dependabot[bot]
b1b5897795
Bump appleboy/git-push-action from 1.0.0 to 1.2.0 ( #36306 )
...
Bumps
[appleboy/git-push-action](https://github.com/appleboy/git-push-action )
from 1.0.0 to 1.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/appleboy/git-push-action/releases ">appleboy/git-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.0</h2>
<h2>Changelog</h2>
<h3>Features</h3>
<ul>
<li>2722561d2c158e67f0e4b908bda83937e53bbdd4: feat: add options for
insecure SSL and SSH version selection (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Others</h3>
<ul>
<li>2c87d5bacd46972f72523394e67af39825081037: style: standardize YAML
quoting and update input descriptions (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>66a962f89a56024b2a36de61fe65ba6b9994be15: fix: rename drone-git-push
env vars and update default version (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>e37f17de403a8b0b59184d852be6b7a7e017d376: chore: mark all
directories as safe in global git configuration (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Refactor</h3>
<ul>
<li>7bdda76242d8f6b40576a039a2d2233c43b7661e: refactor: refactor GitHub
Action to use Bash instead of Docker (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>4873de66e7bed19267cc8cd66959005c42d41cc7: refactor: simplify stdout
capturing by removing legacy logic (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>d1c361f2d2e128593b5dfeb3c2d9a5c6a1af7128: ci: run Docker actions as
nobody and inject GITHUB_WORKSPACE (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>fdf995de1284df95f38a3d99275eb38537eb05a4: ci: simplify Docker action
environment variable configuration (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>8e938ac7df8937d595e4c4fcf345139339a34819: ci: update
GITHUB_WORKSPACE to use /github/home path (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Documentation updates</h3>
<ul>
<li>3b2c8661652360dbf1afe1b319a49dbb739c39f1: docs: migrate to composite
GitHub Action and standardize env vars (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h2>v1.1.0</h2>
<h2>Changelog</h2>
<h3>Features</h3>
<ul>
<li>28a54bbef16233cbea6f9fe39f318a4f055cd749: feat: add mirror input
support to GitHub Action configuration (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Bug fixes</h3>
<ul>
<li>a63ac675f748ad297929b6d9688f94939fbe3dea: fix: fix spelling of
'force' option in git push actions (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Enhancements</h3>
<ul>
<li>ee39884535468c8b6f101c0980aec38a61bc6c8b: chore(readme): refactor
codebase and update dependencies (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>94fb0c0d87ba52affdcb2daf8505a0e7f086f205: chore: bump drone-git-push
base image to version 1.2.0 (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>a939634b19fa88f0d4c853f4b604a4df5549911d: chore: pin Drone Git Push
image to a specific version (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>0a16d15bfdca306c84a299db735f248e9d408bb3: ci: improve CI workflow
for semantic version releases (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>1807bf9a1b801f99799e4e2a64ca1c6b11301fc3: ci: automate maintenance
and enhance repository security (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>f39abba130277d16a141588c1b4c194a8f0b4636: build: run container as
non-root user for enhanced security (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>ed86ac596a332db5353062d7cbdf24d61554f5f1: ci: update CI workflows to
trigger on main branch (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>cd8de7f6c86b1390f0108011580b6c9845b9f5df: build: eliminate
"nobody" user references from Dockerfile (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>7465fee0c6ac1466048408a99c52598be9abf00f: ci: update CI workflow to
use newer actions/checkout version (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>b9d4e07212dd711b7e57352e5b6172038ab20f6e: build: simplify Docker
build by removing entrypoint.sh chmod step (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>14d3003b72ea485bf8707bfbef4926eca78cc341: build: upgrade CI pipeline
to latest drone-git-push base image (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Documentation updates</h3>
<ul>
<li>378ab1be62cfbae4111d3bbbec417d5b2e97134d: docs: clarify and
standardize input and action descriptions (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>4c679526c0d1910c6e058a82fdde978d5cd8c0c2: docs: revamp documentation
with expanded features and usage examples (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>61f29e5108e85fa252a0556c08ec87f0c425f1b2: docs: document GitHub
Action integration and Claude Code guidelines (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>a7ef8abff3f71345b67dc056ac3d7b2d006efa42: docs: add Trivy security
scan badge to documentation (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3b2c8661654873de66e72c87d5bacd2722561d2c66a962f89a7bdda762428e938ac7dfe37f17de40fdf995de12d1c361f2d2https://github.com/appleboy/git-push-action/compare/v1.0.0...v1.2.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 17:47:41 +00:00
silverwind
1d399bb1d1
Improve diff file headers ( #36215 )
...
- reduce file name font size from 15px to 14px
- fix labels and buttons being cut off when their size is constrained
- change labels from monospace to sans-serif font
- move diff stats to right and change them from sum of changes to +/-
- change filemode to label and change text to match other labels
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-12 20:29:35 +08:00
Lunny Xiao
fbea2c68e8
Fix delete attachment check ( #36320 )
2026-01-12 08:16:59 +00:00
GiteaBot
48d5adb39c
[skip ci] Updated translations via Crowdin
2026-01-12 00:42:33 +00:00
Lunny Xiao
da036f3f35
LFS locks must belong to the intended repo ( #36344 )
2026-01-11 12:57:58 +02:00
Sebastian Ertz
8319d8f381
Update chroma to v2.22.0 ( #36342 )
...
https://github.com/alecthomas/chroma/releases/tag/v2.22.0
2026-01-10 20:12:59 +00:00
Sebastian Ertz
18c393419f
Update goldmark to v1.7.16 ( #36343 )
...
https://github.com/yuin/goldmark/releases/tag/v1.7.16
2026-01-10 11:42:02 -08:00
wxiaoguang
eec8ee056c
Fix some trivial problems ( #36336 )
...
