mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-05-12 22:10:25 +00:00
24824 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
famfo
|
4e40eede03 |
[v15.0/forgejo] fix(activitypub): only return public activities on request (#12533)
Manual backport of #12382 The endpoint returning individual activities was missing access control checks, since IDs are sequential, this is not ideal. Fixes #12333 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12533 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
Mathieu Fenniak
|
97a0ab9833 |
[v15.0/forgejo] 2026-05-12 security patches (#12494)
- fix: prevent git write to wiki repo from unauthorized user via git HTTP - fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo - fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...) - fix: implementing missing OAuth validation checks, improve protections against race conditions - fix: prevent OAuth redirect URI spoofing via non-ascii case collision - fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks Co-authored-by: Derzsi Dániel <daniel@tohka.us> Co-authored-by: jvoisin <julien.voisin@dustri.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12494 |
||
|
Renovate Bot
|
3330f75a2e |
Update dependency mermaid to v11.15.0 [SECURITY] (v15.0/forgejo) (#12531)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [mermaid](https://github.com/mermaid-js/mermaid) | [`11.13.0` → `11.15.0`](https://renovatebot.com/diffs/npm/mermaid/11.13.0/11.15.0) |  |  | --- ### Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS [CVE-2026-41150](https://nvd.nist.gov/vuln/detail/CVE-2026-41150) / [GHSA-6m6c-36f7-fhxh](https://github.com/advisories/GHSA-6m6c-36f7-fhxh) <details> <summary>More information</summary> #### Details ##### Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates. Example: ``` gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d ``` `mermaid.parse` is unaffected, unless you then call the `ganttDb.getTasks()` (which is called when rendering a diagram). ##### Patches This has been patched in: - [v11.15.0](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [faafb5d49106dd32c367f3882505f2dd625aa30e]( |
||
|
Mathieu Fenniak
|
75c3da0f92 |
[v15.0/forgejo] chore: PGP sign .well-known/security.txt [skip ci] (#12503)
Manual backport of #12502. Sign the distributed version of `.well-known/security.txt`, just like https://forgejo.org/.well-known/security.txt is signed. ``` $ gpg --verify ./security.txt gpg: Signature made Sat 09 May 2026 05:59:29 PM MDT gpg: using EDDSA key 1B638BDF10969D627926B8D9F585D0F99E1FB56F gpg: Good signature from "Forgejo Security <security@forgejo.org>" [unknown] Primary key fingerprint: 1B63 8BDF 1096 9D62 7926 B8D9 F585 D0F9 9E1F B56F ``` In the future this signature will have to be updated before the key expires; but as the expiry is already documented in the file this isn't significantly different than the current state. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12503 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
limiting-factor
|
51866ad6b8 |
[v15.0/forgejo] fix: in actions_service cancelJobsForRun is bugous use killRun instead (#12492)
The conflict resolution is explained in the "Conflict" section of the commit message. I used `cherry-pick -x`. Here is the conflict for information (simple one). ```diff unmerged services/actions/schedule_tasks.go @@@ -22,8 -22,7 +22,12 @@@ import "code.forgejo.org/forgejo/runner/v12/act/jobparser" act_model "code.forgejo.org/forgejo/runner/v12/act/model" ++<<<<<<< HEAD + "github.com/robfig/cron/v3" + "xorm.io/builder" ++======= + "github.com/gdgvda/cron" ++>>>>>>> |
||
|
Renovate Bot
|
ed2a3d8681 |
Update module golang.org/x/net to v0.53.0 [SECURITY] (v15.0/forgejo) (#12465)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12465 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
2c5695cd12 |
[v15.0/forgejo] fix: Prevent unremovable review requests after submitting pending reviews (#12470)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12302 Some notes: - I didn't write integration tests because it's a pure bugfix that addresses implementation details of the model layer. - I can see interpretations of "it involves interactions with a live Forgejo server" that would cover this PR, but they don't make sense to me in context. - If they are expected, please let me know! - I didn't add anything to the documentation because it's a pure bugfix - the system should always have worked this way - there's no value in confusing people trying to figure out how the system works now with how it didn't work in the past - However, there IS value in informing people who may have gotten bitten by this in the past, so I think a release note makes sense - These fixes are closely related, and the changes small, so I decided to make just one PR. - From a user perspective, this is just one issue, and I think in terms of release notes, it makes more sense to have just this one. - But I can split it up if that's preferred, ofc - Technically, fixing only one of the underlying issues would be enough. Since this is a case of invalid states being representable, it makes sense to both try to prevent it happening in the first place, and deal with it gracefully if it does happen. - At the very least, fixing #12245 is required unless we want to live with data generated in the past being broken Fixes #12243 Fixes #12245 Co-authored-by: Thomas Kolar <thomas.kolar@uni-ak.ac.at> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12470 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
e2eb0b4a86 |
