Commit graph

19986 commits

Author SHA1 Message Date
Earl Warren 91f16dfcb7
fix(security): GO-2024-2947
Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.7.5
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
      #1: services/migrations/gitlab.go:500:74: migrations.GitlabDownloader.GetComments calls gitlab.DiscussionsService.ListMergeRequestDiscussions, which eventually calls retryablehttp.Client.Do
2024-06-26 07:35:19 +02:00
Michael Kriese f84f0df9b5
chore(renovate): set group name for renovate 2024-06-25 16:01:04 +02:00
0ko 0c4716b047 Clarify author label in tooltip 2024-06-25 18:30:06 +05:00
Earl Warren a1024ee392 Merge pull request 'chore(renovate): sync renovate versions' (#4234) from viceice/renovate-sync into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4234
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-25 08:17:45 +00:00
Michael Kriese 28abbcc858
chore(renovate): sync renovate versions 2024-06-25 08:27:54 +02:00
Earl Warren c6a6294046 Merge pull request '[gitea] week 2024-26 cherry pick (gitea/main -> forgejo)' (#4213) from earl-warren/wcp/2024-26 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4213
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-25 06:15:54 +00:00
Earl Warren 335d664e7c Merge pull request 'Update dependency @playwright/test to v1.45.0' (#4230) from renovate/playwright-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4230
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-25 05:38:59 +00:00
Renovate Bot 04458ad31d Update dependency @playwright/test to v1.45.0 2024-06-25 00:02:30 +00:00
0ko c82547bf30 Size/gap changes and cleanup in commit graph (#4214)
Changes:
* increased font size of tag/branch labels from tiny to normal, so they're readable, it doesn't impact layout
* increased font size of branch selector from tiny to small, so it's readable and usable. Branch selector on main repo tab has the same size
* increased gap between the icon and the text in the selector, it is too small currently
* removed obsolete CSS rule, it wasn't fully utilized in the first place, it is no longer needed with the other changes

Preview:
Before: https://codeberg.org/attachments/e6eccdde-59fe-446c-99ed-d8a2f1dce9bd
First: https://codeberg.org/attachments/6d710118-18cb-4258-9d9a-79dfca377294
Last: https://codeberg.org/attachments/fc9517aa-d498-43cc-a186-a184e4c6fe8c

Before: https://codeberg.org/attachments/057f971b-2c3b-4500-923f-49f4e545daf6
First: https://codeberg.org/attachments/de4683ad-95da-48d5-b2ac-b9567fed6fcd
Last: https://codeberg.org/attachments/2abb0333-dea1-4123-b3ee-9cb54dca98cd

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4214
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-24 18:59:57 +00:00
Earl Warren a3491f064f Merge pull request 'test(js): make test-frontend-coverage displays vitest coverage' (#4224) from earl-warren/forgejo:wip-frontend-coverage into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4224
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-24 08:41:59 +00:00
0ko 1496bb6079 Better logic for showing user feed/public activity elements (#4189)
There are a few changes of template logic which defines when which elements should be shown on profile page. The motivation is to have the elements when needed and don't when they're not relevant.

## Changes

### RSS button

Now displayed if:
* feeds are enabled
AND one or more of:
* the current user is an admin
* the current user is viewing their profile
* the activity is publicly available

So, basically in cases when the .rss feed actually contains any events. Before this change this button was constantly shown and was giving an empty feed if it was unavailable.

### Public activity tab

The tab is displayed if:
* the current user is an admin
* the current user is viewing their profile
* the activity is publicly available
* the current tab is this exact tab, for example, in case it was accessed by adding `?tab=activity` to the URL, so that the UI is not broken w/o a highlighted tab

So, this tab is not displayed when it's not going to contain any information, but still can be accessed.