1. correctly parse git protocol's "OldCommit NewCommit RefName" line, it
should be explicitly split by space
2. add missing "return" in CreatePullRequest
3. add comments for "/user.keys" and "/user.gpg" outputs
4. trim space for the "commit status context name" to follow the same
behavior of git_model.NewCommitStatus
2026-01-09 20:58:21 +02:00
wxiaoguang
f6d3c70818
Fix diff view style handling ( #36324 )
...
Fix #36323
2026-01-09 04:37:16 +00:00
wxiaoguang
e226720cff
Refactor cat-file batch operations and support --batch-command approach ( #35775 )
...
Replace #34651 and address more problems including fix framework bugs and changing to QueryInfo and QueryContent calls.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2026-01-08 13:37:36 -08:00
bytedream
ee9d8893a7
Fix file-tree ui error when adding files to repo without commits ( #36312 )
...
When visiting the new file & upload file pages on a repo that has no
commits, the request for file-tree files fails.
---
<img width="1173" height="728" alt="Screenshot_20260106_175938"
src="https://github.com/user-attachments/assets/69e0ee0d-24af-4f5f-be7e-d64c03b5a5cb "
/>
<img width="349" height="95" alt="image"
src="https://github.com/user-attachments/assets/6e0b5252-95f2-4094-8d11-e0c5262f525b "
/>
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-08 12:04:51 -08:00
Gregorius Bima Kharisma Wicaksana
f9d3983de2
fix: generate IDs for HTML headings without id attribute ( #36233 )
...
This PR fixes #27383 where HTML headings like `<h1>Title</h1>` in
markdown files would have empty permalink anchors
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-06 05:09:44 +00:00
Daniel Mach
1d01286f4c
Add 'allow_maintainer_edit' API option for creating a pull request ( #36283 )
...
WebUI has a checkbox for enabling maintainer edits you can check right
away when creating a new pull request.
Also, it is possible to set `allow_maintainer_edit` in an existing pull
request via API.
This change enables the option while creating a new pull request via
API.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-06 01:00:26 +08:00
Joakim Olsson
1ee7f8e966
fix: prevent panic when GitLab release has more links than sources ( #36295 )
...
The code incorrectly assumed rel.Assets.Links and rel.Assets.Sources
arrays have equal length. This causes index out of bounds panic when
migrating GitLab releases with more links than sources, which is common
with GoReleaser-generated releases.
Fixes #36292
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-05 21:48:12 +08:00
Lunny Xiao
426bb491c0
Move assign project when creating pull request to the same database transaction ( #36244 )
2026-01-04 16:45:36 +00:00
GiteaBot
78ad28d052
[skip ci] Updated translations via Crowdin
2026-01-04 00:45:02 +00:00
Lunny Xiao
af95cbc0de
Fix stats bug when syncing release ( #36285 )
2026-01-03 10:55:37 -08:00
wxiaoguang
b79dbfa990
Fix link/origin referrer and login redirect ( #36279 )
...
Fix #35998
1. Fix `<a rel>` :
* "_blank" already means "noopener"
* "noreferrer" is already provided by page's `<meta name="referrer">`
2. Fix "redirect_to" mechisam
* Use "referer" header to determine the redirect link for a successful
login
3. Simplify code and merge duplicate logic
2026-01-03 11:43:04 +08:00
wxiaoguang
6fb3547417
Always honor user's choice for "delete branch after merge" ( #36281 )
...
Fix #36280
2026-01-03 10:36:21 +08:00
luo jiyin
d2baa8103f
refactor(pprof): use explicit mux instead of DefaultServeMux ( #36276 )
...
- Replace blank import of `net/http/pprof` with explicit import
- Create dedicated `http.ServeMux` for pprof server
- Register pprof handlers explicitly
---------
Signed-off-by: luojiyin <luojiyin@hotmail.com>
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-02 08:06:06 +00:00
Lunny Xiao
8373f7deb3
improve the compare page ( #36261 )
...
- The compare page head title should be `compare` but not `new pull
request`.
- Use `UnstableGuessRefByShortName` instead of duplicated functions
calls.
- Direct-compare, tags, commits compare will not display `New Pull
Request` button any more.
The new screenshot
<img width="1459" height="391" alt="image"
src="https://github.com/user-attachments/assets/64e9b070-9c0b-41d1-b4b8-233b96270e1b "
/>
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-01 10:32:19 -08:00
luo jiyin
98981eb749
mailer: pass request context to generateAdditionalHeadersForIssue ( #36274 )
...
Fixes #36273
Use the caller-provided context when building X-Gitea-Issue-Link,
instead of `context.TODO()`.
2026-01-01 04:28:25 +00:00
Max P.
91d871611e
feat(debian): use explicit, stronger defaults for newly generated repo signing keys ( #36236 )
...
Make Debian repository signing key generation use explicit stronger defaults
and embed the creation time in the OpenPGP comment for newly created keys.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-01-01 02:36:14 +00:00
wxiaoguang
094104bc91
Make "commit statuses" API accept slashes in "ref" ( #36264 )
...
Fix #36253
Support slashes in `{ref}` (follow GitHub's behavior)
2026-01-01 09:56:07 +08:00
Lunny Xiao
1771569300
Some refactor for repo path ( #36251 )
...