[v15.0/forgejo] [pagure] ensure moving all commits in a pull request (#12467)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12433 While the changes were conveyed in the pull request in its entirety, the commit history of a pull request having more than one commit was bugged and the log would have shown just the presence of the most recent commit event, having the entire changes contained in a pull request. This is a problem that was mostly noticed in the closed pull request, so it is not as bad as it looks. Even then, if we are migrating closed pull requests, we should do it the right way. We do not want to retain these pull requests for archival purposes if they are not accurate. Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com> Fixes https://forge.fedoraproject.org/forge/forge/issues/556 Co-authored-by: Akashdeep Dhar <akashdeep.dhar@gmail.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12467 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
a1222ebb5b |
[v15.0/forgejo] refactor: clarify four different outputs that authentication methods provide (#12468)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12231 #12202 began a refactor of Forgejo's authentication implementations by providing structured data on an authentication success. However, error cases were maintained as-is in that refactor, leaving a complex situation: what does returning an error from an authentication method mean?; does it mean that the authentication failed, or that a server error occurred? Can another authentication still be tried? This PR changes authentication methods so that they can return one of four things: - `AuthenticationSuccess` with an authentication result. - `AuthenticationNotAttempted` which indicates that no credentials relevant for this authentication method were presented. If every method returned `AuthenticationNotAttempted`, then you would have an unauthenticated access. - `AuthenticationAttemptedIncorrectCredential` which indicates that credentials were present and failed validation -- a situation indicating a `401 Unauthorized`. - `AuthenticationError` which indicates that an internal server error occurred and failed authentication -- indicating a `500 Internal Server Error`. This paves the way for one more refactor coming next: `basic.go` and `oauth2.go` perform 3-4 different authentications each (access tokens, oauth JWTs, actions tokens, actions JWTs, and username/password). With the capability to return these more precise responses, these authentication methods can be split up into separate logic that isn't intertwined together. Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12468 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
0aa1b45956 |
[v15.0/forgejo] refactor: change authentication to return structured data (#12462)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12202 Currently authentication methods return information in two forms: they return who was authenticated as a `*user_model.User`, and then they insert key-values into `ctx.Data` which has critical impact on how the authenticated request is treated. This PR changes the authentication methods to return structured data in the form of an `AuthenticationResult`, with all the key-value information in `ctx.Data` being moved into methods on the `AuthenticationResult` interface. Authentication workflows in Forgejo are a real mess. This is the first step in trying to clean it up and make the code predictable and reasonable, and is both follow-up work that was identified from the repo-specific access tokens (where the `"ApiTokenReducer"` key-value was added), and is pre-requisite work to future JWT enhancements that are [being discussed](https://codeberg.org/forgejo/forgejo/issues/3571#issuecomment-13268004). Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12462 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
9381a425f9 |
[v15.0/forgejo] fix: paginate team members list (#12461)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12447 Fixes #12103. Paginate the list of team members on the page for that team. Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12461 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
Renovate Bot
|
91a44affa4 | Update go toolchain directive to v1.26.3 (v15.0/forgejo) (#12456) | ||
|
forgejo-backport-action
|
1b7b1e4fe5 |
[v15.0/forgejo] fix: make package cleanup work again (#12452)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12446 - Regression of forgejo/forgejo!11776 (and forgejo/forgejo!11881) - Scope of the transaction is moved to a per-package cleanup rule basis. This is also a enhancement for scaling (already deployed on Codeberg for a while). - Package cleanup is now run with `RetryTx`, because rebuilding repository files runs `RetryTx` and it could indicate to retry the whole transaction. - Previously it would error and say running `RetryTx` in a transaction was not possible, this is now possible. Nested `RetryTx` is always allowed, matching of which errors to retry is still the responsible of the inner `RetryTx`. Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12452 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
80476238ab |
[v15.0/forgejo] fix: cleanup data before migration retry (#12422)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12370
In the case you hit some API error (Github ratelimit was often a problem) or the instance restarted in the middle of your migration, you would be left with data on the disk and/or database. Upon retrying the migration the migration code would (rightfully) fail because it's trying to migrate stuff that already exists.
