Merge branch 'main' into lunny/revert_snap

2026-05-10 09:41:52 +02:00 · 2026-05-07 23:13:09 -07:00 · 2026-05-07 23:13:09 -07:00 · 67f7bd71c5
commit 67f7bd71c5
parent e852c8bf81 243c2d7146
25 changed files with 120 additions and 76 deletions
--- a/.github/workflows/files-changed.yml
+++ b/.github/workflows/files-changed.yml
@ -71,15 +71,15 @@ jobs:
              - "assets/emoji.json"
              - "package.json"
              - "pnpm-lock.yaml"
+              - "pnpm-workspace.yaml"
              - "Makefile"
-              - ".eslintrc.cjs"
-              - ".npmrc"

            docs:
              - "**/*.md"
              - ".markdownlint.yaml"
              - "package.json"
              - "pnpm-lock.yaml"
+              - "pnpm-workspace.yaml"

            actions:
              - ".github/workflows/*"
@ -108,6 +108,7 @@ jobs:
              - "Makefile"
              - "package.json"
              - "pnpm-lock.yaml"
+              - "pnpm-workspace.yaml"
              - ".spectral.yaml"

            yaml:
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@ -44,7 +44,7 @@ jobs:
          go-version-file: go.mod
          check-latest: true
          cache: false
-      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+      - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: 24
@ -130,7 +130,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+      - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: 24
--- a/.github/workflows/pull-e2e-tests.yml
+++ b/.github/workflows/pull-e2e-tests.yml
@ -29,7 +29,7 @@ jobs:
        with:
          cache-name: e2e
          build-cache: "false"
-      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+      - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: 24
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@ -22,7 +22,7 @@ jobs:
        with:
          go-version-file: go.mod
          check-latest: true
-      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+      - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: 24
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@ -23,7 +23,7 @@ jobs:
        with:
          go-version-file: go.mod
          check-latest: true
-      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+      - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: 24
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@ -26,7 +26,7 @@ jobs:
        with:
          go-version-file: go.mod
          check-latest: true
-      - uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v5.0.0
+      - uses: pnpm/action-setup@8912a9102ac27614460f54aedde9e1e7f9aec20d # v6.0.5
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: 24
--- a/.npmrc
+++ b/.npmrc
@ -1,7 +0,0 @@
-audit=false
-fund=false
-update-notifier=false
-save-exact=true
-auto-install-peers=true
-dedupe-peer-dependents=false
-enable-pre-post-scripts=true
--- a/2
+++ b/2
@ -3,7 +3,7 @@
 FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.26-alpine3.23 AS frontend-build
 RUN apk --no-cache add build-base git nodejs pnpm
 WORKDIR /src
-COPY package.json pnpm-lock.yaml .npmrc ./
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 RUN --mount=type=cache,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile
 COPY --exclude=.git/ . .
 RUN make frontend
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@ -3,7 +3,7 @@
 FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.26-alpine3.23 AS frontend-build
 RUN apk --no-cache add build-base git nodejs pnpm
 WORKDIR /src
-COPY package.json pnpm-lock.yaml .npmrc ./
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 RUN --mount=type=cache,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile
 COPY --exclude=.git/ . .
 RUN make frontend
--- a/15
+++ b/15
@ -11,15 +11,15 @@ COMMA := ,

 XGO_VERSION := go-1.26.x

-AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.4 # renovate: datasource=go
+AIR_PACKAGE ?= github.com/air-verse/air@v1.65.1 # renovate: datasource=go
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.6.1 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.12.2 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
 MISSPELL_PACKAGE ?= github.com/golangci/misspell/cmd/misspell@v0.8.0 # renovate: datasource=go
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renovate: datasource=go
-XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.7.11 # renovate: datasource=go
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renovate: datasource=go
+XGO_PACKAGE ?= src.techknowlogick.com/xgo@v1.9.0 # renovate: datasource=go
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1.3.0 # renovate: datasource=go
+ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.7.12 # renovate: datasource=go

 HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
 ifeq ($(HAS_GO), yes)
@ -613,6 +613,7 @@ update-js: node_modules ## update js dependencies
 .PHONY: nolyfill
 nolyfill: node_modules ## apply nolyfill overrides to package.json and relock
 	pnpm exec nolyfill install
+	node tools/migrate-nolyfills.ts
 	pnpm install
 	@touch node_modules

--- a/go.mod
+++ b/go.mod
@ -1,6 +1,6 @@
 module code.gitea.io/gitea

-go 1.26.2
+go 1.26.3

 // rfc5280 said: "The serial number is an integer assigned by the CA to each certificate."
 // But some CAs use negative serial number, just relax the check. related:
--- a/models/auth/source.go
+++ b/models/auth/source.go
@ -100,7 +100,7 @@ var registeredConfigs = map[Type]func() Config{}

 // RegisterTypeConfig register a config for a provided type
 func RegisterTypeConfig(typ Type, exemplar Config) {
-	if reflect.TypeOf(exemplar).Kind() == reflect.Ptr {
+	if reflect.TypeOf(exemplar).Kind() == reflect.Pointer {
 		// Pointer:
 		registeredConfigs[typ] = func() Config {
 			return reflect.New(reflect.ValueOf(exemplar).Elem().Type()).Interface().(Config)
--- a/models/unittest/reflection.go
+++ b/models/unittest/reflection.go
@ -9,7 +9,7 @@ import (
 )

 func fieldByName(v reflect.Value, field string) reflect.Value {
-	if v.Kind() == reflect.Ptr {
+	if v.Kind() == reflect.Pointer {
 		v = v.Elem()
 	}
 	f := v.FieldByName(field)
--- a/modules/packages/rubygems/marshal.go
+++ b/modules/packages/rubygems/marshal.go
@ -91,7 +91,7 @@ func (e *MarshalEncoder) marshal(v any) error {
 	val := reflect.ValueOf(v)
 	typ := reflect.TypeOf(v)

-	if typ.Kind() == reflect.Ptr {
+	if typ.Kind() == reflect.Pointer {
 		val = val.Elem()
 		typ = typ.Elem()
 	}
--- a/modules/web/handler.go
+++ b/modules/web/handler.go
@ -9,6 +9,7 @@ import (
 	"net"
 	"net/http"
 	"reflect"
+	"slices"

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/web/routing"
@ -131,8 +132,8 @@ type middlewareProvider = func(next http.Handler) http.Handler

 func executeMiddlewaresHandler(w http.ResponseWriter, r *http.Request, middlewares []middlewareProvider, endpoint http.HandlerFunc) {
 	handler := endpoint
-	for i := len(middlewares) - 1; i >= 0; i-- {
-		handler = middlewares[i](handler).ServeHTTP
+	for _, middleware := range slices.Backward(middlewares) {
+		handler = middleware(handler).ServeHTTP
 	}
 	handler(w, r)
 }
--- a/modules/web/middleware/binding.go
+++ b/modules/web/middleware/binding.go
@ -29,7 +29,7 @@ func AssignForm(form any, data map[string]any) {
 	typ := reflect.TypeOf(form)
 	val := reflect.ValueOf(form)

-	for typ.Kind() == reflect.Ptr {
+	for typ.Kind() == reflect.Pointer {
 		typ = typ.Elem()
 		val = val.Elem()
 	}
@ -104,7 +104,7 @@ func Validate(errs binding.Errors, data map[string]any, f Form, l translation.Lo
 	data["ErrorMsg"] = l.TrString("form.unknown_error")

 	typ := reflect.TypeOf(f)
-	if typ.Kind() == reflect.Ptr {
+	if typ.Kind() == reflect.Pointer {
 		typ = typ.Elem()
 	}