- Use `gitrepo.IsRepositoryExist` instead of `util.IsExit` or
`util.IsDir`
- Use `gitrepo.OpenRepository` instead of `git.OpenRepository`
- Use `gitrepo.DeleteRepository` instead of `util.RemoveAll`
- Use `gitrepo.RenameRepository` instead of `util.Rename`
2025-12-29 18:49:54 +00:00
Lunny Xiao
0ad94dfc70
Move catfile batch to a sub package of git module ( #36232 )
2025-12-29 10:19:42 -08:00
alphazeba
d0cb198c89
fix: prevent 100% width radio buttons ( #36262 )
...
as part of [Remove fomantic form
module](eddf875992 (diff-c34b74004deb63fb4f8a8549ef9d822b9839db0b69ae2c0cdacc05ce3d5d5682)
2025-12-29 09:51:10 +02:00
GiteaBot
85dd16b3fc
[skip ci] Updated translations via Crowdin
2025-12-29 00:43:22 +00:00
Lunny Xiao
c7b3cdf7b1
Use gitrepo's push function ( #36245 )
...
extract from #36186
2025-12-28 13:24:28 +02:00
Gregorius Bima Kharisma Wicaksana
83527d3f8a
Support closing keywords with URL references ( #36221 )
...
## Summary
This PR adds support for closing keywords (`closes`, `fixes`, `reopens`,
etc.) with full URL references in markdown links.
**Before:**
- `closes #123` ✅ works
- `closes org/repo#123` ✅ works
- `Closes [this issue](https://gitea.io/user/repo/issues/123 )` ❌ didn't
work
- `Fixes [#456 ](https://gitea.io/org/project/issues/456 )` ❌ didn't work
**After:**
All of the above now work correctly.
## Problem
When users reference issues using full URLs in markdown links (e.g.,
`Closes [this issue](https://gitea.io/user/repo/issues/123 )`), the
closing keywords were not detected. This was because the URL processing
code explicitly stated:
```go
// Note: closing/reopening keywords not supported with URLs
```
Both methods of writing the reference render the same in the UI, so
users expected the closing keywords to behave the same.
## Solution
The fix works by:
1. Passing the original (unstripped) content to
`findAllIssueReferencesBytes`
2. When processing URL links from markdown, finding the URL position in
the original content
3. For markdown links `[text](url)`, finding the opening bracket `[`
position
4. Using that position to detect closing keywords before the link
## Testing
Added test cases for:
- `Closes [this issue](url)` - single URL with closing keyword
- `This fixes [#456 ](url)` - keyword in middle of text
- `Reopens [PR](url)` - reopen keyword with pull request URL
- Multiple URLs where only one has a closing keyword
All existing tests continue to pass.
Fixes #27549
2025-12-27 09:05:24 -08:00
Ivan Tkatchev
19e1997ee2
Add an option to automatically verify SSH keys from LDAP ( #35927 )
...
This pull request adds an option to automatically verify SSH keys from
LDAP authentication sources.
This allows a correct authentication and verification workflow for
LDAP-enabled organizations; under normal circumstances SSH keys in LDAP
are not managed by users manually.
2025-12-27 12:33:08 +00:00
Lunny Xiao
00cc84e37c
remove nolint ( #36252 )
2025-12-26 22:55:30 -08:00
sollyu
64fcf847ce
Use the requested host for LFS links ( #36242 )
...
Use the dynamically parsed host in the request for LFS links, but not
use the hard-coded AppURL.
Make LFS server support multi-domain or run Gitea behind a reverse-proxy
with different ROOT_URL.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-26 04:48:20 +00:00
Lunny Xiao
ff3d68b98a
Fix panic when get editor config file ( #36241 )
...
Fix #36239
2025-12-25 19:26:23 -08:00
Lunny Xiao
776e406363
Refactor compare router param parse ( #36105 )
...
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-25 17:51:30 -08:00
GiteaBot
fbbed8c4c4
[skip ci] Updated translations via Crowdin
2025-12-25 21:37:43 +00:00
Lunny Xiao
324dcf6f64
Use flatten translation keys ( #36225 )
...
Crowdin does not remove empty lines in nested JSON translation files.
Therefore, we use flattened translation keys instead. We have also
updated the key-loading logic to ensure that empty values are not
applied during translation.
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2025-12-25 12:51:33 -08:00
silverwind
42d294941c
Replace CSRF cookie with CrossOriginProtection ( #36183 )
...
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection )
which relies purely on HTTP headers.
Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107
TODOs:
- [x] Fix tests
- [ ] Ideally add tests to validates the protection
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-25 12:33:34 +02:00
silverwind
7b10eb20a5
Merge latest master commits and fix the translations.
...
