Giteabot
953090fda4
fix(deps): update npm dependencies ( #37844 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| @​codemirror/legacy-modes | [`6.5.2` →
`6.5.3`](https://renovatebot.com/diffs/npm/@codemirror%2flegacy-modes/6.5.2/6.5.3 )
|
|
|
| @​codemirror/view | [`6.42.1` →
`6.43.0`](https://renovatebot.com/diffs/npm/@codemirror%2fview/6.42.1/6.43.0 )
|
|
|
| [@primer/octicons](https://primer.style/octicons )
([source](https://redirect.github.com/primer/octicons )) | [`19.25.0` →
`19.26.0`](https://renovatebot.com/diffs/npm/@primer%2focticons/19.25.0/19.26.0 )
|
|
|
|
[@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node )
([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node ))
| [`25.7.0` →
`25.9.1`](https://renovatebot.com/diffs/npm/@types%2fnode/25.7.0/25.9.1 )
|
|
|
|
[@typescript-eslint/parser](https://typescript-eslint.io/packages/parser )
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser ))
| [`8.59.3` →
`8.59.4`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.59.3/8.59.4 )
|
|
|
|
[@vitejs/plugin-vue](https://redirect.github.com/vitejs/vite-plugin-vue/tree/main/packages/plugin-vue#readme )
([source](https://redirect.github.com/vitejs/vite-plugin-vue/tree/HEAD/packages/plugin-vue ))
| [`6.0.6` →
`6.0.7`](https://renovatebot.com/diffs/npm/@vitejs%2fplugin-vue/6.0.6/6.0.7 )
|
|
|
| [clippie](https://redirect.github.com/silverwind/clippie ) | [`4.1.15`
→ `4.2.0`](https://renovatebot.com/diffs/npm/clippie/4.1.15/4.2.0 ) |
|
|
| [eslint](https://eslint.org )
([source](https://redirect.github.com/eslint/eslint )) | [`10.3.0` →
`10.4.0`](https://renovatebot.com/diffs/npm/eslint/10.3.0/10.4.0 ) |
|
|
|
[eslint-plugin-playwright](https://redirect.github.com/mskelton/eslint-plugin-playwright )
| [`2.10.2` →
`2.10.4`](https://renovatebot.com/diffs/npm/eslint-plugin-playwright/2.10.2/2.10.4 )
|
|
|
| [katex](https://katex.org )
([source](https://redirect.github.com/KaTeX/KaTeX )) | [`0.16.46` →
`0.16.47`](https://renovatebot.com/diffs/npm/katex/0.16.46/0.16.47 ) |
|
|
| [pnpm](https://pnpm.io )
([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm )) |
[`11.1.1` →
`11.1.3`](https://renovatebot.com/diffs/npm/pnpm/11.1.1/11.1.3 ) |
|
|
| [postcss](https://postcss.org/ )
([source](https://redirect.github.com/postcss/postcss )) | [`8.5.14` →
`8.5.15`](https://renovatebot.com/diffs/npm/postcss/8.5.14/8.5.15 ) |
|
|
|
[rolldown-license-plugin](https://redirect.github.com/silverwind/rolldown-license-plugin )
| [`3.0.5` →
`3.0.7`](https://renovatebot.com/diffs/npm/rolldown-license-plugin/3.0.5/3.0.7 )
|
|
|
| [stylelint](https://stylelint.io )
([source](https://redirect.github.com/stylelint/stylelint )) | [`17.11.0`
→
`17.11.1`](https://renovatebot.com/diffs/npm/stylelint/17.11.0/17.11.1 )
|
|
|
|
[typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint )
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint ))
| [`8.59.3` →
`8.59.4`](https://renovatebot.com/diffs/npm/typescript-eslint/8.59.3/8.59.4 )
|
|
|
| [updates](https://redirect.github.com/silverwind/updates ) |
[`17.16.11` →
`17.16.13`](https://renovatebot.com/diffs/npm/updates/17.16.11/17.16.13 )
|
|
|
| [vite](https://vite.dev )
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite ))
| [`8.0.12` →
`8.0.13`](https://renovatebot.com/diffs/npm/vite/8.0.12/8.0.13 ) |
|
|
| [vitest](https://vitest.dev )
([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ))
| [`4.1.6` →
`4.1.7`](https://renovatebot.com/diffs/npm/vitest/4.1.6/4.1.7 ) |
|
|
| [vue-tsc](https://redirect.github.com/vuejs/language-tools )
([source](https://redirect.github.com/vuejs/language-tools/tree/HEAD/packages/tsc ))
| [`3.2.9` →
`3.3.1`](https://renovatebot.com/diffs/npm/vue-tsc/3.2.9/3.3.1 ) |
|
|
---
### Release Notes
<details>
<summary>primer/octicons (@​primer/octicons)</summary>
###
[`v19.26.0`](https://redirect.github.com/primer/octicons/blob/HEAD/CHANGELOG.md#19260 )
[Compare
Source](https://redirect.github.com/primer/octicons/compare/v19.25.0...v19.26.0 )
##### Minor Changes
- [#​1197](https://redirect.github.com/primer/octicons/pull/1197 )
[`b45f1d35`](b45f1d3547https://redirect.github.com/lukasoppermann )! -
Add repo-forked-locked icon
##### Patch Changes
- [#​1209](https://redirect.github.com/primer/octicons/pull/1209 )
[`9a7e2146`](9a7e214690https://redirect.github.com/siddharthkp )! -
fix: remove hardcoded fill from sandbox icon
</details>
<details>
<summary>typescript-eslint/typescript-eslint
(@​typescript-eslint/parser)</summary>
###
[`v8.59.4`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8594-2026-05-18 )
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.3...v8.59.4 )
This was a version bump only for parser to align it with other projects,
there were no code changes.
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.4 )
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning ) and
[releases](https://typescript-eslint.io/users/releases ) on our website.
