From e0214ab841d26549e0a71a303a0a3b45bfc7aab8 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Thu, 18 Dec 2025 20:12:29 +0100
Subject: [PATCH 01/10] Enable dependabot for actions (#36191)

Enable dependabot for actions only. These should always be safe to
update as long as CI passes and some of them are lagging behind.
---
 .github/dependabot.yml | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..399419bba8
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+version: 2
+
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    cooldown:
+      default-days: 5

From aca67266076b901a6b3dfba1bd94fa19e706d4d6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 20:09:24 +0000
Subject: [PATCH 02/10] Bump docker/build-push-action from 5 to 6 (#36197)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[docker/build-push-action](https://github.com/docker/build-push-action)
from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<ul>
<li>Export build record and generate <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/">build
summary</a> by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1120">docker/build-push-action#1120</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.24.0 to 0.26.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1132">docker/build-push-action#1132</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1136">docker/build-push-action#1136</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1138">docker/build-push-action#1138</a></li>
<li>Bump braces from 3.0.2 to 3.0.3 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1137">docker/build-push-action#1137</a></li>
</ul>
<blockquote>
<p>[!NOTE]
This major release adds support for generating <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/">Build
summary</a> and exporting build record for your build. You can disable
this feature by setting <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/#disable-job-summary">
<code>DOCKER_BUILD_SUMMARY: false</code> environment variable in your
workflow</a>.</p>
</blockquote>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0">https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0</a></p>
<h2>v5.4.0</h2>
<ul>
<li>Show builder information before building by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1128">docker/build-push-action#1128</a></li>
<li>Handle attestations correctly with provenance and sbom inputs by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1086">docker/build-push-action#1086</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.19.0 to 0.24.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1088">docker/build-push-action#1088</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1105">docker/build-push-action#1105</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1121">docker/build-push-action#1121</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1127">docker/build-push-action#1127</a></li>
<li>Bump undici from 5.28.3 to 5.28.4 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1090">docker/build-push-action#1090</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0">https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0</a></p>
<h2>v5.3.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.18.0 to 0.19.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1080">docker/build-push-action#1080</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0">https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0</a></p>
<h2>v5.2.0</h2>
<ul>
<li>Disable quotes detection for <code>outputs</code> input by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1074">docker/build-push-action#1074</a></li>
<li>Warn about ignored inputs by <a
href="https://github.com/favonia"><code>@​favonia</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1019">docker/build-push-action#1019</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.14.0 to 0.18.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1070">docker/build-push-action#1070</a></li>
<li>Bump undici from 5.26.3 to 5.28.3 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1057">docker/build-push-action#1057</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0">https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0</a></p>
<h2>v5.1.0</h2>
<ul>
<li>Add <code>annotations</code> input by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/992">docker/build-push-action#992</a></li>
<li>Add <code>secret-envs</code> input by <a
href="https://github.com/elias-lundgren"><code>@​elias-lundgren</code></a>
in <a
href="https://redirect.github.com/docker/build-push-action/pull/980">docker/build-push-action#980</a></li>
<li>Bump <code>@​babel/traverse</code> from 7.17.3 to 7.23.2 in <a
href="https://redirect.github.com/docker/build-push-action/pull/991">docker/build-push-action#991</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.13.0-rc.1 to
0.14.0 in <a
href="https://redirect.github.com/docker/build-push-action/pull/990">docker/build-push-action#990</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1006">docker/build-push-action#1006</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0">https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/build-push-action/commit/263435318d21b8e681c14492fe198d362a7d2c83"><code>2634353</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1381">#1381</a>
from docker/dependabot/npm_and_yarn/docker/actions-t...</li>
<li><a
href="https://github.com/docker/build-push-action/commit/c0432d2e016ab17a336cee48256683e74d5c4c9e"><code>c0432d2</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0bb1f27d6b9fc90993f41febd9b53ee89397d3f8"><code>0bb1f27</code></a>
set builder driver and endpoint attributes for dbc summary support</li>
<li><a
href="https://github.com/docker/build-push-action/commit/5f9dbf956c8481ecf630d0e53941d9d3afaa53bb"><code>5f9dbf9</code></a>
chore(deps): Bump <code>@​docker/actions-toolkit</code> from 0.61.0 to
0.62.1</li>
<li><a
href="https://github.com/docker/build-push-action/commit/0788c444d8b4d67580213712e34a148cae3a6c4e"><code>0788c44</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1375">#1375</a>
from crazy-max/remove-gcr</li>
<li><a
href="https://github.com/docker/build-push-action/commit/aa179ca4f405fed7a76dad90a23bd02d6f2a8d2d"><code>aa179ca</code></a>
e2e: remove GCR</li>
<li><a
href="https://github.com/docker/build-push-action/commit/1dc73863535b631f98b2378be8619f83b136f4a0"><code>1dc7386</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/build-push-action/issues/1364">#1364</a>
from crazy-max/history-export-cmd</li>
<li><a
href="https://github.com/docker/build-push-action/commit/9c9803f36437c54a2bf7b2c9a4a9011c2a812d71"><code>9c9803f</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/build-push-action/commit/db1f6c46e8d64f89ec10010e409681bcf7951c05"><code>db1f6c4</code></a>
DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export</li>
<li><a
href="https://github.com/docker/build-push-action/commit/721e8c79de660781840d3a69a11e39e1e836ef8e"><code>721e8c7</code></a>
Bump <code>@​docker/actions-toolkit</code> from 0.59.0 to 0.61.0</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/build-push-action/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/build-push-action&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/pull-docker-dryrun.yml  | 4 ++--
 .github/workflows/release-nightly.yml     | 4 ++--
 .github/workflows/release-tag-rc.yml      | 4 ++--
 .github/workflows/release-tag-version.yml | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/pull-docker-dryrun.yml b/.github/workflows/pull-docker-dryrun.yml
index 1cd1ba31dd..2a4d675abc 100644
--- a/.github/workflows/pull-docker-dryrun.yml
+++ b/.github/workflows/pull-docker-dryrun.yml
@@ -23,13 +23,13 @@ jobs:
       - uses: actions/checkout@v6
       - uses: docker/setup-buildx-action@v3
       - name: Build regular container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: false
           tags: gitea/gitea:linux-amd64
       - name: Build rootless container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           push: false
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index c8ce0aa787..f492d4a7dc 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -111,7 +111,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: build regular docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
@@ -119,7 +119,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           annotations: ${{ steps.meta.outputs.annotations }}
       - name: build rootless docker image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml
index ef36e55a94..3bf05337ce 100644
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@@ -121,7 +121,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: build regular container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
@@ -129,7 +129,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           annotations: ${{ steps.meta.outputs.annotations }}
       - name: build rootless container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml
index a3838de3c0..f5c8f82573 100644
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@@ -133,7 +133,7 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: build regular container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64
@@ -141,7 +141,7 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           annotations: ${{ steps.meta.outputs.annotations }}
       - name: build rootless container image
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           platforms: linux/amd64,linux/arm64,linux/riscv64