This was hit so often on Codeberg it was better to force people to delete and start whole migration process again:
|
||
|
forgejo-backport-action
|
d3dd397001 |
[v15.0/forgejo] fix: get tag must return the tag signature instead of commit signature (#12395)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12351 ## Fix: `GET /api/v1/repos/{owner}/{repo}/git/tags/{sha}` returns empty verification for signed tags ### Problem When an annotated tag is signed (GPG or SSH) but the underlying commit is **not** signed, the API endpoint `GET /repos/{owner}/{repo}/git/tags/{sha}` returns an empty `verification.signature` field. This is because `ToAnnotatedTag` was calling `ToVerification(ctx, c)` with the **commit** object, which checks the commit's signature — not the tag's own signature. Since the commit is unsigned, the API returns `signature: ""` and `verified: false`. This causes issues for tools that rely on the tag signature from the API to validate that a tag push event is from a trusted source. ### Fix `ToAnnotatedTag` now checks if the tag has its own signature (`t.Signature != nil`). If so, it uses `ParseTagWithSignature` to verify the tag's signature and populates the `verification` field from the tag. Otherwise, it falls back to the commit signature (existing behavior for unsigned/lightweight tags). Co-authored-by: steven.guiheux <steven.guiheux@ovhcloud.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12395 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
b2c9c14dea |
[v15.0/forgejo] fix: set repo_id for migrated attachment (#12362)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12357
Was not required until
|
||
|
forgejo-backport-action
|
4f44317622 |
[v15.0/forgejo] fix(oauth): only accept refresh tokens as refresh tokens (#12354)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12291 `handleRefreshToken` never checked `token.Type == TypeRefreshToken`. When `InvalidateRefreshTokens` is disabled, an access token could be submitted as a `refresh_token` and exchanged for a new token pair. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Co-authored-by: jvoisin <jvoisin@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12354 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
64c30d8034 |
[v15.0/forgejo] Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.6.0 (forgejo) (#12317)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12156 Co-authored-by: Renovate Bot <bot@kriese.eu> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12317 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> |
||
|
Mathieu Fenniak
|
fdd794abe3 |
[v15.0/forgejo] fix: verify PR author has write access to head to support allow maintainers edit (#12293)
Backport: https://codeberg.org/forgejo/forgejo/pulls/12292 When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents. It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch. Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability. By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository. The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch. Thanks to Arvin Shivram of Brutecat Security for discovering and responsibly disclosing the vulnerability. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12293 Reviewed-by: 0ko <0ko@noreply.codeberg.org> |
||
|
0ko
|
b05e3eb55f |
merge commit: [v15.0/forgejo] i18n: backport of translations from Codeberg Translate (#12306)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12306 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> |
||
|
0ko
|
0c1f3851da |
[v15.0/forgejo] i18n: backport of translations from Codeberg Translate
Translation updates that were relevant to v15 branch were picked from this commit:
|
||
|
forgejo-backport-action
|
2b692f2f5c |
[v15.0/forgejo] fix: allow viewing Actions run triggered by deleted user (#12272)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12271 Fixes #9371. Manually reproduced and tested by setting `action_run.triggering_user_id` to a non-existent user ID. Manually tested that runs can be cancelled in this state as well. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12272 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> |
||
|
Renovate Bot
|
483b99889b |
Update dependency postcss to v8.5.10 [SECURITY] (v15.0/forgejo) (#12255)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12255 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
Renovate Bot
|
eedf05f897 |
Update module github.com/jackc/pgx/v5 to v5.9.2 [SECURITY] (v15.0/forgejo) (#12235)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12235 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
