techknowlogick
80ca22a9ef
chore(deps): bump dockerfile to use Alpine 3.24 ( #38077 )
2026-06-14 11:48:14 -07:00
wxiaoguang
47d48eb208
chore: fix form string abuse ( #38106 )
2026-06-14 18:26:22 +00:00
delvh
3417bc8979
docs: Clarify criteria for becoming a merger ( #38113 )
2026-06-14 18:06:41 +00:00
TheFox0x7
c6167d1ff5
feat(api): add token introspection and self-deletion endpoint ( #37995 )
...
Adds a /api/v1/token endpoint that allows tokens to introspect and
delete themselves.
partially fixes: https://github.com/go-gitea/gitea/issues/33583
Assisted-by: Mistral Vibe:mistral-medium-3.5
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-14 20:05:18 +02:00
bircni
b8ef6a91e6
docs: Publish TOC Election Result 2026 ( #38111 )
...
- Adjusted the wording for what happens on a draw (somehow we managed to
get a draw)
The new members are:
- @delvh
- @bircni
- @TheFox0x7
Closes #37551
2026-06-14 09:42:01 -07:00
Pycub
c7af379672
fix(api): nil pointer panic when filtering tracked times by a non-existent user ( #38112 )
...
## Problem
`GET /repos/{owner}/{repo}/times` and `GET
/repos/{owner}/{repo}/issues/{index}/times` crash with a nil pointer
dereference when the `user` query filter names a user that does not
exist.
## Root cause
In `ListTrackedTimes` and `ListTrackedTimesByRepository`, the
`IsErrUserNotExist` branch sends the 404 but is missing a `return`, so
execution falls through to `opts.UserID = user.ID` with a nil `user`.
---------
Co-authored-by: bircni <bircni@icloud.com >
2026-06-14 17:23:48 +02:00
Karthik Bhandary
e82352f156
feat(web): Add Jupyter Notebook (.ipynb) Rendering Support ( #37433 )
...
### Summary
Closes #37308
Adds native rendering support for Jupyter notebook files (`.ipynb`) in
Gitea using backend rendering, allowing users to view formatted
notebooks with code cells, markdown, outputs, and visualizations
directly in the repository browser.
### Motivation
Jupyter notebooks are widely used in data science, machine learning, and
scientific computing. Currently, Gitea displays `.ipynb` files as raw
JSON, making them difficult to read. This feature enables users to view
notebooks in a formatted, readable way similar to GitHub and GitLab.
### Implementation Approach
**Evolution:** Initially implemented frontend rendering using `marked`
and `Shiki` libraries. After review feedback, migrated to backend
rendering for better performance, security, and consistency with Gitea
architecture.
#### Backend Rendering Advantages
- Server-side HTML generation eliminates client-side parsing overhead
- Integrates with Gitea existing markup sanitizer for security
- Uses Chroma for syntax highlighting (consistent with code files)
- Uses Goldmark for markdown rendering (consistent with `.md` files)
- No additional frontend dependencies required
- Better performance for large notebooks
### Features
#### Supported Cell Types
- **Markdown cells:** Rendered with Goldmark (tables, lists, links, code
blocks, etc.)
- **Code cells:** Syntax-highlighted with Chroma, execution counts,
language detection from notebook metadata
- **Output cells:** Multiple output types in a single cell
#### Supported Output Types
- ✅ Text/plain outputs
- ✅ Images (PNG, JPEG, SVG) with base64 data URIs
- ✅ HTML outputs (tables, DataFrames, formatted text)
- ✅ LaTeX/math equations (rendered as code blocks)
- ✅ Error outputs with traceback (styled in red)
- ✅ Stream outputs (`stdout`/`stderr`)
- ⚠️ Interactive widgets (Plotly, ipywidgets) show informative messages
- ⚠️ JavaScript outputs show security warning (disabled for safety)
#### Edge Cases Handled
- Empty notebooks or notebooks with no outputs
- Corrupted JSON with graceful error display
- Mixed output types in single cell
- Large base64-encoded images
- Execution count of `null` or `0`
- `nbformat` version compatibility (only renders `nbformat 4+`, shows
message for older versions)
### Changes
#### Backend (Go)
- `modules/markup/jupyter/jupyter.go` (**NEW**)
- Jupyter notebook renderer implementation
- Parses `.ipynb` JSON structure and generates HTML
- Integrates Chroma for code syntax highlighting
- Integrates Goldmark for markdown cell rendering
- Dynamic language detection from notebook metadata
- Handles all standard Jupyter output types
- Comprehensive error handling with user-friendly messages
- `modules/markup/renderer.go` (**MODIFIED**)
- Registered Jupyter renderer in markup system
- `main.go` (**MODIFIED**)
- Import Jupyter renderer package for initialization
#### Styling (CSS)
- `web_src/css/markup/jupyter.css` (**NEW**)
- Comprehensive styling for notebook cells, code, outputs
- Uses Gitea CSS variables for consistent theming
- Responsive layout with proper spacing
- Table styling for DataFrame outputs
- Removed parent container padding for consistency with other renderers
#### Sanitizer Rules
- `modules/markup/jupyter/jupyter.go` → `SanitizerRules()`
- Configured HTML sanitization rules for safe rendering:
- Cell structure (markdown, code, input/output wrappers)
- Code highlighting (Chroma classes)
- Images (base64 data URIs only)
- Tables (DataFrames)
- Markdown elements (headers, lists, links, etc.)
### Security Considerations
- Server-side rendering: No client-side JavaScript execution
- HTML sanitization: Strict allowlist for HTML elements and attributes
- Image security: Only base64 data URIs allowed (no external URLs)
- JavaScript disabled: `application/javascript` outputs show warning
- XSS protection: Gitea markup sanitizer handles all HTML output
### Testing
Manual testing performed with various notebooks:
- Markdown rendering (headers, lists, tables, links, code blocks)
- Code cells with execution counts and syntax highlighting
- Multiple output types (text, images, HTML, LaTeX, errors, streams)
- Error handling for edge cases
- Theme compatibility (light/dark mode)
### Screenshots
<img width="1080" height="553" alt="image"
src="https://github.com/user-attachments/assets/aef9afa7-ed96-434d-98b0-b160565fc967 "
/>
<img width="1092" height="552" alt="image"
src="https://github.com/user-attachments/assets/6e61e792-4737-41c1-851e-5c375c1f932a "
/>
<img width="1104" height="622" alt="image"
src="https://github.com/user-attachments/assets/4ac630c1-3a75-4e1c-9bba-c0a27484d001 "
/>
<img width="1104" height="529" alt="image"
src="https://github.com/user-attachments/assets/33750c47-70de-4ab2-893d-e5d09fa8d9c4 "
/>
<img width="1111" height="343" alt="image"
src="https://github.com/user-attachments/assets/52107d9f-0e06-420b-9ab4-1603dcd676b1 "
/>
<img width="1091" height="650" alt="image"
src="https://github.com/user-attachments/assets/0addae21-efa4-44bb-a56e-0418e3d4d227 "
/>
<img width="1077" height="298" alt="image"
src="https://github.com/user-attachments/assets/a3a8c5be-638c-45ff-82f3-816264254ead "
/>
### Dependencies
No new dependencies required:
- Chroma (existing) - Syntax highlighting
- Goldmark (existing) - Markdown rendering
- Standard library - JSON parsing
### Key Design Decisions
- Backend rendering for performance and security
- Reuses existing Gitea infrastructure (Chroma, Goldmark, sanitizer)
- Consistent styling with other markup renderers
- Graceful degradation for unsupported features
---
**Development Note:** This PR was developed with assistance from Amazon
Q Developer and Claude AI for implementation, debugging, and testing.
---------
Signed-off-by: Karthik Bhandary <34509856+karthikbhandary2@users.noreply.github.com >
Co-authored-by: karthik.bhandary <karthik.bhandary@kfintech.com >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
Co-authored-by: bircni <bircni@icloud.com >
2026-06-14 15:52:37 +02:00
bircni
aab9737651
fix(ui): prevent commit status popup overflowing its row ( #38081 )
...
Fixes #38079
## Regression path
The layout previously had `.commit-status-item .status-context { flex: 1
}`,
which let the context fill remaining space and ellipsize. That rule was
dropped in #37517 ("Refactor pull request view (5)") when the row markup
moved to nested `.flex-text-block` wrappers, so nothing constrained the
left block anymore.