* Bump docker/build-push-action from 5 to 6 (#36197 )
Bumps
[docker/build-push-action](https://github.com/docker/build-push-action )
from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/build-push-action/releases ">docker/build-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<ul>
<li>Export build record and generate <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/ ">build
summary</a> by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1120 ">docker/build-push-action#1120</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.24.0 to 0.26.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1132 ">docker/build-push-action#1132</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1136 ">docker/build-push-action#1136</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1138 ">docker/build-push-action#1138</a></li>
<li>Bump braces from 3.0.2 to 3.0.3 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1137 ">docker/build-push-action#1137</a></li>
</ul>
<blockquote>
<p>[!NOTE]
This major release adds support for generating <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/ ">Build
summary</a> and exporting build record for your build. You can disable
this feature by setting <a
href="https://docs.docker.com/build/ci/github-actions/build-summary/#disable-job-summary ">
<code>DOCKER_BUILD_SUMMARY: false</code> environment variable in your
workflow</a>.</p>
</blockquote>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0 ">https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0 </a></p>
<h2>v5.4.0</h2>
<ul>
<li>Show builder information before building by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1128 ">docker/build-push-action#1128</a></li>
<li>Handle attestations correctly with provenance and sbom inputs by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1086 ">docker/build-push-action#1086</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.19.0 to 0.24.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1088 ">docker/build-push-action#1088</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1105 ">docker/build-push-action#1105</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1121 ">docker/build-push-action#1121</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1127 ">docker/build-push-action#1127</a></li>
<li>Bump undici from 5.28.3 to 5.28.4 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1090 ">docker/build-push-action#1090</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0 ">https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0 </a></p>
<h2>v5.3.0</h2>
<ul>
<li>Bump <code>@docker/actions-toolkit</code> from 0.18.0 to 0.19.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1080 ">docker/build-push-action#1080</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0 ">https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0 </a></p>
<h2>v5.2.0</h2>
<ul>
<li>Disable quotes detection for <code>outputs</code> input by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1074 ">docker/build-push-action#1074</a></li>
<li>Warn about ignored inputs by <a
href="https://github.com/favonia "><code>@favonia</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/1019 ">docker/build-push-action#1019</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.14.0 to 0.18.0 in
<a
href="https://redirect.github.com/docker/build-push-action/pull/1070 ">docker/build-push-action#1070</a></li>
<li>Bump undici from 5.26.3 to 5.28.3 in <a
href="https://redirect.github.com/docker/build-push-action/pull/1057 ">docker/build-push-action#1057</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0 ">https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0 </a></p>
<h2>v5.1.0</h2>
<ul>
<li>Add <code>annotations</code> input by <a
href="https://github.com/crazy-max "><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/build-push-action/pull/992 ">docker/build-push-action#992</a></li>
<li>Add <code>secret-envs</code> input by <a
href="https://github.com/elias-lundgren "><code>@elias-lundgren</code></a>
in <a
href="https://redirect.github.com/docker/build-push-action/pull/980 ">docker/build-push-action#980</a></li>
<li>Bump <code>@babel/traverse</code> from 7.17.3 to 7.23.2 in <a
href="https://redirect.github.com/docker/build-push-action/pull/991 ">docker/build-push-action#991</a></li>
<li>Bump <code>@docker/actions-toolkit</code> from 0.13.0-rc.1 to
0.14.0 in <a
href="https://redirect.github.com/docker/build-push-action/pull/990 ">docker/build-push-action#990</a>
<a
href="https://redirect.github.com/docker/build-push-action/pull/1006 ">docker/build-push-action#1006</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0 ">https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="263435318dhttps://redirect.github.com/docker/build-push-action/issues/1381 ">#1381</a>
from docker/dependabot/npm_and_yarn/docker/actions-t...</li>
<li><a
href="c0432d2e010bb1f27d6b5f9dbf956c0788c444d8https://redirect.github.com/docker/build-push-action/issues/1375 ">#1375</a>
from crazy-max/remove-gcr</li>
<li><a
href="aa179ca4f41dc7386353https://redirect.github.com/docker/build-push-action/issues/1364 ">#1364</a>
from crazy-max/history-export-cmd</li>
<li><a
href="9c9803f364db1f6c46e8721e8c79dehttps://github.com/docker/build-push-action/compare/v5...v6 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump aws-actions/configure-aws-credentials from 4 to 5 (#36196 )
[//]: # (dependabot-start)
⚠️ **Dependabot is rebasing this PR** ⚠️
Rebasing might not happen immediately, so don't worry if this takes some
time.
Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.
---
[//]: # (dependabot-end)
Bumps
[aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials )
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/releases ">aws-actions/configure-aws-credentials's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0 ">5.0.0</a>
(2025-09-03)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Cleanup input handling. Changes invalid boolean input behavior (see
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445 ">#1445</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add skip OIDC option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1458 ">#1458</a>)
(<a
href="8c45f6b081https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445 ">#1445</a>)
(<a
href="74b3e27aa8https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1456 ">#1456</a>)
(<a
href="c4be498953https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.0...v4.3.1 ">4.3.1</a>
(2025-08-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>update readme to 4.3.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1424 ">#1424</a>)
(<a
href="be2e7ad815https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.0...v4.3.0 ">4.3.0</a>
(2025-08-04)</h2>
<p>NOTE: This release tag originally pointed to
59b441846ad109fa4a1549b73ef4e149c4bfb53b, but a critical bug was
discovered shortly after publishing. We updated this tag to
d0834ad3a60a024346910e522a81b0002bd37fea to prevent anyone using the
4.3.0 tag from encountering the bug, and we published 4.3.1 to allow