ab9856c92d |
[v15.0/forgejo] fix: compare branches with names diff or patch (#12233)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12227 Closes: Codeberg/Community#2538 Regression of: !5385 Co-authored-by: Robert Wolff <mahlzahn@posteo.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12233 Reviewed-by: Robert Wolff <mahlzahn@posteo.de> |
||
|
forgejo-backport-action
|
2bd5fcbd2a |
[v15.0/forgejo] fix: resolve outer workflow call to success, not failure, on inner job skip (#12229)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12224 If one or more of a workflow expansion's inner jobs are status "skipped", consider that as a success, rather than a failure. Fixes https://code.forgejo.org/forgejo/runner/issues/1490. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12229 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> |
||
|
Renovate Bot
|
d3b0d7f8c2 |
Update module golang.org/x/image to v0.39.0 (v15.0/forgejo) (#12218)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12218 Reviewed-by: Gusted <gusted@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
f47ed4c45e |
[v15.0/forgejo] fix: secret name-prefix regex (#12216)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12213 Fixes: #12212 Sorry for this bug, I introduced it by not testing !10682 better. Now the `forbiddenPrefixPattern`-regex is compliant to the docu: ``` It cannot start with FORGEJO_, GITEA_, GITHUB_, or a number. ``` Co-authored-by: zokki <zokki.softwareschmiede@gmail.com> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12216 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
2ba190f562 |
[v15.0/forgejo] fix(ui): allow creating files with name starting with dash (#12215)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12214
Closes: #12204
The underlying git option was already changed in git 2.0.0 to use format `<mode>,<object>,<path>`. See
|
||
|
forgejo-backport-action
|
7aa4b29d56 |
[v15.0/forgejo] fix: CodeMirror e2e test (#12199)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12151 I tried a lot, but this seems to work. I know it is ugly, but checking and waiting after every action seems to make it stable. At least it succeeded five times in a row and the CI seemed to be under load due to the dependency updates. Maybe it is worth a try... Co-authored-by: Beowulf <beowulf@beocode.eu> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12199 Reviewed-by: Beowulf <beowulf@beocode.eu> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
4a97de08f4 |
[v15.0/forgejo] fix(i18n): don't log harmless missing translations as errors (#12185)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12183 Followup to https://codeberg.org/forgejo/forgejo/pulls/6203 Currently it is logging an error wherever a template is rendered in language that doesn't have all plural strings covered. For example, Esperanto isn't well maintained. Since more plural strings were migrated in v15 to new format, these errors became much more common. However, for all languages but the base one (English) they are completely harmless and just indicate an incomplete translation. However, for base (English) they indicate a bug in either template or en-US.json, which should be still logged as an error. The error is being logged by `LookupPluralByForm`, which is called by `TrPluralStringAllForms` and (`TrPluralString` through `LookupPluralByCount`). I originally intended to just pass log func directly to `LookupPluralByForm` from both, but since `TrPluralString` isn't calling `LookupPluralByForm` directly, it didn't look clean, so I went with passing a flag around instead and implemented logging logic in `LookupPluralByForm` itself. I little concern is with that the so-called "default lang" is configurable, and if it is configured to something with less than 100% completion, it will cause fallback bugs, as well as a lot of logging of this as an error. But this is why changing "default lang" is a bad idea in the first place, and broken fallbacks should be greater concern than junk in the logs. Co-authored-by: 0ko <0ko@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12185 Reviewed-by: Beowulf <beowulf@beocode.eu> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
Renovate Bot
|
b57ea8239e |