After:
<img width="832" height="242" alt="image"
src="https://github.com/user-attachments/assets/a20019f8-6016-40f7-8901-2808280dc093 "
/>
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-13 10:14:02 +00:00
Giteabot
a68ee6a405
fix(deps): update dependency esbuild to v0.28.1 [security] ( #38097 )
2026-06-13 11:56:17 +02:00
wxiaoguang
1b3b4bdd03
fix: git push hook post receive ( #38089 )
...
* fix incorrect delayWriter call (there is already a defer call)
* split HookPostReceive into small functions
* fix incorrect HookPostReceiveResult response for errors
* fix incorrect AddRepoToLicenseUpdaterQueue call
* make sure repo home and branches page can work without default branch
* make sure default branch is always synchronized between database and
git repo, and fix FIXME
2026-06-13 04:43:25 +00:00
bircni
9608cc212d
fix: allow git clone of private repos with anonymous code access ( #38074 )
...
Fixes #38062 .
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-13 12:02:02 +08:00
GiteaBot
275dee5bda
[skip ci] Updated translations via Crowdin
2026-06-13 01:21:50 +00:00
wxiaoguang
ae49f65692
fix: parse HEAD ref ( #38088 )
...
fix #38086
2026-06-12 18:27:38 +00:00
bircni
15ae1bfc8c
fix: keep literal "false" value displayed in workflow_dispatch choice dropdowns ( #38080 )
2026-06-12 15:26:51 +02:00
wxiaoguang
f5a97b7518
fix: git cmd ( #38084 )
2026-06-12 07:35:59 +02:00
wxiaoguang
4f4a0a79ac
fix: csp regressions ( #38047 )
...
fix #37257 , all details are in the comments
2026-06-12 08:36:05 +08:00
bircni
e473505d64
ci: Remove agent-scan ( #38073 )
...
As we saw, the agent scan is not as useful as we thought - so lets
remove it again
Signed-off-by: bircni <bircni@icloud.com >
2026-06-11 19:42:46 +00:00
puni9869
6a7e232f1e
chore(deps): Update go to 1.26.4 and bump go dependencies ( #38023 )
...
New go version addressed multiple vulns as below.
<img width="1217" height="818" alt="image"
src="https://github.com/user-attachments/assets/f1738003-8b19-4fac-a200-6903d93f48ad "
/>
Dependencies affected:
```
gitea.com/gitea/runner - v1.0.6 → v1.0.8
gitea.dev/sdk - v1.0.1 → v1.1.0
github.com/Azure/azure-sdk-for-go/sdk/azcore - v1.20.0 → v1.22.0
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob - v1.6.3 → v1.7.0
github.com/alecthomas/chroma/v2 - v2.25.0 → v2.26.1
github.com/aws/aws-sdk-go-v2/credentials - v1.19.17 → v1.19.24
github.com/aws/aws-sdk-go-v2/service/codecommit - v1.33.14 → v1.34.4
github.com/dlclark/regexp2/v2 - v2.1.0 → v2.2.1
github.com/getkin/kin-openapi - v0.139.0 → v0.140.0
github.com/google/pprof - v0.0.0-20260507013755-92041b743c96 → v0.0.0-20260604005048-7023385849c0
github.com/jhillyerd/enmime/v2 - v2.4.0 → v2.4.1
github.com/mattn/go-sqlite3 - v1.14.44 → v1.14.45
github.com/meilisearch/meilisearch-go - v0.36.2 → v0.36.3
github.com/microsoft/go-mssqldb - v1.9.7 → v1.10.0
github.com/redis/go-redis/v9 - v9.19.0 → v9.20.0
github.com/urfave/cli/v3 - v3.9.0 → v3.9.1
gitlab.com/gitlab-org/api/client-go/v2 - v2.34.0 → v2.38.0
go.yaml.in/yaml/v4 - v4.0.0-rc.3 → v4.0.0-rc.5
golang.org/x/crypto - v0.52.0 → v0.53.0
golang.org/x/image - v0.41.0 → v0.42.0
golang.org/x/net - v0.55.0 → v0.56.0
golang.org/x/sync - v0.20.0 → v0.21.0
golang.org/x/sys - v0.45.0 → v0.46.0
golang.org/x/text - v0.37.0 → v0.38.0
golang.org/x/tools - v0.44.0 → v0.45.0
gopkg.in/ini.v1 - v1.67.2 → v1.67.3
modernc.org/sqlite - v1.50.1 → v1.52.0
```
---------
Signed-off-by: puni9869 <80308335+puni9869@users.noreply.github.com >
Co-authored-by: Nicolas <bircni@icloud.com >
2026-06-11 18:33:44 +00:00
wxiaoguang
d3d092f65d
chore: fix git commit "rev-list" ( #38069 )
...
Fix the copied & pasted messy code, fix #38067
Now, "limit=-1" means "no limit"
2026-06-11 18:08:55 +00:00
bircni
5a24438698
chore: various trivial fixes ( #38070 )
...
Follow-up to #37987 , addressing the unresolved review comments on the
org members search form.
And fix more trivial problems together (see the commit titles)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-11 17:33:21 +00:00
bn-zr
fefb6f3219
feat(api): Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs ( #37196 )
...
- Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs
endpoint, matching the
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2026-03-10#list-workflow-runs-for-a-workflow
---------
Co-authored-by: silverwind <me@silverwind.io >
Co-authored-by: bircni <bircni@icloud.com >
2026-06-11 17:12:30 +00:00
wxiaoguang
250a38abb5
chore: migrate unescaped-html-literal eslint rule to our repo and fix more cases ( #38072 )
2026-06-11 16:37:22 +02:00
silverwind
360f34d7fa
ci: bound seeded Go cache size and speed up disk cleanup ( #38048 )
...
Reduces the CI cache growth and disk pressure behind the flaky `No space
left on device` failures in
https://github.com/go-gitea/gitea/issues/37974 .
**`go-cache`** — the cache-seeder saved with a `restore-keys` prefix
fallback, so every `go.sum` change restored the previous cache and
re-saved the union; old module versions and stale build objects
accumulated (~3 GB → ~7 GB) and overflowed disk on smaller runners. Drop
`restore-keys` from the seeder **save** branches so each `go.sum` seeds
a clean, size-bounded cache. PR runs keep `restore-keys` for warm-start
fallback.
**`free-disk-space`** — delete the unused preinstalled toolchains in
parallel (~86 s → ~54 s) and log `df -h /` before/after.
Measured during review: the hosted `ubuntu-latest` fleet is
heterogeneous — most runners have ~89 GB free on `/` (a full pgsql
integration shard peaks at ~17 GB used), but a minority arrive nearly
full and fail mid cache-restore. The toolchain deletion is the headroom
that keeps those runners green, so it stays; the cache bound shrinks the
footprint for every runner.
Authored with assistance from Claude (Opus 4.8).
---------
Signed-off-by: silverwind <me@silverwind.io >
Co-authored-by: bircni <bircni@icloud.com >
2026-06-11 10:48:05 +00:00
bircni
bc2fbe77b1
refactor(actions): read runner capabilities from proto field ( #38068 )
...
[actions-proto-go v0.6.0](https://gitea.com/gitea/actions-proto-go ) adds
a
`capabilities` field to `RegisterRequest` and `DeclareRequest`. This
lets a
runner advertise the transitional `cancelling` capability directly in
the proto
message instead of through the out-of-band mechanism we used while the
proto
bump was pending.
This PR:
- Bumps `gitea.dev/actions-proto-go` to `v0.6.0`.
- Drops the forward-compat `capabilityGetter` type-assertion shim and
the
`runnerRequestHasCancellingCapability` helper, reading
`GetCapabilities()`
directly (now part of the `declareRequest` interface).
- Removes the "capability state unknown → preserve existing value"
branch.
## Why the behaviour change is correct
The shim and the `(hasSupport, known)` two-value return only existed
because the
old proto had no `capabilities` field, so we couldn't tell "runner
doesn't
support it" from "we can't see the field." With v0.6.0 the field is
always
present. Since proto3 repeated fields have no presence, "no capabilities
sent"
now unambiguously means the runner does not advertise the capability, so
a
runner that omits `cancelling` is correctly recorded as
`HasCancellingSupport =
false`.
There is no regression: prior to this bump Gitea was on `v0.5.0`, where
the
type assertion always failed and `HasCancellingSupport` was therefore
never set
from requests — so no runner relied on the preserved-unknown path.
## Compatibility
The change is wire-compatible in both directions of version skew,
because the
new field uses a previously unused field number (8 on `RegisterRequest`,
3 on
`DeclareRequest`) and the transport uses the binary protobuf codec:
- **Old runner → new Gitea:** the runner omits the field; it decodes to
an empty
capability list. Registration/declaration succeed; the runner simply
doesn't
get the cancelling feature.
