peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-13 06:20:24 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
24968 commits 29 branches 286 tags 267 MiB
Commit graph

889 commits

Author SHA1 Message Date
Renovate Bot
d63724ceab Update module github.com/blevesearch/bleve/v2 to v2.6.0 (forgejo) (#12373) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12373
 2026-05-03 07:29:02 +02:00
Renovate Bot
e9710af24f Update module code.forgejo.org/forgejo/runner/v12 to v12.10.0 (forgejo) (#12392) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12392
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-05-03 06:22:22 +02:00
Renovate Bot
a2557f0f42 Update module github.com/caddyserver/certmagic to v0.25.3 (forgejo) (#12257) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12257
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-05-03 05:57:54 +02:00
Renovate Bot
743b3b4cd9 Update module github.com/minio/minio-go/v7 to v7.1.0 (forgejo) (#11959) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11959
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-05-03 05:15:10 +02:00
Renovate Bot
ee8ad6581c Update module github.com/klauspost/compress to v1.18.6 (forgejo) (#12372) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12372
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-05-03 04:07:02 +02:00
Renovate Bot
8edcb8d4db Update module github.com/fsnotify/fsnotify to v1.10.0 (forgejo) (#12374) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12374
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-05-03 04:06:51 +02:00
Andreas Ahlenstorf
d867b25e72 chore: replace github.com/robfig/cron/v3 (#12365) 
github.com/robfig/cron is used for parsing cron schedules of scheduled Forgejo Actions workflows. It has not seen an update in roughly six years and looks abandoned. There are multiple code paths that trigger panics instead of errors. It is replaced by github.com/gdgvda/cron, which is one of the few maintained forks. github.com/gdgvda/cron was picked because its behaviour is fully backwards-compatible and the developers are responsive.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12365
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-05-01 22:07:22 +02:00
Renovate Bot
e0777227d3 Update module github.com/meilisearch/meilisearch-go to v0.36.2 (forgejo) (#12110) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12110
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-04-30 18:14:25 +02:00
Renovate Bot
81c46e4a7c Update module github.com/mattn/go-sqlite3 to v1.14.44 (forgejo) (#12340) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.42` → `v1.14.44` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.44?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.42/v1.14.44?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.44`](https://github.com/mattn/go-sqlite3/compare/v1.14.43...v1.14.44)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.43...v1.14.44)

### [`v1.14.43`](https://github.com/mattn/go-sqlite3/compare/v1.14.42...v1.14.43)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.42...v1.14.43)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS42IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12340
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
 2026-04-30 16:36:00 +02:00
Renovate Bot
9c4fc72985 Update module connectrpc.com/connect to v1.19.2 (forgejo) (#12210) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12210
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-21 02:21:52 +02:00
Renovate Bot
23b541ce5a Update module code.forgejo.org/forgejo/runner/v12 to v12.9.0 (forgejo) (#12211) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.8.2` → `v12.9.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.9.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.8.2/v12.9.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.9.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.9.0)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.8.2...v12.9.0)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1488): <!--number 1488 --><!--line 0 --><!--description ZmVhdDogdHJpbSB3aGl0ZXNwYWNlIGFyb3VuZCB0b2tlbiwgdmFsaWRhdGUgaXQ=-->feat: trim whitespace around token, validate it<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1481): <!--number 1481 --><!--line 0 --><!--description Zml4OiBpbnRlcnBvbGF0aW9uIG9mIGB3b3JrZmxvd19jYWxsYCBpbnB1dHM=-->fix: interpolation of `workflow_call` inputs<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1485): <!--number 1485 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTguMCBbU0VDVVJJVFld-->Update module github.com/go-git/go-git/v5 to v5.18.0 \[SECURITY]<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1482): <!--number 1482 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOQ==-->Update dependency go to v1.25.9<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1479): <!--number 1479 --><!--line 0 --><!--description VXBkYXRlIGdvLm9wZW50ZWxlbWV0cnkuaW8vb3RlbC9leHBvcnRlcnMvb3RscC9vdGxwdHJhY2Uvb3RscHRyYWNlaHR0cCAoaW5kaXJlY3QpIHRvIHYxLjQzLjAgW1NFQ1VSSVRZXQ==-->Update go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp (indirect) to v1.43.0 \[SECURITY]<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1478): <!--number 1478 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi44LjI=-->Update forgejo-runner to v12.8.2<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMi4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12211
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-21 01:50:24 +02:00
Renovate Bot
c37b4d38b1 Update module github.com/go-webauthn/webauthn to v0.16.5 (forgejo) (#12193) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12193
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-20 02:27:49 +02:00
Renovate Bot
99299a5685 Update module github.com/jackc/pgx/v5 to v5.9.2 (forgejo) (#12188) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `v5.9.1` → `v5.9.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjackc%2fpgx%2fv5/v5.9.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjackc%2fpgx%2fv5/v5.9.1/v5.9.2?slim=true) |