--- a/package.json
+++ b/package.json
@ -1,9 +1,9 @@
 {
  "type": "module",
-  "packageManager": "pnpm@10.33.2",
+  "packageManager": "pnpm@11.0.8",
  "engines": {
    "node": ">= 22.18.0",
-    "pnpm": ">= 10.0.0"
+    "pnpm": ">= 11.0.0"
  },
  "dependencies": {
    "@citation-js/core": "0.7.21",
@ -124,34 +124,5 @@
    "updates": "17.16.8",
    "vitest": "4.1.5",
    "vue-tsc": "3.2.8"
-  },
-  "pnpm": {
-    "peerDependencyRules": {
-      "allowedVersions": {
-        "eslint-plugin-github>eslint": ">=9"
-      }
-    },
-    "overrides": {
-      "array-includes": "npm:@nolyfill/array-includes@^1",
-      "array.prototype.findlastindex": "npm:@nolyfill/array.prototype.findlastindex@^1",
-      "array.prototype.flat": "npm:@nolyfill/array.prototype.flat@^1",
-      "array.prototype.flatmap": "npm:@nolyfill/array.prototype.flatmap@^1",
-      "es-aggregate-error": "npm:@nolyfill/es-aggregate-error@^1",
-      "hasown": "npm:@nolyfill/hasown@^1",
-      "is-core-module": "npm:@nolyfill/is-core-module@^1",
-      "object.assign": "npm:@nolyfill/object.assign@^1",
-      "object.fromentries": "npm:@nolyfill/object.fromentries@^1",
-      "object.groupby": "npm:@nolyfill/object.groupby@^1",
-      "object.values": "npm:@nolyfill/object.values@^1",
-      "safe-buffer": "npm:@nolyfill/safe-buffer@^1",
-      "safe-regex-test": "npm:@nolyfill/safe-regex-test@^1",
-      "safer-buffer": "npm:@nolyfill/safer-buffer@^1",
-      "string.prototype.includes": "npm:@nolyfill/string.prototype.includes@^1",
-      "string.prototype.trimend": "npm:@nolyfill/string.prototype.trimend@^1",
-      "object-keys": "npm:@nolyfill/object-keys@^1",
-      "object.entries": "npm:@nolyfill/object.entries@^1",
-      "abab": "npm:@nolyfill/abab@^1",
-      "es-set-tostringtag": "npm:@nolyfill/es-set-tostringtag@^1"
-    }
  }
 }
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@ -0,0 +1,32 @@
+packages: [.] # workaround for https://github.com/SukkaW/nolyfill/issues/119
+savePrefix: ''
+dedupePeerDependents: false
+updateNotifier: false
+strictDepBuilds: false
+minimumReleaseAge: 0
+
+peerDependencyRules:
+  allowedVersions:
+    eslint-plugin-github>eslint: '>=9'
+
+overrides:
+  array-includes: npm:@nolyfill/array-includes@^1
+  array.prototype.findlastindex: npm:@nolyfill/array.prototype.findlastindex@^1
+  array.prototype.flat: npm:@nolyfill/array.prototype.flat@^1
+  array.prototype.flatmap: npm:@nolyfill/array.prototype.flatmap@^1
+  es-aggregate-error: npm:@nolyfill/es-aggregate-error@^1
+  hasown: npm:@nolyfill/hasown@^1
