mirror of
https://github.com/go-gitea/gitea.git
synced 2026-06-29 22:31:28 +00:00
762c674bc5
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [djlint](https://redirect.github.com/djlint/djLint) | `==1.39.2` → `==1.39.4` |  |  | | [zizmor](https://docs.zizmor.sh) ([source](https://redirect.github.com/zizmorcore/zizmor)) | `==1.25.2` → `==1.26.1` |  |  | --- ### Release Notes <details> <summary>djlint/djLint (djlint)</summary> ### [`v1.39.4`](https://redirect.github.com/djlint/djLint/blob/HEAD/CHANGELOG.md#1394---2026-06-24) [Compare Source](https://redirect.github.com/djlint/djLint/compare/v1.39.3...v1.39.4) ##### Fix - Fix crashes in mypyc-compiled wheels. ### [`v1.39.3`](https://redirect.github.com/djlint/djLint/blob/HEAD/CHANGELOG.md#1393---2026-06-23) [Compare Source](https://redirect.github.com/djlint/djLint/compare/v1.39.2...v1.39.3) ##### Fix - Use Click instead of tqdm for progress output, send progress to stderr, respect `--quiet`, and honor `NO_COLOR`. Remove direct `colorama` and `tqdm` dependencies now that Click handles CLI colors and progress. - Avoid false H025 reports after self-closing tags in Django templates. - Avoid false H025 reports for multiline Go template attributes. - Keep Django child-template reformatting idempotent when inline control blocks also appear inside HTML attributes. - Respect whitespace-control dashes when applying `blank_line_after_tag` and `blank_line_before_tag`. </details> <details> <summary>zizmorcore/zizmor (zizmor)</summary> ### [`v1.26.1`](https://redirect.github.com/zizmorcore/zizmor/releases/tag/v1.26.1) [Compare Source](https://redirect.github.com/zizmorcore/zizmor/compare/v1.26.0...v1.26.1) This is a small corrective release for [1.26.0](https://docs.zizmor.sh/release-notes/#​1260). ### [`v1.26.0`](https://redirect.github.com/zizmorcore/zizmor/releases/tag/v1.26.0) [Compare Source](https://redirect.github.com/zizmorcore/zizmor/compare/v1.25.2...v1.26.0) #### New Features 🌈[🔗](https://docs.zizmor.sh/release-notes/#new-features) - New audit: [typosquat-uses](https://docs.zizmor.sh/audits/#typosquat-uses) detects uses: clauses that reference likely typoed actions ([#​1985](https://redirect.github.com/zizmorcore/zizmor/issues/1985)) Many thanks to [@​andrew](https://redirect.github.com/andrew) for proposing and implementing this improvement! - New audit: [unsound-ternary](https://docs.zizmor.sh/audits/#unsound-ternary) detects pseudo-ternary expressions that don't evaluate as expected ([#​2085](https://redirect.github.com/zizmorcore/zizmor/issues/2085)) Many thanks to [@​terror](https://redirect.github.com/terror) for proposing and implementing this improvement! - New audit: [adhoc-packages](https://docs.zizmor.sh/audits/#adhoc-packages) detects run: steps that install packages in an ad-hoc manner ([#​2061](https://redirect.github.com/zizmorcore/zizmor/issues/2061)) Many thanks to [@​connorshea](https://redirect.github.com/connorshea) for proposing and implementing this improvement! #### Enhancements 🌱[🔗](https://docs.zizmor.sh/release-notes/#enhancements) - The [cache-poisoning](https://docs.zizmor.sh/audits/#cache-poisoning) audit now detects additional cache disablement heuristics ([#​2053](https://redirect.github.com/zizmorcore/zizmor/issues/2053)) - The [known-vulnerable-actions](https://docs.zizmor.sh/audits/#known-vulnerable-actions) audit is now configurable. See [the configuration documentation](https://docs.zizmor.sh/audits/#known-vulnerable-actions-configuration) for details ([#​2084](https://redirect.github.com/zizmorcore/zizmor/issues/2084)) - The [excessive-permissions](https://docs.zizmor.sh/audits/#excessive-permissions) audit