Commit graph

460 commits

Author SHA1 Message Date
Renovate Bot 1c63c47f5f Update module xorm.io/xorm to v1.3.9 2024-07-21 16:03:40 +00:00
Earl Warren 125e4832e0 Merge pull request 'Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 (forgejo)' (#4485) from renovate/forgejo-github.com-go-testfixtures-testfixtures-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4485
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-17 14:07:10 +00:00
Earl Warren c560595e1f
Revert "Update module github.com/redis/go-redis/v9 to v9.5.4"
This reverts commit dd6413d350.
2024-07-17 06:36:42 +02:00
Renovate Bot 6a3415abbb Update module github.com/minio/minio-go/v7 to v7.0.74 2024-07-16 02:05:23 +00:00
Renovate Bot 09c2ab9be8
Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 2024-07-15 21:39:38 +02:00
Earl Warren 56ee58c239 Merge pull request '[CHORE] Use github.com/ProtonMail/go-crypto' (#4506) from gusted/proton-openpgp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4506
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-15 16:49:05 +00:00
Gusted 45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
Gusted 45401e044f
[CHORE] Update jsonschema library to v6
- Update the `github.com/santhosh-tekuri/jsonschema` library from v5 to
v6.
- Update the migration loader function to a type, which is now required
in V6.
- `github.com/santhosh-tekuri/jsonschema/v6` was already used by gof3,
so removing the v5 library and using the v6 library reduces the binary
size of Forgejo.
  - Before: 95912040 bytes
  - After: 95706152 bytes
2024-07-15 17:20:50 +02:00
Renovate Bot dd6413d350 Update module github.com/redis/go-redis/v9 to v9.5.4 2024-07-13 00:06:19 +00:00
Renovate Bot 6154befef6 Update module golang.org/x/tools to v0.23.0 2024-07-10 00:01:50 +00:00
Earl Warren 1efec2adab Merge pull request 'Update module github.com/buildkite/terminal-to-html/v3 to v3.14.0 (forgejo)' (#4429) from renovate/forgejo-github.com-buildkite-terminal-to-html-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4429
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-09 21:58:01 +00:00
Renovate Bot a8f35f6edd Update module github.com/buildkite/terminal-to-html/v3 to v3.14.0 2024-07-09 00:03:10 +00:00
Renovate Bot 1630a94cfa Update module golang.org/x/net to v0.27.0 2024-07-08 00:05:03 +00:00
Renovate Bot e4e2e91467 Update module golang.org/x/crypto to v0.25.0 2024-07-08 00:04:57 +00:00
Gusted cf8f26d616
[CHORE] Remove github.com/yuin/goldmark-meta
- Remove a unused dependency. This dependency was added to handle YAML
'frontmatter' meta, parsing them and converting them to a table or
details in the resulting HTML. As can be read in the issue that reported
the behavior of YAML frontmatter being rendered literally,
https://github.com/go-gitea/gitea/issues/5377.
- It's an unused dependency as the codebase since then moved on to do this YAML
parsing and rendering on their own, this was implemented in
812cfd0ad9.
- Adds unit tests that was related to this functionality, to proof the
codebase already handles this and to prevent regressions.
2024-07-07 03:18:13 +02:00
Earl Warren c5028d72a6 Merge pull request 'Update module github.com/microcosm-cc/bluemonday to v1.0.27' (#4333) from renovate/github.com-microcosm-cc-bluemonday-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4333
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-05 05:25:08 +00:00
Earl Warren 860b33696d Merge pull request 'Update module github.com/buildkite/terminal-to-html/v3 to v3.13.0' (#4313) from renovate/github.com-buildkite-terminal-to-html-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4313
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-05 05:04:36 +00:00
Renovate Bot a8df27e5a1
Update module github.com/microcosm-cc/bluemonday to v1.0.27 2024-07-05 06:36:35 +02:00
Renovate Bot 1c49047390 Update module google.golang.org/grpc to v1.65.0 2024-07-04 22:19:07 +00:00
Gusted 3eb178db49
[CHORE] Update terminal-to-html dependency
- Update the `github.com/buildkite/terminal-to-html/v3` dependency from
version v3.10.1 to v3.13.0.
- Version v3.12.0 introduced an incompatible change, the return type of
`AsHTML` changed from `[]byte` to `string`. That same version also
introduced streaming mode
https://github.com/buildkite/terminal-to-html/pull/126, which allows us
to avoid reading the whole input into memory.
- Closes #4313
2024-07-04 23:41:17 +02:00
Renovate Bot 319c4efbe7 Update module github.com/blevesearch/bleve/v2 to v2.4.1 2024-07-04 00:02:31 +00:00
Renovate Bot 4101260d6e Update module github.com/minio/minio-go/v7 to v7.0.73 2024-07-03 18:07:19 +00:00
Renovate Bot fa1a853db0 Update dependency go to v1.22.5 2024-07-03 08:23:00 +00:00
Earl Warren a3a8b0e7d1 Merge pull request 'Update module github.com/yuin/goldmark to v1.7.4' (#4240) from renovate/github.com-yuin-goldmark-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4240
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-06-26 07:51:29 +00:00
Renovate Bot d9b83719d6 Update module github.com/yuin/goldmark to v1.7.4 2024-06-26 06:19:55 +00:00
Renovate Bot 83d7be3447 Update module golang.org/x/image to v0.18.0 2024-06-26 06:19:47 +00:00
Earl Warren 91f16dfcb7
fix(security): GO-2024-2947
Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.7.5
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
      #1: services/migrations/gitlab.go:500:74: migrations.GitlabDownloader.GetComments calls gitlab.DiscussionsService.ListMergeRequestDiscussions, which eventually calls retryablehttp.Client.Do
2024-06-26 07:35:19 +02:00
Renovate Bot e91961224d
Update module github.com/yuin/goldmark to v1.7.3 2024-06-24 08:03:18 +02:00
Renovate Bot 11e847ac74 Update module github.com/go-chi/chi/v5 to v5.0.14 2024-06-23 00:03:30 +00:00
Renovate Bot c07cc28d88 Update module code.forgejo.org/f3/gof3/v3 to v3.4.0 (#4196)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| code.forgejo.org/f3/gof3/v3 | require | minor | `v3.3.1` -> `v3.4.0` |