+  is-core-module: npm:@nolyfill/is-core-module@^1
+  object.assign: npm:@nolyfill/object.assign@^1
+  object.fromentries: npm:@nolyfill/object.fromentries@^1
+  object.groupby: npm:@nolyfill/object.groupby@^1
+  object.values: npm:@nolyfill/object.values@^1
+  safe-buffer: npm:@nolyfill/safe-buffer@^1
+  safe-regex-test: npm:@nolyfill/safe-regex-test@^1
+  safer-buffer: npm:@nolyfill/safer-buffer@^1
+  string.prototype.includes: npm:@nolyfill/string.prototype.includes@^1
+  string.prototype.trimend: npm:@nolyfill/string.prototype.trimend@^1
+  object-keys: npm:@nolyfill/object-keys@^1
+  object.entries: npm:@nolyfill/object.entries@^1
+  abab: npm:@nolyfill/abab@^1
+  es-set-tostringtag: npm:@nolyfill/es-set-tostringtag@^1
--- a/renovate.json5
+++ b/renovate.json5
@ -2,7 +2,7 @@
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:recommended", "helpers:pinGitHubActionDigests", "customManagers:githubActionsVersions"],
  "configMigration": true,
-  "enabledManagers": ["github-actions", "gomod", "npm", "pep621", "nix"],
+  "enabledManagers": ["github-actions", "gomod", "npm", "pep621", "nix", "custom.regex"],
  "labels": ["dependencies"],
  "branchPrefix": "renovate/",
  "schedule": ["* * * * 1"], // dependency update PRs weekly, vulnerabilityAlerts bypasses this
@ -60,19 +60,32 @@
    },
    {
      "groupName": "go dependencies",
-      "matchDatasources": ["go"], // covers gomod manager + Makefile go-tool customManager
+      "matchManagers": ["gomod"],
      "postUpgradeTasks": {
        "commands": ["make tidy"],
        "fileFilters": ["go.mod", "go.sum", "assets/go-licenses.json"],
        "executionMode": "branch",
      },
    },
+    {
+      "groupName": "tool dependencies",
+      "matchManagers": ["custom.regex"],
+      "matchFileNames": ["**/Makefile"],
+    },
+    {
+      "matchManagers": ["gomod"],
+      "matchDepNames": ["go"],
+      "matchDepTypes": ["golang"],
+      "rangeStrategy": "bump",
+      "schedule": ["at any time"],
+      "minimumReleaseAge": "0",
+    },
    {
      "groupName": "npm dependencies",
      "matchManagers": ["npm"],
      "postUpgradeTasks": {
        "commands": ["make svg nolyfill"],
-        "fileFilters": ["package.json", "pnpm-lock.yaml", "public/assets/img/svg/**"],
+        "fileFilters": ["package.json", "pnpm-lock.yaml", "pnpm-workspace.yaml", "public/assets/img/svg/**"],
        "executionMode": "branch",
      },
    },
--- a/services/cron/tasks.go
+++ b/services/cron/tasks.go
@ -57,7 +57,7 @@ func (t *Task) IsEnabled() bool {