</details>
<details>
<summary>vitejs/vite-plugin-vue (@​vitejs/plugin-vue)</summary>
###
[`v6.0.7`](https://redirect.github.com/vitejs/vite-plugin-vue/blob/HEAD/packages/plugin-vue/CHANGELOG.md#small-607-2026-05-15-small )
##### Features
- use carets for `@rolldown/pluginutils` version
([#​776](https://redirect.github.com/vitejs/vite-plugin-vue/issues/776 ))
([941b651](941b651d83https://redirect.github.com/vitejs/vite-plugin-vue/issues/762 ))
([9e825b8](9e825b85ebhttps://redirect.github.com/vitejs/vite-plugin-vue/issues/774 ))
([77dc8bc](77dc8bc935https://redirect.github.com/silverwind/clippie/releases/tag/4.2.0 )
[Compare
Source](https://redirect.github.com/silverwind/clippie/compare/4.1.15...4.2.0 )
- tests: make fallback block concurrent-safe (silverwind)
- add ClippieCopyable type (silverwind)
- fallback: use el.value.length for setSelectionRange end (silverwind)
- update deps, replace describe.sequential with concurrent: false
(silverwind)
- Update vitest-config-silverwind to 11.3.3, add Node 26 to CI
(silverwind)
- update deps (silverwind)
- simplify and fix minor issues (silverwind)
</details>
<details>
<summary>eslint/eslint (eslint)</summary>
###
[`v10.4.0`](https://redirect.github.com/eslint/eslint/releases/tag/v10.4.0 )
[Compare
Source](https://redirect.github.com/eslint/eslint/compare/v10.3.0...v10.4.0 )
#### Features
-
[`1a45ec5`](1a45ec596ahttps://redirect.github.com/eslint/eslint/issues/20701 ))
(kuldeep kumar)
-
[`450040b`](450040bd89https://redirect.github.com/eslint/eslint/issues/20735 ))
(Kirk Waiblinger)
#### Bug Fixes
-
[`544c0c3`](544c0c3da5https://redirect.github.com/eslint/eslint/issues/20866 ))
(Pixel998)
-
[`6799431`](6799431203https://redirect.github.com/eslint/config-helpers )
to ^0.6.0
([#​20850](https://redirect.github.com/eslint/eslint/issues/20850 ))
(renovate\[bot])
-
[`f078fef`](f078fef500https://redirect.github.com/eslint/eslint/issues/20825 ))
(xbinaryx)
#### Documentation
-
[`7e52a71`](7e52a7151fhttps://redirect.github.com/eslint/eslint/issues/20869 ))
(Pavel)
-
[`db3468b`](db3468ba74https://redirect.github.com/eslint/eslint/issues/20865 ))
(Kirk Waiblinger)
-
[`9084664`](90846643ec9cc73875043d7b548440191ec3c0a36616856f28https://redirect.github.com/eslint/eslint/issues/20875 ))
(Pixel998)
-
[`d13b084`](d13b084a3ahttps://redirect.github.com/eslint/eslint/issues/20860 ))
(lumir)
-
[`e71c7af`](e71c7af86dhttps://redirect.github.com/eslint/eslint/issues/20862 ))
(dependabot\[bot])
-
[`d84393d`](d84393dea1https://redirect.github.com/eslint/eslint/issues/20863 ))
(kuldeep kumar)
-
[`24db8cb`](24db8cb8e6https://redirect.github.com/eslint/eslint/issues/20802 ))
(kuldeep kumar)
-
[`2ef0549`](2ef0549cachttps://redirect.github.com/eslint/eslint/issues/20857 ))
(github-actions\[bot])
-
[`a429791`](a4297918d2https://redirect.github.com/eslint/eslint/issues/20668 ))
(Milos Djermanovic)
-
[`9e37386`](9e37386aa7https://redirect.github.com/eslint/eslint/issues/20682 ))
(Copilot)
-
[`0dd1f9f`](0dd1f9ffc9https://redirect.github.com/eslint/eslint/issues/20845 ))
(Francesco Trotta)
-
[`9da3c7b`](9da3c7bc92https://redirect.github.com/eslint/eslint/issues/20716 ))
(Pixel998)
-
[`2099ed1`](2099ed12a0https://redirect.github.com/eslint/eslint/issues/20800 ))
(xbinaryx)
-
[`f1dfbc9`](f1dfbc9ca5https://redirect.github.com/eslint/eslint/issues/20836 ))
(github-actions\[bot])
-
[`c759413`](c75941390chttps://redirect.github.com/eslint/eslint/issues/20843 ))
(dependabot\[bot])
-
[`5b817d6`](5b817d6fdchttps://redirect.github.com/eslint/eslint/issues/20838 ))
(kuldeep kumar)
-
[`1c13ae3`](1c13ae3934https://redirect.github.com/eslint/eslint/issues/20835 ))
(kuldeep kumar)
</details>
<details>
<summary>mskelton/eslint-plugin-playwright
(eslint-plugin-playwright)</summary>
###
[`v2.10.4`](https://redirect.github.com/mskelton/eslint-plugin-playwright/releases/tag/v2.10.4 )
[Compare
Source](https://redirect.github.com/mskelton/eslint-plugin-playwright/compare/v2.10.3...v2.10.4 )
##### Bug Fixes
- **valid-title:** Skip title checks for anonymous describe blocks
([894c0ec](894c0ec261https://redirect.github.com/mskelton/eslint-plugin-playwright/releases/tag/v2.10.3 )
[Compare
Source](https://redirect.github.com/mskelton/eslint-plugin-playwright/compare/v2.10.2...v2.10.3 )
##### Bug Fixes
- **missing-playwright-await:** Fix false positive when not assigning
awaited variable
([#​464](https://redirect.github.com/mskelton/eslint-plugin-playwright/issues/464 ))
([801f01a](801f01aa8ahttps://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01647-2026-05-16 )
[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.46...v0.16.47 )
##### Bug Fixes
- correct size of `[` big delimiter
([#​4217](https://redirect.github.com/KaTeX/KaTeX/issues/4217 ))
([7ba0027](7ba0027d2fhttps://redirect.github.com/KaTeX/KaTeX/issues/4215 )
</details>
<details>
<summary>pnpm/pnpm (pnpm)</summary>
###
[`v11.1.3`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1113 )
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.1.2...v11.1.3 )
##### Patch Changes
- `pnpm install` now re-validates `pnpm-lock.yaml` entries against the
active `minimumReleaseAge` and `trustPolicy: 'no-downgrade'` policies
before any tarball is fetched. Lockfiles resolved elsewhere (committed
to the repo, restored from a CI cache, produced by an older pnpm) under
a weaker or absent policy can no longer install a freshly-published or
trust-downgraded version silently. Violating entries abort the install
with `ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION`,
`ERR_PNPM_TRUST_DOWNGRADE`, or the generic
`ERR_PNPM_LOCKFILE_RESOLUTION_VERIFICATION` when both policies trip in
the same batch; `minimumReleaseAgeExclude` and `trustPolicyExclude` are
honored. Verification results are cached so repeat installs against an
unchanged lockfile take a fast path, and pnpm shows a transient progress
line while the registry round-trip runs.
When fresh resolution picks an immature version, the behavior depends on
`minimumReleaseAgeStrict`:
- **Loose mode** — the default, in effect whenever `minimumReleaseAge`
keeps its built-in 24-hour value — auto-adds the immature picks to
`minimumReleaseAgeExclude` in `pnpm-workspace.yaml` and lets the install
proceed. A single info message lists what was persisted.
- **Strict mode** in an interactive terminal collects every immature
direct AND transitive pick in one pass and prompts once with the full
list. Approving adds them to `minimumReleaseAgeExclude` and the install
continues; declining aborts before the lockfile, `package.json`, or
`node_modules` is touched.
- **Strict mode** in CI (or any non-TTY context) aborts with
`ERR_PNPM_NO_MATURE_MATCHING_VERSION` listing every offending entry,
instead of failing on the first one the resolver hit.
`minimumReleaseAgeStrict` auto-enables whenever the user explicitly sets
`minimumReleaseAge` (CLI flag, env var, global `config.yaml`, or
`pnpm-workspace.yaml`); set `minimumReleaseAgeStrict: false` to keep
loose-mode auto-collect even with an explicit `minimumReleaseAge` value.
Closes
[#​10438](https://redirect.github.com/pnpm/pnpm/issues/10438 ),
[#​10488](https://redirect.github.com/pnpm/pnpm/issues/10488 ),
[#​11687](https://redirect.github.com/pnpm/pnpm/issues/11687 ).
- Allow redundant trailing base64 padding in `.npmrc` auth values and
report invalid auth base64 with a pnpm error.
- Make `pnpm self-update` respect `minimumReleaseAge` (and
`minimumReleaseAgeExclude`) when resolving which pnpm version to
install.
When the `latest` dist-tag points to a version newer than the configured
age threshold, `self-update` now selects the newest mature version
instead unless excluded by `minimumReleaseAgeExclude`.
Also makes `dlx` and `outdated` surface invalid
`minimumReleaseAgeExclude` patterns under the same
`ERR_PNPM_INVALID_MINIMUM_RELEASE_AGE_EXCLUDE` error code already used
by `install`, instead of leaking the internal
`ERR_PNPM_INVALID_VERSION_UNION` /
`ERR_PNPM_NAME_PATTERN_IN_VERSION_UNION` codes.