---

### Release Notes

<details>
<summary>jackc/pgx (github.com/jackc/pgx/v5)</summary>

### [`v5.9.2`](https://github.com/jackc/pgx/compare/v5.9.1...v5.9.2)

[Compare Source](https://github.com/jackc/pgx/compare/v5.9.1...v5.9.2)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12188
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-19 04:19:03 +02:00
Renovate Bot
bacd8f365d Update github.com/go-git/go-git/v5 (indirect) to v5.18.0 [SECURITY] (forgejo) (#12174) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.17.1` → `v5.18.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-git%2fgo-git%2fv5/v5.18.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-git%2fgo-git%2fv5/v5.17.1/v5.18.0?slim=true) |

---

### go-git: Credential leak via cross-host redirect in smart HTTP transport
[GHSA-3xc5-wrhm-f963](https://github.com/advisories/GHSA-3xc5-wrhm-f963)

<details>
<summary>More information</summary>

#### Details
##### Impact
`go-git` may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations.

If a remote repository responds to the initial `/info/refs` request with a redirect to a different host, go-git updates the session endpoint to the redirected location and reuses the original authentication for subsequent requests. This can result in the credentials (e.g. Authorization headers) being sent to an unintended host.

An attacker controlling or influencing the redirect target can capture these credentials and potentially reuse them to access the victim’s repositories or other resources, depending on the scope of the credential.

**Clients using `go-git` exclusively with trusted remotes (for example, GitHub or GitLab), and over a secure HTTPS connection, are not affected by this issue.** The risk arises when interacting with untrusted or misconfigured Git servers, or when using unsecured HTTP connections, which is not recommended. Such configurations also expose clients to a broader class of security risks beyond this issue, including credential interception and tampering of repository data.

##### Patches
Users should upgrade to `v5.18.0`, or `v6.0.0-alpha.2`, in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported `go-git` version.

The patched versions add support for configuring [followRedirects](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpfollowRedirects). In line with upstream behaviour, the default is now `initial`, while users can opt into `FollowRedirects` or `NoFollowRedirects` programmatically.

##### Credit
Thanks to the 3 separate reports from @&#8203;celinke97, @&#8203;N0zoM1z0 and @&#8203;AyushParkara. Thanks for finding and reporting this issue privately to the `go-git` project. 🙇

#### Severity
- CVSS Score: 4.7 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N`

#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963](https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963)
- [https://github.com/go-git/go-git](https://github.com/go-git/go-git)

This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-3xc5-wrhm-f963) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>

### [`v5.18.0`](https://github.com/go-git/go-git/releases/tag/v5.18.0)

[Compare Source](https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0)

#### What's Changed

- plumbing: transport/http, Add support for followRedirects policy by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;2004](https://github.com/go-git/go-git/pull/2004)

**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0>

### [`v5.17.2`](https://github.com/go-git/go-git/releases/tag/v5.17.2)

[Compare Source](https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2)

#### What's Changed

- build: Update module github.com/go-git/go-git/v5 to v5.17.1 \[SECURITY] (releases/v5.x) by [@&#8203;go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#&#8203;1941](https://github.com/go-git/go-git/pull/1941)
- dotgit: skip writing pack files that already exist on disk by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;1944](https://github.com/go-git/go-git/pull/1944)

