Renovate Bot
ec098a93dd
Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (v11.0/forgejo) ( #11898 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) | `v5.16.5` → `v5.17.1` |  |  |
---
> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2779) for more information.
---
### go-git missing validation decoding Index v4 files leads to panic
[CVE-2026-33762](https://nvd.nist.gov/vuln/detail/CVE-2026-33762 ) / [GHSA-gm2x-2g9h-ccm8](https://github.com/advisories/GHSA-gm2x-2g9h-ccm8 )
<details>
<summary>More information</summary>
#### Details
##### Impact
`go-git`’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing.
This issue only affects Git index format version 4. Earlier formats (`go-git` supports only `v2` and `v3`) are not vulnerable to this issue.
An attacker able to supply a crafted `.git/index` file can cause applications using go-git to panic while reading the index. If the application does not recover from panics, this results in process termination, leading to a denial-of-service (DoS) condition.
Exploitation requires the ability to modify or inject a Git index file within the local repository in disk. This typically implies write access to the `.git` directory.
##### Patches
Users should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions ), in order to mitigate this vulnerability.
##### Credit
go-git maintainers thank @​kq5y for finding and reporting this issue privately to the `go-git` project.
#### Severity
- CVSS Score: 2.8 / 10 (Low)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L`
#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 ](https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8 )
- [https://github.com/go-git/go-git ](https://github.com/go-git/go-git )
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-gm2x-2g9h-ccm8 ) and the [GitHub Advisory Database](https://github.com/github/advisory-database ) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md )).
</details>
---
### go-git: Maliciously crafted idx file can cause asymmetric memory consumption
[CVE-2026-34165](https://nvd.nist.gov/vuln/detail/CVE-2026-34165 ) / [GHSA-jhf3-xxhw-2wpp](https://github.com/advisories/GHSA-jhf3-xxhw-2wpp )
<details>
<summary>More information</summary>
#### Details
##### Impact
A vulnerability has been identified in which a maliciously crafted `.idx` file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.
Exploitation requires write access to the local repository's `.git` directory, it order to create or alter existing `.idx` files.
##### Patches
Users should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions ), in order to mitigate this vulnerability.
##### Credit
The go-git maintainers thank @​kq5y for finding and reporting this issue privately to the `go-git` project.
#### Severity
- CVSS Score: 5.0 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H`
#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp ](https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp )
- [https://github.com/go-git/go-git ](https://github.com/go-git/go-git )
- [https://github.com/go-git/go-git/releases/tag/v5.17.1 ](https://github.com/go-git/go-git/releases/tag/v5.17.1 )
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-jhf3-xxhw-2wpp ) and the [GitHub Advisory Database](https://github.com/github/advisory-database ) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md )).
</details>
---
### Release Notes
<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>
### [`v5.17.1`](https://github.com/go-git/go-git/releases/tag/v5.17.1 )
[Compare Source](https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1 )
#### What's Changed
- build: Update module github.com/cloudflare/circl to v1.6.3 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://github.com/go-git-renovate )\[bot] in [#​1930](https://github.com/go-git/go-git/pull/1930 )
- \[v5] plumbing: format/index, Improve v4 entry name validation by [@​pjbgf](https://github.com/pjbgf ) in [#​1935](https://github.com/go-git/go-git/pull/1935 )
- \[v5] plumbing: format/idxfile, Fix version and fanout checks by [@​pjbgf](https://github.com/pjbgf ) in [#​1937](https://github.com/go-git/go-git/pull/1937 )
**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1 >
### [`v5.17.0`](https://github.com/go-git/go-git/releases/tag/v5.17.0 )
[Compare Source](https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0 )
#### What's Changed
- build: Update module github.com/go-git/go-git/v5 to v5.16.5 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://github.com/go-git-renovate )\[bot] in [#​1839](https://github.com/go-git/go-git/pull/1839 )
- git: worktree, optimize infiles function for very large repos by [@​k-anshul](https://github.com/k-anshul ) in [#​1853](https://github.com/go-git/go-git/pull/1853 )
- git: Add strict checks for supported extensions by [@​pjbgf](https://github.com/pjbgf ) in [#​1861](https://github.com/go-git/go-git/pull/1861 )
- backport, git: Improve Status() speed with new index.ModTime check by [@​cedric-appdirect](https://github.com/cedric-appdirect ) in [#​1862](https://github.com/go-git/go-git/pull/1862 )
- storage: filesystem, Avoid overwriting loose obj files by [@​pjbgf](https://github.com/pjbgf ) in [#​1864](https://github.com/go-git/go-git/pull/1864 )
**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.16.5...v5.17.0 >
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6InYxMS4wL2Zvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11898
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-03-31 02:49:22 +02:00
Renovate Bot
9b27191393
Update module golang.org/x/net to v0.51.0 [SECURITY] (v11.0/forgejo) ( #11831 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [golang.org/x/net](https://pkg.go.dev/golang.org/x/net ) | [`v0.50.0` → `v0.51.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.50.0...refs/tags/v0.51.0 ) |  |  |
---
> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2779) for more information.