workflows to auto update correctly.</p>
<h3>Features</h3>
<ul>
<li>dependency update and feature cleanup (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1414 ">#1414</a>)
(<a
href="59489ba544https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1062 ">#1062</a>
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1191 ">#1191</a></li>
<li>Optional environment variable output (<a
href="c3b3ce61b05b3c89504637fe9a740bcbea70821e3f7c218721https://github.com/aws-actions/configure-aws-credentials/compare/v4.2.0...v4.2.1 ">4.2.1</a>
(2025-05-14)</h2>
<h3>Bug Fixes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md ">aws-actions/configure-aws-credentials's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v5.1.0...v5.1.1 ">5.1.1</a>
(2025-11-24)</h2>
<h3>Miscellaneous Chores</h3>
<ul>
<li>release 5.1.1 (<a
href="56d6a583f0https://github.com/aws-actions/configure-aws-credentials/compare/v5.0.0...v5.1.0 ">5.1.0</a>
(2025-10-06)</h2>
<h3>Features</h3>
<ul>
<li>Add global timeout support (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1487 ">#1487</a>)
(<a
href="1584b8b0e2https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482 ">#1482</a>)
(<a
href="dde9b22a8ehttps://redirect.github.com/aws-actions/configure-aws-credentials/issues/1485 ">#1485</a>)
(<a
href="97ef425d73https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1482 ">#1482</a>)
(<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1486 ">#1486</a>)
(<a
href="cea42985achttps://github.com/aws-actions/configure-aws-credentials/compare/v4.3.1...v5.0.0 ">5.0.0</a>
(2025-09-03)</h2>
<h3>⚠ BREAKING CHANGES</h3>
<ul>
<li>Cleanup input handling. Changes invalid boolean input behavior (see
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445 ">#1445</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add skip OIDC option (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1458 ">#1458</a>)
(<a
href="8c45f6b081https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1445 ">#1445</a>)
(<a
href="74b3e27aa8https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1456 ">#1456</a>)
(<a
href="c4be498953https://github.com/aws-actions/configure-aws-credentials/compare/v4.3.0...v4.3.1 ">4.3.1</a>
(2025-08-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>update readme to 4.3.1 (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1424 ">#1424</a>)
(<a
href="be2e7ad815https://github.com/aws-actions/configure-aws-credentials/compare/v4.2.1...v4.3.0 ">4.3.0</a>
(2025-08-04)</h2>
<h3>Features</h3>
<ul>
<li>depenency update and feature cleanup (<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1414 ">#1414</a>)
(<a
href="59489ba544https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1062 ">#1062</a>
<a
href="https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1191 ">#1191</a></li>
<li>Optional environment variable output (<a
href="c3b3ce61b061815dcd50https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1564 ">#1564</a>)</li>
<li><a
href="56d6a583f04a54c24244https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1563 ">#1563</a>)</li>
<li><a
href="b2793c943dhttps://redirect.github.com/aws-actions/configure-aws-credentials/issues/1559 ">#1559</a>)</li>
<li><a
href="8c230bf21df7a5b07d53https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1558 ">#1558</a>)</li>
<li><a
href="730fc04382https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1555 ">#1555</a>)</li>
<li><a
href="bc0dd36aechttps://redirect.github.com/aws-actions/configure-aws-credentials/issues/1556 ">#1556</a>)</li>
<li><a
href="f2964c7281cf464951behttps://redirect.github.com/aws-actions/configure-aws-credentials/issues/1548 ">#1548</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aws-actions/configure-aws-credentials/compare/v4...v5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump dev-hanz-ops/install-gh-cli-action from 0.1.0 to 0.2.1 (#36195 )
Bumps
[dev-hanz-ops/install-gh-cli-action](https://github.com/dev-hanz-ops/install-gh-cli-action )
from 0.1.0 to 0.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/releases ">dev-hanz-ops/install-gh-cli-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.1 - arm64 support</h2>
<ul>
<li>support arm64 architecture - <a
href="https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/pull/10 ">dev-hanz-ops/install-gh-cli-action#10</a>
(by <a
href="https://github.com/whatthefinemanual "><code>@whatthefinemanual</code></a>)</li>
</ul>
<h2>v0.2.0 - update to node20</h2>
<ul>
<li><a
href="8fff9050daaf38ce09b1eef2976cedhttps://redirect.github.com/dev-hanz-ops/install-gh-cli-action/issues/10 ">#10</a>)</li>
<li><a
href="2d19dc38f3https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/issues/8 ">#8</a>)</li>
<li><a
href="8fff9050da67bfd053934474568036https://redirect.github.com/dev-hanz-ops/install-gh-cli-action/issues/3 ">#3</a>)</li>
<li>See full diff in <a
href="https://github.com/dev-hanz-ops/install-gh-cli-action/compare/v0.1.0...v0.2.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Front port changelog (#36193 )
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: silverwind <me@silverwind.io>
* Bump astral-sh/setup-uv from 6 to 7 (#36198 )
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) from 6
to 7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/setup-uv/releases ">astral-sh/setup-uv's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0 🌈 node24 and a lot of bugfixes</h2>
<h2>Changes</h2>
<p>This release comes with a load of bug fixes and a speed up. Because
of switching from node20 to node24 it is also a breaking change. If you
are running on GitHub hosted runners this will just work, if you are
using self-hosted runners make sure, that your runners are up to date.
If you followed the normal installation instructions your self-hosted
runner will keep itself updated.</p>
<p>This release also removes the deprecated input
<code>server-url</code> which was used to download uv releases from a
different server.
The <a
href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#manifest-file ">manifest-file</a>
input supersedes that functionality by adding a flexible way to define
available versions and where they should be downloaded from.</p>
<h3>Fixes</h3>
<ul>
<li>The action now respects when the environment variable
<code>UV_CACHE_DIR</code> is already set and does not overwrite it. It
now also finds <a
href="https://docs.astral.sh/uv/reference/settings/#cache-dir ">cache-dir</a>
settings in config files if you set them.</li>
<li>Some users encountered problems that <a
href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#disable-cache-pruning ">cache
pruning</a> took forever because they had some <code>uv</code> processes
running in the background. Starting with uv version <code>0.8.24</code>
this action uses <code>uv cache prune --ci --force</code> to ignore the
running processes</li>
<li>If you just want to install uv but not have it available in path,
this action now respects <code>UV_NO_MODIFY_PATH</code></li>
<li>Some other actions also set the env var <code>UV_CACHE_DIR</code>.