### Banner "This user has disabled the public visibility of the activity."

For admins:
* always show the big blue banner to warn that sharing a screenshot of this publicly is bad idea

For self:
* always display a little note about the current visibility status with a "Change" link

For others:
* only display a little note to explain why the activity is not shown

### Heatmap and activity feed

Elements are only displayed when relevant, instead of keeping empty leftovers, for easier testing. This template change is also covered by test. **Everything in this Changes section is covered by test unless I forgot something.**

## Preview

There's obviously too many states to screenshot, here are highlights:

![](https://codeberg.org/attachments/47559531-9bcd-46c0-90d4-8b51512da752)
_Warning admin for why they're seeing the information_

![](https://codeberg.org/attachments/3107bf62-955b-4fe5-bce3-6305a928afe1)
_Viewing self - private_

![](https://codeberg.org/attachments/afb63ead-fb0b-4fc7-9d8b-c6c09e9ae62b)
_Viewing self - public_

![](https://codeberg.org/attachments/df3c090a-7490-4827-b33b-771fd4fa0a9f)
_Don't have access to the information_

![](https://codeberg.org/attachments/2dd2b0ac-2fe0-4453-aa4b-e91fd08f4411)
_The tab is not shown when the activity can't be accessed_

![](https://codeberg.org/attachments/ed4c61de-b3b7-4523-b92b-bc76e1d8b7c5)
_Can't access the RSS feed_

![](https://codeberg.org/attachments/5a27f2be-d79c-4fb4-85a5-758348398f1b)
_Can access the RSS feed_

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4189
Reviewed-by: Otto <otto@codeberg.org>
2024-06-24 08:19:11 +00:00
Earl Warren 536efeb26e
test(js): make test-frontend-coverage displays vitest coverage 2024-06-24 10:03:42 +02:00
Earl Warren 104ceef548 Merge pull request 'Update module github.com/yuin/goldmark to v1.7.3' (#4222) from renovate/github.com-yuin-goldmark-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4222
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-24 06:37:52 +00:00
Renovate Bot e91961224d
Update module github.com/yuin/goldmark to v1.7.3 2024-06-24 08:03:18 +02:00
Earl Warren b02b1832b4 Merge pull request 'Update dependency eslint-plugin-vue-scoped-css to v2.8.1' (#4221) from renovate/linters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4221
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-24 05:51:26 +00:00
Earl Warren 130c03c8b8 Merge pull request 'Update ghcr.io/visualon/renovate Docker tag to v37.414.1' (#4220) from renovate/ghcr.io-visualon-renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4220
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-24 05:42:04 +00:00
Renovate Bot dfb7d3364c Update dependency eslint-plugin-vue-scoped-css to v2.8.1 2024-06-24 00:02:54 +00:00
Renovate Bot 3244c96f1c Update ghcr.io/visualon/renovate Docker tag to v37.414.1 2024-06-24 00:02:22 +00:00
Earl Warren e8db5ff7fe Merge pull request 'test: coverage for /repos/{owner}/{repo}/issues?project=' (#4217) from twenty-panda/forgejo:wip-filter-project into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4217
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-23 19:34:04 +00:00
Twenty Panda b18ba810a5 test: coverage for /repos/{owner}/{repo}/issues?project=
Refs: https://codeberg.org/forgejo/forgejo/pulls/4215#issuecomment-2040651
2024-06-23 19:57:07 +02:00
silverwind 374964cd07
Fix deprecated Dockerfile ENV format (#31450)
See
https://docs.docker.com/reference/build-checks/legacy-key-value-format/.
Fixes these warnings seen during the docker build:

```
 4 warnings found (use --debug to expand):
 - LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 5)
 - LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 9)
 - LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 75)
 - LegacyKeyValueFormat: "ENV key=value" should be used instead of legacy "ENV key value" format (line 76)
 ```

Introduced in: https://github.com/moby/buildkit/pull/4923

(cherry picked from commit 996037fb6a61b1a7f9a0a837fd87bbeab9cad154)

Conflicts:
	Dockerfile.rootless
	trivial context conflict
2024-06-23 13:20:40 +02:00
wxiaoguang d42165f0bb
Fix the link for .git-blame-ignore-revs bypass (#31432)
A quick fix for #31429

(cherry picked from commit ed5ded3ff86fc7c3eccfe28e59b30728e6bf9fbc)
2024-06-23 13:07:53 +02:00
charles 59532d93ef
Fix the wrong line number in the diff view page when expanded twice. (#31431)
close #31149, regression of #29385 (incorrect `data-query=`)

(cherry picked from commit c60ef946b1c5ed3347224cda5d3e17592cd16e5e)

Conflicts:
	templates/repo/diff/blob_excerpt.tmpl
	trivial context conflict
2024-06-23 12:48:08 +02:00
Brecht Van Lommel 585d62c0cd
Fix labels and projects menu overflow on issue page (#31435)
It was correct only on the new issue page.