---
### Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net
[CVE-2026-27141](https://nvd.nist.gov/vuln/detail/CVE-2026-27141 ) / [GO-2026-4559](https://pkg.go.dev/vuln/GO-2026-4559 )
<details>
<summary>More information</summary>
#### Details
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic
#### Severity
Unknown
#### References
- [https://nvd.nist.gov/vuln/detail/CVE-2026-27141 ](https://nvd.nist.gov/vuln/detail/CVE-2026-27141 )
- [https://go.dev/cl/746180 ](https://go.dev/cl/746180 )
- [https://go.dev/issue/77652 ](https://go.dev/issue/77652 )
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-4559 ) and the [Go Vulnerability Database](https://github.com/golang/vulndb ) ([CC-BY 4.0](https://github.com/golang/vulndb#license )).
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6InYxMS4wL2Zvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11831
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-03-26 19:18:21 +01:00
Renovate Bot
099cbe5569
Update module golang.org/x/image to v0.38.0 [SECURITY] (v11.0/forgejo) ( #11819 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11819
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-03-26 17:27:28 +01:00
Renovate Bot
b50073eb0d
Update dependency go to v1.25.8 (v11.0/forgejo) ( #11526 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11526
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-03-06 07:43:56 +01:00
Renovate Bot
d5c4db0428
Update github.com/golang-jwt/jwt/v4 (indirect) to v4.5.2 [SECURITY] (v11.0/forgejo) ( #11496 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11496
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-03-05 08:41:49 +01:00
Renovate Bot
afee520971
Update github.com/cloudflare/circl (indirect) to v1.6.3 [SECURITY] (v11.0/forgejo) ( #11495 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11495
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-03-04 17:38:12 +01:00
Renovate Bot
42827e182b
Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (v11.0/forgejo) ( #11396 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11396
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-02-22 09:11:13 +01:00
Renovate Bot
f8992cc825
Update module github.com/go-chi/chi/v5 to v5.2.4 [SECURITY] (v11.0/forgejo) ( #11394 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11394
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
2026-02-22 09:09:27 +01:00
Renovate Bot
e60149d2d6
Update dependency go to v1.25.7 (v11.0/forgejo) ( #11167 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11167
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2026-02-06 06:58:59 +01:00
Renovate Bot
84f236c43d
Update dependency go to v1.25.6 (v11.0/forgejo) ( #10852 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [go](https://go.dev/ ) ([source](https://github.com/golang/go )) | toolchain | patch | `1.25.5` -> `1.25.6` |
---
> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43OC4yIiwidXBkYXRlZEluVmVyIjoiNDIuNzguMiIsInRhcmdldEJyYW5jaCI6InYxMS4wL2Zvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10852
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2026-01-16 02:12:27 +01:00
Renovate Bot
03faf5f9d1
Update dependency go to v1.25.5 (v11.0/forgejo) ( #10304 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [go](https://go.dev/ ) ([source](https://github.com/golang/go )) | toolchain | patch | `1.25.3` -> `1.25.5` |
---
> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4yNy41IiwidXBkYXRlZEluVmVyIjoiNDIuMjcuNSIsInRhcmdldEJyYW5jaCI6InYxMS4wL2Zvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10304
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-12-03 03:07:07 +01:00
Renovate Bot
171b05c946
Update module golang.org/x/crypto to v0.45.0 (v11.0/forgejo) ( #10174 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10174
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-11-20 01:57:46 +01:00
Renovate Bot
1985eb17fa
Update module golang.org/x/crypto to v0.44.0 (v11.0/forgejo) ( #10134 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10134
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-11-19 17:04:06 +01:00
Mathieu Fenniak
63ec90b0ef
[v11.0/forgejo] feat: Replace mholt/archiver/v3 with mholt/archives ( #7025 ) ( #10043 )
...
**Backport:** #7025
Resolves #6266
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7025
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Co-committed-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Backported due to `make security-check` failing in `v11.0/forgejo` branch due to a new registered vulnerability in the github.com/nwaples/rardecode.
```
/home/forgejo/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.3.linux-amd64/bin/go run golang.org/x/vuln/cmd/govulncheck@v1 ./...