From 5f5a87f015c95ccbc7091ae2d4d56eb56cc34f3d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 20:59:23 +0000
Subject: [PATCH 03/10] Bump aws-actions/configure-aws-credentials from 4 to 5
 (#36196)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials)
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0">5.0.0</a>
(2025-09-03)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Cleanup input handling. Changes invalid boolean input behavior (see
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445">#1445</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add skip OIDC option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1458">#1458</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8c45f6b08196feb86cfdbe431541d5571d9ab2c2">8c45f6b</a>)</li>
<li>Cleanup input handling. Changes invalid boolean input behavior (see
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445">#1445</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/74b3e27aa80db064b5bb8c04b22fc607e817acf7">74b3e27</a>)</li>
<li>support account id allowlist (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1456">#1456</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c4be498953fc1da2707a50ce4b761a53af3d02af">c4be498</a>)</li>
</ul>
<h2>v4.3.1</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.0...v4.3.1">4.3.1</a>
(2025-08-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>update readme to 4.3.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1424">#1424</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/be2e7ad815e27b890489a89ce2717b0f9e26b56e">be2e7ad</a>)</li>
</ul>
<h2>v4.3.0</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.0...v4.3.0">4.3.0</a>
(2025-08-04)</h2>
<p>NOTE: This release tag originally pointed to
59b441846ad109fa4a1549b73ef4e149c4bfb53b, but a critical bug was
discovered shortly after publishing. We updated this tag to
d0834ad3a60a024346910e522a81b0002bd37fea to prevent anyone using the
4.3.0 tag from encountering the bug, and we published 4.3.1 to allow
workflows to auto update correctly.</p>
<h3>Features</h3>
<ul>
<li>dependency update and feature cleanup (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1414">#1414</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/59489ba544930000b7b67412c167f5fe816568cf">59489ba</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1062">#1062</a>
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1191">#1191</a></li>
<li>Optional environment variable output (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c3b3ce61b02510937ff02916a4eb153874bc5085">c3b3ce6</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li><strong>docs:</strong> readme samples versioning (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/5b3c89504689ea1ea2b6000b23a6a2aac463662a">5b3c895</a>)</li>
<li>the wrong example region for China partition in README (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/37fe9a740bcb30ee8cccd96feb90666c937311f2">37fe9a7</a>)</li>
<li>properly set proxy environment variable (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/cbea70821e4ab985ad3be0e5a93390523e257cde">cbea708</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 4.3.0 (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/3f7c2187213bafaa1ea60a850b27082cbf55dda0">3f7c218</a>)</li>
</ul>
<h2>v4.2.1</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.2.0...v4.2.1">4.2.1</a>
(2025-05-14)</h2>
<h3>Bug Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.0...v5.1.1">5.1.1</a>
(2025-11-24)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 5.1.1 (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/56d6a583f00f6bad6d19d91d53a7bc3b8143d0e9">56d6a58</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.0.0...v5.1.0">5.1.0</a>
(2025-10-06)</h2>
<h3>Features</h3>
<ul>
<li>Add global timeout support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1487">#1487</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/1584b8b0e2062557287c28fbe9b8920df434e866">1584b8b</a>)</li>
<li>add no-proxy support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482">#1482</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/dde9b22a8e889a0821997a21a2c5a38020ee8de3">dde9b22</a>)</li>
<li>Improve debug logging in retry logic (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1485">#1485</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/97ef425d73aa532439f54f90d0e83101a186c5a6">97ef425</a>)</li>
</ul>
<h3>Bug Fixes</h3>
<ul>
<li>properly expose getProxyForUrl (introduced in <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482">#1482</a>)
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1486">#1486</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/cea42985ac88b42678fbc84c18066a7f07f05176">cea4298</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0">5.0.0</a>
(2025-09-03)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Cleanup input handling. Changes invalid boolean input behavior (see
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445">#1445</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add skip OIDC option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1458">#1458</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8c45f6b08196feb86cfdbe431541d5571d9ab2c2">8c45f6b</a>)</li>
<li>Cleanup input handling. Changes invalid boolean input behavior (see
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445">#1445</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/74b3e27aa80db064b5bb8c04b22fc607e817acf7">74b3e27</a>)</li>
<li>support account id allowlist (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1456">#1456</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c4be498953fc1da2707a50ce4b761a53af3d02af">c4be498</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.0...v4.3.1">4.3.1</a>
(2025-08-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>update readme to 4.3.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1424">#1424</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/be2e7ad815e27b890489a89ce2717b0f9e26b56e">be2e7ad</a>)</li>
</ul>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.2.1...v4.3.0">4.3.0</a>
(2025-08-04)</h2>
<h3>Features</h3>
<ul>
<li>depenency update and feature cleanup (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1414">#1414</a>)
(<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/59489ba544930000b7b67412c167f5fe816568cf">59489ba</a>),
closes <a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1062">#1062</a>
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1191">#1191</a></li>
<li>Optional environment variable output (<a
href="https://github.com/aws-actions/configure-aws-credentials/commit/c3b3ce61b02510937ff02916a4eb153874bc5085">c3b3ce6</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/61815dcd50bd041e203e49132bacad1fd04d2708"><code>61815dc</code></a>
chore(main): release 5.1.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1564">#1564</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/56d6a583f00f6bad6d19d91d53a7bc3b8143d0e9"><code>56d6a58</code></a>
chore: release 5.1.1</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/4a54c24244cf4f82abd7d44e7b2024258a8aa041"><code>4a54c24</code></a>
chore(deps-dev): bump glob from 10.4.5 to 10.5.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1563">#1563</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/b2793c943d45120be0c78ffc4b01aa0d2bf23e4b"><code>b2793c9</code></a>
chore(deps-dev): bump <code>@​types/node</code> from 24.10.0 to 24.10.1
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1559">#1559</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/8c230bf21db64d397027b569a312fd242776d171"><code>8c230bf</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/f7a5b07d5348b1ac9f4d78d7547c96dfdd088440"><code>f7a5b07</code></a>
chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.928.0 to
3.933.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1558">#1558</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/730fc043828321961a659b198613a80b17bf755c"><code>730fc04</code></a>
chore(deps-dev): bump <code>@​biomejs/biome</code> from 2.3.4 to 2.3.6
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1555">#1555</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/bc0dd36aec59e4fbdcedc61cb65d225ee2fa3bb6"><code>bc0dd36</code></a>
chore(deps-dev): bump memfs from 4.50.0 to 4.51.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1556">#1556</a>)</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/f2964c7281262753f549b15ae39f1cbbb033b9e4"><code>f2964c7</code></a>
chore: Update dist</li>
<li><a
href="https://github.com/aws-actions/configure-aws-credentials/commit/cf464951bec7e2a7af23fa7107563810acd70a4f"><code>cf46495</code></a>
chore(deps): bump <code>@​aws-sdk/client-sts</code> from 3.922.0 to
3.928.0 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1548">#1548</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-actions/configure-aws-credentials&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/release-nightly.yml     | 2 +-
 .github/workflows/release-tag-rc.yml      | 2 +-
 .github/workflows/release-tag-version.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index f492d4a7dc..7d1fb88e2c 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -50,7 +50,7 @@ jobs:
           echo "Cleaned name is ${REF_NAME}"
           echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
       - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml
index 3bf05337ce..fe2f899c8d 100644
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@@ -51,7 +51,7 @@ jobs:
           echo "Cleaned name is ${REF_NAME}"
           echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
       - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml
index f5c8f82573..04aa3ff6be 100644
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@@ -54,7 +54,7 @@ jobs:
           echo "Cleaned name is ${REF_NAME}"
           echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
       - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           aws-region: ${{ secrets.AWS_REGION }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}