Update github.com/go-git/go-git/v5 (indirect) to v5.18.0 [SECURITY] (v15.0/forgejo) (#12177)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.17.1` → `v5.18.0` |  |  | --- ### go-git: Credential leak via cross-host redirect in smart HTTP transport [GHSA-3xc5-wrhm-f963](https://github.com/advisories/GHSA-3xc5-wrhm-f963) <details> <summary>More information</summary> #### Details ##### Impact `go-git` may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. If a remote repository responds to the initial `/info/refs` request with a redirect to a different host, go-git updates the session endpoint to the redirected location and reuses the original authentication for subsequent requests. This can result in the credentials (e.g. Authorization headers) being sent to an unintended host. An attacker controlling or influencing the redirect target can capture these credentials and potentially reuse them to access the victim’s repositories or other resources, depending on the scope of the credential. **Clients using `go-git` exclusively with trusted remotes (for example, GitHub or GitLab), and over a secure HTTPS connection, are not affected by this issue.** The risk arises when interacting with untrusted or misconfigured Git servers, or when using unsecured HTTP connections, which is not recommended. Such configurations also expose clients to a broader class of security risks beyond this issue, including credential interception and tampering of repository data. ##### Patches Users should upgrade to `v5.18.0`, or `v6.0.0-alpha.2`, in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported `go-git` version. The patched versions add support for configuring [followRedirects](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpfollowRedirects). In line with upstream behaviour, the default is now `initial`, while users can opt into `FollowRedirects` or `NoFollowRedirects` programmatically. ##### Credit Thanks to the 3 separate reports from @​celinke97, @​N0zoM1z0 and @​AyushParkara. Thanks for finding and reporting this issue privately to the `go-git` project. 🙇 #### Severity - CVSS Score: 4.7 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N` #### References - [https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963](https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963) - [https://github.com/go-git/go-git](https://github.com/go-git/go-git) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-3xc5-wrhm-f963) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.18.0`](https://github.com/go-git/go-git/releases/tag/v5.18.0) [Compare Source](https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0) #### What's Changed - plumbing: transport/http, Add support for followRedirects policy by [@​pjbgf](https://github.com/pjbgf) in [#​2004](https://github.com/go-git/go-git/pull/2004) **Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0> ### [`v5.17.2`](https://github.com/go-git/go-git/releases/tag/v5.17.2) [Compare Source](https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2) #### What's Changed - build: Update module github.com/go-git/go-git/v5 to v5.17.1 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#​1941](https://github.com/go-git/go-git/pull/1941) - dotgit: skip writing pack files that already exist on disk by [@​pjbgf](https://github.com/pjbgf) in [#​1944](https://github.com/go-git/go-git/pull/1944) ⚠️ This release fixes a bug ([#​1942](https://github.com/go-git/go-git/issues/1942)) that blocked some users from upgrading to `v5.17.1`. Thanks [@​pskrbasu](https://github.com/pskrbasu) for reporting it. 🙇 **Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoidjE1LjAvZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=--> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12177 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Renovate Bot <bot@kriese.eu> Co-committed-by: Renovate Bot <bot@kriese.eu> |
||
|
forgejo-backport-action
|
7c50c5e684 |
[v15.0/forgejo] fix: always include files set to be detectable for language stats (#12171)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/11685 - The documentation has the correct behavior about `linguist-detectable`: In cases where a file should be considered for language statistics, regardless of its category, the linguist-detectable attribute can be used. - This patch follows that behavior by not skipping the file even if some heuristic would've said to skip the file. - Document the conditions in more natural language. - Resolves forgejo/forgejo#11248 Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12171 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
facbdef3c1 |
