imagemin-zopfli brings a lot of [vulnerable
dependencies](https://github.com/go-gitea/gitea/security/dependabot) and
it is unmaintained. The removal brings a size increase to these images,
but I think ultimately this size does not matter enough. I verified this
passes `pnpm audit` now.
As per https://github.com/bitnami/containers/issues/83267, my
understanding is that the `docker.io/bitnami` images will be deleted on
September 29.
To prevent this failure mode, use the images on the `bitnamilegacy` org
instead which are snapshots from when they stopped updating them.
Long-term, we should replace these images with official ones.
- ~Upgrade golang to 1.25~ blocked by the issue
https://github.com/go-swagger/go-swagger/issues/3220
- Upgrade minor versions of most dependencies
- Upgrade github.com/google/go-github version to v74
- Fix meilisearch because of sdk interface change
- Use github.com/Necoro/html2text which is a fork instead of html2text
because of https://github.com/jaytaylor/html2text/issues/67 which
resulted in complie failure.
- Fix some deprecated methods of gitlab go client.
Partially fix#32018
`git config` and `git remote` write operations create a temporary file
named `config.lock`. Since these operations are not atomic, they must
not be run in parallel. If two requests attempt to modify the same
repository concurrently—such as during a compare operation—one may fail
due to the presence of an existing `config.lock` file.
In cases where `config.lock` is left behind due to an unexpected program
exit, a global lock mechanism could allow us to safely remove the stale
lock file when a related error is detected. While this behavior is not
yet implemented in this PR, it is planned for a future enhancement.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
When sorting issues and pull requests by the nearest due date, the
issues and PRs without a due date are currently sorted _descending_ by
their creation date. This seems counter intuitive to me. When sorting by
nearest due date I want to see the issues/PRs in the order they should
be worked on. For issues/PRs without a due date that order should be
first come first served rather than last come first served.
This PR now changes the ordering of issues/PRs which don't have a due
date to _ascending_ by their creation date. So that the oldest is shown
first and the newest last.
This now also makes the sort order nearest due date a true opposite to
farthest due date. At farthest due date the newest is shown first and
the oldest last.
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This PR removes the GetTags function from the git module and keeps only
GetTagInfos. All previous usages of GetTags have been replaced with
database-based tag functions.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fixes#35221, let the scanner's buffer grow up to 4x (256 kiB), and add an error check
---------
Signed-off-by: Fabian Meyer <fabian.meyer@lawo.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
For some reasons, branches between database and git are not synced. If a
branch exists in database but not in the git, it should be able to be
deleted.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Instance signing rule `pubkey` is described as "Only sign if the user
has a public key", however if the user only has SSH public keys, this
check will fail, as it only checks for GPG keys.
Changed the `pubkey` checks to call a helper `userHasPubkeys` which
sequentially checks for GPG, then SSH keys.
Related #34341
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Entra ID users should use the OIDC oauth2 provider.
They will still be shown if the instance has a previous Azure AD source
configured.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Exit `upgrade.sh` with status 0 (instead of status 1) when the installed
Gitea is already on the latest version and nothing needs to be done.
Fixes#35309
Addresses go version mismatch when using the devcontainer as a result of
[this
commit](793815adf7)
(bumps Go version from 1.24.5 to 1.24.6)
The current official devcontainer Go image used in this repository
(`1.24-bookworm`) uses 1.24.5 and sets GOTOOLCHAIN to local. This PR
overrides it to auto so that build commands automatically update to the
correct version.
---------
Signed-off-by: Jackson Stewart <jaxtew@pm.me>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