From dcad5d88791371d229c769d0ece41346ad322d2f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 21:37:06 +0000
Subject: [PATCH 04/10] Bump dev-hanz-ops/install-gh-cli-action from 0.1.0 to
 0.2.1 (#36195)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps
[dev-hanz-ops/install-gh-cli-action](https://github.com/dev-hanz-ops/install-gh-cli-action)
from 0.1.0 to 0.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/releases">dev-hanz-ops/install-gh-cli-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.1 - arm64 support</h2>
<ul>
<li>support arm64 architecture - <a
href="https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/pull/10">dev-hanz-ops/install-gh-cli-action#10</a>
(by <a
href="https://github.com/whatthefinemanual"><code>@​whatthefinemanual</code></a>)</li>
</ul>
<h2>v0.2.0 - update to node20</h2>
<ul>
<li><a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/commit/8fff9050dae2d81b38f94500d8b74ad1d1d47410">https://github.com/dev-hanz-ops/install-gh-cli-action/commit/8fff9050dae2d81b38f94500d8b74ad1d1d47410</a>
(update to node20)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/commit/af38ce09b1ec248aeb08eea2b16bbecea9e059f8"><code>af38ce0</code></a>
run build</li>
<li><a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/commit/eef2976cedc1da9b4b4eafcdf96655455d55ac73"><code>eef2976</code></a>
feature: Add multi architecture support (<a
href="https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/issues/10">#10</a>)</li>
<li><a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/commit/2d19dc38f3a568abbd2a42dae05be5b83202f332"><code>2d19dc3</code></a>
docs: update recomended action version (<a
href="https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/issues/8">#8</a>)</li>
<li><a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/commit/8fff9050dae2d81b38f94500d8b74ad1d1d47410"><code>8fff905</code></a>
update to node 20</li>
<li><a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/commit/67bfd0539397d168c77ba70eac2647fef7f1f020"><code>67bfd05</code></a>
README: only linux amd64</li>
<li><a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/commit/44745680363a7ba976f907c6d1b697a9fc311cf7"><code>4474568</code></a>
Update readme with working example (<a
href="https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/issues/3">#3</a>)</li>
<li>See full diff in <a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/compare/v0.1.0...v0.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dev-hanz-ops/install-gh-cli-action&package-manager=github_actions&previous-version=0.1.0&new-version=0.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/release-tag-rc.yml      | 2 +-
 .github/workflows/release-tag-version.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml
index fe2f899c8d..48cfe69540 100644
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@@ -60,7 +60,7 @@ jobs:
         run: |
           aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
       - name: Install GH CLI
-        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
+        uses: dev-hanz-ops/install-gh-cli-action@v0.2.1
         with:
           gh-cli-version: 2.39.1
       - name: create github release
diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml
index 04aa3ff6be..ea5ceffd67 100644
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@@ -63,7 +63,7 @@ jobs:
         run: |
           aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
       - name: Install GH CLI
-        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
+        uses: dev-hanz-ops/install-gh-cli-action@v0.2.1
         with:
           gh-cli-version: 2.39.1
       - name: create github release

From 6d0fe5ed3963d59b5ac988cfaad1b0c0ae36d3b8 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Thu, 18 Dec 2025 14:05:49 -0800
Subject: [PATCH 05/10] Front port changelog (#36193)

Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: silverwind <me@silverwind.io>
---
 CHANGELOG.md | 414 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 414 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b72ac4849a..e3374e14c3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,420 @@ This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).
 