- Global installs respect global config build policy (e.g.,
`dangerouslyAllowAllBuilds` from config.yaml) when GVS is enabled
[#​9249](https://redirect.github.com/pnpm/pnpm/issues/9249 ).
The global virtual-store (GVS) default `allowBuilds = {}` was applied
before workspace manifest settings were read and before global config
values (stripped by `extractAndRemoveDependencyBuildOptions`) were
re-applied via `globalDepsBuildConfig`. This caused
`hasDependencyBuildOptions` to return `true` (because `{}` is not null),
blocking restoration of global config values like
`dangerouslyAllowAllBuilds`. As a result, global installs skipped all
build scripts even when the config explicitly allowed them.
This fix moves the GVS default to **after** workspace manifest reading
and `globalDepsBuildConfig` re-application, so that:
1. Workspace manifest `allowBuilds` takes precedence (if present)
2. Global config `dangerouslyAllowAllBuilds` is properly restored (if
set and no workspace policy exists)
3. Empty `{}` is only applied as a last resort when no policy is
configured anywhere
- Honor `--silent` when `verifyDepsBeforeRun: install` auto-installs
dependencies before `pnpm run` or `pnpm exec`, preventing install output
from being written to stdout
[#​11636](https://redirect.github.com/pnpm/pnpm/issues/11636 ).
- Fix lockfile parsing failures when `pnpm-lock.yaml` contains CRLF line
endings and multiple YAML documents
[#​11612](https://redirect.github.com/pnpm/pnpm/issues/11612 ).
- Anchor the side-effects-cache key and global-virtual-store hash to the
project's script-runner Node — `engines.runtime` pin when present, shell
`node` otherwise — instead of pnpm's own runtime.
`ENGINE_NAME` (the `<platform>;<arch>;node<major>` prefix used as the
side-effects-cache key and the engine portion of the GVS hash) was
computed from `process.version` — the Node that runs pnpm itself. That
was wrong in two situations:
1. **`@pnpm/exe` SEA bundle.** The bundle has its own embedded Node, not
the `node` on the user's `PATH` that actually spawns lifecycle scripts.
Two pnpm installations on the same machine (one SEA, one npm-package)
therefore disagreed on the cache key, partitioning the side-effects
cache and the global virtual store across two Node majors even though
both installs would run scripts on the same shell `node`.
2. **`engines.runtime` / `devEngines.runtime` pin.** When a project pins
a Node version via `devEngines.runtime` (pnpm v11+), pnpm downloads that
Node into `node_modules/node/` and uses it to run lifecycle scripts. But
the hash still anchored to whichever Node ran pnpm itself, not to the
pinned Node — so two installs of the same project with two different
runner Nodes would still disagree on the GVS slot path even though
scripts run on the same pinned Node.
Three changes:
- `@pnpm/engine.runtime.system-node-version` now exports
`engineName(nodeVersion?)`. Resolves the version in this order: explicit
override → `getSystemNodeVersion()` (which already prefers `node
--version` over `process.version` in SEA contexts) → `process.version`.
- `@pnpm/deps.graph-hasher` now exports
`findRuntimeNodeVersion(snapshotKeys)` — scans an iterable of lockfile
snapshot keys for a `node@runtime:<version>` entry and returns its bare
version string. `calcDepState` and
`calcGraphNodeHash`/`iterateHashedGraphNodes` accept a `nodeVersion?`
(in the options bag for the first, as a trailing parameter / ctx field
for the others), forwarded to `engineName()`. The default (no override)
preserves the pre-change behaviour. The legacy `ENGINE_NAME` constant in
`@pnpm/constants` is unchanged so external consumers and existing tests
keep working; in non-SEA, non-pinned contexts every value lines up.
- Every install-side caller of the graph-hasher
(`@pnpm/installing.deps-resolver`, `@pnpm/installing.deps-restorer`,
`@pnpm/installing.deps-installer`, `@pnpm/building.during-install`,
`@pnpm/building.after-install`, `@pnpm/deps.graph-builder`) now derives
the project's pinned runtime via
`findRuntimeNodeVersion(Object.keys(graph))` once per invocation and
threads it through.
On upgrade, two one-time GVS slot churns are possible:
- **SEA-pnpm users** without a runtime pin: slots that previously hashed
under the embedded-Node major (e.g. `node26`) now hash under the
shell-Node major (e.g. `node24`), matching what pacquet, the
npm-published `pnpm` package, and any other pnpm-compatible tool already
produce.
- **Projects with a `devEngines.runtime` pin**: slots that previously
hashed under the runner's Node major now hash under the pinned Node
major, matching what the lifecycle scripts will actually run on.
In both cases the old slots become prune-eligible.
- Resolve the GVS hash's engine portion per-snapshot when a dependency
declares its own `engines.runtime`, instead of using an install-wide
value.
Pnpm's resolver desugars a dep's `engines.runtime` into
`dependencies.node: 'runtime:<version>'`, and the bin linker spawns that
dep's lifecycle scripts through the pinned Node downloaded into
`<pkgDir>/node_modules/node/`. The GVS hash and the side-effects-cache
key prefix were still anchored to the install-wide runtime — so a
pinning snapshot's slot encoded the wrong Node major, and a reinstall on
the same host could read the cached side-effects under a key whose
`<platform>;<arch>;node<major>` triple disagreed with the Node the build
actually ran on.
Per-snapshot resolution now matches what `bins/linker` already does on a
per-package basis:
- `@pnpm/deps.graph-hasher` adds `readSnapshotRuntimePin(children)` —
reads the `node` entry from one snapshot's graph children and extracts
the version from a `node@runtime:` value. Pairs with the existing
`findRuntimeNodeVersion(snapshotKeys)` install-wide fallback (also now
exported from `@pnpm/deps.graph-hasher` rather than
`@pnpm/engine.runtime.system-node-version`, where it was a poor fit —
`system-node-version` is about probing the host Node, not parsing
lockfile-derived strings).
- `calcDepState` and `calcGraphNodeHash` consult
`readSnapshotRuntimePin(graph[depPath].children)` first and only fall
back to the install-wide `nodeVersion` parameter when the snapshot
doesn't pin its own Node.
Pacquet mirrors the same precedence at the `calc_graph_node_hash` call
site in `package-manager/src/virtual_store_layout.rs` — a new
`find_own_runtime_node_major(snapshot)` helper reads each snapshot's
`dependencies` for a `node` entry with `Prefix::Runtime` and overrides
the install-wide engine when present.
On upgrade, snapshots of dependencies that declare their own
`engines.runtime` re-hash under that dep's pinned Node instead of the
install-wide value. The old slots become prune-eligible. Closes
[#​11690](https://redirect.github.com/pnpm/pnpm/issues/11690 ).
- Fixed `pnpm publish` failing with a 404 when authentication relied on
OIDC trusted publishing alongside an `.npmrc` written by
`actions/setup-node` (`_authToken=${NODE_AUTH_TOKEN}`) without
`NODE_AUTH_TOKEN` being set. Unresolved `${VAR}` placeholders in auth
values are now treated as empty rather than passed through verbatim, so
the literal placeholder no longer surfaces as a bearer token when OIDC
fallback is the intended auth source
[#​11513](https://redirect.github.com/pnpm/pnpm/issues/11513 ).
- Fix `devEngines.packageManager` (singular form, without `onFail`)
defaulting to `onFail: "error"` instead of the documented `pmOnFail:
"download"`. As a result, a project that pinned a different pnpm version
via `devEngines.packageManager` and ran `pnpm install` from a mismatched
pnpm version failed with a hard error, even though the migration table
from `managePackageManagerVersions: true` to `pmOnFail: download
(default)` promises the install would auto-download the wanted version
[#​11676](https://redirect.github.com/pnpm/pnpm/issues/11676 ).