- **New runner → old Gitea:** the runner sends the field; the old
server's
generated code doesn't know the field number and silently ignores it.
Registration/declaration succeed.
The feature only activates once both server and runner are on `v0.6.0`.
2026-06-11 09:18:31 +00:00
wxiaoguang
442f5e7d06
chore: fine tune pull request merge box and commit status item ( #38060 )
2026-06-10 22:44:21 +00:00
metsw24-max
988f0ea54a
fix: validate gem name in rubygems parseMetadataFile ( #38061 )
...
The registry writes the stored gem name straight into its line-based
compact index, both the shared `/versions` listing (one `GEMNAME
versions md5` line per gem) and the per-package `info/{name}` file. The
parser only rejected an empty name or one containing a slash, so a
`.gem` whose gemspec `name` carries a newline was accepted and persisted
as the package name, letting an authenticated uploader forge extra lines
in the shared index and so spoof additional gem names, versions and
checksums to clients. The name is now checked against the upstream
RubyGems name pattern in the parser, which is the layer that already
validates the version.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-10 18:03:06 +00:00
Eugenio Paolantonio
fa89785d33
feat(api): add Link header in ListForks ( #38052 )
...
Fixes #38051 .
Disclosure: writing of the integration test was AI assisted.
---------
Signed-off-by: Eugenio Paolantonio <eugenio.paolantonio@suse.com >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-10 17:34:10 +00:00
silverwind
19d1e1d334
test: enable WAL for sqlite integration tests ( #37861 )
...
Enable `SQLITE_JOURNAL_MODE = WAL` for the sqlite integration test
config. With modernc as the default driver, concurrent writers serialize
on SQLite's single write lock and the tail of the queue can exceed the
20s busy timeout under CI load. WAL drains the queue fast enough to stay
inside the timeout (removes rollback's fsync-per-commit and
reader-vs-commit blocking) and covers all sqlite integration tests in
one change.
---
This PR was written with the help of Claude Opus 4.7
---------
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com >
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Giteabot <teabot@gitea.io >
2026-06-10 10:32:32 +02:00
bircni
920b3f8cb6
fix(hostmatcher): block reserved IP ranges from external/private filters ( #38039 )
2026-06-10 10:03:36 +02:00
wxiaoguang
4ba0a545f2
chore: js html ( #38056 )
...
remove unnecessary "eslint-disable-line" rules
2026-06-10 07:36:44 +00:00
wxiaoguang
a51781527b
fix: commit display name ( #38057 )
...
fix #38054
2026-06-10 15:06:16 +08:00
metsw24-max
7134c1f845
fix: bound debian ParseControlFile to a single control stanza ( #38044 )
...
**Packages-index stanza injection via Debian control file**
A `.deb` whose `control` file appends extra paragraphs after a blank
line was still accepted, and `ParseControlFile` stored the whole
multi-stanza blob in `p.Control`. That blob is re-emitted verbatim into
the generated `Packages` index, so the embedded blank line splits it
into separate stanzas and an uploader can smuggle a package entry with
an attacker-chosen `Filename` into the shared index. A binary control
file only holds one stanza, so parsing now stops at the blank line that
terminates it; well-formed packages are unaffected and the new subtest
covers the trailing-stanza case.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-09 20:27:57 -07:00
bircni
7b4a1a1a11
fix(lfs): require Code-unit access for cross-repo LFS object reuse ( #38006 )
2026-06-09 17:34:37 +00:00
bircni
63df886ba8
fix(actions): keep distinct commit statuses for workflows sharing a name ( #37834 )
...
## Summary
Two Gitea Actions workflow files that share the same `name:` and same
job name produced identical commit-status `Context` strings. Because
`GetLatestCommitStatus` groups by `context_hash` (derived from
`Context`), only one row was shown on the PR page — see #35699 .
GitHub displays both rows even though they look identical. This change
does the same: the displayed `Context` is unchanged, but `ContextHash`
now mixes in the workflow file path so the two statuses remain distinct
in the dedupe query.
## Notes
- Workflows that omit `name:` now use the workflow file name in the
`Context` (e.g. `ci.yaml / build (push)`) instead of an empty `/ build
(push)`. This changes the `Context` string for unnamed workflows, so any
required-status-check rule that referenced the old string must be
updated after upgrade.
- For statuses created before this change (hashed from `Context` alone),
`createCommitStatus` reuses that legacy hash when a matching row is
still present, so in-flight pending statuses are superseded rather than
orphaned on upgrade.
Fixes #35699
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com >
Co-authored-by: silverwind <me@silverwind.io >
2026-06-09 12:59:58 +00:00
Giteabot
5fe77ad309
fix(deps): update go dependencies ( #37967 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [gitea.com/gitea/runner](https://gitea.com/gitea/runner ) | `v1.0.5` →
`v1.0.6` |
|
|
|
[github.com/aws/aws-sdk-go-v2/credentials](https://redirect.github.com/aws/aws-sdk-go-v2 )
| `v1.19.16` → `v1.19.17` |
|
|
|
[github.com/getkin/kin-openapi](https://redirect.github.com/getkin/kin-openapi )
| `v0.138.0` → `v0.139.0` |
|
|
| [github.com/go-chi/chi/v5](https://redirect.github.com/go-chi/chi ) |
`v5.2.5` → `v5.3.0` |
|
|
|
[github.com/go-webauthn/webauthn](https://redirect.github.com/go-webauthn/webauthn )
| `v0.17.3` → `v0.17.4` |
|
|
|
[github.com/minio/minio-go/v7](https://redirect.github.com/minio/minio-go )
| `v7.1.0` → `v7.2.0` |
|
|
|
[gitlab.com/gitlab-org/api/client-go/v2](https://gitlab.com/gitlab-org/api/client-go )
| `v2.30.0` → `v2.34.0` |
|
|
---
### Release Notes
<details>
<summary>gitea/runner (gitea.com/gitea/runner)</summary>
### [`v1.0.6`](https://gitea.com/gitea/runner/releases/tag/v1.0.6 )
[Compare Source](https://gitea.com/gitea/runner/compare/v1.0.5...v1.0.6 )
#### Changelog
- fix(deps): update module github.com/opencontainers/selinux to v1.15.0
([#​990](https://redirect.github.com/gitea/runner/issues/990 ))
- chore: pin Docker base images to explicit versions
([#​992](https://redirect.github.com/gitea/runner/issues/992 ))
- chore(deps): update actions/setup-node action to v6
([#​991](https://redirect.github.com/gitea/runner/issues/991 ))
- test: make TestRunEvent integration suite runnable locally
([#​987](https://redirect.github.com/gitea/runner/issues/987 ))
- ci: add PR title linting against Conventional Commits
([#​988](https://redirect.github.com/gitea/runner/issues/988 ))
- fix: clean up job network and container when container start fails
([#​986](https://redirect.github.com/gitea/runner/issues/986 ))
</details>
<details>
<summary>getkin/kin-openapi (github.com/getkin/kin-openapi)</summary>
###
[`v0.139.0`](https://redirect.github.com/getkin/kin-openapi/releases/tag/v0.139.0 )
[Compare
Source](https://redirect.github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0 )
#### What's Changed
- feat(openapi3): batch-convert long-tail RequiredFieldError sites by
[@​reuvenharrison](https://redirect.github.com/reuvenharrison ) in
[#​1170](https://redirect.github.com/getkin/kin-openapi/pull/1170 )
- feat(openapi3): typed validation error clusters (combined:
[#​1171](https://redirect.github.com/getkin/kin-openapi/issues/1171 )-[#​1179](https://redirect.github.com/getkin/kin-openapi/issues/1179 ))
by [@​reuvenharrison](https://redirect.github.com/reuvenharrison )
in
[#​1180](https://redirect.github.com/getkin/kin-openapi/pull/1180 )
- openapi3gen: skip component export for anonymous types by
[@​0-don](https://redirect.github.com/0-don ) in