⚠️ This release fixes a bug ([#&#8203;1942](https://github.com/go-git/go-git/issues/1942)) that blocked some users from upgrading to `v5.17.1`. Thanks [@&#8203;pskrbasu](https://github.com/pskrbasu) for reporting it. 🙇

**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12174
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-18 05:10:44 +02:00
Mathieu Fenniak
c7b5026f59 chore: bump xorm to v1.3.9-forgejo.11 (#12153) 
Should fix intermittent test failures in Forgejo's integration test suite, in [`TestPackageDebianConcurrent`](https://codeberg.org/forgejo-integration/forgejo/actions/runs/16661/jobs/3/attempt/1#jobstep-5-1271), where this error is occurring.  Will be backported to v15 as the same test is present there, to keep the LTS tests healthy.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12153
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
 2026-04-16 23:42:08 +02:00
Renovate Bot
160cd930ff Update module golang.org/x/net to v0.53.0 (forgejo) (#12069) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12069
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-11 22:16:09 +02:00
Renovate Bot
92b95414e8 Update module github.com/go-webauthn/webauthn to v0.16.4 (forgejo) (#11958) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11958
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-11 21:21:46 +02:00
Renovate Bot
bf68be21e7 Update module golang.org/x/image to v0.39.0 (forgejo) (#12068) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12068
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-11 19:18:59 +02:00
Renovate Bot
d9176897d0 Update module golang.org/x/text to v0.36.0 (forgejo) (#12070) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12070
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-11 19:18:41 +02:00
Renovate Bot
988d702480 Update module code.superseriousbusiness.org/exif-terminator to v0.11.2 (forgejo) (#12087) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12087
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-11 04:33:53 +02:00
Renovate Bot
65044ca765 Update module github.com/mattn/go-sqlite3 to v1.14.42 (forgejo) (#12051) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.40` → `v1.14.42` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.42?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.40/v1.14.42?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.42`](https://github.com/mattn/go-sqlite3/compare/v1.14.41...v1.14.42)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.41...v1.14.42)

### [`v1.14.41`](https://github.com/mattn/go-sqlite3/compare/v1.14.40...v1.14.41)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.40...v1.14.41)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC40IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12051
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-09 18:01:45 +02:00
Renovate Bot
b2617cf0bb Update module golang.org/x/sys to v0.43.0 (forgejo) (#12052) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12052
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-09 09:29:43 +02:00
Renovate Bot
7069203e3e Update module github.com/mattn/go-isatty to v0.0.21 (forgejo) (#12049) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12049
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-09 09:26:30 +02:00
Renovate Bot
24af9cf8ee Update module github.com/go-enry/go-enry/v2 to v2.9.6 (forgejo) (#11989) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11989
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-08 19:59:58 +02:00
Renovate Bot
8b7327c344 Update module code.forgejo.org/forgejo/runner/v12 to v12.8.2 (forgejo) (#12011) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.8.0` → `v12.8.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.8.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.8.0/v12.8.2?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.8.2`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.8.2)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.8.1...v12.8.2)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1477): <!--number 1477 --><!--line 0 --><!--description Zml4OiByZXR1cm4gZXJyb3Igd2hlbiBgb25lLWpvYmAgcmVjZWl2ZXMgbm8gdGFzaw==-->fix: return error when `one-job` receives no task<!--description-->

<!--end release-notes-assistant-->

### [`v12.8.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.8.1)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.8.0...v12.8.1)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1476): <!--number 1476 --><!--line 0 --><!--description Zml4OiB1c2UgYF57Y29tbWl0fWAgdG8gYWN0dWFsbHkgbGV0IGByZXYtcGFyc2VgIHJlc29sdmUgdG8gdGhlIGNvbW1pdA==-->fix: use `^{commit}` to actually let `rev-parse` resolve to the commit<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1474): <!--number 1474 --><!--line 0 --><!--description Y2hvcmU6IHVwZ3JhZGUgTW9ja2VyeSB0byB2Mw==-->chore: upgrade Mockery to v3<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC40IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12011
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-08 17:13:10 +02:00
Mathieu Fenniak
15b4c5efe8 chore(deps): bump xorm to v1.3.9-forgejo.10 (#11992) 
Brings [deadlock error type](https://code.forgejo.org/xorm/xorm/pulls/95), which should allow fixing #11968.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11992
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
 2026-04-05 16:36:57 +02:00
Andreas Ahlenstorf
df86b495dc feat: support timezone in scheduled workflows (#11851) 
GitHub recently added the ability to [specify a time zone for scheduled workflows](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#onschedule), thereby making it possible to run scheduled workflows at a certain local time, no matter whether daylight saving time (DST) is currently active or not. Example copied from GitHub's documentation:

```yaml
on:
  schedule:
    - cron: '30 5 * * 1-5'
      timezone: "America/New_York"
```