The array form of `devEngines.packageManager` keeps its existing
per-element defaults (`error` for the last entry, `ignore` for the
rest), since those reflect explicit prioritization by the user. Explicit
`onFail` values continue to win.
- Fix `devEngines.packageManager` not writing
`packageManagerDependencies` to `pnpm-lock.yaml` when the lockfile lacks
an env-doc entry. Previously the lockfile sync skipped resolution unless
an existing `packageManagerDependencies.pnpm` entry needed refreshing,
so a fresh install without `onFail: "download"` left the resolved pnpm
version unrecorded — contradicting the documented behavior that the
resolved version is stored in `pnpm-lock.yaml`
[#​11674](https://redirect.github.com/pnpm/pnpm/issues/11674 ).
- Warn when `package.json` contains a legacy `pnpm` field with settings
pnpm no longer reads from `package.json` (e.g. `pnpm.overrides`,
`pnpm.patchedDependencies`). Previously these were silently ignored
after the upgrade from v10, leaving users unaware that their
overrides/patched dependencies had stopped taking effect
[#​11677](https://redirect.github.com/pnpm/pnpm/issues/11677 ).
###
[`v11.1.2`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1112 )
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.1.1...v11.1.2 )
##### Patch Changes
- `convertEnginesRuntimeToDependencies`: switch the runtime-dependency
write to `Object.defineProperty` so the CodeQL
`js/prototype-polluting-assignment` rule treats the assignment as safe
regardless of the property name (follow-up to
[#​11609](https://redirect.github.com/pnpm/pnpm/pull/11609 )).
- Address CodeQL static-analysis findings: guard manifest dependency
writes against prototype-polluting keys (`__proto__`, `constructor`,
`prototype`), and replace a potentially super-linear semver-detection
regex in registry 404 hints with an O(n) parser.
- Strip `sec-fetch-*` headers from outgoing HTTP requests. These headers
are automatically added by undici's `fetch()` implementation per the
Fetch spec but cause Azure DevOps Artifacts to return HTTP 400 for
uncached upstream packages, as ADO interprets them as browser requests
[#​11572](https://redirect.github.com/pnpm/pnpm/issues/11572 ).
- Fix `minimumReleaseAge` handling for cached abbreviated metadata.
The version-spec cache fast path no longer rethrows
`ERR_PNPM_MISSING_TIME` under `strictPublishedByCheck`; it now falls
through to the registry-fetch path, consistent with the adjacent
mtime-gated cache block.
When the registry returns 304 Not Modified for a package whose cached
metadata is abbreviated (no per-version `time`), pnpm now re-fetches
with `fullMetadata: true` if `minimumReleaseAge` is active and the
package was modified after the cutoff. The upgraded metadata is
persisted to disk so subsequent installs don't repeat the fetch.
Previously the abbreviated meta was used as-is and the maturity check
fell back to its warn-and-skip path, silently bypassing the quarantine
and emitting a misleading "metadata is missing the time field" warning.
Closes
[#​11619](https://redirect.github.com/pnpm/pnpm/issues/11619 ).
- Fix `pnpm upgrade --interactive --latest -r` not respecting named
catalog groups. Previously, upgrading a dependency using a named catalog
(e.g. `"catalog:foo"`) would incorrectly rewrite `package.json` to
`"catalog:"` and place the updated version in the default catalog
instead of the named one
[#​10115](https://redirect.github.com/pnpm/pnpm/issues/10115 ).
- Fixed `optimisticRepeatInstall` skipping `pnpm-lock.yaml` merge
conflict resolution when the existing `node_modules` state appears up to
date.
- Fix `minimumReleaseAge` / `resolutionMode: time-based` installs
failing on lockfiles whose `time:` block is missing entries. The
npm-resolver's peek-from-store fast path now surfaces `publishedAt` from
the lockfile rather than discarding it, and falls through to a registry
metadata fetch when the time-based cutoff can't be computed from the
data on hand.
</details>
<details>
<summary>postcss/postcss (postcss)</summary>
###
[`v8.5.15`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8515 )
[Compare
Source](https://redirect.github.com/postcss/postcss/compare/8.5.14...8.5.15 )
- Fixed declaration parsing performance (by
[@​homanp](https://redirect.github.com/homanp )).
</details>
<details>
<summary>silverwind/rolldown-license-plugin
(rolldown-license-plugin)</summary>
###
[`v3.0.7`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.7 )
[Compare
Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.6...3.0.7 )
- update deps (silverwind)
- skip readdir when package has a "LICENSE" file (silverwind)
- clarify dedup comment: package.json reads are not deduped, only
readdir/readFile (silverwind)
- skip readdir/readFile for duplicate package paths (silverwind)
###
[`v3.0.6`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.6 )
[Compare
Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.5...3.0.6 )
- update deps (silverwind)
- skip duplicate license reads, preserve wrap indentation (silverwind)
- batch generateBundle IO into two phases for \~11% speedup (silverwind)
</details>
<details>
<summary>stylelint/stylelint (stylelint)</summary>
###
[`v17.11.1`](https://redirect.github.com/stylelint/stylelint/blob/HEAD/CHANGELOG.md#17111---2026-05-14 )
[Compare
Source](https://redirect.github.com/stylelint/stylelint/compare/17.11.0...17.11.1 )
It fixes 2 bugs.
- Fixed: `node_modules` ignore for `codeFilename` paths containing a
dot-prefixed directory
([#​9282](https://redirect.github.com/stylelint/stylelint/pull/9282 ))
([@​tuhtah](https://redirect.github.com/tuhtah )).
- Fixed: `declaration-block-no-redundant-longhand-properties` range for
contiguous redundant longhand properties
([#​9273](https://redirect.github.com/stylelint/stylelint/pull/9273 ))
([@​pamelalozano16](https://redirect.github.com/pamelalozano16 )).
</details>
<details>
<summary>typescript-eslint/typescript-eslint
(typescript-eslint)</summary>
###
[`v8.59.4`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8594-2026-05-18 )
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.3...v8.59.4 )
##### 🩹 Fixes
- **typescript-eslint:** export Compatible\* types from
typescript-eslint to resolve pnpm TS error
([#​12340](https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12340 ))
##### ❤️ Thank You
- Kirk Waiblinger
[@​kirkwaiblinger](https://redirect.github.com/kirkwaiblinger )
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.4 )
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning ) and
[releases](https://typescript-eslint.io/users/releases ) on our website.