[#​1163](https://redirect.github.com/getkin/kin-openapi/pull/1163 )
- feat: migrate to oasdiff/yaml v0.1.0 single Unmarshal API + enable
DisableTimestamps by
[@​reuvenharrison](https://redirect.github.com/reuvenharrison ) in
[#​1181](https://redirect.github.com/getkin/kin-openapi/pull/1181 )
- openapi3: typed context errors for Validate() wrapper chain by
[@​reuvenharrison](https://redirect.github.com/reuvenharrison ) in
[#​1183](https://redirect.github.com/getkin/kin-openapi/pull/1183 )
- openapi3: track Origin on the document root (T) by
[@​reuvenharrison](https://redirect.github.com/reuvenharrison ) in
[#​1184](https://redirect.github.com/getkin/kin-openapi/pull/1184 )
- openapi3: tests flakiness corrected by
[@​fenollp](https://redirect.github.com/fenollp ) in
[#​1159](https://redirect.github.com/getkin/kin-openapi/pull/1159 )
- openapi3: aggregate independent validation errors via EnableMultiError
by [@​reuvenharrison](https://redirect.github.com/reuvenharrison )
in
[#​1185](https://redirect.github.com/getkin/kin-openapi/pull/1185 )
- openapi3: fix validation of duplicated path templates by
[@​reuvenharrison](https://redirect.github.com/reuvenharrison ) in
[#​1189](https://redirect.github.com/getkin/kin-openapi/pull/1189 )
- openapi3: type the remaining bare-error validation sites by
[@​reuvenharrison](https://redirect.github.com/reuvenharrison ) in
[#​1187](https://redirect.github.com/getkin/kin-openapi/pull/1187 )
**Full Changelog**:
<https://github.com/getkin/kin-openapi/compare/v0.138.0...v0.139.0 >
</details>
<details>
<summary>go-chi/chi (github.com/go-chi/chi/v5)</summary>
###
[`v5.3.0`](https://redirect.github.com/go-chi/chi/releases/tag/v5.3.0 )
[Compare
Source](https://redirect.github.com/go-chi/chi/compare/v5.2.5...v5.3.0 )
#### What's Changed
- Use strings.ReplaceAll where applicable by
[@​JRaspass](https://redirect.github.com/JRaspass ) in
[#​1046](https://redirect.github.com/go-chi/chi/pull/1046 )
- Propagate inline middlewares across mounted subrouters by
[@​LukasJenicek](https://redirect.github.com/LukasJenicek ) in
[#​1049](https://redirect.github.com/go-chi/chi/pull/1049 )
- add go 1.26 to ci by
[@​pkieltyka](https://redirect.github.com/pkieltyka ) in
[#​1052](https://redirect.github.com/go-chi/chi/pull/1052 )
- Remove last uses of io/ioutil by
[@​JRaspass](https://redirect.github.com/JRaspass ) in
[#​1054](https://redirect.github.com/go-chi/chi/pull/1054 )
- Simplify chi.walk with slices.Concat by
[@​JRaspass](https://redirect.github.com/JRaspass ) in
[#​1053](https://redirect.github.com/go-chi/chi/pull/1053 )
- Apply the stringscutprefix modernizer by
[@​JRaspass](https://redirect.github.com/JRaspass ) in
[#​1051](https://redirect.github.com/go-chi/chi/pull/1051 )
- Bump minimum Go to 1.23, always use request.Pattern by
[@​JRaspass](https://redirect.github.com/JRaspass ) in
[#​1048](https://redirect.github.com/go-chi/chi/pull/1048 )
- middleware: fix httpFancyWriter.ReadFrom double-counting bytes with
Tee by [@​alliasgher](https://redirect.github.com/alliasgher ) in
[#​1085](https://redirect.github.com/go-chi/chi/pull/1085 )
- Fix typo in Route doc comment by
[@​gouwazi](https://redirect.github.com/gouwazi ) in
[#​1073](https://redirect.github.com/go-chi/chi/pull/1073 )
- fix: set Request.Pattern from RoutePattern() by
[@​leno23](https://redirect.github.com/leno23 ) in
[#​1097](https://redirect.github.com/go-chi/chi/pull/1097 )
- feat: middleware.ClientIP, a replacement for middleware.RealIP by
[@​VojtechVitek](https://redirect.github.com/VojtechVitek ) in
[#​967](https://redirect.github.com/go-chi/chi/pull/967 )
#### New Contributors
- [@​LukasJenicek](https://redirect.github.com/LukasJenicek ) made
their first contribution in
[#​1049](https://redirect.github.com/go-chi/chi/pull/1049 )
- [@​alliasgher](https://redirect.github.com/alliasgher ) made
their first contribution in
[#​1085](https://redirect.github.com/go-chi/chi/pull/1085 )
- [@​gouwazi](https://redirect.github.com/gouwazi ) made their
first contribution in
[#​1073](https://redirect.github.com/go-chi/chi/pull/1073 )
- [@​leno23](https://redirect.github.com/leno23 ) made their first
contribution in
[#​1097](https://redirect.github.com/go-chi/chi/pull/1097 )
#### SECURITY: middleware.ClientIP, a replacement for middleware.RealIP
[@​VojtechVitek](https://redirect.github.com/VojtechVitek )
submitted PR
[#​967](https://redirect.github.com/go-chi/chi/issues/967 ), which
introduces middleware.ClientIP — a replacement for middleware.RealIP
that closes the three open spoofing advisories:
-
[GHSA-9g5q-2w5x-hmxf](https://redirect.github.com/go-chi/chi/security/advisories/GHSA-9g5q-2w5x-hmxf )
— IP spoofing via XFF in `RemoteAddr` resolution (convto)
-
[GHSA-rjr7-jggh-pgcp](https://redirect.github.com/go-chi/chi/security/advisories/GHSA-rjr7-jggh-pgcp )
— RealIP allows IP spoofing via unvalidated XFF (rezmoss)
-
[GHSA-3fxj-6jh8-hvhx](https://redirect.github.com/go-chi/chi/security/advisories/GHSA-3fxj-6jh8-hvhx )
— IP spoofing in `middleware.RealIP` (Saku0512, Critical / 9.3)
It also addresses issues outlined at:
- [#​708](https://redirect.github.com/go-chi/chi/issues/708 )
- <https://adam-p.ca/blog/2022/03/x-forwarded-for/ >
- [#​711](https://redirect.github.com/go-chi/chi/issues/711 )
- [#​453](https://redirect.github.com/go-chi/chi/issues/453 )
- [#​908](https://redirect.github.com/go-chi/chi/pull/908 )
`middleware.RealIP` is deprecated in this PR with pointers to the new
API.
The deprecation only adds a `// Deprecated:` doc comment; the function
keeps working for backward compatibility.
##### Why a new middleware (not "fix RealIP in place")
`RealIP` has two unfixable design choices: it mutates `r.RemoteAddr`,
and it tries to be a one-size-fits-all default by walking a hard-coded
list of headers any client can supply. Per [adam-p's "The perils of the
'real' client IP"](https://adam-p.ca/blog/2022/03/x-forwarded-for/ )
(which calls chi out by name on this), there is no safe default — the
user must pick their trust source explicitly.
##### The new API
Four middlewares, two accessors. Pick exactly one middleware based on
your
infrastructure, read the result with one of the two accessors:
```go
// One of the four. There is no safe default — pick exactly one.
func ClientIPFromHeader(trustedHeader string) func(http.Handler) http.Handler
func ClientIPFromXFF(trustedIPPrefixes ...string) func(http.Handler) http.Handler
func ClientIPFromXFFTrustedProxies(numTrustedProxies int) func(http.Handler) http.Handler
func ClientIPFromRemoteAddr(h http.Handler) http.Handler
// Read the result.
func GetClientIP(ctx context.Context) string // for logs, rate-limit keys
func GetClientIPAddr(ctx context.Context) netip.Addr // for typed work
```
#### Example usage:
```go
// Pick a single ClientIP middleware based on your deployment
// Cloudflare.
r.Use(middleware.ClientIPFromHeader("CF-Connecting-IP"))
// Nginx with ngx_http_realip_module.
r.Use(middleware.ClientIPFromHeader("X-Real-IP"))
// Apache with mod_remoteip.
r.Use(middleware.ClientIPFromHeader("X-Client-IP"))
// AWS CloudFront, or any proxy fleet with known CIDRs.
r.Use(middleware.ClientIPFromXFF(
"13.32.0.0/15", // CloudFront IPv4
"52.46.0.0/18", // CloudFront IPv4
"2600:9000::/28", // CloudFront IPv6
))
// Behind exactly 2 trusted proxies with dynamic IPs (autoscaling pools,
// ephemeral containers, dynamic CDN edges).
r.Use(middleware.ClientIPFromXFFTrustedProxies(2))
// Server directly on the public internet, no proxy in front.
r.Use(middleware.ClientIPFromRemoteAddr)
```
And in your handler or downstream middleware:
```go
clientIP := middleware.GetClientIP(r.Context())
// log it, use it as a rate-limit key, etc.