The workflow would run at 05:30 each morning in the America/New_York timezone every Monday through Friday. `timezone` accepts IANA time zone names. If `timezone` is absent, `Etc/UTC` is used. GitHub runs workflows that were scheduled during DST jumps forward, for example, between 2 o'clock and 3 o'clock, directly after the clock jumped forward. In this case, that would be 3 o'clock.

Forgejo already supports time zones by prepending cron schedules with `TZ=<zone-id>` or `CRON_TZ=<zone-id>`:

```yaml
on:
  schedule:
    - cron: 'CRON_TZ=America/New_York 30 5 * * 1-5'
```

However, that capability is not documented. Workflows that are scheduled to run during DST changes are skipped when the clock jumps forward and run twice when it jumps backward.

This two-part PR adds support for `timezone` to improve compatibility with GitHub. `TZ` and `CRON_TZ` continue working. When both `timezone` and `TZ` or `CRON_TZ` are present, `timezone` takes precedence. When neither `timezone` nor `TZ` nor `CRON_TZ` are present, `Etc/UTC` is used as before. Because `TZ` and `CRON_TZ` were already supported by Forgejo before GitHub introduced `timezone`, `timezone` behaves during DST changes as previous versions of Forgejo, thereby deviating from GitHub. That means that workflows that are scheduled to run during DST changes are skipped when the clock jumps forward. And they run twice when it jumps backwards. However, it is generally recommended not to schedule workflows during the time of day when DST changes occur.

This part of the PR integrates the [workflow validation and parsing of the `timezone` field](https://code.forgejo.org/forgejo/runner/pulls/1454) supplied by Forgejo Runner.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - https://codeberg.org/forgejo/docs/pulls/1853
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11851): <!--number 11851 --><!--line 0 --><!--description c3VwcG9ydCBgdGltZXpvbmVgIGluIHNjaGVkdWxlZCB3b3JrZmxvd3M=-->support `timezone` in scheduled workflows<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: Renovate Bot <bot@kriese.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11851
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
 2026-04-04 18:23:06 +02:00
Renovate Bot
267f90c97a Update module code.forgejo.org/go-chi/session to v1.0.4 (forgejo) (#11976) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/go-chi/session](https://code.forgejo.org/go-chi/session) | `v1.0.3` → `v1.0.4` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fgo-chi%2fsession/v1.0.4?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fgo-chi%2fsession/v1.0.3/v1.0.4?slim=true) |

---

### Release Notes

<details>
<summary>go-chi/session (code.forgejo.org/go-chi/session)</summary>

### [`v1.0.4`](https://code.forgejo.org/go-chi/session/compare/v1.0.3...v1.0.4)

[Compare Source](https://code.forgejo.org/go-chi/session/compare/v1.0.3...v1.0.4)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11976
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-04 03:54:32 +02:00
Renovate Bot
2027ccd994 Update module github.com/mattn/go-sqlite3 to v1.14.40 (forgejo) (#11977) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.38` → `v1.14.40` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.40?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.38/v1.14.40?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.40`](https://github.com/mattn/go-sqlite3/compare/v1.14.39...v1.14.40)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.39...v1.14.40)

### [`v1.14.39`](https://github.com/mattn/go-sqlite3/compare/v1.14.38...v1.14.39)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.38...v1.14.39)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11977
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-04 02:41:07 +02:00
famfo
2fc3144de4 chore: update github.com/go-ap/activitypub to 902f6cf (#11301) 
Picks the update commit from https://codeberg.org/forgejo/forgejo/pulls/11200 and fixes the new incompatibilities.