</details>
<details>
<summary>silverwind/updates (updates)</summary>
###
[`v17.16.13`](https://redirect.github.com/silverwind/updates/releases/tag/17.16.13 )
[Compare
Source](https://redirect.github.com/silverwind/updates/compare/17.16.12...17.16.13 )
- Speed up findVersion hot loop (silverwind)
- Minor simplifications (silverwind)
- Fix Go pseudo-version write corruption and selectTag tag ordering
(silverwind)
- Fix parser/replace edge cases across modes (silverwind)
###
[`v17.16.12`](https://redirect.github.com/silverwind/updates/releases/tag/17.16.12 )
[Compare
Source](https://redirect.github.com/silverwind/updates/compare/17.16.11...17.16.12 )
- Fix several parser/URL edge cases across modes (silverwind)
- bump vitest-config-silverwind to 11.3.5 (silverwind)
- speed up tests (silverwind)
- perf: reduce redundant work in hot paths (silverwind)
</details>
<details>
<summary>vitejs/vite (vite)</summary>
###
[`v8.0.13`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8013-2026-05-14-small )
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v8.0.12...v8.0.13 )
##### Features
- **bundled-dev:** add lazy bundling support
([#​21406](https://redirect.github.com/vitejs/vite/issues/21406 ))
([4f0949f](4f0949f3f1https://redirect.github.com/vitejs/vite/issues/22357 ))
([47071ce](47071ce53fhttps://redirect.github.com/vitejs/vite/issues/22444 ))
([8c766a6](8c766a6c5ehttps://redirect.github.com/vitejs/vite/issues/22328 ))
([158e8ae](158e8ae8efhttps://redirect.github.com/vitejs/vite/issues/22274 ))
([#​22275](https://redirect.github.com/vitejs/vite/issues/22275 ))
([b7edcb7](b7edcb7d0dhttps://redirect.github.com/vitejs/vite/issues/22439 ))
([8e59c97](8e59c97a44https://redirect.github.com/vitejs/vite/issues/22257 ))
([a576326](a576326617https://redirect.github.com/vitejs/vite/issues/22451 ))
([d9b18e0](d9b18e0387https://redirect.github.com/vitejs/vite/issues/22430 ))
([6ea3838](6ea383859ahttps://redirect.github.com/vitejs/vite/issues/22413 ))
([fcdc87c](fcdc87cc67https://redirect.github.com/vitest-dev/vitest/releases/tag/v4.1.7 )
[Compare
Source](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7 )
##### 🐞 Bug Fixes
- **runner**: Limit concurrency per task branch in addition to per leaf
callbacks (backport) - by
[@​hi-ogawa](https://redirect.github.com/hi-ogawa ) in
[#​10384](https://redirect.github.com/vitest-dev/vitest/issues/10384 )
[<samp>(4f0f2)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4f0f2a1ee )
##### [View changes on
GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7 )
</details>
<details>
<summary>vuejs/language-tools (vue-tsc)</summary>
###
[`v3.3.1`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#331-2026-05-19 )
[Compare
Source](https://redirect.github.com/vuejs/language-tools/compare/v3.3.0...v3.3.1 )
##### language-core
- **fix:** avoid extraneous children error for conditional slots
([#​6056](https://redirect.github.com/vuejs/language-tools/issues/6056 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
##### language-service
- **refactor:** replace scanner-based missing props hints detection with
AST traversal - Thanks to
[@​KazariEX](https://redirect.github.com/KazariEX )!
##### typescript-plugin
- **fix:** get component prop details from symbols - Thanks to
[@​KazariEX](https://redirect.github.com/KazariEX )!
- **fix:** skip unchecked JS identifiers in component props
([#​6055](https://redirect.github.com/vuejs/language-tools/issues/6055 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
##### vscode
- **fix:** resolve typescript plugin path from resolved server path
([#​6058](https://redirect.github.com/vuejs/language-tools/issues/6058 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
###
[`v3.3.0`](https://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#330-2026-05-18 )
[Compare
Source](https://redirect.github.com/vuejs/language-tools/compare/v3.2.9...v3.3.0 )
##### language-core
- **feat:** check required fallthrough attributes
([#​6049](https://redirect.github.com/vuejs/language-tools/issues/6049 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
- **fix:** penetrate `v-if` branch fragments when collecting single root
nodes - Thanks to
[@​KazariEX](https://redirect.github.com/KazariEX )!
- **refactor:** rename `Sfc` APIs to `IR` - Thanks to
[@​KazariEX](https://redirect.github.com/KazariEX )!
##### language-service
- **fix:** reuse ASTs for define assignment suggestions - Thanks to
[@​KazariEX](https://redirect.github.com/KazariEX )!
- **fix:** re-support `html.customData`
([#​5910](https://redirect.github.com/vuejs/language-tools/issues/5910 ))
- Thanks to [@​Bomberus](https://redirect.github.com/Bomberus )!
- **fix:** strip `=""` only for plain boolean props completion edits -
Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
- **fix:** reset to default data provider after running with vue data
provider - Thanks to
[@​KazariEX](https://redirect.github.com/KazariEX )!
##### typescript-plugin
- **feat:** refine props completion logic to follow TS behavior
([#​5709](https://redirect.github.com/vuejs/language-tools/issues/5709 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
##### vscode
- **fix:** include `extraFileExtensions` in tsserver `configure` request
payload
([#​6048](https://redirect.github.com/vuejs/language-tools/issues/6048 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
- **fix:** write typescript plugins at build time
([#​6050](https://redirect.github.com/vuejs/language-tools/issues/6050 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
- **fix:** avoid infinite diagnostics on Vue files when project
diagnostics is enabled
([#​6051](https://redirect.github.com/vuejs/language-tools/issues/6051 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2026-05-25 10:08:25 +00:00
Sebastian Ertz
89a49de0fd
Update go js py dependencies ( #37525 )
...
| go | from | to |
| --- | --- | --- |
| connectrpc.com/connect | `1.19.1 ` | `1.19.2` |
| github.com/Azure/go-ntlmssp | `0.1.0` | `0.1.1` |
| github.com/alecthomas/chroma/v2 | `2.23.1` | `2.24.1` |
| github.com/aws/aws-sdk-go-v2/credentials | `1.19.15` | `1.19.16` |
| github.com/aws/aws-sdk-go-v2/service/codecommit | `1.33.13` |
`1.33.14` |
| github.com/blevesearch/bleve/v2 | `2.5.7` | `2.6.0` |
| github.com/caddyserver/certmagic | `0.25.2` | `0.25.3` |
| github.com/fsnotify/fsnotify | `1.9.0` | `1.10.1` |
| github.com/getkin/kin-openapi | `0.134.0` | `0.137.0` |
| github.com/go-co-op/gocron/v2 | `2.21.0` | `2.21.1` |
| github.com/go-sql-driver/mysql | `1.9.3` | `1.10.0` |
| github.com/go-webauthn/webauthn | `0.16.5` | `0.17.2` |
| github.com/klauspost/compress | `1.18.5` | `1.18.6` |
| github.com/mattn/go-isatty | `0.0.21` | `0.0.22` |
| github.com/mattn/go-sqlite3 | `1.14.42` | `1.14.44` |
| github.com/minio/minio-go/v7 | `7.0.100` | `7.1.0` |
| github.com/redis/go-redis/v9 | `9.18.0` | `9.19.0` |
| google.golang.org/grpc | `1.80.0` | `1.81.0` |
| gopkg.in/ini.v1 | `1.67.1` | `1.67.2` |
| js | from | to |
| --- | --- | --- |
| @codemirror/search | `6.6.0` | `6.7.0` |
| @primer/octicons | `19.24.1` | `19.25.0` |
| clippie | `4.1.14` | `4.1.15` |
| easymde | `2.20.0` | `2.21.0` |
| postcss | `8.5.10` | `8.5.13` |
| rolldown-license-plugin | `3.0.1` | `3.0.4` |
| swagger-ui-dist | `5.32.4` | `5.32.5` |
| vite | `8.0.9` | `8.0.10` |
| vite-string-plugin | `2.0.2` | `2.0.4` |
| vue | `3.5.32` | `3.5.33` |
| @typescript-eslint/parser | `8.59.0` | `8.59.1` |
| eslint | `10.2.1` | `10.3.0` |
| eslint-plugin-vue | `10.8.0` | `10.9.0` |
| globals | `17.5.0` | `17.6.0` |
| material-icon-theme | `5.33.1` | `5.34.0` |
| spectral-cli-bundle | `1.0.7` | `1.0.8` |
| stylelint | `17.8.0` | `17.10.0` |
| typescript-eslint | `8.59.0` | `8.59.1` |
| updates | `17.16.3` | `17.16.8` |
| vitest | `4.1.4` | `4.1.5` |
| vue-tsc | `3.2.7` | `3.2.8` |
| pnpm | `10.33.0` | `10.33.2` |
| py | from | to |
| --- | --- | --- |
| click | `8.3.2` | `8.3.3` |
| pathspec | `1.0.4` | `1.1.1` |
---------
Co-authored-by: silverwind <me@silverwind.io >
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com >
2026-05-04 19:27:47 +00:00
TheFox0x7
ff777cd2ad
Add terraform state registry ( #36710 )
...