=== Symbol Results ===
Vulnerability #1 : GO-2025-4020
DoS risk due to unrestricted RAR dictionary sizes in
github.com/nwaples/rardecode
More info: https://pkg.go.dev/vuln/GO-2025-4020
Module: github.com/nwaples/rardecode
Found in: github.com/nwaples/rardecode@v1.1.3
Fixed in: N/A
Example traces found:
#1 : modules/git/repo_commit.go:263:24: git.Repository.CommitsByFileAndRange calls io.ReadFull, which eventually calls rardecode.cipherBlockReader.Read
#2 : modules/packages/arch/metadata.go:22:2: arch.init calls archiver.init, which calls rardecode.init
#3 : modules/git/repo_language_stats.go:198:32: git.Repository.GetLanguageStats calls bytes.Buffer.ReadFrom, which calls rardecode.limitedReader.Read
Your code is affected by 1 vulnerability from 1 module.
This scan also found 1 vulnerability in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
exit status 3
make: *** [Makefile:526: security-check] Error 1
```
Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10043
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-11-10 17:30:23 +01:00
Mathieu Fenniak
9074bf666c
[v11.0/forgejo] chore: update go target language version to v1.25.0 ( #9828 )
...
Manual backport #9822 to v11.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/ ) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md ). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org ).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests )).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs ) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9828
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2025-10-23 22:11:05 +02:00
Renovate Bot
e5b73ec69d
Update golang packages to v1.25 (v11.0/forgejo) (minor) ( #9821 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [go](https://go.dev/ ) ([source](https://github.com/golang/go )) | toolchain | minor | `1.24.6` -> `1.25.3` |
| [go](https://go.dev/ ) ([source](https://github.com/golang/go )) | golang | minor | `1.24` -> `1.25` |
---
> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTIuOSIsInVwZGF0ZWRJblZlciI6IjQxLjE1Mi45IiwidGFyZ2V0QnJhbmNoIjoidjExLjAvZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9821
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-10-23 20:12:49 +02:00
Renovate Bot
f73db56f00
Update module github.com/ulikunitz/xz to v0.5.15 [SECURITY] (v11.0/forgejo) ( #9152 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9152
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-09-04 00:46:52 +02:00
Renovate Bot
e7b4962823
Update dependency go to v1.24.6 (v11.0/forgejo) ( #8811 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [go](https://go.dev/ ) ([source](https://github.com/golang/go )) | toolchain | patch | `1.24.3` -> `1.24.6` |
---
> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS41MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuNTEuMSIsInRhcmdldEJyYW5jaCI6InYxMS4wL2Zvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8811
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-08-07 16:45:08 +02:00
Renovate Bot
2578672d09
Update module github.com/go-chi/chi/v5 to v5.2.2 (v11.0/forgejo) ( #8814 )
...
This PR contains the following updates:
| Package | Change | Age | Confidence |
|---|---|---|---|
| [github.com/go-chi/chi/v5](https://github.com/go-chi/chi ) | `v5.2.0` -> `v5.2.2` | [](https://docs.renovatebot.com/merge-confidence/ ) | [](https://docs.renovatebot.com/merge-confidence/ ) |
---
> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
---
### Release Notes
<details>
<summary>go-chi/chi (github.com/go-chi/chi/v5)</summary>
### [`v5.2.2`](https://github.com/go-chi/chi/releases/tag/v5.2.2 )
[Compare Source](https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2 )
#### What's Changed
- Use strings.Cut in a few places by [@​JRaspass](https://github.com/JRaspass ) in https://github.com/go-chi/chi/pull/971
- Fix non-constant format strings in t.Fatalf by [@​JRaspass](https://github.com/JRaspass ) in https://github.com/go-chi/chi/pull/972
- Apply fieldalignment fixes to optimize struct memory layout by [@​pixel365](https://github.com/pixel365 ) in https://github.com/go-chi/chi/pull/974
- go 1.24 by [@​pkieltyka](https://github.com/pkieltyka ) in https://github.com/go-chi/chi/pull/977
- chore: delint ioutil usage by [@​costela](https://github.com/costela ) in https://github.com/go-chi/chi/pull/962
- Fixed typo in Router interface definition by [@​mithileshgupta12](https://github.com/mithileshgupta12 ) in https://github.com/go-chi/chi/pull/958
- Add support for TinyGo by [@​efraimbart](https://github.com/efraimbart ) in https://github.com/go-chi/chi/pull/978
- Exclude middleware/profiler.go in TinyGo, as there's no net/http/pprof pkg by [@​cxjava](https://github.com/cxjava ) in https://github.com/go-chi/chi/pull/982
- Make use of strings.Cut by [@​scop](https://github.com/scop ) in https://github.com/go-chi/chi/pull/1005
- Change install command format to code block by [@​sglkc](https://github.com/sglkc ) in https://github.com/go-chi/chi/pull/1001
- Correct documentation by [@​mrdomino](https://github.com/mrdomino ) in https://github.com/go-chi/chi/pull/992
#### Security fix
- Fixes [GHSA-vrw8-fxc6-2r93](https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93 ) - "Host Header Injection Leads to Open Redirect in RedirectSlashes" [commit](1be7ad938chttps://github.com/anuraagbaishya ). Thank you!
#### New Contributors
- [@​pixel365](https://github.com/pixel365 ) made their first contribution in https://github.com/go-chi/chi/pull/974
- [@​mithileshgupta12](https://github.com/mithileshgupta12 ) made their first contribution in https://github.com/go-chi/chi/pull/958
- [@​efraimbart](https://github.com/efraimbart ) made their first contribution in https://github.com/go-chi/chi/pull/978
- [@​cxjava](https://github.com/cxjava ) made their first contribution in https://github.com/go-chi/chi/pull/982
- [@​sglkc](https://github.com/sglkc ) made their first contribution in https://github.com/go-chi/chi/pull/1001
- [@​mrdomino](https://github.com/mrdomino ) made their first contribution in https://github.com/go-chi/chi/pull/992
**Full Changelog**: https://github.com/go-chi/chi/compare/v5.2.1...v5.2.2
### [`v5.2.1`](https://github.com/go-chi/chi/releases/tag/v5.2.1 )
[Compare Source](https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1 )
#### ⚠️ Chi supports Go 1.20+
Starting this release, we will now support the four most recent major versions of Go. See https://github.com/go-chi/chi/issues/963 for related discussion.
#### What's Changed
- Support the four most recent major versions of Go by [@​VojtechVitek](https://github.com/VojtechVitek ) in https://github.com/go-chi/chi/pull/969
**Full Changelog**: https://github.com/go-chi/chi/compare/v5.2.0...v5.2.1
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS41MS4xIiwidXBkYXRlZEluVmVyIjoiNDEuNTEuMSIsInRhcmdldEJyYW5jaCI6InYxMS4wL2Zvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8814
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-08-07 14:47:14 +02:00
forgejo-backport-action
c72fd88d35
[v11.0/forgejo] fix: do not fail when release or wiki is set in /repos/migrate API ( #8167 )
...
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/8155
* convert updateRepoUnits to not rely on ctx to retrieve the repo
* Add integration test
* do not activate releases if `wiki: true`. This is unexpected and there is no evidence it is necessary.
Refs https://codeberg.org/forgejo/forgejo/issues/8082
---
The test is minimal for the sake of backporting. It is verified to reproduce the bug if the fix is not present.
```sh
$ make TAGS='sqlite sqlite_unlock_notify' 'test-sqlite#TestAPIRepoMigrate'
...
=== TestAPIRepoMigrate (tests/integration/api_repo_test.go:388)
--- FAIL: TestAPIRepoMigrate (1.12s)
testlogger.go:411: 2025/06/11 17:38:22 ...les/storage/local.go:33:NewLocalStorage() [I] Creating new Local Storage at /home/earl-warren/software/forgejo/tests/gitea-lfs-meta
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/login for test-mock:12345, 200 OK in 2.1ms @ auth/auth.go:145(auth.SignIn)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/login for test-mock:12345, 303 See Other in 2.1ms @ auth/auth.go:179(auth.SignInPost)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/settings/applications for test-mock:12345, 200 OK in 3.8ms @ setting/applications.go:25(setting.Applications)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/settings/applications for test-mock:12345, 303 See Other in 5.1ms @ setting/applications.go:35(setting.ApplicationsPost)
testlogger.go:411: 2025/06/11 17:38:22 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/settings/applications for test-mock:12345, 200 OK in 2.9ms @ setting/applications.go:25(setting.Applications)
testlogger.go:411: 2025/06/11 17:38:23 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/v1/repos/migrate for test-mock:12345, 0 in 992.0ms @ repo/migrate.go:38(repo.Migrate)
api_repo_test.go:400:
Error Trace: /home/earl-warren/software/forgejo/tests/integration/api_repo_test.go:400
Error: Not equal:
expected: 201
actual : 200
Test: TestAPIRepoMigrate
api_repo_test.go:402:
Error Trace: /home/earl-warren/software/forgejo/tests/integration/integration_test.go:649
/home/earl-warren/software/forgejo/tests/integration/api_repo_test.go:402
Error: Received unexpected error:
EOF
Test: TestAPIRepoMigrate
```
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/ ) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md ). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org ).
### Tests
- I added test coverage for Go changes...
- [ ] in their respective `*_test.go` for unit tests.
- [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests )).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs ) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-- >
- Bug fixes
- [PR](https://codeberg.org/forgejo/forgejo/pulls/8155 ): <!--number 8155 --><!--line 0 --><!--description ZG8gbm90IGZhaWwgd2hlbiByZWxlYXNlIG9yIHdpa2kgaXMgc2V0IGluIGAvcmVwb3MvbWlncmF0ZWAgQVBJ-->do not fail when release or wiki is set in `/repos/migrate` API<!--description-->
<!--end release-notes-assistant-->
Co-authored-by: Earl Warren <contact@earl-warren.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8167
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-06-12 13:07:54 +02:00
Shiny Nematoda
006d9c060e
[v11.0/forgejo] Update bleve to v2.5.2 with changes made in backport of 2.5.0 ( #8110 )
...
The PR contains the following changes:
- Revert the direct update to 2.5.1
- Cherry-pick the update to v2.5.0 first (containing the auto fuzzy change)
- Cherry-pick update to v2.5.2
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8110
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2025-06-09 00:40:57 +02:00
Renovate Bot
d3c6ab538e
Update dependency go to v1.24.3 (v11.0/forgejo) ( #8059 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8059
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-06-03 13:19:19 +02:00
Renovate Bot
bdef19f62b
Update module github.com/blevesearch/bleve/v2 to v2.5.1 (v11.0/forgejo) ( #7885 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7885
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-05-16 20:01:33 +00:00
Renovate Bot
738ec94b8f
Update module github.com/msteinert/pam/v2 to v2.1.0 (v11.0/forgejo) ( #7858 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7858
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-05-14 12:26:38 +00:00
Gusted
6a9fb3dbbc
[v11.0/forgejo] chore: replace github.com/go-testfixtures/testfixtures ( #7729 )
...
**Backport:** #7715
- Replaces `github.com/go-testfixtures/testfixtures` with a homebrew solution that is fully compatible.
- The reason to replace this library is that it pulls in a lot of other libraries which is causing issues: (1) the test binary becomes bigger than necessary which really shows in incremental build times (this patch removes 27.6MiB of the integration test binary) (2) it pulls in libraries (mainly database drivers) that are not used and are not easy to upgrade in case of a security vulnerability, causing CI failures.
(cherry picked from commit 32e64ccd34https://codeberg.org/forgejo/forgejo/pulls/7729
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-04-30 13:21:04 +00:00
Renovate Bot
9ebdc09939
Update module github.com/mattn/go-sqlite3 to v1.14.28 (v11.0/forgejo) ( #7563 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3 ) | require | patch | `v1.14.24` -> `v1.14.28` |
---
### Release Notes
<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>
### [`v1.14.28`](https://github.com/mattn/go-sqlite3/compare/v1.14.27...v1.14.28 )
[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.27...v1.14.28 )
### [`v1.14.27`](https://github.com/mattn/go-sqlite3/compare/v1.14.26...v1.14.27 )
[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.26...v1.14.27 )
### [`v1.14.26`](https://github.com/mattn/go-sqlite3/compare/v1.14.25...v1.14.26 )
[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.25...v1.14.26 )
### [`v1.14.25`](https://github.com/mattn/go-sqlite3/compare/v1.14.24...v1.14.25 )
[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.24...v1.14.25 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNDAuMSIsInVwZGF0ZWRJblZlciI6IjM5LjI0MC4xIiwidGFyZ2V0QnJhbmNoIjoidjExLjAvZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7563
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-04-17 06:34:55 +00:00
Renovate Bot
e153e21177
Update module golang.org/x/net to v0.38.0 (v11.0/forgejo) ( #7370 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7370
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-28 12:42:09 +00:00
forgejo-backport-action
e286457990
[v11.0/forgejo] chore: branding import path ( #7354 )
...
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/7337
- Massive replacement of changing `code.gitea.io/gitea` to `forgejo.org`.
- Resolves forgejo/discussions#258
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7354
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-03-27 20:13:05 +00:00
Renovate Bot
d85f4f2cce
Update module code.forgejo.org/forgejo/act to v1.25.1 (forgejo) ( #7340 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [code.forgejo.org/forgejo/act](https://code.forgejo.org/forgejo/act ) | replace | minor | `v1.23.1` -> `v1.25.1` |
---
### Release Notes
<details>
<summary>forgejo/act (code.forgejo.org/forgejo/act)</summary>
### [`v1.25.1`](https://code.forgejo.org/forgejo/act/compare/v1.25.0...v1.25.1 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.25.0...v1.25.1 )
### [`v1.25.0`](https://code.forgejo.org/forgejo/act/compare/v1.24.1...v1.25.0 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.24.1...v1.25.0 )
### [`v1.24.1`](https://code.forgejo.org/forgejo/act/compare/v1.24.0...v1.24.1 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.24.0...v1.24.1 )
### [`v1.24.0`](https://code.forgejo.org/forgejo/act/compare/v1.23.1...v1.24.0 )
[Compare Source](https://code.forgejo.org/forgejo/act/compare/v1.23.1...v1.24.0 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMTIuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIxMi4wIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7340
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-26 08:35:03 +00:00
Renovate Bot
f7df87621a
Update module github.com/caddyserver/certmagic to v0.22.2 (forgejo) ( #7323 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7323
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-26 00:42:44 +00:00
Renovate Bot
89fbd4867e
Update module github.com/buildkite/terminal-to-html/v3 to v3.16.8 (forgejo) ( #7326 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7326
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-25 23:13:48 +00:00
Renovate Bot
c399b8b135
Update module github.com/go-sql-driver/mysql to v1.9.1 (forgejo) ( #7293 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/go-sql-driver/mysql](https://github.com/go-sql-driver/mysql ) | require | minor | `v1.8.1` -> `v1.9.1` |
---
### Release Notes
<details>
<summary>go-sql-driver/mysql (github.com/go-sql-driver/mysql)</summary>
### [`v1.9.1`](https://github.com/go-sql-driver/mysql/blob/HEAD/CHANGELOG.md#v191-2025-03-21 )
[Compare Source](https://github.com/go-sql-driver/mysql/compare/v1.9.0...v1.9.1 )
##### Major Changes
- Add Charset() option. ([#​1679](https://github.com/go-sql-driver/mysql/issues/1679 ))
##### Bugfixes
- go.mod: fix go version format ([#​1682](https://github.com/go-sql-driver/mysql/issues/1682 ))
- Fix FormatDSN missing ConnectionAttributes ([#​1619](https://github.com/go-sql-driver/mysql/issues/1619 ))
### [`v1.9.0`](https://github.com/go-sql-driver/mysql/blob/HEAD/CHANGELOG.md#v190-2025-02-18 )
[Compare Source](https://github.com/go-sql-driver/mysql/compare/v1.8.1...v1.9.0 )
##### Major Changes
- Implement zlib compression. ([#​1487](https://github.com/go-sql-driver/mysql/issues/1487 ))
- Supported Go version is updated to Go 1.21+. ([#​1639](https://github.com/go-sql-driver/mysql/issues/1639 ))
- Add support for VECTOR type introduced in MySQL 9.0. ([#​1609](https://github.com/go-sql-driver/mysql/issues/1609 ))
- Config object can have custom dial function. ([#​1527](https://github.com/go-sql-driver/mysql/issues/1527 ))
##### Bugfixes
- Fix auth errors when username/password are too long. ([#​1625](https://github.com/go-sql-driver/mysql/issues/1625 ))
- Check if MySQL supports CLIENT_CONNECT_ATTRS before sending client attributes. ([#​1640](https://github.com/go-sql-driver/mysql/issues/1640 ))
- Fix auth switch request handling. ([#​1666](https://github.com/go-sql-driver/mysql/issues/1666 ))
##### Other changes
- Add "filename:line" prefix to log in go-mysql. Custom loggers now show it. ([#​1589](https://github.com/go-sql-driver/mysql/issues/1589 ))
- Improve error handling. It reduces the "busy buffer" errors. ([#​1595](https://github.com/go-sql-driver/mysql/issues/1595 ), [#​1601](https://github.com/go-sql-driver/mysql/issues/1601 ), [#​1641](https://github.com/go-sql-driver/mysql/issues/1641 ))
- Use `strconv.Atoi` to parse max_allowed_packet. ([#​1661](https://github.com/go-sql-driver/mysql/issues/1661 ))
- `rejectReadOnly` option now handles ER_READ_ONLY_MODE (1290) error too. ([#​1660](https://github.com/go-sql-driver/mysql/issues/1660 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7293
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-22 16:13:54 +00:00
Renovate Bot
3700db6dd5
Update module github.com/golang-jwt/jwt/v5 to v5.2.2 [SECURITY] (forgejo) ( #7296 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt ) | require | patch | `v5.2.1` -> `v5.2.2` |
---
### jwt-go allows excessive memory allocation during header parsing
[CVE-2025-30204](https://nvd.nist.gov/vuln/detail/CVE-2025-30204 ) / [GHSA-mh63-6h87-95cp](https://github.com/advisories/GHSA-mh63-6h87-95cp )
<details>
<summary>More information</summary>
#### Details
##### Summary
Function [`parse.ParseUnverified`](c035977d9e/parser.go (L138-L139)https://pkg.go.dev/strings#Split )) its argument (which is untrusted data) on periods.
As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html )
##### Details
See [`parse.ParseUnverified`](c035977d9e/parser.go (L138-L139)https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp ](https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp )
- [0951d18428https://github.com/golang-jwt/jwt ](https://github.com/golang-jwt/jwt )
This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-mh63-6h87-95cp ) and the [GitHub Advisory Database](https://github.com/github/advisory-database ) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md )).