```
***
Thanks to [@​adam-p](https://redirect.github.com/adam-p ),
[@​c2h5oh](https://redirect.github.com/c2h5oh ),
[@​rezmoss](https://redirect.github.com/rezmoss ),
[@​Saku0512](https://redirect.github.com/Saku0512 ),
[@​convto](https://redirect.github.com/convto ),
[@​Dirbaio](https://redirect.github.com/Dirbaio ),
[@​jawnsy](https://redirect.github.com/jawnsy ),
[@​lrstanley](https://redirect.github.com/lrstanley ),
[@​mfridman](https://redirect.github.com/mfridman ),
[@​n33pm](https://redirect.github.com/n33pm ),
[@​pkieltyka](https://redirect.github.com/pkieltyka ) for the prior
discussions, detailed reviews, advisory reports, and test contributions
that shaped this PR.
**Full Changelog**:
<https://github.com/go-chi/chi/compare/v5.2.5...v5.3.0 >
</details>
<details>
<summary>go-webauthn/webauthn
(github.com/go-webauthn/webauthn)</summary>
###
[`v0.17.4`](https://redirect.github.com/go-webauthn/webauthn/blob/HEAD/CHANGELOG.md#v0174-2026-05-22 )
[Compare
Source](https://redirect.github.com/go-webauthn/webauthn/compare/v0.17.3...v0.17.4 )
##### Dependency Updates
This release just contains updates to dependencies.
</details>
<details>
<summary>minio/minio-go (github.com/minio/minio-go/v7)</summary>
###
[`v7.2.0`](https://redirect.github.com/minio/minio-go/releases/tag/v7.2.0 )
[Compare
Source](https://redirect.github.com/minio/minio-go/compare/v7.1.0...v7.2.0 )
#### What's Changed
- Use go tool for ci-lint check by
[@​klauspost](https://redirect.github.com/klauspost ) in
[#​2229](https://redirect.github.com/minio/minio-go/pull/2229 )
- Rename github.com/go-ini/ini to gopkg.in/ini.v1 by
[@​ramondeklein](https://redirect.github.com/ramondeklein ) in
[#​2232](https://redirect.github.com/minio/minio-go/pull/2232 )
- Add RDMA / NVIDIA GPU Direct Storage support by
[@​harshavardhana](https://redirect.github.com/harshavardhana ) in
[#​2233](https://redirect.github.com/minio/minio-go/pull/2233 )
**Full Changelog**:
<https://github.com/minio/minio-go/compare/v7.1.0...v7.2.0 >
</details>
<details>
<summary>gitlab-org/api/client-go
(gitlab.com/gitlab-org/api/client-go/v2)</summary>
###
[`v2.34.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.34.0 )
[Compare
Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.33.0...v2.34.0 )
#### 2.34.0
##### 🚀 Features
- Extend DeploymentDeployablePipeline with web_url
([!2902 ](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2902 ))
by [Jan Berge Sommerdahl](https://gitlab.com/sommerdahl )
##### 🔄 Other Changes
- chore(deps): update docker docker tag to v29.5.1
([!2903 ](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2903 ))
by [GitLab Dependency
Bot](https://gitlab.com/gitlab-dependency-update-bot )
###
[2.34.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.33.0...v2.34.0 )
(2026-05-27)
###
[`v2.33.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.33.0 )
[Compare
Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.32.0...v2.33.0 )
#### 2.33.0
##### 🚀 Features
- feat(work-items): add ListWorkItemTypes to WorkItemsService
([!2864 ](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2864 ))
by [Emmanuel 326](https://gitlab.com/Emmanuel326 )
##### 🔄 Other Changes
- chore(deps): update module cel.dev/expr to v0.25.2
([!2881 ](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2881 ))
by [GitLab Dependency
Bot](https://gitlab.com/gitlab-dependency-update-bot )
###
[2.33.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.32.0...v2.33.0 )
(2026-05-27)
##### Features
* **work-items:** add ListWorkItemTypes to WorkItemsService
([e71cb99](e71cb99448https://gitlab.com/gitlab-org/api/client-go/tags/v2.32.0 )
[Compare
Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.31.0...v2.32.0 )
#### 2.32.0
##### 🚀 Features
- feat(ci-job-cancel): force cancel
([!2872 ](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2872 ))
by [Filip Aleksic](https://gitlab.com/faleksic )
###
[2.32.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.31.0...v2.32.0 )
(2026-05-23)
##### Features
* **ci-job-cancel:** force cancel
([aa46bd1](aa46bd1842https://gitlab.com/gitlab-org/api/client-go/tags/v2.31.0 )
[Compare
Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.30.0...v2.31.0 )
#### 2.31.0
##### 🚀 Features
- Adds project service accounts API
([!2899 ](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2899 ))
by [Jimmy Spagnola](https://gitlab.com/jspagnola )
- feat(gitlaboauth2): support ephemeral ports in CallbackServer
([!2877 ](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2877 ))
by [Raphael Rösch](https://gitlab.com/raphael.roesch )
###
[2.31.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.30.0...v2.31.0 )
(2026-05-22)
##### Features
* **gitlaboauth2:** support ephemeral ports in CallbackServer
([c8c388d](c8c388d566📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: silverwind <me@silverwind.io >
2026-06-09 10:41:54 +00:00
Giteabot
a91c88428b
chore(deps): update dependency happy-dom to v20.10.1 ( #38043 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [happy-dom](https://redirect.github.com/capricorn86/happy-dom ) |
[`20.9.0` →
`20.10.1`](https://renovatebot.com/diffs/npm/happy-dom/20.9.0/20.10.1 ) |
|
|
---
### Release Notes
<details>
<summary>capricorn86/happy-dom (happy-dom)</summary>
###
[`v20.10.1`](https://redirect.github.com/capricorn86/happy-dom/compare/v20.10.0...v20.10.1 )
[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.10.0...v20.10.1 )
###
[`v20.10.0`](https://redirect.github.com/capricorn86/happy-dom/releases/tag/v20.10.0 )
[Compare
Source](https://redirect.github.com/capricorn86/happy-dom/compare/v20.9.0...v20.10.0 )
##### 🎨 Features
- Adds support for setting a canvas adapter for handling the canvas
rendering using the browser setting
[canvasAdapter](https://redirect.github.com/capricorn86/happy-dom/wiki/IOptionalBrowserSettings )
- By **[@​RAprogramm](https://redirect.github.com/RAprogramm )**
and **[@​capricorn86](https://redirect.github.com/capricorn86 )**
in task
[#​241](https://redirect.github.com/capricorn86/happy-dom/issues/241 )
- Adds new package
[@​happy-dom/node-canvas-adapter](https://redirect.github.com/capricorn86/happy-dom/tree/master/packages/%40happy-dom/node-canvas-adapter )
- By **[@​RAprogramm](https://redirect.github.com/RAprogramm )**
and **[@​capricorn86](https://redirect.github.com/capricorn86 )**
in task
[#​241](https://redirect.github.com/capricorn86/happy-dom/issues/241 )
-
[@​happy-dom/node-canvas-adapter](https://redirect.github.com/capricorn86/happy-dom/tree/master/packages/%40happy-dom/node-canvas-adapter )
is a pluggable canvas adapter for Happy DOM using
[node-canvas](https://redirect.github.com/Automattic/node-canvas ).
- Adds support for loading image files when enabling the browser setting
[enableImageFileLoading](https://redirect.github.com/capricorn86/happy-dom/wiki/IOptionalBrowserSettings )
- By **[@​capricorn86](https://redirect.github.com/capricorn86 )**
in task
[#​241](https://redirect.github.com/capricorn86/happy-dom/issues/241 )
- Adds support for loading image data URLs - By
**[@​capricorn86](https://redirect.github.com/capricorn86 )** in
task
[#​241](https://redirect.github.com/capricorn86/happy-dom/issues/241 )
- Adds support for
[ImageData](https://developer.mozilla.org/en-US/docs/Web/API/ImageData )
- By **[@​capricorn86](https://redirect.github.com/capricorn86 )**
in task
[#​241](https://redirect.github.com/capricorn86/happy-dom/issues/241 )
- Adds support for
[ImageBitmap](https://developer.mozilla.org/en-US/docs/Web/API/ImageBitmap )
- By **[@​capricorn86](https://redirect.github.com/capricorn86 )**
in task
[#​241](https://redirect.github.com/capricorn86/happy-dom/issues/241 )
- Adds support for
[Window.createImageBitmap()](https://developer.mozilla.org/en-US/docs/Web/API/Window/createImageBitmap )
- By **[@​capricorn86](https://redirect.github.com/capricorn86 )**
in task
[#​241](https://redirect.github.com/capricorn86/happy-dom/issues/241 )
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2026-06-09 11:57:31 +02:00
Lunny Xiao
49a0d19fa3
feat(api): Add assignees APIs ( #37330 )
...