Adds terraform/opentofu state registry with locking. Implements: https://github.com/go-gitea/gitea/issues/33644 . I also checked [encrypted state](https://opentofu.org/docs/language/state/encryption ), it works out of the box.
Docs PR: https://gitea.com/gitea/docs/pulls/357
---------
Co-authored-by: Andras Elso <elso.andras@gmail.com >
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-04-06 13:41:17 -07:00
silverwind
b3c6917463
Update JS dependencies ( #37001 )
...
- Update all JS dependencies via `make update-js`
- `webpack-cli` 6 to 7: remove `--disable-interpret` from Makefile
- Fix lint: remove unnecessary type args, `toThrowError` to `toThrow`
- Fix duplicate CSS selector detected by `stylelint` 17.6.0
- Change `updates.config.ts` to use `pin`, needed for `tailwindcss`
- Pin `typescript` pending typescript-eslint/typescript-eslint#12123
---------
Co-authored-by: Claude (claude-opus-4-6) <noreply@anthropic.com >
Co-authored-by: Giteabot <teabot@gitea.io >
2026-03-27 04:39:24 +01:00
silverwind
ddacefa5d6
Update JS deps ( #36656 )
...
Fixes a [security issue in
mermaid](https://github.com/mermaid-js/mermaid/issues/7345 ), tested
mermaid and asciinema.
2026-02-17 19:35:37 +01:00
silverwind
49edbbbc2e
Update JS and PY deps ( #36383 )
...
- Update JS and PY dependencies
- Workaround https://github.com/stylelint/stylelint/issues/8893 by
moving the stylint config file to JS
- Regenerate SVGs
- Bump to python 3.14 in devcontainer and actions
- Verified `@github/text-expander-element`
- Removed obsolete type stub
2026-01-16 11:00:16 +00:00
silverwind
1baca49870
Update JS deps ( #35978 )
...
Update JS deps, regenerate SVGs, fixed lint issues and did cursory
testing of UI.
2025-11-20 21:53:44 +00:00
鲁汀
2223be2cc4
Support blue yellow colorblind theme ( #35910 )
...
This icon is from GitHub:
<img width="350" height="350" alt="image"
src="https://github.com/user-attachments/assets/c3f31901-5359-4b7f-ae68-eddcec63df53 "
/>
---------
Signed-off-by: 鲁汀 <131967983+lutinglt@users.noreply.github.com >
Co-authored-by: lutinglt <lutinglt@users.noreply.github.com >
2025-11-11 18:21:15 +00:00
silverwind
c3472dd395
Fix file extension on gogs.png ( #35793 )
...
During https://github.com/go-gitea/gitea/issues/35790 , it was noticed
that this PNG image had the wrong file extension. I also verified
`dingtalk.ico` and that one is actually an `.ico`.
2025-10-30 18:25:53 +01:00
wxiaoguang
6b5563c54a
Support selecting theme on the footer ( #35741 )
...
Fixes: https://github.com/go-gitea/gitea/pull/27576
2025-10-28 18:25:00 +08:00
silverwind
49a0a11f55
Update JS deps, misc tweaks ( #35643 )
...
- Update all JS dependencies
- Enable eslint `no-useless-assignment` and fix 2 discovered issues
- Replace `gitea-vscode` svg with new `octicon-vscode`
- Remove now-unused `@ts-expect-error` comments
- Change Monaco wrapping behaviour to match the wrapping in code view:
no wrapping indent and break on any character.
2025-10-12 21:07:15 +00:00
鲁汀
327d0a7fdd
The status icon of the Action step is consistent with GitHub ( #35618 )
...
Before:
running:
<img width="45" height="34" alt="image"
src="https://github.com/user-attachments/assets/e2508f98-2f1f-4b7e-a80c-30b406f42531 "
/>
waiting:
<img width="44" height="33" alt="image"
src="https://github.com/user-attachments/assets/e7c8164e-fdc3-4546-b088-31166544edb0 "
/>
---
After:
running:
<img width="49" height="43" alt="image"
src="https://github.com/user-attachments/assets/b5a9b245-a995-458a-af23-d1723daa3692 "
/>
waiting:
<img width="42" height="44" alt="image"
src="https://github.com/user-attachments/assets/ff72551e-cfb5-4665-af52-938ef0cf8f1c "
/>
`gitea-running.svg` is not an icon from the @ primer/octicon library,
extracted from the Github page. Github did not assign a clear class name
to this icon
---------
Signed-off-by: 鲁汀 <131967983+lutinglt@users.noreply.github.com >
Co-authored-by: lutinglt <lutinglt@users.noreply.github.com >
2025-10-10 11:25:03 -07:00
silverwind
47df15cabc
Update JS and PY dependencies ( #35444 )
...
Tested all affected dependencies.
2025-09-10 02:30:20 +02:00
silverwind
801da7fdab
Update js dependencies ( #35429 )
2025-09-07 18:50:44 +02:00
silverwind
89b4be057b
Switch to @resvg/resvg-wasm for generate-images ( #35415 )
...
Use the WASM module of [`resvg-js`](https://github.com/thx/resvg-js ) to
replace `fabric` and the problematic native `canvas` dependency. WASM
works cross-platform so we can include it in the main `package.json`.
2025-09-05 21:06:02 +00:00
silverwind
e9655df082
Update tools/package.json dependencies, remove imagemin-zopfli ( #35406 )
...
imagemin-zopfli brings a lot of [vulnerable
dependencies](https://github.com/go-gitea/gitea/security/dependabot ) and
it is unmaintained. The removal brings a size increase to these images,
but I think ultimately this size does not matter enough. I verified this
passes `pnpm audit` now.
2025-09-04 09:17:33 -04:00
silverwind
e7d6f74450
Update JS and PY deps ( #35191 )
...
- Updated all dependencies
- Fixed new CSS lint errors, specifically tested the
RepoActivityTopAuthors.vue change
- Regenerated SVGs
2025-08-01 07:24:26 +00:00
silverwind
41678e1a57
Update JS dependencies ( #34951 )
...
Ran `make update-js svg` and adapted to svgo v4.
2025-07-04 17:02:32 +02:00
silverwind
f6f6aedd4f
Update JS deps, regenerate SVGs ( #34640 )
...
Result of `make update-js svg`.
2025-06-07 17:59:36 +00:00
wxiaoguang
34e5df6d30
Add material icons for file list ( #33837 )
2025-03-10 15:57:17 +08:00
silverwind
3bbacac62c
Update JS and PY dependencies ( #33587 )
...
- Update all dependencies excluding `tailwindcss` and `idiomorph`
- Tested citation, asciinema, pdf, swagger
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2025-02-16 14:14:23 +01:00
Typed SIGTERM
47bf836310
Update feishu icon ( #33470 )
2025-02-01 14:08:32 +00:00
silverwind
5cada75596
Update dependencies, tweak eslint ( #32719 )
...
- ~~Remove `eslint-plugin-sonarjs`. I lost faith in it since they moved
it to their monorepo and I can't recall the last time when this plugin
raised a useful error.~~
- Add new rules from `no-jquery`
- ~~Tweak typescript config to prevent temp files in root directory in
certain situations~~ File is just gitignored now.
- Tested all relevant dependencies
2024-12-05 16:13:10 +00:00
KN4CK3R
0c3c041c88
Add Arch package registry ( #32692 )
...