This action can now deal with that but as this could lead to unwanted
behavior in some edgecases a warning is now displayed.</li>
</ul>
<h3>Improvements</h3>
<p>If you are using minimum version specifiers for the version of uv to
install for example</p>
<pre lang="toml"><code>[tool.uv]
required-version = ">=0.8.17"
</code></pre>
<p>This action now detects that and directly uses the latest version.
Previously it would download all available releases from the uv repo
to determine the highest matching candidate for the version specifier,
which took much more time.</p>
<p>If you are using other specifiers like <code>0.8.x</code> this action
still needs to download all available releases because the specifier
defines an upper bound (not 0.9.0 or later) and "latest" would
possibly not satisfy that.</p>
<h2>🚨 Breaking changes</h2>
<ul>
<li>Use node24 instead of node20 <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/608 ">#608</a>)</li>
<li>Remove deprecated input server-url <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/607 ">#607</a>)</li>
</ul>
<h2>🐛 Bug fixes</h2>
<ul>
<li>Respect UV_CACHE_DIR and cache-dir <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/612 ">#612</a>)</li>
<li>Use --force when pruning cache <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/611 ">#611</a>)</li>
<li>Respect UV_NO_MODIFY_PATH <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/603 ">#603</a>)</li>
<li>Warn when <code>UV_CACHE_DIR</code> has changed <a
href="https://github.com/jamesbraza "><code>@jamesbraza</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/601 ">#601</a>)</li>
</ul>
<h2>🚀 Enhancements</h2>
<ul>
<li>Shortcut to latest version for minimum version specifier <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/598 ">#598</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Bump dependencies <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/613 ">#613</a>)</li>
<li>Fix test-uv-no-modify-path <a
href="https://github.com/eifinger "><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/604 ">#604</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="681c641abahttps://redirect.github.com/astral-sh/setup-uv/issues/712 ">#712</a>)</li>
<li><a
href="2e85713bb0https://redirect.github.com/astral-sh/setup-uv/issues/715 ">#715</a>)</li>
<li><a
href="58b6d7b303https://redirect.github.com/astral-sh/setup-uv/issues/716 ">#716</a>)</li>
<li><a
href="e8b52af86ehttps://redirect.github.com/astral-sh/setup-uv/issues/714 ">#714</a>)</li>
<li><a
href="ed21f2f24fhttps://redirect.github.com/astral-sh/setup-uv/issues/695 ">#695</a>)</li>
<li><a
href="93202d8fbehttps://redirect.github.com/astral-sh/setup-uv/issues/709 ">#709</a>)</li>
<li><a
href="5ce090076dhttps://redirect.github.com/astral-sh/setup-uv/issues/708 ">#708</a>)</li>
<li><a
href="4180991cd9https://redirect.github.com/astral-sh/setup-uv/issues/707 ">#707</a>)</li>
<li><a
href="0439606c8ehttps://redirect.github.com/astral-sh/setup-uv/issues/698 ">#698</a>)</li>
<li><a
href="7dd56c18e9https://redirect.github.com/astral-sh/setup-uv/issues/706 ">#706</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/setup-uv/compare/v6...v7 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Disable dependabot automatic labels (#36203 )
Disable dependabot's [automatic
labels](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#labels-- ),
we have `actions/labeler` to do this job. After this is merged, I will
delete the labels `dependencies` and `github_actions` that dependabot
had created.
* Update chroma to v2.21.1 (#36201 )
https://github.com/alecthomas/chroma/releases/tag/v2.21.1
* [skip ci] Updated translations via Crowdin
* Bump setup-node to v6, re-enable cache (#36207 )
* Add JSON linting (#36192 )
Uses https://github.com/eslint/json to lint all JSON and JSONC files in the repo.
* Revert "Bump alpine to 3.23 (#36185 )" (#36202 )
Unbreak the release pipelines. The issue is caused by
https://gitlab.alpinelinux.org/alpine/aports/-/issues/17775 which
supposedly fixed in 3.23.2 and our build did use that version from what
I see, but maybe it's not fixed yet for `riscv`. We should try this
upgrade again later.
* Add date to "No Contributions" tooltip (#36190 )
Fixes https://github.com/go-gitea/gitea/issues/36188 via
52bbfd7a15https://github.com/user-attachments/assets/f06ca7d6-a141-499f-b6da-e46064a44846 "
/>
After:
<img width="292" height="78" alt="Screenshot 2025-12-18 at 17 08 36"
src="https://github.com/user-attachments/assets/b80f7391-7960-44ad-8184-ffab4c9a4ea7 "
/>
If there will be more changes in the future, we should vendor this
module.
Co-authored-by: Giteabot <teabot@gitea.io>
* Add `modifies/dependencies` label to dependabot (#36206 )
`actions/labeler` can not detect dependency updates in actions because
it works on file level, so we need to let dependabot set this label.