is now aware of the code-quality permission ([#​2088](https://redirect.github.com/zizmorcore/zizmor/issues/2088)) - The [unpinned-uses](https://docs.zizmor.sh/audits/#unpinned-uses) audit's auto-fix now uses the fully qualified version tag (e.g. # v6.0.2) when fixing a major-version ref (e.g. [@​v6](https://redirect.github.com/v6)) ([#​2127](https://redirect.github.com/zizmorcore/zizmor/issues/2127)) #### Performance Improvements 🚄[🔗](https://docs.zizmor.sh/release-notes/#performance-improvements) - Most online audits are significantly faster, thanks to more precise retry handling ([#​2036](https://redirect.github.com/zizmorcore/zizmor/issues/2036)) Bug Fixes 🐛[🔗](https://docs.zizmor.sh/release-notes/#bug-fixes) - Fixed a bug where zizmor's LSP would not recognize dependabot.yaml files in its default configuration ([#​2026](https://redirect.github.com/zizmorcore/zizmor/issues/2026)) Many thanks to [@​fionn](https://redirect.github.com/fionn) for implementing this fix! - Fixed a bug where [ref-version-mismatch](https://docs.zizmor.sh/audits/#ref-version-mismatch) would fail to fully match some version comments ([#​2040](https://redirect.github.com/zizmorcore/zizmor/issues/2040)) - Fixed a bug where [dependabot-cooldown](https://docs.zizmor.sh/audits/#dependabot-cooldown) would fail to honor the user's configured days when performing autofixes ([#​2055](https://redirect.github.com/zizmorcore/zizmor/issues/2055)) - Steps and jobs gated by statically-false if: conditions (e.g. if: false, if: ${{ false }}) are now skipped during auditing, since they cannot execute ([#​2059](https://redirect.github.com/zizmorcore/zizmor/issues/2059), [#​2069](https://redirect.github.com/zizmorcore/zizmor/issues/2069)) - Fixed a bug where [ref-version-mismatch](https://docs.zizmor.sh/audits/#ref-version-mismatch) would fail to identify some valid version comments ([#​2073](https://redirect.github.com/zizmorcore/zizmor/issues/2073)) - Fixed a bug where [unpinned-images](https://docs.zizmor.sh/audits/#unpinned-images) would incorrectly flag empty matrix expansions as unpinned container image references ([#​2102](https://redirect.github.com/zizmorcore/zizmor/issues/2102)) - Fixed a bug where [unpinned-images](https://docs.zizmor.sh/audits/#unpinned-images) would incorrectly flag some matrix expansions as unpinned ([#​2098](https://redirect.github.com/zizmorcore/zizmor/issues/2098)) - The SARIF (--format=sarif) and GitHub Annotations (--format=github) output formats now provide more correct/useful paths, particularly when the user provides a relative path as input to zizmor rather than zizmor . ([#​1748](https://redirect.github.com/zizmorcore/zizmor/issues/1748), [#​2095](https://redirect.github.com/zizmorcore/zizmor/issues/2095)) #### Changes ⚠️[🔗](https://docs.zizmor.sh/release-notes/#changes) - The [impostor-commit](https://docs.zizmor.sh/audits/#impostor-commit) audit no longer suggests auto-fixes, to avoid incorrectly minimizing the amount of manual remediation work needed ([#​2054](https://redirect.github.com/zizmorcore/zizmor/issues/2054)) - The JSON and SARIF outputs no longer contain a misleading prefix key ([#​2095](https://redirect.github.com/zizmorcore/zizmor/issues/2095)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
16 lines
244 B
TOML
16 lines
244 B
TOML
[project]
|
|
name = "gitea"
|
|
version = "0.0.0"
|
|
requires-python = ">=3.10"
|
|
|
|
[dependency-groups]
|
|
dev = [
|
|
"djlint==1.39.4",
|
|
"yamllint==1.38.0",
|
|
"zizmor==1.26.1",
|
|
]
|
|
|
|
[tool.djlint]
|
|
profile="golang"
|
|
ignore="H005,H006,H013,H016,H020,H021,H030,H031"
|