 // GetConfig will return a copy of the task's config
 func (t *Task) GetConfig() Config {
-	if reflect.TypeOf(t.config).Kind() == reflect.Ptr {
+	if reflect.TypeOf(t.config).Kind() == reflect.Pointer {
 		// Pointer:
 		return reflect.New(reflect.ValueOf(t.config).Elem().Type()).Interface().(Config)
 	}
--- a/services/gitdiff/highlightdiff.go
+++ b/services/gitdiff/highlightdiff.go
@ -6,6 +6,7 @@ package gitdiff
 import (
 	"bytes"
 	"html/template"
+	"slices"
 	"strings"
 	"unicode/utf8"

@ -385,8 +386,7 @@ func (hcd *highlightCodeDiff) recoverOneDiff(str string) template.HTML {
 	}

 	// close all opening tags
-	for i := len(tagStack) - 1; i >= 0; i-- {
-		tagToClose := tagStack[i]
+	for _, tagToClose := range slices.Backward(tagStack) {
 		// get the closing tag "</span>" from "<span class=...>" or "<span>"
 		pos := strings.IndexAny(tagToClose, " >")
 		// pos must be positive, because the tags were pushed by us
--- a/services/issue/commit.go
+++ b/services/issue/commit.go
@ -10,6 +10,7 @@ import (
 	"html"
 	"net/url"
 	"regexp"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@ -123,9 +124,7 @@ func getIssueFromRef(ctx context.Context, repo *repo_model.Repository, index int
 // UpdateIssuesCommit checks if issues are manipulated by commit message.
 func UpdateIssuesCommit(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, commits []*repository.PushCommit, branchName string) error {
 	// Commits are appended in the reverse order.
-	for i := len(commits) - 1; i >= 0; i-- {
-		c := commits[i]
-
+	for _, c := range slices.Backward(commits) {
 		type markKey struct {
 			ID     int64
 			Action references.XRefAction
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@ -9,6 +9,7 @@ import (
 	"fmt"
 	"io"
 	"regexp"
+	"slices"
 	"strings"
 	"time"
 	"unicode/utf8"
@ -845,8 +846,7 @@ func GetSquashMergeCommitMessages(ctx context.Context, pr *issues_model.PullRequ
 		// use PR's commit messages as squash commit message
 		// commits list is in reverse chronological order
 		maxMsgSize := setting.Repository.PullRequest.DefaultMergeMessageSize
-		for i := len(commits) - 1; i >= 0; i-- {
-			commit := commits[i]
+		for _, commit := range slices.Backward(commits) {
 			msg := strings.TrimSpace(commit.MessageUTF8())
 			if msg == "" {
 				continue
--- a/services/repository/gitgraph/parser.go
+++ b/services/repository/gitgraph/parser.go
@ -6,6 +6,7 @@ package gitgraph
 import (
 	"bytes"
 	"fmt"
+	"slices"
 )

 // Parser represents a git graph parser. It is stateful containing the previous
@ -163,8 +164,7 @@ func (parser *Parser) ParseGlyphs(glyphs []byte) {
 	// release unused colors
 	parser.releaseUnusedColors()

-	for i := len(glyphs) - 1; i >= 0; i-- {
-		glyph := glyphs[i]
+	for i, glyph := range slices.Backward(glyphs) {
 		switch glyph {
 		case '|':
 			fallthrough
--- a/tools/migrate-nolyfills.ts
+++ b/tools/migrate-nolyfills.ts
@ -0,0 +1,33 @@
+#!/usr/bin/env node
+// nolyfill writes overrides to package.json#pnpm.overrides which pnpm v11 ignores.
+// This moves them to pnpm-workspace.yaml until SukkaW/nolyfill#119 is fixed.
+import {readFileSync, writeFileSync} from 'node:fs';
+import {exit} from 'node:process';
+import {fileURLToPath} from 'node:url';
+import {dump} from 'js-yaml';
+
+const packagePath = fileURLToPath(new URL('../package.json', import.meta.url));
+const workspacePath = fileURLToPath(new URL('../pnpm-workspace.yaml', import.meta.url));
+
+const packageJson: {pnpm?: {overrides?: Record<string, string>}} = JSON.parse(readFileSync(packagePath, 'utf8'));
+const overrides = packageJson.pnpm?.overrides;
+
+if (!overrides || !Object.keys(overrides).length) {
+  exit(0);
+}
+
+const block = dump({overrides}, {lineWidth: -1, quotingType: "'"});
+const workspace = readFileSync(workspacePath, 'utf8');
+const overridesRegex = /^overrides:[^\n]*(?:\n(?:[ \t][^\n]*|[ \t]*(?=\n[ \t])))*\n?/m;
+
+if (!overridesRegex.test(workspace)) {
+  console.error(`No 'overrides:' block found in pnpm-workspace.yaml`);
+  exit(1);
+}
+
+writeFileSync(workspacePath, workspace.replace(overridesRegex, block));
+
+const pnpm = packageJson.pnpm!;
+delete pnpm.overrides;
+if (!Object.keys(pnpm).length) delete packageJson.pnpm;
+writeFileSync(packagePath, `${JSON.stringify(packageJson, null, 2)}\n`);