+## [1.25.3](https://github.com/go-gitea/gitea/releases/tag/1.25.3) - 2025-12-17
+
+* SECURITY
+  * Bump toolchain to go1.25.5, misc fixes (#36082)
+* ENHANCEMENTS
+  * Add strikethrough button to markdown editor (#36087) (#36104)
+  * Add "site admin" back to profile menu (#36010) (#36013)
+  * Improve math rendering (#36124) (#36125)
+* BUGFIXES
+  * Check user visibility when redirecting to a renamed user (#36148) (#36159)
+  * Fix various bugs (#36139) (#36151)
+  * Fix bug when viewing the commit diff page with non-ANSI files (#36149) (#36150)
+  * Hide RSS icon when viewing a file not under a branch (#36135) (#36141)
+  * Fix SVG size calulation, only use `style` attribute (#36133) (#36134)
+  * Make Golang correctly delete temp files during uploading (#36128) (#36129)
+  * Fix the bug when ssh clone with redirect user or repository (#36039) (#36090)
+  * Use Golang net/smtp instead of gomail's smtp to send email (#36055) (#36083)
+  * Fix edit user email bug in API (#36068) (#36081)
+  * Fix bug when updating user email (#36058) (#36066)
+  * Fix incorrect viewed files counter if file has changed (#36009) (#36047)
+  * Fix container registry error handling (#36021) (#36037)
+  * Fix webAuthn insecure error view (#36165) (#36179)
+  * Fix some file icon ui (#36078) (#36088)
+  * Fix Actions `pull_request.paths` being triggered incorrectly by rebase (#36045) (#36054)
+  * Fix error handling in mailer and wiki services (#36041) (#36053)
+  * Fix bugs when comparing and creating pull request (#36166) (#36144)
+
+## [1.25.2](https://github.com/go-gitea/gitea/releases/tag/1.25.2) - 2025-11-23
+
+* SECURITY
+  * Upgrade golang.org/x/crypto to 0.45.0 (#35985) (#35988)
+  * Fix various permission & login related bugs (#36002) (#36004)
+* ENHANCEMENTS
+  * Display source code downloads last for release attachments (#35897) (#35903)
+  * Change project default column icon to 'star' (#35967) (#35979)
+* BUGFIXES
+  * Allow empty commit when merging pull request with squash style (#35989) (#36003)
+  * Fix container push tag overwriting (#35936) (#35954)
+  * Fix corrupted external render content (#35946) and upgrade golang.org/x packages (#35950)
+  * Limit reading bytes instead of ReadAll (#35928) (#35934)
+  * Use correct form field for allowed force push users in branch protection API (#35894) (#35908)
+  * Fix team member access check (#35899) (#35905)
+  * Fix conda null depend issue (#35900) (#35902)
+  * Set the dates to now when not specified by the caller (#35861) (#35874)
+  * Fix gogit ListEntriesRecursiveWithSize (#35862)
+  * Misc CSS fixes (#35888) (#35981)
+  * Don't show unnecessary error message to end users for DeleteBranchAfterMerge (#35937) (#35941)
+  * Load jQuery as early as possible to support custom scripts (#35926) (#35929)
+  * Allow to display embed images/pdfs when SERVE_DIRECT was enabled on MinIO storage (#35882) (#35917)
+  * Make OAuth2 issuer configurable (#35915) (#35916)
+  * Fix #35763: Add proper page title for project pages (#35773) (#35909)
+  * Fix avatar upload error handling (#35887) (#35890)
+  * Contribution heatmap improvements (#35876) (#35880)
+  * Remove padding override on `.ui .sha.label` (#35864) (#35873)
+  * Fix pull description code label background (#35865) (#35870)
+
+## [1.25.1](https://github.com/go-gitea/gitea/releases/tag/v1.25.1) - 2025-11-03
+
+* BUGFIXES
+  * Make ACME email optional (#35849) #35857
+  * Add a doctor command to fix inconsistent run status (#35840) (#35845)
+  * Remove wrong code (#35846)
+  * Fix viewed files number is not right if not all files loaded (#35821) (#35844)
+  * Fix incorrect pull request counter (#35819) (#35841)
+  * Upgrade go mail to 0.7.2 and fix the bug (#35833) (#35837)
+  * Revert gomail to v0.7.0 to fix sending mail failed (#35816) (#35824)
+  * Fix clone mixed bug (#35810) (#35822)
+  * Fix cli "Before" handling (#35797) (#35808)
+  * Improve and fix markup code preview rendering (#35777) (#35787)
+  * Fix actions rerun bug (#35783) (#35784)
+  * Fix actions schedule update issue (#35767) (#35774)
+  * Fix circular spin animation direction (#35785) (#35823)
+  * Fix file extension on gogs.png (#35793) (#35799)
+  * Add pnpm to Snapcraft (#35778)
+
+## [1.25.0](https://github.com/go-gitea/gitea/releases/tag/v1.25.0) - 2025-10-30
+
+* BREAKING
+  * Return 201 Created for CreateVariable API responses (#34517)
+  * Add label 'state' to metric 'gitea_users' (#34326)
+* SECURITY
+  * Upgrade security public key (#34956)
+  * Also include all security fixes in 1.24.x after 1.25.0-rc0
+* FEATURES
+  * Stream repo zip/tar.gz/bundle achives by default (#35487)
+  * Use configurable remote name for git commands (#35172)
+  * Send email on Workflow Run Success/Failure (#34982)
+  * Refactor OpenIDConnect to support SSH/FullName sync (#34978)
+  * Refactor repo contents API and add "contents-ext" API (#34822)
+  * Add support for 3D/CAD file formats preview (#34794)
+  * Improve instance wide ssh commit signing (#34341)
+  * Edit file workflow for creating a fork and proposing changes (#34240)
+  * Follow file symlinks in the UI to their target (#28835)
+  * Allow renaming/moving binary/LFS files in the UI (#34350)
+* PERFORMANCE
+  * Improve the performance when detecting the file editable (#34653)
+* ENHANCEMENTS
+  * Enable more markdown paste features in textarea editor (#35494)
+  * Don't store repo archives on `gitea dump` (#35467)
+  * Always return the relevant status information, even if no status exists. (#35335)
+  * Add start time on perf trace because it seems some steps haven't been recorded. (#35282)
+  * Remove deprecated auth sources (#35272)
+  * When sorting issues by nearest due date, issues without due date should be sorted ascending (#35267)
+  * Disable field count validation of CSV viewer (#35228)
+  * Add `has_code` to repository REST API (#35214)
+  * Display pull request in merged commit view (#35202)
+  * Support Basic Authentication for archive downloads (#35087)
+  * Add hover background to table rows in user and repo admin page (#35072)
+  * Partially refresh notifications list (#35010)
+  * Also display "recently pushed branch" alert on PR view (#35001)
+  * Refactor time tracker UI (#34983)
+  * Improve CLI commands (#34973)
+  * Improve project & label color picker and image scroll (#34971)
+  * Improve NuGet API Parity (#21291) (#34940)
+  * Support getting last commit message using contents-ext API (#34904)
+  * Adds title on branch commit counts (#34869)
+  * Add "Cancel workflow run" button to Actions list page (#34817)
+  * Improve img lazy loading (#34804)
+  * Forks repository list page follow other repositories page (#34784)
+  * Add ff_only parameter to POST /repos/{owner}/{repo}/merge-upstream (#34770)
+  * Rework delete org and rename org UI (#34762)
+  * Improve nuget/rubygems package registries (#34741)
+  * Add repo file tree item link behavior (#34730)
+  * Add issue delete notifier (#34592)
+  * Improve Actions list (#34530)
+  * Add a default tab on repo header when migrating (#34503)
+  * Add post-installation redirect based on admin account status (#34493)
+  * Trigger 'unlabeled' event when label is Deleted from PR (#34316)
+  * Support annotated tags when using create release API (#31840)
+  * Use lfs label for lfs file rather than a long description (#34363)
+  * Add "View workflow file" to Actions list page (#34538)
+  * Move organization's visibility change to danger zone. (#34814)
+  * Don't block site admin's operation if SECRET_KEY is lost (#35721)
+  * Make restricted users can access public repositories (#35693)