I ran full end-to-end tests against Forgejo and basic end-to-end tests against GoToSocial which appear to be working.

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11301
Reviewed-by: elle <0xllx0@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
 2026-04-02 23:57:13 +02:00
Renovate Bot
6fa7bf933a Update module github.com/inbucket/html2text to v1 (forgejo) (#11946) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11946
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-01 22:21:33 +02:00
Renovate Bot
2469344824 Update module github.com/PuerkitoBio/goquery to v1.12.0 (forgejo) (#11941) 
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-01 20:16:03 +02:00
Renovate Bot
9e3c3e5d53 Update module github.com/yuin/goldmark to v1.8.2 (forgejo) (#11808) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11808
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-01 03:35:45 +02:00
Renovate Bot
34937d9305 Update github.com/google/pprof digest to a15ffb7 (forgejo) (#11920) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11920
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-04-01 02:13:47 +02:00
Renovate Bot
7886e74b25 Update github.com/go-git/go-git/v5 (indirect) to v5.17.1 [SECURITY] (forgejo) (#11897) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.17.0` → `v5.17.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-git%2fgo-git%2fv5/v5.17.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-git%2fgo-git%2fv5/v5.17.0/v5.17.1?slim=true) |

---

### go-git missing validation decoding Index v4 files leads to panic
[CVE-2026-33762](https://nvd.nist.gov/vuln/detail/CVE-2026-33762) / [GHSA-gm2x-2g9h-ccm8](https://github.com/advisories/GHSA-gm2x-2g9h-ccm8)

<details>
<summary>More information</summary>

#### Details
##### Impact

`go-git`’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing.

This issue only affects Git index format version 4. Earlier formats (`go-git` supports only `v2` and `v3`) are not vulnerable to this issue.

An attacker able to supply a crafted `.git/index` file can cause applications using go-git to panic while reading the index. If the application does not recover from panics, this results in process termination, leading to a denial-of-service (DoS) condition.

Exploitation requires the ability to modify or inject a Git index file within the local repository in disk. This typically implies write access to the `.git` directory.

##### Patches

Users should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions), in order to mitigate this vulnerability.

##### Credit

go-git maintainers thank @&#8203;kq5y for finding and reporting this issue privately to the `go-git` project.

#### Severity
- CVSS Score: 2.8 / 10 (Low)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L`

#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8](https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8)
- [https://github.com/go-git/go-git](https://github.com/go-git/go-git)

This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-gm2x-2g9h-ccm8) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### go-git: Maliciously crafted idx file can cause asymmetric memory consumption
[CVE-2026-34165](https://nvd.nist.gov/vuln/detail/CVE-2026-34165) / [GHSA-jhf3-xxhw-2wpp](https://github.com/advisories/GHSA-jhf3-xxhw-2wpp)

<details>
<summary>More information</summary>

#### Details
##### Impact

A vulnerability has been identified in which a maliciously crafted `.idx` file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.

Exploitation requires write access to the local repository's `.git` directory, it order to create or alter existing `.idx` files.

##### Patches

Users should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions), in order to mitigate this vulnerability.

##### Credit

The go-git maintainers thank @&#8203;kq5y for finding and reporting this issue privately to the `go-git` project.

#### Severity
- CVSS Score: 5.0 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H`

#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp](https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp)
- [https://github.com/go-git/go-git](https://github.com/go-git/go-git)
- [https://github.com/go-git/go-git/releases/tag/v5.17.1](https://github.com/go-git/go-git/releases/tag/v5.17.1)

This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-jhf3-xxhw-2wpp) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>

### [`v5.17.1`](https://github.com/go-git/go-git/releases/tag/v5.17.1)

[Compare Source](https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1)

#### What's Changed

- build: Update module github.com/cloudflare/circl to v1.6.3 \[SECURITY] (releases/v5.x) by [@&#8203;go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#&#8203;1930](https://github.com/go-git/go-git/pull/1930)
- \[v5] plumbing: format/index, Improve v4 entry name validation by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;1935](https://github.com/go-git/go-git/pull/1935)
- \[v5] plumbing: format/idxfile, Fix version and fanout checks by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;1937](https://github.com/go-git/go-git/pull/1937)