* Fix labeler config for stylelint (#36199 )
Followup to rename in
b8f1c9f048 (diff-cb3b3f608024ee0bd45ea10b08ca6d3fcf40523a3d40182a438937231d8b8072)#36194 )
Bumps
[appleboy/git-push-action](https://github.com/appleboy/git-push-action )
from 0.0.3 to 1.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/appleboy/git-push-action/releases ">appleboy/git-push-action's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.0</h2>
<h2>Changelog</h2>
<h3>Enhancements</h3>
<ul>
<li>50ae8aaf06c6fc08b3d13da3aa03deb50d970125: chore(docker): improve
overall system performance and API integration (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Build process updates</h3>
<ul>
<li>feea2e25baaa5ea24a9689a8af03f229ec1dd1a2: ci: improve testing
workflow and API usage (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>5d65d1094eb0415898554ba83c4f3196778f9a85: ci: improve testing
workflow and API usage (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>b31dd8d6e7ba1e80a96a4772d8c4290fe7bac0ce: build: update base image
in Dockerfile (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>fc585cfea49d10c08f8009f674c05961a0934647: ci(goreleaser): implement
automated release process with GoReleaser (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
<li>b1e5e3d76ccb4afd43bc0859672a6f9113fa0458: ci(test): optimize CI
workflow and test configurations (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
<h3>Documentation updates</h3>
<ul>
<li>8f1f45876617e5d74085a38164c421be39f099b3: docs(readme): refactor
codebase and improve test coverage (<a
href="https://github.com/appleboy "><code>@appleboy</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b1e5e3d76c8f1f458766fc585cfea450ae8aaf06b31dd8d6e75d65d1094efeea2e25bahttps://github.com/appleboy/git-push-action/compare/v0.0.3...v1.0.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump crowdin/github-action from 1 to 2 (#36204 )
Bumps [crowdin/github-action](https://github.com/crowdin/github-action )
from 1 to 2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/crowdin/github-action/releases ">crowdin/github-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h2>What's Changed</h2>
<h3>Features</h3>
<ul>
<li>Now the Action uses the new <a
href="https://crowdin.github.io/crowdin-cli/blog/2024/05/28/cli-v4 ">CLI
v4</a></li>
</ul>
<h3>Deprecations</h3>
<p>Removed deprecated options:</p>
<ul>
<li><code>add_crowdin_branch</code></li>
<li><code>new_branch_title</code></li>
<li><code>new_branch_export_pattern</code></li>
<li><code>new_branch_priority</code></li>
<li><code>delete_crowdin_branch</code></li>
</ul>
<p>Instead, use the <code>command: branch add <name></code> to
create a new branch.</p>
<ul>
<li><code>identity</code> - this option doesn't make much sense in the
context of the GitHub action, where environment variables are a de facto
standard for credentials loading.</li>
</ul>
<hr />
<p><strong>Full Changelog</strong>: <a
href="https://github.com/crowdin/github-action/compare/v1.20.4...v2.0.0 ">https://github.com/crowdin/github-action/compare/v1.20.4...v2.0.0 </a></p>
<h2>v1.20.4</h2>
<h2>What's Changed</h2>
<ul>
<li>CLI <a
href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.4 ">3.19.4</a>
by <a
href="https://github.com/andrii-bodnar "><code>@andrii-bodnar</code></a></li>
<li>ci: upgrade actions by <a
href="https://github.com/andrii-bodnar "><code>@andrii-bodnar</code></a>
in <a
href="https://redirect.github.com/crowdin/github-action/pull/226 ">crowdin/github-action#226</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/crowdin/github-action/compare/v1.20.3...v1.20.4 ">https://github.com/crowdin/github-action/compare/v1.20.3...v1.20.4 </a></p>
<h2>v1.20.3</h2>
<h2>What's Changed</h2>
<ul>
<li>CLI <a
href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.3 ">3.19.3</a>
by <a
href="https://github.com/andrii-bodnar "><code>@andrii-bodnar</code></a></li>
<li>chore: deprecate the 'identity' option by <a
href="https://github.com/andrii-bodnar "><code>@andrii-bodnar</code></a>
in <a
href="https://redirect.github.com/crowdin/github-action/pull/224 ">crowdin/github-action#224</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/crowdin/github-action/compare/v1.20.2...v1.20.3 ">https://github.com/crowdin/github-action/compare/v1.20.2...v1.20.3 </a></p>
<h2>v1.20.2</h2>
<h2>What's Changed</h2>
<ul>
<li>CLI <a
href="https://github.com/crowdin/crowdin-cli/releases/tag/3.19.2 ">3.19.2</a>
by <a
href="https://github.com/andrii-bodnar "><code>@andrii-bodnar</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/crowdin/github-action/compare/v1.20.1...v1.20.2 ">https://github.com/crowdin/github-action/compare/v1.20.1...v1.20.2 </a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="60debf382ehttps://redirect.github.com/crowdin/github-action/issues/298 ">#298</a>)</li>
<li><a
href="96b44e669708713f00a5https://redirect.github.com/crowdin/github-action/issues/294 ">#294</a>)</li>
<li><a
href="fb221ac1c8https://redirect.github.com/crowdin/github-action/issues/291 ">#291</a>)</li>
<li><a
href="0749939f639787f4fcb6590c05e09a9fd07c1c5b297234bae037201e27eehttps://redirect.github.com/crowdin/github-action/issues/283 ">#283</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/crowdin/github-action/compare/v1...v2 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
* Convert locale files from ini to json format (#35489 )
Migrate from the current INI format to JSON for translations. JSON is
widely supported, including by platforms such as Crowdin and Weblate.
* [skip ci] Updated translations via Crowdin
* Fix regression in writing authorized principals (#36213 )
Add additional logic with tests to restore the
previous behaviour when writing the principals file.
