (#16339)Lunny Xiao2021-07-041-2/+2
|
* Update Vendor (#16325)65432021-07-041-72/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add Dependencie Update Script * update gitea.com/lunny/levelqueue * update github.com/PuerkitoBio/goquery * update github.com/alecthomas/chroma * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/go-enry/go-enry/v2 * update github.com/go-redis/redis/v8 * update github.com/hashicorp/golang-lru * update github.com/klauspost/compress * update github.com/markbates/goth * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/olivere/elastic/v7 * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark