peezy-tech/jojo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-05-12 22:10:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
jojo/modules
History
Mathieu Fenniak 63ec90b0ef [v11.0/forgejo] feat: Replace mholt/archiver/v3 with mholt/archives (#7025) (#10043) 
**Backport:** #7025

Resolves #6266

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7025
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Co-committed-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>

Backported due to `make security-check` failing in `v11.0/forgejo` branch due to a new registered vulnerability in the github.com/nwaples/rardecode.

```
/home/forgejo/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.3.linux-amd64/bin/go run golang.org/x/vuln/cmd/govulncheck@v1  ./...
=== Symbol Results ===
Vulnerability #1: GO-2025-4020
    DoS risk due to unrestricted RAR dictionary sizes in
    github.com/nwaples/rardecode
  More info: https://pkg.go.dev/vuln/GO-2025-4020
  Module: github.com/nwaples/rardecode
    Found in: github.com/nwaples/rardecode@v1.1.3
    Fixed in: N/A
    Example traces found:
      #1: modules/git/repo_commit.go:263:24: git.Repository.CommitsByFileAndRange calls io.ReadFull, which eventually calls rardecode.cipherBlockReader.Read
      #2: modules/packages/arch/metadata.go:22:2: arch.init calls archiver.init, which calls rardecode.init
      #3: modules/git/repo_language_stats.go:198:32: git.Repository.GetLanguageStats calls bytes.Buffer.ReadFrom, which calls rardecode.limitedReader.Read
Your code is affected by 1 vulnerability from 1 module.
This scan also found 1 vulnerability in packages you import and 0
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
exit status 3
make: *** [Makefile:526: security-check] Error 1
```

Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10043
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-11-10 17:30:23 +01:00
..
actions [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
activitypub [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
analyze Rename code_langauge.go to code_language.go (#26377) 2023-08-07 15:00:53 -04:00
assetfs [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
auth [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
avatar [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
base [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
cache [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
card [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
charset [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
container chore: teach set module about iter.Seq (#6676) 2025-01-24 16:45:46 +00:00
csv [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
forgefed [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
generate [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
git [v11.0/forgejo] chore: TestParseGitURLs must use a valid IPv6 address (#9624) 2025-10-10 20:36:46 +02:00
gitrepo [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
graceful [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
hcaptcha [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
highlight [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
hostmatcher Support allowed hosts for migrations to work with proxy (#32025) 2024-09-14 17:52:54 +02:00
html Refactor backend SVG package and add tests (#26335) 2023-08-05 04:34:59 +00:00
httpcache [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
httplib [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
indexer [v11.0/forgejo] storage test: reader should not be closed on save (#9031) 2025-08-26 10:20:00 +02:00
issue/template [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
json Replace interface{} with any (#25686) 2023-07-04 18:36:08 +00:00
keying [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
label [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
lfs [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
locale feat(build): linter for missing msgid definitions (#7109) 2025-03-14 15:50:30 +00:00
log [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
markup [v11.0/forgejo] fix(ui): add missing lazy load attribute to images (#8246) (#8283) 2025-06-26 01:02:41 +02:00
mcaptcha [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
metrics [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
migration [v11.0/forgejo] fix(migrations): transfer PR flow information (#7437) 2025-04-03 07:35:20 +00:00
nosql [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
optional [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
options [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
packages [v11.0/forgejo] feat: Replace mholt/archiver/v3 with mholt/archives (#7025) (#10043) 2025-11-10 17:30:23 +01:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
private [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
process Drop SSPI auth support and more Windows files (#7148) 2025-03-08 00:43:41 +00:00
proxy [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
proxyprotocol [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
public [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
queue [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
recaptcha [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
references [v11.0/forgejo] fix: pull request cross references (#7983) 2025-05-28 18:25:40 +02:00
regexplru [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
repository [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
secret Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.64.6 (forgejo) (#7118) 2025-03-04 21:38:35 +00:00
session [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
setting [v11.0/forgejo] fix: LFS GC is never running because of a bug in the parsing of the INI file (#9222) 2025-09-09 23:39:20 +02:00
sitemap Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
ssh [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
storage [v11.0/forgejo] storage test: reader should not be closed on save (#9031) 2025-08-26 10:20:00 +02:00
structs [v11.0/forgejo] Revert "fix(api): document is_system_webhook field (#7784)" (#8287) 2025-06-26 01:38:51 +02:00
svg [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
sync [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
system [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
templates [v11.0/forgejo] fix(ui): add missing lazy load attribute to images (#8246) (#8283) 2025-06-26 01:02:41 +02:00
test [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
testlogger [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
timeutil [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
translation [v11.0/forgejo] fix(i18n): prevent incorrect logging on strings missing in JSON locales (#7599) 2025-04-23 13:44:16 +00:00
turnstile [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
typesniffer [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
updatechecker [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
uri Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
user Drop SSPI auth support and more Windows files (#7148) 2025-03-08 00:43:41 +00:00
util [v11.0/forgejo] fix: use credentials helpers for git clones (#9069) 2025-08-30 18:57:49 +02:00
validation [v11.0/forgejo] chore: branding import path (#7354) 2025-03-27 20:13:05 +00:00
web [v11.0/forgejo] feat: make Forgejo Actions server logs less noisy (#7991) 2025-05-29 17:24:15 +02:00
webhook Add support for workflow_dispatch (#3334) 2024-06-28 05:17:11 +00:00
zstd Cache generated binary across jobs 2024-08-26 23:43:09 +02:00