</details>
---
### Release Notes
<details>
<summary>golang-jwt/jwt (github.com/golang-jwt/jwt/v5)</summary>
### [`v5.2.2`](https://github.com/golang-jwt/jwt/releases/tag/v5.2.2 )
[Compare Source](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2 )
#### What's Changed
- Fixed https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp by [@​mfridman](https://github.com/mfridman )
- Fixed some typos by [@​Ashikpaul](https://github.com/Ashikpaul ) in https://github.com/golang-jwt/jwt/pull/382
- build: add go1.22 to ci workflows by [@​mfridman](https://github.com/mfridman ) in https://github.com/golang-jwt/jwt/pull/383
- Bump golangci/golangci-lint-action from 4 to 5 by [@​dependabot](https://github.com/dependabot ) in https://github.com/golang-jwt/jwt/pull/387
- Bump golangci/golangci-lint-action from 5 to 6 by [@​dependabot](https://github.com/dependabot ) in https://github.com/golang-jwt/jwt/pull/389
- chore: bump ci tests to include go1.23 by [@​mfridman](https://github.com/mfridman ) in https://github.com/golang-jwt/jwt/pull/405
- Fix jwt -show by [@​AlexanderYastrebov](https://github.com/AlexanderYastrebov ) in https://github.com/golang-jwt/jwt/pull/406
- docs: typo by [@​kvii](https://github.com/kvii ) in https://github.com/golang-jwt/jwt/pull/407
- Update SECURITY.md by [@​oxisto](https://github.com/oxisto ) in https://github.com/golang-jwt/jwt/pull/416
- Update `jwt.Parse` example to use `jwt.WithValidMethods` by [@​mattt](https://github.com/mattt ) in https://github.com/golang-jwt/jwt/pull/425
#### New Contributors
- [@​Ashikpaul](https://github.com/Ashikpaul ) made their first contribution in https://github.com/golang-jwt/jwt/pull/382
- [@​kvii](https://github.com/kvii ) made their first contribution in https://github.com/golang-jwt/jwt/pull/407
- [@​mattt](https://github.com/mattt ) made their first contribution in https://github.com/golang-jwt/jwt/pull/425
**Full Changelog**: https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7296
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-22 15:51:41 +00:00
Renovate Bot
03c50c54bb
Update module github.com/redis/go-redis/v9 to v9.7.3 (forgejo) ( #7279 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7279
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-21 09:07:22 +00:00
Earl Warren
316682f17b
chore(dependency): upgrade gof3 v3.10.6 ( #7258 )
...
cherry-pick from the forgefriends fork, except for the F3 API for mirroring which is a functional change that is not safe enough to introduce in Forgejo.
Refs: 3aad1f4e64https://codeberg.org/forgejo/forgejo/pulls/7258
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2025-03-18 14:18:00 +00:00
Renovate Bot
5032388cc7
Update module gitlab.com/gitlab-org/api/client-go to v0.126.0 (forgejo) ( #7260 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go ) | require | minor | `v0.123.0` -> `v0.126.0` |
---
### Release Notes
<details>
<summary>gitlab-org/api/client-go (gitlab.com/gitlab-org/api/client-go)</summary>
### [`v0.126.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v0.126.0 )
[Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v0.125.0...v0.126.0 )
#### 0.126.0 (2025-03-17)
##### Improvements (6 changes)
- [Parallelize unit tests](8075babaf9https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2209 ))
- [Adding service ping API](e84bdb0357https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2196 ))
- [Exclude generated files from coverage report](e6484c32b9https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2203 ))
- [Enable SAST scans](2587cc7641https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2204 ))
- [bug: Add fallback for macOS version of readlink](8ecad42574https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2206 ))
- [Implement testing package for gomock based tests](ca46822612https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2199 ))
### [`v0.125.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v0.125.0 )
[Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v0.124.0...v0.125.0 )
#### 0.125.0 (2025-03-14)
##### Improvements (11 changes)
- [Add function for deleting a user's identity](8b7fe39f30https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2197 ))
- [Add `GetProjectMirrorPublicKey`, and add support for `auth_method` to `ProjectMirror`](8b74606a43https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2195 ))
- [Add custom role support to LDAP links](27ce4cb84chttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2194 ))
- [Add function for configuring a project pull mirror](4f1442ef76https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2192 ))
- [Add new user filter options: Humans, ExcludeActive and ExcludeHumans](0297e100fahttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2191 ))
- [Add support for `Usernames` in project-level MR approval rules](a7434e79b0https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2186 ))
- [add `ci_id_token_sub_claim_components` to EditProjectOptions](2632817f16https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2173 ))
- [feat: Add support for list shared projects group API](e34f2c78a1https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2187 ))
- [Fix pipeline for arbitrary fork location without Ultimate access](6b1baf787fhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2189 ))
- [Update access tokens to use alias type to reduce duplication](0e325d6335https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2178 ))
- [Add support for merge request approval settings API](165fd77adfhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2184 ))
### [`v0.124.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v0.124.0 )
[Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v0.123.0...v0.124.0 )
#### 0.124.0 (2025-02-28)
##### Breaking Changes (4 changes)
- [Refactor ShareWithGroup as a Named Struct instead of an Anonymous Struct](65524df62bhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2181 ))