Fixes : #36212
---------
Signed-off-by: Peter Verraedt <peter.verraedt@kuleuven.be>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Show edit page confirmation dialog on tree view file change (#36130 )
Currently, when editing or deleting a file and the edit/commit form has
changes, navigating the file tree will discard all changes without any
warning. This PR prevents partial reloading when the edit form has
unsaved changes, which will trigger a browser native warning dialog.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: silverwind <me@silverwind.io>
Signed-off-by: Peter Verraedt <peter.verraedt@kuleuven.be>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Sebastian Ertz <sebastian.ertz@gmx.de>
Co-authored-by: GiteaBot <teabot@gitea.io>
Co-authored-by: Peter Verraedt <peter.verraedt@kuleuven.be>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: bytedream <me@bytedream.dev>
2025-12-24 07:29:36 +00:00
silverwind
eddf875992
Remove fomantic form module ( #36222 )
...
- Replace fomantic form CSS with custom module
- Moved code in `form.css` to `modules/form.css`, removed around 70% of
the previous module.
- Moved captcha styles previously in `form.css` to its own file.
There is probably more unused CSS, like form error state colors which to
my knowledge is not used anywhere, but I'm not sure about that one so I
kept it.
One notable change is the removal of `type` combinator here, which
lowers the selector specificity and I noticed one issue where selector
`.ui.search > .prompt` was winning, so I added a workaround for that
until the `search` module can be removed as well.
```css
.ui.form .fields.error .field input:not([type])
.ui.form .fields.error .field input[type="date"]
```
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2025-12-23 18:21:47 +01:00
Max P.
957151937f
Fix panic in blame view when a file has only a single commit ( #36230 )
...
This PR fixes a panic in the repository blame view that occurs when
rendering files whose blame history consists of only a single commit.
2025-12-23 14:26:29 +08:00
DaanSelen
04607f7d4a
fix: spelling error in migrate-storage cmd utility ( #36226 )
...
Added closing quote which looks to be forgotten
Signed-off-by: DaanSelen <80752476+DaanSelen@users.noreply.github.com>
2025-12-22 10:55:41 +00:00
silverwind
60de6cefed
Fix WebAuthn error checking ( #36219 )
...
Fixes: https://github.com/go-gitea/gitea/issues/36216
Now `detectWebAuthnSupport` returns the error type and lets the caller
decide whether they call `webAuthnError` and show the error. It no
longer shows the error during page load when the user has not even
interacted with the feature.
The bug affects all users on HTTP, so I think a quick fix release for
this might be good.
2025-12-21 18:24:41 +00:00
GiteaBot
5151e30fb7
[skip ci] Updated translations via Crowdin
2025-12-21 17:09:57 +00:00
Gregorius Bima Kharisma Wicaksana
b6ffe0e4e9
refactor: extract helper functions from SearchIssues ( #36158 )
...
## Summary
This PR refactors the `SearchIssues` function in
`routers/api/v1/repo/issue.go` by extracting common logic into reusable
helper functions:
- `parseIssueIsClosed()`: Parses the "state" query parameter and returns
the corresponding `isClosed` option
- `parseIssueIsPull()`: Parses the "type" query parameter and returns
the corresponding `isPull` option
- `buildSearchIssuesRepoIDs()`: Builds the list of repository IDs for
issue search based on query parameters
### Benefits:
- Improved code readability
- Smaller, more focused functions
- Easier to test individual components
- Potential for reuse in other handlers
### Changes:
- Extracted 3 helper functions from the ~292 line `SearchIssues`
function
- No functional changes - behavior remains the same
- Proper error handling preserved
## Test plan
- [ ] Verify existing API tests pass
- [ ] Manual testing of `/repos/issues/search` endpoint
Ref: #35015
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-20 17:57:41 -08:00
GiteaBot
bf0b377879
[skip ci] Updated translations via Crowdin
2025-12-21 00:42:41 +00:00
Lunny Xiao
0a3a9fb068
Revert "[skip ci] Updated translations via Crowdin"
...
This reverts commit d3656ebd95536b87dfc40c6df5ee22b2e62ae6c9.
2025-12-20 09:15:26 -08:00
Scion
495fee4555
Closed milestones with no issues now show as 100% completed ( #36220 )
...
Closed milestones with 0 issues currently display as having 0%
completion. This makes sense if the milestone is still open, but if the
milestone is closed it seems like that it should show 100% completeness
instead.
Before:
<img width="1708" height="252" alt="image"
src="https://github.com/user-attachments/assets/0b58c78f-0609-44ee-8d58-bd67534c6164 "
/>
After:
<img width="1716" height="263" alt="image"
src="https://github.com/user-attachments/assets/3fb0044f-d76c-4888-9d60-640f2ca5fec6 "
/>
2025-12-20 16:16:20 +00:00
bytedream
05c3b84f84
Show edit page confirmation dialog on tree view file change ( #36130 )
...
Currently, when editing or deleting a file and the edit/commit form has
changes, navigating the file tree will discard all changes without any
warning. This PR prevents partial reloading when the edit form has
unsaved changes, which will trigger a browser native warning dialog.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-20 02:29:39 +01:00
Peter Verraedt
b4c9057f92
Fix regression in writing authorized principals ( #36213 )
...
Add additional logic with tests to restore the
previous behaviour when writing the principals file.
Fixes : #36212
---------
Signed-off-by: Peter Verraedt <peter.verraedt@kuleuven.be>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-20 01:24:59 +00:00
