762c674bc5
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [djlint](https://redirect.github.com/djlint/djLint) | `==1.39.2` → `==1.39.4` |  |  | | [zizmor](https://docs.zizmor.sh) ([source](https://redirect.github.com/zizmorcore/zizmor)) | `==1.25.2` → `==1.26.1` |  |  | --- ### Release Notes <details> <summary>djlint/djLint (djlint)</summary> ### [`v1.39.4`](https://redirect.github.com/djlint/djLint/blob/HEAD/CHANGELOG.md#1394---2026-06-24) [Compare Source](https://redirect.github.com/djlint/djLint/compare/v1.39.3...v1.39.4) ##### Fix - Fix crashes in mypyc-compiled wheels. ### [`v1.39.3`](https://redirect.github.com/djlint/djLint/blob/HEAD/CHANGELOG.md#1393---2026-06-23) [Compare Source](https://redirect.github.com/djlint/djLint/compare/v1.39.2...v1.39.3) ##### Fix - Use Click instead of tqdm for progress output, send progress to stderr, respect `--quiet`, and honor `NO_COLOR`. Remove direct `colorama` and `tqdm` dependencies now that Click handles CLI colors and progress. - Avoid false H025 reports after self-closing tags in Django templates. - Avoid false H025 reports for multiline Go template attributes. - Keep Django child-template reformatting idempotent when inline control blocks also appear inside HTML attributes. - Respect whitespace-control dashes when applying `blank_line_after_tag` and `blank_line_before_tag`. </details> <details> <summary>zizmorcore/zizmor (zizmor)</summary> ### [`v1.26.1`](https://redirect.github.com/zizmorcore/zizmor/releases/tag/v1.26.1) [Compare Source](https://redirect.github.com/zizmorcore/zizmor/compare/v1.26.0...v1.26.1) This is a small corrective release for [1.26.0](https://docs.zizmor.sh/release-notes/#​1260). ### [`v1.26.0`](https://redirect.github.com/zizmorcore/zizmor/releases/tag/v1.26.0) [Compare Source](https://redirect.github.com/zizmorcore/zizmor/compare/v1.25.2...v1.26.0) #### New Features 🌈[🔗](https://docs.zizmor.sh/release-notes/#new-features) - New audit: [typosquat-uses](https://docs.zizmor.sh/audits/#typosquat-uses) detects uses: clauses that reference likely typoed actions ([#​1985](https://redirect.github.com/zizmorcore/zizmor/issues/1985)) Many thanks to [@​andrew](https://redirect.github.com/andrew) for proposing and implementing this improvement! - New audit: [unsound-ternary](https://docs.zizmor.sh/audits/#unsound-ternary) detects pseudo-ternary expressions that don't evaluate as expected ([#​2085](https://redirect.github.com/zizmorcore/zizmor/issues/2085)) Many thanks to [@​terror](https://redirect.github.com/terror) for proposing and implementing this improvement! - New audit: [adhoc-packages](https://docs.zizmor.sh/audits/#adhoc-packages) detects run: steps that install packages in an ad-hoc manner ([#​2061](https://redirect.github.com/zizmorcore/zizmor/issues/2061)) Many thanks to [@​connorshea](https://redirect.github.com/connorshea) for proposing and implementing this improvement! #### Enhancements 🌱[🔗](https://docs.zizmor.sh/release-notes/#enhancements) - The [cache-poisoning](https://docs.zizmor.sh/audits/#cache-poisoning) audit now detects additional cache disablement heuristics ([#​2053](https://redirect.github.com/zizmorcore/zizmor/issues/2053)) - The [known-vulnerable-actions](https://docs.zizmor.sh/audits/#known-vulnerable-actions) audit is now configurable. See [the configuration documentation](https://docs.zizmor.sh/audits/#known-vulnerable-actions-configuration) for details ([#​2084](https://redirect.github.com/zizmorcore/zizmor/issues/2084)) - The [excessive-permissions](https://docs.zizmor.sh/audits/#excessive-permissions) audit is now aware of the code-quality permission ([#​2088](https://redirect.github.com/zizmorcore/zizmor/issues/2088)) - The [unpinned-uses](https://docs.zizmor.sh/audits/#unpinned-uses) audit's auto-fix now uses the fully qualified version tag (e.g. # v6.0.2) when fixing a major-version ref (e.g. [@​v6](https://redirect.github.com/v6)) ([#​2127](https://redirect.github.com/zizmorcore/zizmor/issues/2127)) #### Performance Improvements 🚄[🔗](https://docs.zizmor.sh/release-notes/#performance-improvements) - Most online audits are significantly faster, thanks to more precise retry handling ([#​2036](https://redirect.github.com/zizmorcore/zizmor/issues/2036)) Bug Fixes 🐛[🔗](https://docs.zizmor.sh/release-notes/#bug-fixes) - Fixed a bug where zizmor's LSP would not recognize dependabot.yaml files in its default configuration ([#​2026](https://redirect.github.com/zizmorcore/zizmor/issues/2026)) Many thanks to [@​fionn](https://redirect.github.com/fionn) for implementing this fix! - Fixed a bug where [ref-version-mismatch](https://docs.zizmor.sh/audits/#ref-version-mismatch) would fail to fully match some version comments ([#​2040](https://redirect.github.com/zizmorcore/zizmor/issues/2040)) - Fixed a bug where [dependabot-cooldown](https://docs.zizmor.sh/audits/#dependabot-cooldown) would fail to honor the user's configured days when performing autofixes ([#​2055](https://redirect.github.com/zizmorcore/zizmor/issues/2055)) - Steps and jobs gated by statically-false if: conditions (e.g. if: false, if: ${{ false }}) are now skipped during auditing, since they cannot execute ([#​2059](https://redirect.github.com/zizmorcore/zizmor/issues/2059), [#​2069](https://redirect.github.com/zizmorcore/zizmor/issues/2069)) - Fixed a bug where [ref-version-mismatch](https://docs.zizmor.sh/audits/#ref-version-mismatch) would fail to identify some valid version comments ([#​2073](https://redirect.github.com/zizmorcore/zizmor/issues/2073)) - Fixed a bug where [unpinned-images](https://docs.zizmor.sh/audits/#unpinned-images) would incorrectly flag empty matrix expansions as unpinned container image references ([#​2102](https://redirect.github.com/zizmorcore/zizmor/issues/2102)) - Fixed a bug where [unpinned-images](https://docs.zizmor.sh/audits/#unpinned-images) would incorrectly flag some matrix expansions as unpinned ([#​2098](https://redirect.github.com/zizmorcore/zizmor/issues/2098)) - The SARIF (--format=sarif) and GitHub Annotations (--format=github) output formats now provide more correct/useful paths, particularly when the user provides a relative path as input to zizmor rather than zizmor . ([#​1748](https://redirect.github.com/zizmorcore/zizmor/issues/1748), [#​2095](https://redirect.github.com/zizmorcore/zizmor/issues/2095)) #### Changes ⚠️[🔗](https://docs.zizmor.sh/release-notes/#changes) - The [impostor-commit](https://docs.zizmor.sh/audits/#impostor-commit) audit no longer suggests auto-fixes, to avoid incorrectly minimizing the amount of manual remediation work needed ([#​2054](https://redirect.github.com/zizmorcore/zizmor/issues/2054)) - The JSON and SARIF outputs no longer contain a misleading prefix key ([#​2095](https://redirect.github.com/zizmorcore/zizmor/issues/2095)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Gitea
Purpose
The goal of Gitea is to make the easiest, fastest, and most painless way of setting up a self-hosted all-in-one software development service, including Git hosting, code management, code review, issue tracking, project kanban, wiki, team collaboration, package registry and CI/CD which can reuse GitHub Actions.
As Gitea is written in Go, it works across all the platforms and architectures that are supported by Go, including Linux, macOS, FreeBSD/OpenBSD and Windows on x86, amd64, ARM, RISC-V 64 and PowerPC architectures.
For online demonstrations, you can visit demo.gitea.com.
For accessing free Gitea service (with a limited number of repositories), you can visit gitea.com.
To quickly deploy your own dedicated Gitea instance on Gitea Cloud, you can start a free trial at cloud.gitea.com, or use container (docker/podman/etc) to deploy on your own server with the official image.
Documentation
You can find comprehensive documentation on our official documentation website.
It includes installation, administration, usage, development, contributing guides, and more to help you get started and explore all features effectively.
If you have any suggestions or would like to contribute to it, you can visit the documentation repository
Building
See docs/build-setup.md for prerequisites and docs/development.md for setting up a local development environment, linting, and testing.
If you'd like to build from source or make a distribution package, see docs/build-source.md for more information.
After building, you can run ./gitea web to start the server, or ./gitea help to see all available commands.
Contributing
Expected workflow is: Fork -> Patch -> Push -> Pull Request
Note
- YOU MUST READ THE CONTRIBUTORS GUIDE BEFORE STARTING TO WORK ON A PULL REQUEST.
- New to the codebase? The development guide walks through setting up a local environment and building from source.
- If you have found a vulnerability in the project, please write privately to security@gitea.io. Thanks!
Translating
Translations are done through Crowdin. If you want to translate to a new language, ask one of the managers in the Crowdin project to add a new language there.
You can also just create an issue for adding a language or ask on Discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty, but we hope to fill it as questions pop up.
Get more information from documentation.
Official and Third-Party Projects
We provide an official go-sdk, a CLI tool called tea and an action runner for Gitea Action.
We maintain a list of Gitea-related projects at gitea/awesome-gitea, where you can discover more third-party projects, including SDKs, plugins, themes, and more.
Communication
If you have questions that are not covered by the documentation, you can get in contact with us on our Discord server or create a post in the discourse forum.
Authors
Backers
Thank you to all our backers! 🙏 [Become a backer]
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
FAQ
How do you pronounce Gitea?
Gitea is pronounced /ɡɪ’ti:/ as in "gi-tea" with a hard g.
How do I configure Gitea?
For dynamic config options, you can change it on your admin panel's configuration section.
For static config options, you can edit your app.ini file and resart the instance.
See app.example.ini or configuration documentation for more details.
Where can I find the security patches?
In the release log or the change log, search for the keyword SECURITY to find the security patches.
(more FAQs are listed in FAQ documentation)
License
This project is licensed under the MIT License. See the LICENSE file for the full license text.
Further information
Looking for an overview of the interface? Check it out the screenshots!
Login/Register Page
User Dashboard
User Profile
Explore
Repository
Repository Issue
Repository Pull Requests
Repository Actions
Repository Activity
Organization