+  * The status icon of the Action step is consistent with GitHub (#35618) #35621
+* BUGFIXES
+  * Update tab title when navigating file tree (#35757) #35772
+  * Fix "ref-issue" handling in markup (#35739) #35771
+  * Fix webhook to prevent tag events from bypassing branch filters targets (#35567) #35577
+  * Fix markup init after issue comment editing (#35536) #35537
+  * Fix creating pull request failure when the target branch name is the same as some tag (#35552) #35582
+  * Fix auto-expand and auto-scroll for actions logs (#35570) (#35583) #35586
+  * Use inputs context when parsing workflows (#35590) #35595
+  * Fix diffpatch API endpoint (#35610) #35613
+  * Creating push comments before invoke pull request checking (#35647) #35668
+  * Fix missing Close when error occurs and abused connection pool (#35658) #35670
+  * Fix build (#35674)
+  * Use LFS object size instead of blob size when viewing a LFS file (#35679)
+  * Fix workflow run event status while rerunning a failed job (#35689)
+  * Avoid emoji mismatch and allow to only enable chosen emojis (#35692)
+  * Refactor legacy code, fix LFS auth bypass, fix symlink bypass (#35708)
+  * Fix various trivial problems (#35714)
+  * Fix attachment file size limit in server backend (#35519)
+  * Honor delete branch on merge repo setting when using merge API (#35488)
+  * Fix external render, make iframe render work (#35727, #35730)
+  * Upgrade go mail to 0.7.2 (#35748)
+  * Revert #18491, fix oauth2 client link account (#35745)
+  * Fix different behavior in status check pattern matching with double stars (#35474)
+  * Fix overflow in notifications list (#35446)
+  * Fix package link setting can only list limited repositories (#35394)
+  * Extend comment treepath length (#35389)
+  * Fix font-size in inline code comment preview (#35209)
+  * Move git config/remote to gitrepo package and add global lock to resolve possible conflict when updating repository git config file (#35151)
+  * Change some columns from text to longtext and fix column wrong type caused by xorm (#35141)
+  * Redirect to a presigned URL of HEAD for HEAD requests (#35088)
+  * Fix git commit committer parsing and add some tests (#35007)
+  * Fix OCI manifest parser (#34797)
+  * Refactor FindOrgOptions to use enum instead of bool, fix membership visibility (#34629)
+  * Fix notification count positioning for variable-width elements (#34597)
+  * Keeping consistent between UI and API about combined commit status state and fix some bugs (#34562)
+  * Fix possible panic (#34508)
+  * Fix autofocus behavior (#34397)
+  * Fix Actions API (#35204)
+  * Fix ListWorkflowRuns OpenAPI response model. (#35026)
+  * Small fix in Pull Requests page (#34612)
+  * Fix http auth header parsing (#34936)
+  * Fix modal + form abuse (#34921)
+  * Fix PR toggle WIP (#34920)
+  * Fix log fmt (#34810)
+  * Replace stopwatch toggle with explicit start/stop actions (#34818)
+  * Fix some package registry problems (#34759)
+  * Fix RPM package download routing & missing package version count (#34909)
+  * Fix repo search input height (#34330)
+  * Fix "The sidebar of the repository file list does not have a fixed height #34298" (#34321)
+  * Fix minor typos in two files #HSFDPMUW (#34944)
+  * Fix actions skipped commit status indicator (#34507)
+  * Fix job status aggregation logic (#35000)
+  * Fix broken OneDev migration caused by various REST API changes in OneDev 7.8.0 and later (#35216)
+  * Fix typo in oauth2_full_name_claim_name string (#35199)
+  * Fix typo in locale_en-US.ini (#35196)
+* API
+  * Exposing TimeEstimate field in the API (#35475)
+  * UpdateBranch API supports renaming a branch (#35374)
+  * Add `owner` and `parent` fields clarification to docs (#35023)
+  * Improve OAuth2 provider (correct Issuer, respect ENABLED) (#34966)
+  * Add a `login`/`login-name`/`username` disambiguation to affected endpoint parameters and response/request models (#34901)
+  * Do not mutate incoming options to SearchRepositoryByName (#34553)
+  * Do not mutate incoming options to RenderUserSearch and SearchUsers  (#34544)
+  * Export repo's manual merge settings (#34502)
+  * Add date range filtering to commit retrieval endpoints (#34497)
+  * Add endpoint deleting workflow run (#34337)
+  * Add workflow_run api + webhook (#33964)
+* REFACTOR
+  * Move updateref and removeref to gitrepo and remove unnecessary open repository (#35511)
+  * Remove unused param `doer` (#34545)
+  * Split GetLatestCommitStatus as two functions (#34535)
+  * Use gitrepo.SetDefaultBranch when set default branch of wiki repository (#33911)
+  * Refactor editor (#34780)
+  * Refactor packages (#34777)
+  * Refactor container package (#34877)
+  * Refactor "change file" API (#34855)
+  * Rename pull request GetGitRefName to GetGitHeadRefName to prepare introducing GetGitMergeRefName (#35093)
+  * Move git command to git/gitcmd (#35483)
+  * Use db.WithTx/WithTx2 instead of TxContext when possible (#35428)
+  * Support Node.js 22.6 with type stripping (#35427)
+  * Migrate tools and configs to typescript, require node.js >= 22.18.0 (#35421)
+  * Check user and repo for redirects when using git via SSH transport (#35416)
+  * Remove the duplicated function GetTags (#35375)
+  * Refactor to use reflect.TypeFor (#35370)
+  * Deleting branch could delete broken branch which has database record but git branch is missing (#35360)
+  * Exit with success when already up to date (#35312)
+  * Split admin config settings templates to make it maintain easier (#35294)
+  * A small refactor to use context in the service layer (#35179)
+  * Refactor and update mail templates (#35150)
+  * Use db.WithTx/WithTx2 instead of TxContext when possible (#35130)
+  * Align `issue-title-buttons` with `list-header` (#35018)
+  * Add Notifications section in User Settings (#35008)
+  * Tweak placement of diff file menu (#34999)
+  * Refactor mail template and support preview (#34990)
+  * Rerun job only when run is done (#34970)
+  * Merge index.js (#34963)
+  * Refactor "delete-button" to "link-action" (#34962)
+  * Refactor webhook and fix feishu/lark secret (#34961)
+  * Exclude devtest.ts from tailwindcss (#34935)
+  * Refactor head navbar icons (#34922)
+  * Improve html escape (#34911)
+  * Improve tags list page (#34898)
+  * Improve `labels-list` rendering (#34846)
+  * Remove unused variable HUGO_VERSION (#34840)
+  * Correct migration tab name (#34826)
+  * Refactor template helper (#34819)
+  * Use `shallowRef` instead of `ref` in `.vue` files where possible (#34813)
+  * Use standalone function to update repository cols (#34811)
+  * Refactor wiki (#34805)
+  * Remove unnecessary duplicate code (#34733)
+  * Refactor embedded assets and drop unnecessary dependencies (#34692)
+  * Update x/crypto package and make builtin SSH use default parameters (#34667)
+  * Add `--color-logo`, matching the logo's primary color (#34639)
+  * Add openssh-keygen to rootless image (#34625)
+  * Replace update repository function in some places (#34566)
+  * Change "rejected" to "changes requested" in 3rd party PR review notification (#34481)
+  * Remove legacy template helper functions (#34426)
+  * Use run-name and evaluate workflow variables (#34301)
+  * Move HasWiki to repository service package (#33912)
+  * Move some functions from package git to gitrepo (#33910)
+* TESTING
+  * Add webhook test for push event (#34442)
+  * Add a webhook push test for dev branch (#34421)
+  * Add migrations tests (#34456) (#34498)
+* STYLE
+  * Enforce explanation for necessary nolints and fix bugs (#34883)
+  * Fix remaining issues after `gopls modernize` formatting (#34771)