**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11897
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-31 02:49:54 +02:00
Renovate Bot
3ec8e96646 Update module github.com/mattn/go-sqlite3 to v1.14.38 (forgejo) (#11902) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.37` → `v1.14.38` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.38?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.37/v1.14.38?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.38`](https://github.com/mattn/go-sqlite3/compare/v1.14.37...v1.14.38)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.37...v1.14.38)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11902
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-31 02:42:52 +02:00
Renovate Bot
a6ee3e61cc Update module github.com/urfave/cli/v3 to v3.8.0 (forgejo) (#11834) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11834
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-30 01:52:22 +02:00
Renovate Bot
b68caa311f Update module github.com/klauspost/compress to v1.18.5 (forgejo) (#11764) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11764
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-27 06:51:45 +01:00
Mathieu Fenniak
e823e8cd69 fix: duplicate key violates unique constraint in concurrent debian package uploads (#11776) 
Fixes #11438.

Whenever a "unique constraint violation" error is encountered by package mutation, detect if a `xorm.ErrUniqueConstraintViolation` error occurs.  If it does, retry the entire transaction.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11776
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
 2026-03-26 21:50:25 +01:00
Renovate Bot
7c7c6ba3b7 Update module golang.org/x/image to v0.38.0 [SECURITY] (forgejo) (#11818) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [golang.org/x/image](https://pkg.go.dev/golang.org/x/image) | [`v0.37.0` → `v0.38.0`](https://cs.opensource.google/go/x/image/+/refs/tags/v0.37.0...refs/tags/v0.38.0) | ![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fimage/v0.38.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fimage/v0.37.0/v0.38.0?slim=true) |

---

### OOM from malicious IFD offset in golang.org/x/image/tiff
[CVE-2026-33809](https://nvd.nist.gov/vuln/detail/CVE-2026-33809) / [GO-2026-4815](https://pkg.go.dev/vuln/GO-2026-4815)

<details>
<summary>More information</summary>

#### Details
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

#### Severity
Unknown

#### References
- [https://go.dev/cl/757660](https://go.dev/cl/757660)
- [https://go.dev/issue/78267](https://go.dev/issue/78267)

This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-4815) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)).
</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11818
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-26 15:32:35 +01:00
Renovate Bot
595a4ca303 Update module code.forgejo.org/forgejo/actions-proto to v0.7.0 (forgejo) (#11806) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/actions-proto](https://code.forgejo.org/forgejo/actions-proto) | `v0.6.0` → `v0.7.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2factions-proto/v0.7.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2factions-proto/v0.6.0/v0.7.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/actions-proto (code.forgejo.org/forgejo/actions-proto)</summary>

### [`v0.7.0`](https://code.forgejo.org/forgejo/actions-proto/releases/tag/v0.7.0)

[Compare Source](https://code.forgejo.org/forgejo/actions-proto/compare/v0.6.0...v0.7.0)