[v15.0/forgejo] Exclude SSH certificate principals from output when viewing user's SSH keys (#12166)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12079 Fixes #11590 When viewing a user's SSH keys, SSH principals are now excluded from the output. This would previously either result in a panic in [OmitEmail]( |
||
|
Mathieu Fenniak
|
081941c0fb |
[v15.0/forgejo] chore: bump xorm to v1.3.9-forgejo.11 (#12154)
**Backport**: #12153 Should fix intermittent test failures in Forgejo's integration test suite, in [`TestPackageDebianConcurrent`](https://codeberg.org/forgejo-integration/forgejo/actions/runs/16661/jobs/3/attempt/1#jobstep-5-1271), where this error is occurring. Backported to v15 as the same test is present there, to keep the LTS tests healthy. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12154 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net> |
||
|
forgejo-backport-action
|
0403a38217 |
[v15.0/forgejo] fix: make /repos/search?uid=-2 return zero results, no repos with that owner (#12150)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12144
API calls to `.../api/v1/repos/search?uid=-2&archived=false` currently do not apply the filter `uid` because of the negative value. This can occur when APIs are interacting with `${{ forgejo.token }}` and believe they're operating as the Forgejo Actions user, which has UID -2.
In combination with the security checks that occur in the `/repos/search` API to validate that repositories accessed are visible to the user, this can result in 500 error responses when a more correct expectation would be to receive no repositories:
|
||
|
forgejo-backport-action
|
b7319ea4a6 |
[v15.0/forgejo] fix: continued API response processing after error in /repos/search API (#12147)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12143 Prevent continued execution of some APIs with error responses that didn't correctly interrupt execution, resulting in bizarre outputs and possibly leaking secure data: ``` > GET /api/v1/repos/search?uid=-2&archived=false HTTP/2 > Host: example.org > user-agent: curl/7.88.1 > accept: */* > authorization: bearer *** > < HTTP/2 500 < server: nginx < date: Thu, 16 Apr 2026 14:20:09 GMT < content-type: application/json;charset=utf-8 < cache-control: max-age=0, private, must-revalidate, no-transform < x-content-type-options: nosniff < x-frame-options: SAMEORIGIN < {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"message":"","url":"https://example.org/api/swagger"} {"ok":true,"data":[{"id":68,"owner":{"id":1,"login":"mfenniak", ... ``` As these errors only occur on situations that shouldn't be reproducible (minus software bugs), test automation isn't practical. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [ ] `make pr-go` before pushing ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12147 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
f25747d0f6 |
[v15.0/forgejo] chore(Dockerfile.rootless): update shadowed env variables (#12137)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/11720 This was missed in https://codeberg.org/forgejo/forgejo/pulls/11098. See https://github.com/go-gitea/gitea/pull/17846 for why this was added in the first place. Note that this is not backwards compatible. For users with a custom `app.ini`-config this won't work. But it also didn't work with the previous config. This change only aligns it with the default app.ini-path. I guess this needs some more discussion. Co-authored-by: jaylinski <jaylinski@noreply.codeberg.org> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12137 Reviewed-by: Beowulf <beowulf@beocode.eu> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
acfea14f20 |
[v15.0/forgejo] chore: fix TestMirrorPull on older git (2.34.1) installation (#12136)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12134 `TestMirrorPull` is currently failing when run on git 2.34.1 in the `testing-integration.yml` workflow: https://codeberg.org/forgejo-integration/forgejo/actions/runs/16661/jobs/1/attempt/1#jobstep-5-2539 Began to fail after #11909 when additional checks on pull mirror configuration was added. This PR addresses the issue and has been manually tested against the same git version: ``` $ git --version git version 2.34.1 $ make test-sqlite#TestMirrorPull 2>&1 ... === TestMirrorPull/migrate_from_repo_config_credentials (tests/integration/mirror_pull_test.go:238) PASS ``` ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12136 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
1fe8a91202 |