Close #25037
Close #31037
This PR adds a Arch package registry usable with pacman.
Rewrite of #25396 and #31037 . You can follow [this
tutorial](https://wiki.archlinux.org/title/Creating_packages ) to build a
package for testing.
Docs PR: https://gitea.com/gitea/docs/pulls/111
Co-authored-by: [d1nch8g@ion.lc ](mailto:d1nch8g@ion.lc )
Co-authored-by: @ExplodingDragon
---------
Co-authored-by: dancheg97 <dancheg97@fmnx.su >
Co-authored-by: dragon <ExplodingFKL@gmail.com >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2024-12-04 23:09:07 +00:00
silverwind
9914c9ab08
Update JS and PY dependencies ( #32388 )
...
- Update all JS dependencies excluding stylelint (because of
https://github.com/AndyOGo/stylelint-declaration-strict-value/issues/379 ).
- Update all PY dependencies.
- Replace `eslint-plugin-deprecation` with
`@typescript-eslint/no-deprecated` rule.
- Enabled `unicorn/prefer-math-min-max` and autofixed issues.
- Tested all dependencies.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2024-10-31 04:19:15 +00:00
Zettat123
def1c9670b
Support migration from AWS CodeCommit ( #31981 )
...
This PR adds support for migrating repos from [AWS
CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html ).
The access key ID and secret access key are required to get repository
information and pull requests. And [HTTPS Git
credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html )
are required to clone the repository.
<img
src="https://github.com/user-attachments/assets/82ecb2d0-8d43-42b0-b5af-f5347a13b9d0 "
width="680" />
The AWS CodeCommit icon is from [AWS Architecture
Icons](https://aws.amazon.com/architecture/icons/ ).
<img
src="https://github.com/user-attachments/assets/3c44d21f-d753-40f5-9eae-5d3589e0d50d "
width="320" />
2024-09-11 07:49:42 +08:00
silverwind
a06bbcf0b6
Update JS dependencies ( #31616 )
...
Result of `make update-js`. Tested all dependencies. Lockfile diff is
because of https://github.com/npm/cli/pull/7475 .
2024-07-11 14:36:02 -04:00
wxiaoguang
f4921b9daa
Simplify 404/500 page ( #31409 )
2024-06-23 17:45:21 +00:00
silverwind
9730d3a9af
Update various logos and unify their filenames ( #29637 )
...
1. Checked all logos, updated 3 of them to newer versions.
2. Remove `open-with-` infix on the editor logos to be consistent with
other files.
<img width="626" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/3b2d9486-6e0a-45c6-b0e4-d38dc4c0b118 ">
2024-03-06 22:20:05 +00:00
silverwind
8d32f3cb74
Update Twitter Logo ( #29621 )
...
<img width="430" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/9cf7b0a3-406b-4dd6-ab3d-d31a96b9335a ">
2024-03-06 05:21:39 +00:00
wxiaoguang
29a26d9d8c
Customizable "Open with" applications for repository clone ( #29320 )
...
Users could customize the "clone" menu with their own application URLs on the admin panel.
Replace #22378
Close #21121
Close #22149
2024-02-24 13:12:17 +00:00
silverwind
c4b0cb4d0d
Upgrade to fabric 6 ( #29334 )
...
Upgrade fabric to latest v6 beta. It works for our use case, even
thought it does not fix the upstream issue
https://github.com/fabricjs/fabric.js/issues/9679 that
https://github.com/go-gitea/gitea/issues/29326 relates to.
2024-02-23 00:31:24 +01:00
DC
3d3c3d9ee5
Update Discord logo ( #29285 )
...
Fixes #27057 by changing the discord .svg file and running `make svg`.
Before:
<img width="637"
src="https://private-user-images.githubusercontent.com/85847352/267667100-1eaf5d20-b4e9-4736-bb55-7f1da04bbde7.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MDg0NzAwNDUsIm5iZiI6MTcwODQ2OTc0NSwicGF0aCI6Ii84NTg0NzM1Mi8yNjc2NjcxMDAtMWVhZjVkMjAtYjRlOS00NzM2LWJiNTUtN2YxZGEwNGJiZGU3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDAyMjAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwMjIwVDIyNTU0NVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTIwN2Y2ODc5N2MzZDU5NzgzODRhNDIzZWY3MDk3ODhiYmIzZDU4NWVlYmFmZjc2OTIyZjE3MWM4ZDg0ODZjNTYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.C6jVQLFPfq4fhGV8wiY9D-P21PUNTDMkX2d2-kU17Ug ">
After:
<img width="637"
src="https://github.com/go-gitea/gitea/assets/106393991/45b197ae-e422-42f4-999e-25dc8f6b7a92 ">
2024-02-21 01:55:26 +00:00
silverwind
a062725758
Update JS and PY dependencies, build for es2020 browsers ( #28977 )
...
- Update all JS dependencies minus @mcaptcha/vanilla-glue
- Fix new lint errors
- Regenerate SVGs
- Switch to maintained stylelint stylistic plugin
- Tested Mermaid, Citation, Swagger, sorting
- Raise ESBuild target to `es2020` as dictated by `pretty-ms`
dependency.
2024-02-02 09:36:32 +00:00
Matheus Sampaio Queiroga
37ede3197a
Fix google logo in security page ( #28982 )
...
Fix google logo in user security page: #28701
Before
after
2024-01-30 02:54:52 +02:00
silverwind
ce55a74374
Update JS dependencies ( #28537 )
...
- Update all JS dependencies excluding mcaptcha (breaking changes) and
stylelint (plugin not compatible with v16)
- Regenerate SVGs
- Update markdownlint rule names
- Fix one issue of heading in markdown discovered during lint
- Update for monaco options renames
- Fix stylelint rule length-zero-no-unit for custom properties
- Tested editor, swagger, sorting, vue, lint
2023-12-30 05:29:03 +00:00
silverwind
06dcb251f3
Update JS and PY dependencies ( #28120 )
...
- Update all JS and PY dependencies minus `@mcaptcha/vanilla-glue`
- Adapt to eslint rule rename
- Regenerate all SVGs because of [new
optimizations](https://github.com/svg/svgo/releases/tag/v3.0.4 ) from
svgo.
- Tested mentions, mermaid, vue, api docs
2023-11-20 01:02:57 +01:00
silverwind
a101dbaa79
Update JS and Poetry dependencies and eslint ( #27200 )
...
- Update all JS and Poetry dependencies
- Remove deprecated `eslint-plugin-custom-elements` and replace it with
rules from `eslint-plugin-wc`
- Add a convenience `make update` to update both js and py dependencies
- Tested markdown toolbar, swagger and citation
2023-09-22 22:51:48 +02:00
Chongyi Zheng
7046065c0e
Drop Node.js 16 and update js dependencies ( #27094 )
...
- Drop Node.js 16 since it reached EOL
- Upgrade js dependencies
- Two packages have major version bump
- `updates`: require node 18
- `eslint-plugin-array-func`: require `eslint` 8.40.0, which is
satisfied
- Run `make svg` for `@primer/octicons` update
2023-09-16 11:36:35 +00:00
silverwind
5feef6d5c0
Update JS dependencies ( #26586 )
...
- Update all JS dependencies
- Adapt `ansi_up` import for ESM
- Tested Mermaid and Ansi rendering
2023-08-19 10:18:39 +02:00
silverwind
8e644d3460
Update js and py dependencies ( #26243 )
...