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/actions-proto-->

- features
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/18): <!--number 18 --><!--line 0 --><!--description ZmVhdDogc3VwcG9ydCByZXF1ZXN0aW5nIGEgc3BlY2lmaWMgam9i-->feat: support requesting a specific job<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/17): <!--number 17 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTEuMw==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.11.3<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/16): <!--number 16 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTEuMg==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.11.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/15): <!--number 15 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTAuMA==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.10.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/14): <!--number 14 --><!--line 0 --><!--description Y2k6IHB1Ymxpc2ggcmVsZWFzZXMgKHRha2UyKQ==-->ci: publish releases (take2)<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/13): <!--number 13 --><!--line 0 --><!--description Y2k6IHB1Ymxpc2ggcmVsZWFzZXM=-->ci: publish releases<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11806
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-25 02:02:33 +01:00
Renovate Bot
3932389bcc Update module code.forgejo.org/forgejo/runner/v12 to v12.7.3 (forgejo) (#11804) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.7.2` → `v12.7.3` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.2/v12.7.3?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.7.3`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.7.3)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.7.2...v12.7.3)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1436): <!--number 1436 --><!--line 0 --><!--description ZmVhdDogc2V0IGEgY3VzdG9tIHVzZXItYWdlbnQgaGVhZGVyIGZvciBhbGwgZ1JQQyByZXF1ZXN0cw==-->feat: set a custom user-agent header for all gRPC requests<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1448): <!--number 1448 --><!--line 0 --><!--description Zml4OiByZXBsYWNlIGBsb2dnZXIuUGFuaWNmYCB3aXRoIHBhbmljcyB0aGF0IGhhdmUgYSB1c2VmdWwgZXJyb3IgbWVzc2FnZQ==-->fix: replace `logger.Panicf` with panics that have a useful error message<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1445): <!--number 1445 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTEuNA==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.11.4<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1439): <!--number 1439 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuMTE=-->Update data.forgejo.org/forgejo/forgejo Docker tag to v11.0.11<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1440): <!--number 1440 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9ydW5uZXIgRG9ja2VyIHRhZyB0byB2MTIuNy4y-->Update data.forgejo.org/forgejo/runner Docker tag to v12.7.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1431): <!--number 1431 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTEuMw==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.11.3<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1434): <!--number 1434 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjcuMg==-->Update dependency forgejo/runner to v12.7.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1435): <!--number 1435 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdGVybSB0byB2MC40MS4w-->Update module golang.org/x/term to v0.41.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1433): <!--number 1433 --><!--line 0 --><!--description Rml4IGlzc3VlcyB3aXRoIHRlc3RzIG9uIFdpbmRvd3M=-->Fix issues with tests on Windows<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1437): <!--number 1437 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuOA==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.8<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1432): <!--number 1432 --><!--line 0 --><!--description dGVzdDogYWRkIHRlc3QgZm9yIGNvbW1hbmQgb25lLWpvYg==-->test: add test for command one-job<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11804
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-25 01:00:50 +01:00
Renovate Bot
ce1c0dc2cc Update module github.com/jackc/pgx/v5 to v5.9.1 (forgejo) (#11772) 
This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `v5.8.0` → `v5.9.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjackc%2fpgx%2fv5/v5.9.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjackc%2fpgx%2fv5/v5.8.0/v5.9.1?slim=true) |

---

### Release Notes

<details>
<summary>jackc/pgx (github.com/jackc/pgx/v5)</summary>

### [`v5.9.1`](https://github.com/jackc/pgx/compare/v5.9.0...v5.9.1)

[Compare Source](https://github.com/jackc/pgx/compare/v5.9.0...v5.9.1)

### [`v5.9.0`](https://github.com/jackc/pgx/compare/v5.8.0...v5.9.0)

[Compare Source](https://github.com/jackc/pgx/compare/v5.8.0...v5.9.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My43Ni4yIiwidXBkYXRlZEluVmVyIjoiNDMuNzYuMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11772
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-22 18:09:42 +01:00
Gusted
dc65408618 Update module code.forgejo.org/go-chi/session to v1.0.3 (forgejo) (#11324) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11324
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
 2026-03-20 08:18:51 +01:00
Renovate Bot
0d879c48ef Update module github.com/yuin/goldmark to v1.7.17 (forgejo) (#11751) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11751
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-20 07:04:54 +01:00
Renovate Bot
d2db9b2691 Update module golang.org/x/oauth2 to v0.36.0 (forgejo) (#11741) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11741
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-19 04:30:22 +01:00
Renovate Bot
fcf306f6fe Update module github.com/go-webauthn/webauthn to v0.16.1 (forgejo) (#11674) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11674
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-19 04:16:19 +01:00
Renovate Bot
de046a9e92 Update module mvdan.cc/xurls/v2 to v2.6.0 (forgejo) (#11744) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11744
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-19 03:41:21 +01:00
Renovate Bot
64257d4c95 Update module golang.org/x/net to v0.52.0 (forgejo) (#11740) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11740
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-19 02:20:44 +01:00
Renovate Bot
4ce44e24d6 Update module github.com/ProtonMail/go-crypto to v1.4.1 (forgejo) (#11738) 
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11738
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
 2026-03-19 01:29:29 +01:00