+  * Update gofumpt, add go.mod ignore directive (#35434)
+  * Enforce nolint scope (#34851)
+  * Enable gocritic `equalFold` and fix issues (#34952)
+  * Run `gopls modernize` on codebase (#34751)
+  * Upgrade `gopls` to v0.19.0, add `make fix` (#34772)
+* BUILD
+  * bump archives&rar dep (#35637) #35638
+  * Use github.com/mholt/archives replace github.com/mholt/archiver (#35390)
+  * Update JS and PY dependencies (#35444)
+  * Upgrade devcontainer go version to 1.24.6 (#35298)
+  * Upgrade golang to 1.25.1 and add descriptions for the swagger structs' fields (#35418)
+  * Update JS and PY deps (#35191)
+  * Update JS and PY dependencies (#34391)
+  * Update go tool dependencies (#34845)
+  * Update `uint8-to-base64`, remove type stub (#34844)
+  * Switch to `@resvg/resvg-wasm` for `generate-images` (#35415)
+  * Switch to pnpm (#35274)
+  * Update chroma to v2.20.0 (#35220)
+  * Migrate to urfave v3 (#34510)
+  * Update JS deps, regenerate SVGs (#34640)
+  * Upgrade dependencies (#35384)
+  * Bump `@github/relative-time-element` to v4.4.8 (#34413)
+  * Update JS dependencies (#34951)
+  * Upgrade orgmode to v1.8.0 (#34721)
+  * Raise minimum Node.js version to 20, test on 24 (#34713)
+  * Update JS deps (#34701)
+  * Upgrade htmx to 2.0.6 (#34887)
+  * Update eslint to v9 (#35485)
+  * Update js dependencies (#35429)
+  * Clean up npm dependencies (#35508)
+  * Clean up npm dependencies (#35484)
+  * Bump setup-node to v5 (#35448)
+* MISC
+  * Add gitignore rules to exclude LLM instruction files (#35076)
+  * Gitignore: Visual Studio settings folder (#34375)
+  * Improve language in en-US locale strings (#35124)
+  * Fixed all grammatical errors in locale_en-US.ini (#35053)
+  * Docs/fix typo and grammar in CONTRIBUTING.md (#35024)
+  * Improve english grammar and readability in locale_en-US.ini (#35017)
+
+## [1.24.7](https://github.com/go-gitea/gitea/releases/tag/v1.24.7) - 2025-10-24
+
+* SECURITY
+  * Refactor legacy code (#35708) (#35713)
+  * Fixing issue #35530: Password Leak in Log Messages (#35584) (#35665)
+  * Fix a bug missed return (#35655) (#35671)
+* BUGFIXES
+  * Fix inputing review comment will remove reviewer (#35591) (#35664)
+* TESTING
+  * Mock external service in hcaptcha TestCaptcha (#35604) (#35663)
+  * Fix build (#35669)
+
+## [1.24.6](https://github.com/go-gitea/gitea/releases/tag/v1.24.6) - 2025-09-10
+
+* SECURITY
+  * Upgrade xz to v0.5.15 (#35385)
+* BUGFIXES
+  * Fix a compare page 404 bug when the pull request disabled (#35441) (#35453)
+  * Fix bug when issue disabled, pull request number in the commit message cannot be redirected (#35420) (#35442)
+  * Add author.name field to Swift Package Registry API response (#35410) (#35431)
+  * Remove usernames when empty in discord webhook (#35412) (#35417)
+  * Allow foreachref parser to grow its buffer (#35365) (#35376)
+  * Allow deleting comment with content via API like web did (#35346) (#35354)
+  * Fix atom/rss mixed error (#35345) (#35347)
+  * Fix review request webhook bug (#35339)
+  * Remove duplicate html IDs (#35210) (#35325)
+  * Fix LFS range size header response (#35277) (#35293)
+  * Fix GitHub release assets URL validation (#35287) (#35290)
+  * Fix token lifetime, closes #35230 (#35271) (#35281)
+  * Fix push commits comments when changing the pull request target branch (#35386) (#35443)
+
+## [1.24.5](https://github.com/go-gitea/gitea/releases/tag/v1.24.5) - 2025-08-12
+
+* BUGFIXES
+  * Fix a bug where lfs gc never worked. (#35198) (#35255)
+  * Reload issue when sending webhook to make num comments is right. (#35243) (#35248)
+  * Fix bug when review pull request commits (#35192) (#35246)
+* MISC
+  * Vertically center "Show Resolved" (#35211) (#35218)
+
+## [1.24.4](https://github.com/go-gitea/gitea/releases/tag/v1.24.4) - 2025-08-03
+
+* BUGFIXES
+  * Fix various bugs (1.24) (#35186)
+  * Fix migrate input box bug (#35166) (#35171)
+  * Only hide dropzone when no files have been uploaded (#35156) (#35167)
+  * Fix review comment/dimiss comment x reference can be refereced back (#35094) (#35099)
+  * Fix submodule nil check (#35096) (#35098)
+* MISC
+  * Don't use full-file highlight when there is a git diff textconv (#35114) (#35119)
+  * Increase gap on latest commit (#35104) (#35113)
+
+## [1.24.3](https://github.com/go-gitea/gitea/releases/tag/v1.24.3) - 2025-07-15
+
+* BUGFIXES
+  * Fix form property assignment edge case (#35073) (#35078)
+  * Improve submodule relative path handling (#35056) (#35075)
+  * Fix incorrect comment diff hunk parsing, fix github asset ID nil panic (#35046) (#35055)
+  * Fix updating user visibility (#35036) (#35044)
+  * Support base64-encoded agit push options (#35037) (#35041)
+  * Make submodule link work with relative path (#35034) (#35038)
+  * Fix bug when displaying git user avatar in commits list (#35006)
+  * Fix API response for swagger spec (#35029)
+  * Start automerge check again after the conflict check and the schedule (#34988) (#35002)
+  * Fix the response format for actions/workflows (#35009) (#35016)
+  * Fix repo settings and protocol log problems (#35012) (#35013)
+  * Fix project images scroll (#34971) (#34972)
+  * Mark old reviews as stale on agit pr updates (#34933) (#34965)
+  * Fix git graph page (#34948) (#34949)
+  * Don't send trigger for a pending review's comment create/update/delete (#34928) (#34939)
+  * Fix some log and UI problems (#34863) (#34868)
+  * Fix archive API (#34853) (#34857)
+  * Ignore force pushes for changed files in a PR review (#34837) (#34843)
+  * Fix SSH LFS timeout (#34838) (#34842)
+  * Fix team permissions (#34827) (#34836)
+  * Fix job status aggregation logic (#34823) (#34835)
+  * Fix issue filter (#34914) (#34915)
+  * Fix typo in pull request merge warning message text (#34899) (#34903)
+  * Support the open-icon of folder (#34168) (#34896)
+  * Optimize flex layout of release attachment area (#34885) (#34886)
+  * Fix the issue of abnormal interface when there is no issue-item on the project page (#34791) (#34880)
+  * Skip updating timestamp when sync branch (#34875)
+  * Fix required contexts and commit status matching bug (#34815) (#34829)
+
+## [1.24.2](https://github.com/go-gitea/gitea/releases/tag/v1.24.2) - 2025-06-20
+
+* BUGFIXES
+  * Fix container range bug (#34795) (#34796)
+  * Upgrade chi to v5.2.2 (#34798) (#34799)
+* BUILD
+  * Bump poetry feature to new url for dev container (#34787) (#34790)
+
+## [1.24.1](https://github.com/go-gitea/gitea/releases/tag/v1.24.1) - 2025-06-18
+
+* ENHANCEMENTS
+  * Improve alignment of commit status icon on commit page (#34750) (#34757)
+  * Support title and body query parameters for new PRs (#34537) (#34752)
+
+* BUGFIXES
+  * When using rules to delete packages, remove unclean bugs (#34632) (#34761)
+  * Fix ghost user in feeds when pushing in an actions, it should be gitea-actions (#34703) (#34756)
+  * Prevent double markdown link brackets when pasting URL (#34745) (#34748)
+  * Prevent duplicate form submissions when creating forks (#34714) (#34735)
+  * Fix markdown wrap (#34697) (#34702)
+  * Fix pull requests API convert panic when head repository is deleted. (#34685) (#34687)
+  * Fix commit message rendering and some UI problems (#34680) (#34683)
+  * Fix container range bug (#34725) (#34732)
+  * Fix incorrect cli default values (#34765) (#34766)
+  * Fix dropdown filter (#34708) (#34711)
+  * Hide href attribute of a tag if there is no target_url (#34556) (#34684)
+  * Fix tag target (#34781) #34783
+
 ## [1.24.0](https://github.com/go-gitea/gitea/releases/tag/1.24.0) - 2025-05-26
 