Follow
https://docs.github.com/en/enterprise-server@3.20/rest/issues/assignees?apiVersion=2022-11-28
Fix #33576
And it also fixed some possible dead-lock problem.
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
Co-authored-by: Nicolas <bircni@icloud.com >
Co-authored-by: Zettat123 <zettat123@gmail.com >
2026-06-09 06:12:09 +00:00
Lunny Xiao
611dfc9496
fix: Fix some wrong code and follow 37347 ( #37987 )
2026-06-09 07:53:58 +02:00
bircni
72c1e4c621
docs: update community governance document ( #38038 )
2026-06-08 20:44:07 +00:00
Giteabot
60abea17a2
chore(deps): update module github.com/go-swagger/go-swagger to v0.34.0 ( #38028 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
|
[github.com/go-swagger/go-swagger](https://redirect.github.com/go-swagger/go-swagger )
| `v0.33.2` → `v0.34.0` |
|
|
---
### Release Notes
<details>
<summary>go-swagger/go-swagger
(github.com/go-swagger/go-swagger)</summary>
###
[`v0.34.0`](https://redirect.github.com/go-swagger/go-swagger/releases/tag/v0.34.0 )
[Compare
Source](https://redirect.github.com/go-swagger/go-swagger/compare/v0.33.2...v0.34.0 )
go-swagger release 0.34.0
***
Released on 2026 May 29
#####
[0.34.0](https://redirect.github.com/go-swagger/go-swagger/tree/v0.34.0 )
- 2026-05-28
Major refactoring. Focus on improving runtime (e.g.generated client) and
codescan (e.g. generated spec).
**Full Changelog**:
<https://github.com/go-swagger/go-swagger/compare/v0.33.2...v0.34.0 >
42 commits in this release.
***
##### <!-- 00 -->Implemented enhancements
- feat(client): added method to configure client-side custom
producers/consumers by
[@​fredbi](https://redirect.github.com/fredbi ) in
[#​3351](https://redirect.github.com/go-swagger/go-swagger/pull/3351 )
[...](4068f65b04https://redirect.github.com/fredbi ) in
[#​3349](https://redirect.github.com/go-swagger/go-swagger/pull/3349 )
[...](a81068f5d5https://redirect.github.com/fredbi ) in
[#​3348](https://redirect.github.com/go-swagger/go-swagger/pull/3348 )
[...](d5e5d3020bhttps://redirect.github.com/fredbi ) in
[#​3347](https://redirect.github.com/go-swagger/go-swagger/pull/3347 )
[...](971f2aa56ahttps://redirect.github.com/fredbi ) in
[#​3342](https://redirect.github.com/go-swagger/go-swagger/pull/3342 )
[...](01d8f1358fhttps://redirect.github.com/fredbi ) in
[#​3341](https://redirect.github.com/go-swagger/go-swagger/pull/3341 )
[...](ba25bfa2cchttps://redirect.github.com/go-swagger/go-swagger/issues/1047 ))
by [@​Abzaek](https://redirect.github.com/Abzaek ) in
[#​3330](https://redirect.github.com/go-swagger/go-swagger/pull/3330 )
[...](4856feb230https://redirect.github.com/fredbi ) in
[#​3339](https://redirect.github.com/go-swagger/go-swagger/pull/3339 )
[...](036e31515ahttps://redirect.github.com/fredbi ) in
[#​3316](https://redirect.github.com/go-swagger/go-swagger/pull/3316 )
[...](4d659c0b5ehttps://redirect.github.com/fredbi ) in
[#​3352](https://redirect.github.com/go-swagger/go-swagger/pull/3352 )
[...](9b15dfe858https://redirect.github.com/fredbi ) in
[#​3340](https://redirect.github.com/go-swagger/go-swagger/pull/3340 )
[...](0dd20f7852https://redirect.github.com/fredbi ) in
[#​3309](https://redirect.github.com/go-swagger/go-swagger/pull/3309 )
[...](b1cc87b266https://redirect.github.com/fredbi ) in
[#​3336](https://redirect.github.com/go-swagger/go-swagger/pull/3336 )
[...](ba47cff06dhttps://redirect.github.com/fredbi ) in
[#​3335](https://redirect.github.com/go-swagger/go-swagger/pull/3335 )
[...](83bced44f9https://redirect.github.com/fredbi ) in
[#​3331](https://redirect.github.com/go-swagger/go-swagger/pull/3331 )
[...](8a020f0598https://redirect.github.com/fredbi ) in
[#​3304](https://redirect.github.com/go-swagger/go-swagger/pull/3304 )
[...](8cd187ba00https://redirect.github.com/fredbi ) in
[#​3302](https://redirect.github.com/go-swagger/go-swagger/pull/3302 )
[...](746308f71fhttps://redirect.github.com/fredbi ) in
[#​3350](https://redirect.github.com/go-swagger/go-swagger/pull/3350 )
[...](747db03403https://redirect.github.com/fredbi ) in
[#​3346](https://redirect.github.com/go-swagger/go-swagger/pull/3346 )
[...](480a0bdbf5https://redirect.github.com/fredbi ) in
[#​3345](https://redirect.github.com/go-swagger/go-swagger/pull/3345 )
[...](6dda1280fehttps://redirect.github.com/fredbi ) in
[#​3344](https://redirect.github.com/go-swagger/go-swagger/pull/3344 )
[...](5981d75858https://redirect.github.com/fredbi ) in
[#​3343](https://redirect.github.com/go-swagger/go-swagger/pull/3343 )
[...](f50d895b3ahttps://redirect.github.com/fredbi ) in
[#​3308](https://redirect.github.com/go-swagger/go-swagger/pull/3308 )
[...](6e059188a4https://redirect.github.com/fredbi ) in
[#​3307](https://redirect.github.com/go-swagger/go-swagger/pull/3307 )
[...](eeca5fc9ffhttps://redirect.github.com/fredbi ) in
[#​3305](https://redirect.github.com/go-swagger/go-swagger/pull/3305 )
[...](9203e37e73https://redirect.github.com/go-swagger/go-swagger/issues/2401 ))
by [@​dashitongzhi](https://redirect.github.com/dashitongzhi ) in
[#​3338](https://redirect.github.com/go-swagger/go-swagger/pull/3338 )
[...](b594d144efhttps://redirect.github.com/fredbi ) in
[#​3306](https://redirect.github.com/go-swagger/go-swagger/pull/3306 )
[...](e1c611ed9ehttps://redirect.github.com/fredbi ) in
[#​3303](https://redirect.github.com/go-swagger/go-swagger/pull/3303 )
[...](c32e2d574ahttps://redirect.github.com/dependabot\[bot] )
in
[#​3337](https://redirect.github.com/go-swagger/go-swagger/pull/3337 )
[...](9f68bcccf8https://redirect.github.com/dependabot\[bot] )
in
[#​3329](https://redirect.github.com/go-swagger/go-swagger/pull/3329 )
[...](9286ac262ehttps://redirect.github.com/dependabot\[bot] )
in
[#​3328](https://redirect.github.com/go-swagger/go-swagger/pull/3328 )
[...](a4f355cfdehttps://redirect.github.com/dependabot\[bot] )
in
[#​3327](https://redirect.github.com/go-swagger/go-swagger/pull/3327 )
[...](1078819e42https://redirect.github.com/dependabot\[bot] )
in
[#​3326](https://redirect.github.com/go-swagger/go-swagger/pull/3326 )
[...](e4b5c8fe1fhttps://redirect.github.com/dependabot\[bot] )
in
[#​3325](https://redirect.github.com/go-swagger/go-swagger/pull/3325 )
[...](30da59f48ahttps://redirect.github.com/dependabot\[bot] )
in
[#​3324](https://redirect.github.com/go-swagger/go-swagger/pull/3324 )
[...](faffaccee8https://redirect.github.com/dependabot\[bot] )
in
[#​3323](https://redirect.github.com/go-swagger/go-swagger/pull/3323 )
[...](5bbf90b257https://redirect.github.com/dependabot\[bot] )
in
[#​3322](https://redirect.github.com/go-swagger/go-swagger/pull/3322 )
[...](d25d6f2da0https://redirect.github.com/dependabot\[bot] )
in
[#​3321](https://redirect.github.com/go-swagger/go-swagger/pull/3321 )
[...](cedb38213dhttps://redirect.github.com/dependabot\[bot] )
in
[#​3320](https://redirect.github.com/go-swagger/go-swagger/pull/3320 )
[...](3815953bf6https://redirect.github.com/dependabot\[bot] )
in
[#​3318](https://redirect.github.com/go-swagger/go-swagger/pull/3318 )
[...](126ceeb618https://redirect.github.com/dependabot\[bot] )
in
[#​3317](https://redirect.github.com/go-swagger/go-swagger/pull/3317 )
[...](af43211eechttps://redirect.github.com/dependabot\[bot] )
in
[#​3315](https://redirect.github.com/go-swagger/go-swagger/pull/3315 )
[...](0f32c03e49https://redirect.github.com/Abzaek )
- [@​dashitongzhi](https://redirect.github.com/dashitongzhi )
- [@​fredbi](https://redirect.github.com/fredbi )
***
##### New Contributors
- [@​dashitongzhi](https://redirect.github.com/dashitongzhi ) made
their first contribution
in
[#​3338](https://redirect.github.com/go-swagger/go-swagger/pull/3338 )
- [@​Abzaek](https://redirect.github.com/Abzaek ) made their first
contribution
in
[#​3330](https://redirect.github.com/go-swagger/go-swagger/pull/3330 )
***
**[go-swagger](https://redirect.github.com/go-swagger/go-swagger )
license terms**
[![License][license-badge]][license-url]
[license-badge]:
http://img.shields.io/badge/license-Apache%20v2-orange.svg
[license-url]:
https://redirect.github.com/go-swagger/go-swagger/?tab=Apache-2.0-1-ov-file#readme
***
Released by
[GoReleaser](https://redirect.github.com/goreleaser/goreleaser ).