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MDkuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQwOS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiXX0=-->

Co-authored-by: Twenty Panda <twenty-panda@posteo.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4196
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-06-21 13:51:59 +00:00
Renovate Bot 07e26508b0 Update module github.com/go-chi/chi/v5 to v5.0.13 2024-06-19 00:02:33 +00:00
Renovate Bot a815eb552a
Update module github.com/gorilla/feeds to v1.2.0
Refs: https://github.com/go-gitea/gitea/pull/31400
2024-06-18 09:06:46 +02:00
Renovate Bot aa9c164940 Update module github.com/yuin/goldmark to v1.7.2 2024-06-15 00:02:33 +00:00
Earl Warren e99d3f7055
feat(F3): CLI: f3 mirror to convert to/from Forgejo
feat(F3): driver stub

feat(F3): util.Logger

feat(F3): driver compliance tests

feat(F3): driver/users implementation

feat(F3): driver/user implementation

feat(F3): driver/{projects,project} implementation

feat(F3): driver/{labels,label} implementation

feat(F3): driver/{milestones,milestone} implementation

feat(F3): driver/{repositories,repository} implementation

feat(F3): driver/{organizations,organization} implementation

feat(F3): driver/{releases,release} implementation

feat(F3): driver/{issues,issue} implementation

feat(F3): driver/{comments,comment} implementation

feat(F3): driver/{assets,asset} implementation

feat(F3): driver/{pullrequests,pullrequest} implementation

feat(F3): driver/{reviews,review} implementation

feat(F3): driver/{topics,topic} implementation

feat(F3): driver/{reactions,reaction} implementation

feat(F3): driver/{reviewComments,reviewComment} implementation

feat(F3): CLI: f3 mirror

chore(F3): move to code.forgejo.org

feat(f3): upgrade to gof3 3.1.0

repositories in pull requests are represented with a reference instead
of an owner/project pair of names
2024-06-14 12:52:12 +02:00
Renovate Bot 7f89eeb365 Update module github.com/klauspost/compress to v1.17.9 2024-06-13 00:03:41 +00:00
Renovate Bot b25f5265b1 Update module code.forgejo.org/forgejo/reply to v1.0.2 2024-06-09 00:05:02 +00:00
Earl Warren dedcd6c647 Merge pull request 'Update module github.com/huandu/xstrings to v1.5.0' (#4050) from renovate/github.com-huandu-xstrings-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4050
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 16:48:16 +00:00
Earl Warren da948ae6bb Merge pull request 'Update github.com/google/pprof digest to 186aa03' (#4055) from renovate/github.com-google-pprof-digest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4055
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 15:59:56 +00:00
Renovate Bot 5b82e43da5 Update module golang.org/x/net to v0.26.0 2024-06-07 10:03:08 +00:00
Earl Warren 3f0859658d Merge pull request 'Update module golang.org/x/oauth2 to v0.21.0' (#4058) from renovate/golang.org-x-oauth2-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4058
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 09:41:34 +00:00
Earl Warren ed2c651429 Merge pull request 'Update module golang.org/x/image to v0.17.0' (#4056) from renovate/golang.org-x-image-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4056
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 09:07:46 +00:00
Renovate Bot 6fb5cef962 Update module golang.org/x/oauth2 to v0.21.0 2024-06-07 08:04:08 +00:00
Renovate Bot c64afa1bfc Update module golang.org/x/image to v0.17.0 2024-06-07 08:03:51 +00:00
Renovate Bot b4d8021ce0 Update github.com/google/pprof digest to 186aa03 2024-06-07 08:03:41 +00:00
Renovate Bot 28c9bd3f7e Update dependency go to v1.22.4 2024-06-07 08:03:30 +00:00
Renovate Bot e13972b9da Update module golang.org/x/crypto to v0.24.0 2024-06-07 02:05:07 +00:00
Renovate Bot 884eb07793 Update module github.com/huandu/xstrings to v1.5.0 2024-06-07 00:05:55 +00:00
Earl Warren 3bfec270ac
chore(dependency): whitelist mholt/archiver/v3 CVE-2024-0406
It is not possible to tell vulncheck that Forgejo is not affected by
CVE-2024-0406. Use a mirror of the repository to do that.

Refs: https://github.com/mholt/archiver/issues/404
2024-06-05 22:07:40 +02:00
Earl Warren b3bcae8bd6
Update dependency go to v1.22
There is no need to pin the patch release for the build
environment. They are backward compatible and it prevents security
upgrades to be taken into account.
2024-06-05 07:38:42 +02:00
Victoria Nadasdi b80677d009
chore(deps): update module github.com/redis/go-redis/v9 to v9.5.2
Renovate tried to update redis/go-redis, but failed because they changes
the interface, they added two new functions: `BitFieldRO` and
`ObjectFreq`.

Changes:
- Update redis/go-redis
- Run mockgen:
  ```
  mockgen -package mock -destination ./modules/queue/mock/redisuniversalclient.go  github.com/redis/go-redis/v9 UniversalClient
  ```

References:
- https://codeberg.org/forgejo/forgejo/pulls/4009
2024-06-04 12:38:35 +02:00