 * BREAKING

From 5fa40bacea4d0732d01a14777585687a36cce2f1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Dec 2025 22:41:25 +0000
Subject: [PATCH 06/10] Bump astral-sh/setup-uv from 6 to 7 (#36198)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6
to 7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0 🌈 node24 and a lot of bugfixes</h2>
<h2>Changes</h2>
<p>This release comes with a load of bug fixes and a speed up. Because
of switching from node20 to node24 it is also a breaking change. If you
are running on GitHub hosted runners this will just work, if you are
using self-hosted runners make sure, that your runners are up to date.
If you followed the normal installation instructions your self-hosted
runner will keep itself updated.</p>
<p>This release also removes the deprecated input
<code>server-url</code> which was used to download uv releases from a
different server.
The <a
href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#manifest-file">manifest-file</a>
input supersedes that functionality by adding a flexible way to define
available versions and where they should be downloaded from.</p>
<h3>Fixes</h3>
<ul>
<li>The action now respects when the environment variable
<code>UV_CACHE_DIR</code> is already set and does not overwrite it. It
now also finds <a
href="https://docs.astral.sh/uv/reference/settings/#cache-dir">cache-dir</a>
settings in config files if you set them.</li>
<li>Some users encountered problems that <a
href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#disable-cache-pruning">cache
pruning</a> took forever because they had some <code>uv</code> processes
running in the background. Starting with uv version <code>0.8.24</code>
this action uses <code>uv cache prune --ci --force</code> to ignore the
running processes</li>
<li>If you just want to install uv but not have it available in path,
this action now respects <code>UV_NO_MODIFY_PATH</code></li>
<li>Some other actions also set the env var <code>UV_CACHE_DIR</code>.
This action can now deal with that but as this could lead to unwanted
behavior in some edgecases a warning is now displayed.</li>
</ul>
<h3>Improvements</h3>
<p>If you are using minimum version specifiers for the version of uv to
install for example</p>
<pre lang="toml"><code>[tool.uv]
required-version = &quot;&gt;=0.8.17&quot;
</code></pre>
<p>This action now detects that and directly uses the latest version.
Previously it would download all available releases from the uv repo
to determine the highest matching candidate for the version specifier,
which took much more time.</p>
<p>If you are using other specifiers like <code>0.8.x</code> this action
still needs to download all available releases because the specifier
defines an upper bound (not 0.9.0 or later) and &quot;latest&quot; would
possibly not satisfy that.</p>
<h2>🚨 Breaking changes</h2>
<ul>
<li>Use node24 instead of node20 <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/608">#608</a>)</li>
<li>Remove deprecated input server-url <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/607">#607</a>)</li>
</ul>
<h2>🐛 Bug fixes</h2>
<ul>
<li>Respect UV_CACHE_DIR and cache-dir <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/612">#612</a>)</li>
<li>Use --force when pruning cache <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/611">#611</a>)</li>
<li>Respect UV_NO_MODIFY_PATH <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/603">#603</a>)</li>
<li>Warn when <code>UV_CACHE_DIR</code> has changed <a
href="https://github.com/jamesbraza"><code>@​jamesbraza</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/601">#601</a>)</li>
</ul>
<h2>🚀 Enhancements</h2>
<ul>
<li>Shortcut to latest version for minimum version specifier <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/598">#598</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Bump dependencies <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/613">#613</a>)</li>
<li>Fix test-uv-no-modify-path <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/604">#604</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/681c641aba71e4a1c380be3ab5e12ad51f415867"><code>681c641</code></a>
Bump actions/checkout from 5.0.0 to 6.0.1 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/712">#712</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/2e85713bb0ad1bd68b79183f00fe093dccd19930"><code>2e85713</code></a>
Bump actions/setup-node from 6.0.0 to 6.1.0 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/715">#715</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/58b6d7b303576a48786c1bbb6959b7875a3a84ec"><code>58b6d7b</code></a>
fix: add OS version to cache key to prevent binary incompatibility (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/716">#716</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/e8b52af86e46cb518daf4b47877e582bc9e37b8b"><code>e8b52af</code></a>
chore: update known checksums for 0.9.17 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/714">#714</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/ed21f2f24f8dd64503750218de024bcf64c7250a"><code>ed21f2f</code></a>
Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/695">#695</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/93202d8fbe8ed7d8099f4773a9684b037e0b6205"><code>93202d8</code></a>
bump dependencies (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/709">#709</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/5ce090076db3f5a2ed5bbd4a75c9123c727ff2af"><code>5ce0900</code></a>
set biome files.maxSize to 2MiB (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/708">#708</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/4180991cd97ec5ff7a3147ba70d3cc188015b467"><code>4180991</code></a>
allow cache-local-path w/o enable-cache (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/707">#707</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/0439606c8e2f1191835c4446afb6e4ac29363801"><code>0439606</code></a>
Bump github/codeql-action from 4.30.9 to 4.31.6 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/698">#698</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/7dd56c18e98cbf9546ad0ca8108ab326f681708a"><code>7dd56c1</code></a>
chore: update known checksums for 0.9.16 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/706">#706</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/setup-uv/compare/v6...v7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=astral-sh/setup-uv&package-manager=github_actions&previous-version=6&new-version=7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
---
 .github/workflows/pull-compliance.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pull-compliance.yml b/.github/workflows/pull-compliance.yml
index c146b439e0..866b522558 100644
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@@ -38,7 +38,7 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@v6
-      - uses: astral-sh/setup-uv@v6
+      - uses: astral-sh/setup-uv@v7
       - run: uv python install 3.12
       - uses: pnpm/action-setup@v4
       - uses: actions/setup-node@v5
@@ -56,7 +56,7 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@v6
-      - uses: astral-sh/setup-uv@v6
+      - uses: astral-sh/setup-uv@v7
       - run: uv python install 3.12
       - run: make deps-py
       - run: make lint-yaml

From 51e1ab5d7d12971441feca82df48bb3e67d735f0 Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Thu, 18 Dec 2025 23:56:08 +0100
Subject: [PATCH 07/10] Disable dependabot automatic labels (#36203)