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
---------
Co-authored-by: Nicolas <bircni@icloud.com >
2026-06-08 20:41:45 +00:00
bircni
699fe2ef43
fix(actions)!: require merged PR to bypass fork PR approval gate ( #38010 )
...
`ifNeedApproval` in `services/actions/notifier_helper.go` decided
whether a
fork PR's workflow run had to wait for maintainer approval. The bypass
clause
counted any prior `approved_by > 0` run for `(repo_id,
trigger_user_id)`, so
the very first Approve-and-run click on a contributor's fork PR
permanently
trusted that user for every future fork PR in the same repository —
including
PRs whose only change is the workflow YAML itself.
Approving a workflow *run* is not the same as merging *code*. This
change
aligns the gate with GitHub Actions' first-time-contributor model: trust
is
granted only after the user has had a pull request merged in the repo.
## Behavior change
- **Before**: one approval = permanent trust for that user in that repo.
- **After**: every fork PR is gated until the contributor has at least
one
merged PR in the repo.
Existing already-approved runs and merged PRs continue to work; only the
trust criterion for *future* fork PRs changes. Maintainers who rely on
the
implicit "approve once" trust will see the approval banner reappear
until
they merge a PR from that contributor.
2026-06-08 20:07:15 +00:00
Giteabot
ee9f31e9c9
chore(deps): update dependency @eslint/json to v2 ( #38030 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [@eslint/json](https://redirect.github.com/eslint/json ) | [`1.2.0` →
`2.0.0`](https://renovatebot.com/diffs/npm/@eslint%2fjson/1.2.0/2.0.0 ) |
|
|
---
### Release Notes
<details>
<summary>eslint/json (@​eslint/json)</summary>
###
[`v2.0.0`](https://redirect.github.com/eslint/json/blob/HEAD/CHANGELOG.md#200-2026-05-28 )
[Compare
Source](72eb947ec7...804ffc4911https://redirect.github.com/eslint/json/issues/238 ))
##### Features
- add `meta.languages` to JSON rules
([#​238](https://redirect.github.com/eslint/json/issues/238 ))
([deff6b4deff6b4721https://redirect.github.com/eslint/json/issues/226 ))
([237148f](237148ff76https://redirect.github.com/eslint/json/issues/228 ))
([5803df5](5803df5fd1📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2026-06-08 19:28:45 +00:00
bircni
3b1e75764e
feat(actions): add job summaries (GITHUB_STEP_SUMMARY) ( #37500 )
...
- Add GitHub-style Actions **job summaries** support
(`GITHUB_STEP_SUMMARY` / `workflow/SUMMARY.md`) and render them on the
run Summary view.
- Store uploaded summaries internally in the DB (not as downloadable
artifacts).
- Add runtime-token endpoint for runners to upload summaries:
- `PUT
/api/actions_pipeline/_apis/pipelines/workflows/{run_id}/jobs/{job_id}/summary`
- Advertise support to runners via `RunnerService.Declare` response
header:
- `X-Gitea-Actions-Capabilities: job-summary`
- Devtest: extend `/devtest/repo-action-view/...` to include mock
`jobSummaries` for previewing UI rendering.
## Compatibility
- New Gitea + old runner: no summary upload → UI shows nothing (no
behavior change)
- New runner + old Gitea: capability not advertised → runner skips
upload (no behavior change)
## Screenshot:
<img width="2017" height="729"
src="https://github.com/user-attachments/assets/31f8b945-50c4-40e1-9f40-382901a53013 "
/>
Fixes #23721
PR on gitea-runner https://gitea.com/gitea/runner/pulls/917
---------
Co-authored-by: silverwind <me@silverwind.io >
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com >
2026-06-08 19:11:00 +00:00
bircni
b1c088e9cf
enhance(actions): Make Summary UI more beautiful with more infos ( #37824 )
...
## Summary
- Redesign the Actions run summary header to follow GitHub Actions
layout: trigger info on the left, Status / Total duration / Artifacts
columns inline on the right
- Expose trigger user avatar, pull request link, and PR head branch info
from the run view API
- Update the workflow graph header to show the workflow filename (linked
to the run workflow file) and `on: <event>`, while keeping the
jobs/dependencies/success stats line
- Remove the redundant commit/workflow metadata row below the run title;
that information now lives in the summary bar
New:
<img width="1564" height="639"
src="https://github.com/user-attachments/assets/e6bc1623-c5fc-4e97-abc9-fde7f3c6aef9 "
/>
Old:
<img width="2038" height="1038"
src="https://github.com/user-attachments/assets/0857f19a-8d3a-4da2-82fd-e9ebeb200062 "
/>
Replaces https://github.com/go-gitea/gitea/pull/36721
---------
Co-authored-by: Giteabot <teabot@gitea.io >
2026-06-08 18:49:06 +00:00
Giteabot
e01af366e2
fix(deps): update npm dependencies ( #38035 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| @​codemirror/autocomplete | [`6.20.2` →
`6.20.3`](https://renovatebot.com/diffs/npm/@codemirror%2fautocomplete/6.20.2/6.20.3 )
|
|
|
| [eslint-plugin-vue](https://eslint.vuejs.org )
([source](https://redirect.github.com/vuejs/eslint-plugin-vue )) |
[`10.9.1` →
`10.9.2`](https://renovatebot.com/diffs/npm/eslint-plugin-vue/10.9.1/10.9.2 )
|
|
|
---
### Release Notes
<details>
<summary>vuejs/eslint-plugin-vue (eslint-plugin-vue)</summary>
###
[`v10.9.2`](https://redirect.github.com/vuejs/eslint-plugin-vue/blob/HEAD/CHANGELOG.md#1092 )
[Compare
Source](https://redirect.github.com/vuejs/eslint-plugin-vue/compare/v10.9.1...v10.9.2 )
##### Patch Changes
- Fixed
[`vue/custom-event-name-casing`](https://eslint.vuejs.org/rules/custom-event-name-casing.html )
to check segments of colon-separated event names like `update:foo-bar`
([#​3079](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3079 ))
- Fixed
[`vue/one-component-per-file`](https://eslint.vuejs.org/rules/one-component-per-file.html )
to not report functions not imported from Vue
([#​3063](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3063 ))
- Fixed
[`vue/prefer-import-from-vue`](https://eslint.vuejs.org/rules/prefer-import-from-vue.html )
to not report imports/exports of names that are not re-exported by `vue`
([#​3081](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3081 ))
- Fixed
[`vue/return-in-computed-property`](https://eslint.vuejs.org/rules/return-in-computed-property.html )
and
[`vue/require-render-return`](https://eslint.vuejs.org/rules/require-render-return.html )
to not report exhaustive switch statements when TypeScript type
information is available
([#​3067](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3067 ))
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2026-06-08 18:30:55 +00:00
TheFox0x7
d76a974b24
feat(ssh): auto generate additional ssh keys ( #33974 )
...
adds capabilities for gitea to generate ecdsa and ed25519 keys by
default
adds cli for built-in ssh key generation helpers
closes: https://github.com/go-gitea/gitea/issues/33783
---------
Co-authored-by: Nicolas <bircni@icloud.com >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
Co-authored-by: Giteabot <teabot@gitea.io >
2026-06-08 18:18:58 +00:00
Nico Schlömer
ade76fe838
enhance: allow MathML core elements ( #38034 )
...