[v15.0/forgejo] chore: fix cookie name comments in example ini (#12132)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12131 See: https://codeberg.org/forgejo/forgejo/pulls/10645#issuecomment-13135707 Co-authored-by: Beowulf <beowulf@beocode.eu> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12132 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
Beowulf
|
7530fac1a5 |
[v15.0/forgejo] i18n: backport of translations from Codeberg Translate (#12129)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12129 Reviewed-by: Beowulf <beowulf@beocode.eu> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> |
||
|
forgejo-backport-action
|
a6b29a65a8 |
[v15.0/forgejo] fix: improve runner list and details view (#12130)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12113 - shrink runner list width (use icons, move details link to runner name) - add owner to runner details on admin view - #11516 removed a lot details which makes it much harder for an admin to find a specific runner Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12130 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
0ko
|
7b90e4bdec |
[v15.0/forgejo] i18n: backport of translations from Codeberg Translate
Translation updates that were relevant to v15 branch were picked from this commit:
|
||
|
0ko
|
83d5137efd |
[v15.0/forgejo] i18n: backport of translations from Codeberg Translate
Translation updates that were relevant to v15 branch were picked from this commit:
|
||
|
0ko
|
e7e0c18841 |
[v15.0/forgejo] fix(ui): a few small runners UI fixes (#12114)
Followup to https://codeberg.org/forgejo/forgejo/pulls/11516. v15-specific backport of https://codeberg.org/forgejo/forgejo/pulls/12115 fixing all i18n strings in-place. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12114 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
36bf4722a2 |
[v15.0/forgejo] i18n(mailer): Fix special usage of .Locale in admin_new_user (#12112)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12009 This PR is in reaction to https://codeberg.org/forgejo/forgejo/issues/1711 . Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12112 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
Mathieu Fenniak
|
c8156fbc60 |
[v15.0/forgejo] Revert "Improve repo file list table semantics for screen readers (#12031)" (#12094)
This reverts commit
|
||
|
forgejo-backport-action
|
3f65795f4d |
[v15.0/forgejo] fix: prevent jobs with unknown needs from running (#12077)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12046 If Forgejo encounters an Actions workflow with unknown jobs in a needs definition, Forgejo will ignore those and run the job anyway. That is bad. For example, releases could be published without any testing because the name of the testing job was misspelt. Workflow that demonstrates the problem: ```yaml on: push: workflow_dispatch: jobs: build: runs-on: debian steps: - run: | echo "OK" test: runs-on: debian needs: [does-not-exist] steps: - run: | echo "OK" ``` Now, before a workflow is run, Forgejo will check whether all jobs referenced in `needs` exist. If any of them does not, it raises a pre-execution error which fails the workflow immediately. It also displays an appropriate error to the user, for example: ``` Workflow was not executed due to an error that blocked the execution attempt. Job with ID test references unknown jobs in `needs`: does-not-exist. ``` Futhermore, workflows with pre-execution errors can no longer be rerun, which was previously possible. Original issue: https://code.forgejo.org/forgejo/runner/issues/977. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Tests for JavaScript changes (can be removed for Go changes) - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12077 Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
f777d93ebd |
[v15.0/forgejo] fix: display runner version on details page (#12063)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12059 Display the version of Forgejo Runner on the runner's detail page. That is useful for diagnostics. Originally, the version was displayed on the overview page, but removed in https://codeberg.org/forgejo/forgejo/pulls/11516 due to space constraints. It should have been moved to the details page, but that never happened. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Tests for JavaScript changes (can be removed for Go changes) - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12063 Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|
forgejo-backport-action
|
0af89931e2 |
[v15.0/forgejo] Revert "fix: add challenge for HTTP Basic Authentication to container registry" (#12060)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12058
This reverts commit
|