Resolves #31415

(cherry picked from commit 5afafe22a34183c9c053a7ceac2c9dc05d9943e2)
2024-06-23 12:41:07 +02:00
Sumit 979eb1aa0c
[Fix] Account Linking UpdateMigrationsByType (#31428)
Fix https://github.com/go-gitea/gitea/issues/31427

(cherry picked from commit 17b3a38577d6e1d50ba5565ca3b1f2f57a04bf32)
2024-06-23 12:40:53 +02:00
charles b53be9d45c
Fix markdown math brackets render problem (#31420)
Close #31371, support `($ ... $)` like GitHub

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 90a3c20e7996e2db577a51d37f2190e2e990a22a)

Conflicts:
	modules/markup/markdown/markdown_test.go
	trivial context conflict
2024-06-23 12:40:06 +02:00
silverwind 4ebe8c1270
Reduce air verbosity (#31417)
Make `air` log less. Uses the option added in
https://github.com/air-verse/air/pull/367.

(cherry picked from commit 1c1545268743d7d4536a5ff2a137af7c255f45c8)
2024-06-23 12:30:09 +02:00
Tobias Balle-Petersen cdefd617d0
Increase max length of org team names from 30 to 255 characters (#31410)
This PR modifies the structs for editing and creating org teams to allow
team names to be up to 255 characters. The previous maximum length was
30 characters.

(cherry picked from commit 1c26127b520858671ce257c7c9ab978ed1e95252)
2024-06-23 12:21:38 +02:00
wxiaoguang 75bbca68ce
Refactor markup code (#31399)
1. use clearer names
2. remove deadcode
3. avoid name shadowing
4. eliminate some lint warnings

(cherry picked from commit 5a7376c0605415e63cb5b3b8f89ead01e567229b)

Conflicts:
	modules/markup/html.go
	simple code divergence, trivial logic
2024-06-23 11:53:36 +02:00
Earl Warren 9c48511c69
[PORT] Add cache test for admins (#31265)
* the cache was not refactored in Forgejo
* fix the test modifying a global variable
2024-06-23 11:38:35 +02:00
6543 77da92f42a
Add cache test for admins (#31265)
Add a test to probe the cache similar to the email test func.

![image](https://github.com/go-gitea/gitea/assets/24977596/700e2733-586d-4091-900f-f5f71e6e94bf)

![image](https://github.com/go-gitea/gitea/assets/24977596/2a953802-18fc-4e81-a37d-24ebe1297365)

![image](https://github.com/go-gitea/gitea/assets/24977596/e00d62ad-bb60-41cc-9138-09993daee156)

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 363c1235987793dffa5cc851aaae585eb81f091e)

Conflicts:
	options/locale/locale_en-US.ini
	templates/admin/self_check.tmpl
	trivial context conflict
2024-06-23 11:27:03 +02:00
Earl Warren 299ef6e6db Merge pull request 'chore(dependency): raise the renovate PRs from 5 to 10' (#4211) from earl-warren/forgejo:wip-renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4211
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-23 08:46:22 +00:00
GiteaBot 40cd885c11
[skip ci] Updated licenses and gitignores
(cherry picked from commit 129206da4543f2024601af20dac3eaf978d0c432)
2024-06-23 10:37:24 +02:00
Earl Warren 5239d9c823
chore(dependency): raise the renovate PRs from 5 to 10
Now that the backlog has been resoloved, it is not uncommon for a few
upgrade to wait for a few days before a ruling is made on wether they
should be upgraded or not.

That may leave one or two slots for other upgrades although there may
be more that could be decided immediately.