Fixes #36352 .
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
2026-06-08 17:58:41 +00:00
bircni
54916f708e
feat: Add avatar stacks ( #37594 )
...
Parse `Co-authored-by:` trailers from commit messages and surface
contributors as an avatar stack across the commit page, commits list, PR
commits tab, latest-commit row, blame, graph, and dashboard feed.
- Up to 10 visible 20px avatars, GitHub-style overlap (6px first stride,
4px between subsequent), `+N` chip for the rest.
- Label: 1 → name; 2 → `<a> and <b>`; 3+ → `<N> people` opens a Tippy
popup with all participants.
- Names and avatars link to the repo's commits-by-author search; fall
back to profile or `mailto:`.
- Trailer parsing uses `net/mail.ParseAddress`, scans only the trailing
paragraph, filters out the commit's own author/committer.
- Drops the non-standard `Co-committed-by:` emission on squash merge and
web edits.
Devtest: `/devtest/coauthor-avatars`.
Fixes #25521
----
<img width="353" height="277" alt="image"
src="https://github.com/user-attachments/assets/72092ceb-97ca-4b09-9557-0b72d3c5458e "
/>
<img width="533" height="328"
src="https://github.com/user-attachments/assets/11d0c8f8-8b3f-4f2e-9993-879f1c06bcc5 "
/>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com >
Co-authored-by: silverwind <me@silverwind.io >
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com >
Co-authored-by: Giteabot <teabot@gitea.io >
2026-06-08 17:16:22 +00:00
Giteabot
2a84831400
chore(deps): update astral-sh/setup-uv action to v8.2.0 ( #38036 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv ) |
action | minor | `v8.1.0` → `v8.2.0` |
---
### Release Notes
<details>
<summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary>
###
[`v8.2.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v8.2.0 ):
🌈 New inputs `quiet` and `download-from-astral-mirror`
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v8.1.0...v8.2.0 )
#### Changes
This release brings two new inputs and a few bug fixes.
##### New inputs
Lets talk about the new inputs first.
##### quiet
Pretty simple. It turns of all `info` loggings. Useful if you use this
in a composite action and are not interested in all the details.
In the upcoming releases we will add log groups to fully implement
support for "less noise"
> \[!NOTE]\
> Warnings and errors are always logged.
##### download-from-astral-mirror
In some cases you may want to directly use the fallback of checking for
available versions and downloading releases from GitHub instead of using
the astral.sh mirror. Setting `download-from-astral-mirror: false`
allows you to do that.
##### Bugfixes
When using the astral.sh mirror to query available versions and download
releases (done by default) we now stop sending the GitHub token in the
header. The mirror never looked at it but we shouldn't be handing out
that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due
to retries and other faults.
We couldn't pinpoint all rootcauses yet but added more logging for error
cases to track them down.
#### 🐛 Bug fixes
- fix: report unexpected cache save failures
[@​eifinger](https://redirect.github.com/eifinger )
([#​896](https://redirect.github.com/astral-sh/setup-uv/issues/896 ))
- fix: report unexpected setup failures
[@​eifinger](https://redirect.github.com/eifinger )
([#​895](https://redirect.github.com/astral-sh/setup-uv/issues/895 ))
- fix: add timeout to fetch to prevent silent hangs
[@​eifinger-bot](https://redirect.github.com/eifinger-bot )
([#​883](https://redirect.github.com/astral-sh/setup-uv/issues/883 ))
- Limit GitHub tokens to github.com download URLs
[@​zsol](https://redirect.github.com/zsol )
([#​878](https://redirect.github.com/astral-sh/setup-uv/issues/878 ))
- increase libuv-workaround timeout to 100ms
[@​eifinger](https://redirect.github.com/eifinger )
([#​880](https://redirect.github.com/astral-sh/setup-uv/issues/880 ))
#### 🚀 Enhancements
- Add quiet input to suppress info-level log output
[@​eifinger](https://redirect.github.com/eifinger )
([#​898](https://redirect.github.com/astral-sh/setup-uv/issues/898 ))
- feat: add `download-from-astral-mirror` input
[@​eifinger](https://redirect.github.com/eifinger )
([#​897](https://redirect.github.com/astral-sh/setup-uv/issues/897 ))
#### 🧰 Maintenance
- docs: update dependabot rollup biome guidance
[@​eifinger](https://redirect.github.com/eifinger )
([#​902](https://redirect.github.com/astral-sh/setup-uv/issues/902 ))
- chore: update known checksums for 0.11.18
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​899](https://redirect.github.com/astral-sh/setup-uv/issues/899 ))
- chore: update known checksums for 0.11.17
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​892](https://redirect.github.com/astral-sh/setup-uv/issues/892 ))
- chore: update known checksums for 0.11.16
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​889](https://redirect.github.com/astral-sh/setup-uv/issues/889 ))
- chore: update known checksums for 0.11.15
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​885](https://redirect.github.com/astral-sh/setup-uv/issues/885 ))
- chore: update known checksums for 0.11.14
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​879](https://redirect.github.com/astral-sh/setup-uv/issues/879 ))
- chore: update known checksums for 0.11.13
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​877](https://redirect.github.com/astral-sh/setup-uv/issues/877 ))
- chore: update known checksums for 0.11.12
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​876](https://redirect.github.com/astral-sh/setup-uv/issues/876 ))
- chore: update known checksums for 0.11.11
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​873](https://redirect.github.com/astral-sh/setup-uv/issues/873 ))
- chore: update known checksums for 0.11.9/0.11.10
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​871](https://redirect.github.com/astral-sh/setup-uv/issues/871 ))
- chore: update known checksums for 0.11.8
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​867](https://redirect.github.com/astral-sh/setup-uv/issues/867 ))
- Bump setup-uv references to v8.1.0 SHA in docs
[@​eifinger](https://redirect.github.com/eifinger )
([#​862](https://redirect.github.com/astral-sh/setup-uv/issues/862 ))
- Add update-docs.yml workflow
[@​eifinger](https://redirect.github.com/eifinger )
([#​861](https://redirect.github.com/astral-sh/setup-uv/issues/861 ))
#### ⬆️ Dependency updates
- chore(deps): roll up dependabot updates
[@​eifinger](https://redirect.github.com/eifinger )
([#​903](https://redirect.github.com/astral-sh/setup-uv/issues/903 ))
- chore(deps): roll up dependabot updates
[@​eifinger](https://redirect.github.com/eifinger )
([#​901](https://redirect.github.com/astral-sh/setup-uv/issues/901 ))
- chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​900](https://redirect.github.com/astral-sh/setup-uv/issues/900 ))
- chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​842](https://redirect.github.com/astral-sh/setup-uv/issues/842 ))
- chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​893](https://redirect.github.com/astral-sh/setup-uv/issues/893 ))
- chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​891](https://redirect.github.com/astral-sh/setup-uv/issues/891 ))
- chore(deps): bump release-drafter/release-drafter from 7.2.0 to 7.3.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​884](https://redirect.github.com/astral-sh/setup-uv/issues/884 ))
- chore(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.5
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​888](https://redirect.github.com/astral-sh/setup-uv/issues/888 ))
- chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​881](https://redirect.github.com/astral-sh/setup-uv/issues/881 ))
- chore(deps): bump github/codeql-action from 4.32.2 to 4.35.3
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​875](https://redirect.github.com/astral-sh/setup-uv/issues/875 ))
- chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​866](https://redirect.github.com/astral-sh/setup-uv/issues/866 ))
- chore(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​864](https://redirect.github.com/astral-sh/setup-uv/issues/864 ))
- chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​863](https://redirect.github.com/astral-sh/setup-uv/issues/863 ))
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2026-06-08 18:53:12 +02:00
wxiaoguang
136f7d18aa
fix: api error message ( #38031 )
...
Fix various abuses and mistakes
2026-06-08 16:58:42 +08:00