Disable dependabot's [automatic
labels](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#labels--),
we have `actions/labeler` to do this job. After this is merged, I will
delete the labels `dependencies` and `github_actions` that dependabot
had created.
---
 .github/dependabot.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 399419bba8..5ddf28b726 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,6 +2,7 @@ version: 2
 
 updates:
   - package-ecosystem: github-actions
+    labels: []
     directory: /
     schedule:
       interval: daily

From a9a4457dc34ebfa91cc8111d35af6e4935c12e42 Mon Sep 17 00:00:00 2001
From: Sebastian Ertz <sebastian.ertz@gmx.de>
Date: Fri, 19 Dec 2025 00:26:18 +0100
Subject: [PATCH 08/10] Update chroma to v2.21.1 (#36201)

https://github.com/alecthomas/chroma/releases/tag/v2.21.1
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 130820a55c..a89c2a5c73 100644
--- a/go.mod
+++ b/go.mod
@@ -28,7 +28,7 @@ require (
 	github.com/ProtonMail/go-crypto v1.3.0
 	github.com/PuerkitoBio/goquery v1.10.3
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
-	github.com/alecthomas/chroma/v2 v2.21.0
+	github.com/alecthomas/chroma/v2 v2.21.1
 	github.com/aws/aws-sdk-go-v2/credentials v1.18.10
 	github.com/aws/aws-sdk-go-v2/service/codecommit v1.32.2
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
diff --git a/go.sum b/go.sum
index 92013e195a..ac70239339 100644
--- a/go.sum
+++ b/go.sum
@@ -98,8 +98,8 @@ github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0/go.mod h1:1HmmMEVsr+0R
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.21.0 h1:YVW9qQAFnQm2OFPPFQg6G/TpMxKSsUr/KUPDi/BEqtY=
-github.com/alecthomas/chroma/v2 v2.21.0/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
+github.com/alecthomas/chroma/v2 v2.21.1 h1:FaSDrp6N+3pphkNKU6HPCiYLgm8dbe5UXIXcoBhZSWA=
+github.com/alecthomas/chroma/v2 v2.21.1/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
 github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=
 github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=

From 0a9c09879d7802ff9ca6f3e51b8314b517f14d1d Mon Sep 17 00:00:00 2001
From: GiteaBot <teabot@gitea.io>
Date: Fri, 19 Dec 2025 00:39:05 +0000
Subject: [PATCH 09/10] [skip ci] Updated translations via Crowdin

---
 options/locale/locale_ga-IE.ini | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 6f348b1b71..27a91929e5 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -1294,6 +1294,7 @@ commit=Tiomantas
 release=Scaoileadh
 releases=Scaoileann
 tag=Clib
+git_tag=Clib Git
 released_this=scaoileadh seo
 tagged_this=clib seo
 file.title=%s ag %s
@@ -1862,6 +1863,7 @@ pulls.desc=Cumasaigh iarratais tarraingthe agus athbhreithnithe cód.
 pulls.new=Iarratas Tarraingthe Nua
 pulls.new.blocked_user=Ní féidir iarratas tarraingthe a chruthú toisc go bhfuil úinéir an stórais bac ort.
 pulls.new.must_collaborator=Caithfidh tú a bheith ina chomhoibritheoir chun iarratas tarraingthe a chruthú.
+pulls.new.already_existed=Tá iarratas tarraingthe idir na brainsí seo ann cheana féin
 pulls.edit.already_changed=Ní féidir athruithe ar an iarratas tarraingthe a shábháil. Is cosúil gur athraigh úsáideoir eile an t-ábhar cheana féin. Athnuachan an leathanach agus déan iarracht eagarthóireacht arís le nach ndéanfar a gcuid athruithe a fhorscríobh.
 pulls.view=Féach ar Iarratas Tarraing
 pulls.compare_changes=Iarratas Tarraingthe Nua
@@ -2755,6 +2757,13 @@ release.add_tag_msg=Úsáid teideal agus ábhar an eisiúna mar theachtaireacht
 release.add_tag=Cruthaigh Clib Amháin
 release.releases_for=Eisiúintí do %s
 release.tags_for=Clibeanna do %s
+release.notes=Nótaí scaoilte
+release.generate_notes=Nótaí scaoilte a ghiniúint
+release.generate_notes_desc=Cuir iarratais tarraingthe cumaiscthe agus nasc loga athruithe leis go huathoibríoch don eisiúint seo.
+release.previous_tag=Clib roimhe seo
+release.generate_notes_tag_not_found=Níl an clib "%s" ann sa stórlann seo.
+release.generate_notes_target_not_found=Ní féidir an sprioc scaoilte "%s" a aimsiú.
+release.generate_notes_missing_tag=Cuir isteach ainm clibe chun nótaí eisiúna a ghiniúint.
 
 branch.name=Ainm Brainse
 branch.already_exists=Tá brainse leis an ainm "%s" ann cheana féin.

From 36aa39fffe8e23319e927936c85b1ceed40ebc0b Mon Sep 17 00:00:00 2001
From: silverwind <me@silverwind.io>
Date: Fri, 19 Dec 2025 03:07:34 +0100
Subject: [PATCH 10/10] Bump setup-node to v6, re-enable cache (#36207)

---
 .github/workflows/pull-compliance.yml     | 16 ++++++++++++----
 .github/workflows/release-nightly.yml     |  4 +++-
 .github/workflows/release-tag-rc.yml      |  4 +++-
 .github/workflows/release-tag-version.yml |  4 +++-
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/pull-compliance.yml b/.github/workflows/pull-compliance.yml
index 866b522558..a5b6c550bb 100644
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@@ -41,9 +41,11 @@ jobs:
       - uses: astral-sh/setup-uv@v7
       - run: uv python install 3.12
       - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
       - run: make deps-py
       - run: make deps-frontend
       - run: make lint-templates
@@ -70,9 +72,11 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
       - run: make deps-frontend
       - run: make lint-swagger
 
@@ -150,9 +154,11 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
       - run: make deps-frontend
       - run: make lint-frontend
       - run: make checks-frontend
@@ -202,9 +208,11 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
       - run: make deps-frontend
       - run: make lint-md
 
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index 7d1fb88e2c..f073df05d3 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -23,9 +23,11 @@ jobs:
           go-version-file: go.mod
           check-latest: true
       - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
       - run: make deps-frontend deps-backend
       # xgo build
       - run: make release
diff --git a/.github/workflows/release-tag-rc.yml b/.github/workflows/release-tag-rc.yml
index 48cfe69540..fab468c9b4 100644
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@@ -24,9 +24,11 @@ jobs:
           go-version-file: go.mod
           check-latest: true
       - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
       - run: make deps-frontend deps-backend
       # xgo build
       - run: make release
diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml
index ea5ceffd67..113a33c3c7 100644
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@@ -27,9 +27,11 @@ jobs:
           go-version-file: go.mod
           check-latest: true
       - uses: pnpm/action-setup@v4
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 24
+          cache: pnpm
+          cache-dependency-path: pnpm-lock.yaml
       - run: make deps-frontend deps-backend
       # xgo build
       - run: make release