- [Add support for instance member roles API, and align `CreateMemberRoleOptions`...](6d63332b57https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2179 ))
- [Switch to using BasicMergeRequest for API endpoints that use it](42ec248d8bhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2176 ))
- [Add state option when listing project access tokens. This requires that...](761f7de049https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2170 ))
##### Improvements (13 changes)
- [Add bundled reviewable command for ease of local development](fd06b55dbfhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2180 ))
- [Add function for uploading a wiki attachment](bf2d5c0f6bhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2177 ))
- [Add internal flag when creating different types of notes. Update documentation...](c103a6b83ehttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2172 ))
- [Add `Internal` support to `CreateIssueNoteOptions`](27f52bd13dhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2154 ))
- [Add support for Secure Files API](601d75bc57https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2171 ))
- [add ci_delete_pipelines_in_seconds to project edit and read](ece925e686https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2158 ))
- [Add filter to group variables update and delete](72e52c99dbhttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2169 ))
- [Add support for group releases API](4c519f881chttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2162 ))
- [Add description to personal access token APIs](390a3caceahttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2165 ))
- [Add description to group access token APIs](23a6b28a8ehttps://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2166 ))
- [Add description to project access token APIs](bb10e8c656https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2167 ))
- [Add 'username' support to AddProjectMemberOptions](82645d9d45https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2163 ))
- [Update Group Hooks to add missing options and fix documentation links](380a7809d2https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2159 ))
##### Breaking Change (1 change)
- [Fix return value of CreateMergeRequestDependency to return a single...](a17c2255e1https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2174 ))
##### Features (1 change)
- [Add support for project security settings API](2826180657https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2157 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7260
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-18 07:49:36 +00:00
Renovate Bot
3901ae6ab1
Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.3 (forgejo) ( #7214 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7214
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-17 13:49:34 +00:00
Gusted
ccd87001c8
chore(runner): return errors created by connect ( #7222 )
...
- Instead of creating errors via `google.golang.org/grpc`, use `connectrpc.com/connect`.
- This _avoids_ another dependency (still indirectly referenced in testing).
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7222
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-03-17 09:00:24 +00:00
Renovate Bot
cb46a036aa
Update module github.com/minio/minio-go/v7 to v7.0.88 (forgejo) ( #7196 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7196
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-11 20:40:23 +00:00
Renovate Bot
d733bdf1db
Update module github.com/go-webauthn/webauthn to v0.12.2 (forgejo) ( #7198 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7198
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-11 14:29:58 +00:00
Renovate Bot
3dc222e46c
Update module github.com/msteinert/pam to v2 (forgejo) ( #7186 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7186
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-09 20:00:27 +00:00
Renovate Bot
da2a92fc5f
Update module google.golang.org/grpc to v1.71.0 (forgejo) ( #7158 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7158
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-08 15:28:58 +00:00
Renovate Bot
179f9b37f5
Update module golang.org/x/oauth2 to v0.28.0 (forgejo) ( #7149 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7149
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-07 10:27:51 +00:00
Renovate Bot
17106721f0
Update module github.com/caddyserver/certmagic to v0.22.0 (forgejo) ( #7146 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7146
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-07 00:45:40 +00:00
Renovate Bot
932201fa23
Update module golang.org/x/image to v0.25.0 (forgejo) ( #7135 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7135
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-06 11:43:36 +00:00
Renovate Bot
5e08b51fed
Update module golang.org/x/crypto to v0.36.0 (forgejo) ( #7134 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7134
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-06 08:23:55 +00:00
Renovate Bot
19cd33d35b
Update module github.com/urfave/cli/v2 to v2.27.6 (forgejo) ( #7132 )
...
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-06 00:42:02 +00:00
Renovate Bot
c1399947f4
Update module golang.org/x/net to v0.36.0 (forgejo) ( #7126 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7126
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-05 12:17:48 +00:00
Renovate Bot
e76e130e66
Update module github.com/prometheus/client_golang to v1.21.1 (forgejo) ( #7122 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7122
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-05 12:03:18 +00:00
Renovate Bot
15e89bf0ef
Update dependency go to v1.24.1 (forgejo) ( #7117 )
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7117
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2025-03-04 21:12:48 +00:00