Raising the concurrency to 10 leaves room for such bursts and avoid
creating a backlog that is not justified by delays related to the
availability of contributors.
2024-06-23 09:35:36 +02:00
Earl Warren dac93c2475 Merge pull request 'Update module github.com/go-chi/chi/v5 to v5.0.14' (#4209) from renovate/github.com-go-chi-chi-v5-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4209
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-23 06:46:31 +00:00
Earl Warren a659bafaa3 Merge pull request 'Update dependency vue to v3.4.30' (#4208) from renovate/patch-vue-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4208
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-23 06:39:43 +00:00
Renovate Bot 11e847ac74 Update module github.com/go-chi/chi/v5 to v5.0.14 2024-06-23 00:03:30 +00:00
Renovate Bot 75e1f073cc Update dependency vue to v3.4.30 2024-06-23 00:02:48 +00:00
Earl Warren a010b138b4 Merge pull request 'Update dependency webpack to v5.92.1' (#4112) from renovate/webpack-5.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4112
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-22 13:37:53 +00:00
Earl Warren 32d1114948 Merge pull request 'Improve wording in user blocking modal' (#4204) from 0ko/forgejo:i18n-block-user-modal into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4204
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-22 12:22:03 +00:00
0ko 5d741259da [I18N] Improve wording in user blocking modal 2024-06-22 13:19:59 +05:00
Earl Warren 804aa99f06 Merge pull request 'Update dependency happy-dom to v14.12.3' (#4200) from renovate/happy-dom-14.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4200
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-22 06:32:55 +00:00
Renovate Bot fea8f3c185 Update dependency happy-dom to v14.12.3 2024-06-22 00:03:09 +00:00
Renovate Bot c07cc28d88 Update module code.forgejo.org/f3/gof3/v3 to v3.4.0 (#4196)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| code.forgejo.org/f3/gof3/v3 | require | minor | `v3.3.1` -> `v3.4.0` |

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MDkuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQwOS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiXX0=-->

Co-authored-by: Twenty Panda <twenty-panda@posteo.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4196
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-06-21 13:51:59 +00:00
Earl Warren 7b23019040 Merge pull request 'Update ghcr.io/devcontainers/features/git-lfs Docker tag to v1.2.1' (#4191) from renovate/ghcr.io-devcontainers-features-git-lfs-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4191
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-06-21 08:57:01 +00:00
Earl Warren a97adc6626
chore(dependency): group devcontainer packages and update quarterly 2024-06-21 10:18:29 +02:00
Earl Warren 96d6b0ce94 Merge pull request 'Update dependency renovate to v37.413.4' (#4192) from renovate/renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4192
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-21 07:00:55 +00:00
Earl Warren 0e7095720b Merge pull request 'Show edit tab initially also when saved in preview tab previously' (#3969) from beowulf/show-edit-tab-initially-also-editing-comments-multiple-times-and-saving-in-preview-mode into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3969
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-06-21 06:54:54 +00:00
oliverpool 65f8c22cc7 [BUG] admin oauth2 source required check (#4194)
#4059 was unfortunately incomplete: some custom_url fields are currently shown, even if they are not used by the provider. Moreover the `Use Custom URLs Instead of Default URLs` is always checked by default.

Manual testing:
- go to http://localhost:3000/admin/auths
- click on `Add authentication source`
- Choose `Authentication type`: `OAuth2`
- Choose `OAuth2 provider`: `GitLab`
- verify that the `Use Custom URLs Instead of Default URLs` option is **initially unchecked**
- enable the `Use Custom URLs Instead of Default URLs` checkbox
- verify that only the fields "Authorize", "Token" and "Profile" URLs are shown (no "Email URL", nor "Tenant").
- Switch the `OAuth2 provider` to `Azure AD v2`
- verify that the `Use Custom URLs Instead of Default URLs` option is **initially checked**
- verify that only the field "Tenant" is shown (with the default "organizations").

![image](/attachments/0e2b1508-861c-4b0e-ae6a-6eb24ce94911)

Note: this is loosely based on the upstream fix https://github.com/go-gitea/gitea/pull/31246 which I initially overlooked.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4194
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-06-21 06:21:37 +00:00
Renovate Bot 24915f4df5 Update dependency renovate to v37.413.4 2024-06-21 02:02:15 +00:00