- Update all JS and PY dependencies minus
`eslint-plugin-eslint-comments` (because of
https://github.com/eslint-community/eslint-plugin-eslint-comments/issues/89 )
- Regenerate SVGs
- Remove depreacted eslint rule
- Tested mermaid and swagger
2023-07-31 01:16:12 +02:00
wxiaoguang
52fb936773
Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" ( #25974 )
...
Replace #25892
Close #21942
Close #25464
Major changes:
1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files
```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.
---------
Co-authored-by: silverwind <me@silverwind.io >
Co-authored-by: Giteabot <teabot@gitea.io >
2023-07-21 12:14:20 +00:00
wxiaoguang
faa28b5a44
Move public asset files to the proper directory ( #25907 )
...
Move `public/*` to `public/assets/*`
Some old PRs (like #15219 ) introduced inconsistent directory system.
For example: why the local directory "public" is accessed by
`http://site/assets `? How to serve the ".well-known" files properly in
the public directory?
For convention rules, the "public" directory is widely used for the
website's root directory. It shouldn't be an exception for Gitea.
So, this PR makes the things consistent:
* `http://site/assets/foo ` means `{CustomPath}/public/assets/foo`.
* `{CustomPath}/public/.well-known` and `{CustomPath}/public/robots.txt`
can be used in the future.
This PR is also a prerequisite for a clear solution for:
* #21942
* #25892
* discourse.gitea.io: [.well-known path serving custom files behind
proxy?](https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445/1 )
This PR is breaking for users who have custom "public" files (CSS/JS).
After getting approvals, I will update the documents.
----
## ⚠️ BREAKING ⚠️
If you have files in your "custom/public/" folder, please move them to
"custom/public/assets/".
---------
Co-authored-by: 6543 <6543@obermui.de >
Co-authored-by: Giteabot <teabot@gitea.io >
2023-07-18 18:06:43 +02:00
silverwind
d2142ba3c3
Update octicons and use octicon-file-directory-symlink ( #25453 )
...
Make use of the [new
octicon](https://github.com/primer/octicons/issues/945 ) that indicates a
symlink to a directory:
<img width="189" alt="Screenshot 2023-06-22 at 22 50 57"
src="https://github.com/go-gitea/gitea/assets/115237/a70690ea-ebfc-48fe-af23-cdc33bcb2098 ">
2023-06-22 22:05:52 +00:00
silverwind
f47744c3f1
Update JS dependencies, remove space after emoji completion ( #25266 )
...
- Update all JS dependencies
- Enable stylint
[`media-feature-name-value-no-unknown`](https://stylelint.io/user-guide/rules/media-feature-name-value-no-unknown )
- Make use of new features in webpack and text-expander-element
- Tested Swagger and Mermaid
To explain the `text-expander-element` change: Before this version, the
element added a unavoidable space after emoji completion. Now that
https://github.com/github/text-expander-element/pull/36 is in, we gain
control over this space and I opted to remove it for emoji completion
and retain it for `@` mentions.
---------
Co-authored-by: Giteabot <teabot@gitea.io >
2023-06-18 08:38:47 +00:00
silverwind
a51b115b0a
Use inline SVG for built-in OAuth providers ( #25171 )
...
The plan is that all built-in auth providers use inline SVG for more
flexibility in styling and to get the GitHub icon to follow
`currentcolor`. This only removes the `public/img/auth` directory and
adds the missing svgs to our svg build.
It should map the built-in providers to these SVGs and render them. If
the user has set a Icon URL, it should render that as an `img` tag
instead.
```
gitea-azure-ad
gitea-bitbucket
gitea-discord
gitea-dropbox
gitea-facebook
gitea-gitea
gitea-gitlab
gitea-google
gitea-mastodon
gitea-microsoftonline
gitea-nextcloud
gitea-twitter
gitea-yandex
octicon-mark-github
```
GitHub logo is now white again on dark theme:
<img width="431" alt="Screenshot 2023-06-12 at 21 45 34"
src="https://github.com/go-gitea/gitea/assets/115237/27a43504-d60a-4132-a502-336b25883e4d ">
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2023-06-13 10:51:02 +00:00
HesterG
63a429581c
Modify OAuth login ui and fix display name, iconurl related logic ( #25030 )
...
Close #24808
Co-Authour @wxiaoguang @silverwind
1. Most svgs are found from https://worldvectorlogo.com/ , and some are
from conversion of png to svg. (facebook and nextcloud). And also
changed `templates/user/settings/security/accountlinks.tmpl`.
2. Fixed display name and iconurl related logic
# After
<img width="1436" alt="Screen Shot 2023-06-05 at 14 09 05"
src="https://github.com/go-gitea/gitea/assets/17645053/a5db39d8-1ab0-4676-82a4-fba60a1d1f84 ">
On mobile
<img width="378" alt="Screen Shot 2023-06-05 at 14 09 46"
src="https://github.com/go-gitea/gitea/assets/17645053/71d0f51b-baac-4f48-8ca2-ae0e013bd62e ">
user/settings/security/accountlinks (The dropdown might be improved
later)
<img width="973" alt="Screen Shot 2023-06-01 at 10 01 44"
src="https://github.com/go-gitea/gitea/assets/17645053/27010e7e-2785-4fc5-8c49-b06621898f37 ">
---------
Co-authored-by: silverwind <me@silverwind.io >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2023-06-08 16:35:29 +00:00
silverwind
e4e98979ff
Add PDF rendering via PDFObject ( #24086 )
...
Use [PDFObject](https://pdfobject.com/ ) to embed PDFs, replacing our
outdated PDF.js copy we vendor (the last non-webpack vendoring).
[Commit
1](673e0263da9336f5769dhttps://github.com/go-gitea/gitea/assets/115237/169ce50c-bd1d-4bb0-86e5-1710bd0400a9 ">
<img width="1257" alt="Screenshot 2023-05-27 at 10 12 50"
src="https://github.com/go-gitea/gitea/assets/115237/318f7ee9-fb11-4093-83e7-17475aa70629 ">
Fallback for unsupporting browsers (most mobile ones, except Firefox
Mobile):
<img width="358" alt="Screenshot 2023-05-27 at 09 43 34"
src="https://github.com/go-gitea/gitea/assets/115237/8c12d7ba-57d6-4228-89a0-5fef9fad0cbb ">
---------
Co-authored-by: Giteabot <teabot@gitea.io >
2023-05-29 12:10:00 +00:00
KN4CK3R
cdb088cec2
Add CRAN package registry ( #22331 )
...
This PR adds a [CRAN](https://cran.r-project.org/ ) package registry.
2023-05-22 10:57:49 +08:00
silverwind
a7e18b9fb7
Rework Oauth login buttons, swap github logo to monocolor ( #24740 )
...
Diff without whitespace:
https://github.com/go-gitea/gitea/pull/24740/files?diff=unified&w=1
- Use SVGs for GitHub and GitLab oauth providers
- Replace section wrapping with a divider
- Rework icon rendering, increase size from 32px to 40px
Before:
<img width="853" alt="Screenshot 2023-05-15 at 21 54 23"
src="https://github.com/go-gitea/gitea/assets/115237/6ab5cfb4-46ff-469a-bd1f-06780d4a6a0b ">
After (more providers):
<img width="849" alt="Screenshot 2023-05-15 at 21 51 21"
src="https://github.com/go-gitea/gitea/assets/115237/fa84f92f-98e0-4aed-9357-5d62ddd98195 ">
<img width="856" alt="Screenshot 2023-05-15 at 21 56 45"
src="https://github.com/go-gitea/gitea/assets/115237/d3edd7ed-dadd-4302-aca7-08f20adc220e ">
Ref: https://codeberg.org/Codeberg/Community/issues/1023
---------
Co-authored-by: Giteabot <teabot@gitea.io >
2023-05-15 22:46:51 +00:00
