file-view.ts: Revert to IntersectionObserver with 101 thresholds (0%-100%) instead of scroll event to satisfy github/prefer-observers lint rule, while maintaining fine-grained position updates.
- Updated the rendering of table of contents (TOC) items to ensure proper closing of list items in HTML.
- Removed redundant header extraction logic from orgmode, enabling TOC extraction during post-processing.
- Simplified sidebar visibility state management by utilizing user settings instead of localStorage.
This enhances the overall structure and maintainability of the markup rendering process.
Removes `@ts-expect-error` in the code base and forbids it.
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fixes: https://github.com/go-gitea/gitea/issues/22618
`go-enry`'s `IsVendor` function marks git paths (`.gitignore`,
`.gitattributes`, `.gitmodules`), github/gitea paths (`.github/`,
`.gitea/`) as "vendored" for GitHub Linguist language statistics. This
causes these files to incorrectly display the "Vendored" tag in diff
views.
Override `go-enry`'s detection for these specific cases while preserving
its behavior for actual vendor directories.
---------
Signed-off-by: silverwind <me@silverwind.io>
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
- Bump alpine to 3.23 following
https://github.com/go-gitea/gitea/pull/36185 and
https://github.com/go-gitea/gitea/pull/36202.
- Enable all architectures in `docker-dryrun`.
- Tweak actions conditions to be more precise.
---------
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Fixes: https://github.com/go-gitea/gitea/issues/36211
This PR fixes ensures that all system notices consistently include
repository names in the format `"Action description (owner/repo): error
message"`.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
Fix#28479
When scrolling inside the editor and the editor has already reached the
end of its scroll area, the browser does not continue scrolling. This is
inconvenient because users must move the cursor out of the editor to
scroll the page further.
This PR enables automatic switching between the editor’s scroll and the
browser’s scroll, allowing seamless continuous scrolling.
- Update all JS deps
- Enable a few more stylelint stylistic rules and fix issues
- Remove knip, it raised another false-positive, this tool is not worth
it when you have to babysit it like that
- Exclude @eslint/json from updating as it requires unreleased eslint 10
([ref](https://github.com/eslint/json/issues/207))
- Update labeler config for new eslint filenames
- Adjust `make help` output
- Add type checking in `stylelint.config.ts`
`smtp.mydomain.test` is a real domain that resolves to something and
which is being connected to while running tests. Instead, use
[.test](https://en.wikipedia.org/wiki/.test) which is guaranteed to
never be registered on the internet, so all connections to it will fail
with NXDOMAIN dns error.
Fix#36483
In git log/rev-list, the "..." syntax represents the symmetric
difference between two references, which is different from the meaning
of "..." in git diff (where it implies diffing from the merge base).
For listing PR commits, we must use `merge-base..head` to include only
the commits introduced by the head branch. Otherwise, commits newly
pushed to the base branch would also be included, which is incorrect.
## Overview
This PR updates the Go toolchain version from `1.25.5` to `1.25.6` for
the Gitea project.
## Changes
### Toolchain Update
- **Go Toolchain**: Updated from `go1.25.5` to `go1.25.6`
This is a minor toolchain version bump that ensures the project uses the
latest patch release of Go 1.25.
## Security Improvements
While this PR primarily addresses the toolchain update, the project
maintains a strong security posture through:
### Current Security Measures
```log
Vulnerability #1: GO-2026-4342
Excessive CPU consumption when building archive index in archive/zip
More info: https://pkg.go.dev/vuln/GO-2026-4342
Standard library
Found in: archive/zip@go1.25.5
Fixed in: archive/zip@go1.25.6
Example traces found:
#1: modules/packages/nuget/metadata.go:217:25: nuget.ParseNuspecMetaData calls zip.Reader.Open
Vulnerability #2: GO-2026-4341
Memory exhaustion in query parameter parsing in net/url
More info: https://pkg.go.dev/vuln/GO-2026-4341
Standard library
Found in: net/url@go1.25.5
Fixed in: net/url@go1.25.6
Example traces found:
#1: modules/storage/minio.go:284:34: storage.MinioStorage.URL calls url.ParseQuery
#2: routers/api/v1/repo/action.go:1640:29: repo.DownloadArtifactRaw calls url.URL.Query
Vulnerability #3: GO-2026-4340
Handshake messages may be processed at the incorrect encryption level in
crypto/tls
More info: https://pkg.go.dev/vuln/GO-2026-4340
Standard library
Found in: crypto/tls@go1.25.5
Fixed in: crypto/tls@go1.25.6
Example traces found:
#1: services/auth/source/ldap/source_search.go:129:25: ldap.dial calls ldap.Conn.StartTLS, which calls tls.Conn.Handshake
#2: modules/graceful/server.go:156:14: graceful.Server.Serve calls http.Server.Serve, which eventually calls tls.Conn.HandshakeContext
#3: modules/lfs/content_store.go:132:27: lfs.hashingReader.Read calls tls.Conn.Read
#4: modules/proxyprotocol/conn.go:91:21: proxyprotocol.Conn.Write calls tls.Conn.Write
#5: modules/session/virtual.go:168:39: session.VirtualStore.Release calls couchbase.CouchbaseProvider.Exist, which eventually calls tls.Dial
#6: services/auth/source/ldap/source_search.go:120:22: ldap.dial calls ldap.DialTLS, which calls tls.DialWithDialer
#7: services/migrations/gogs.go:114:34: migrations.client calls http.Transport.RoundTrip, which eventually calls tls.Dialer.DialContext
```
## Breaking Changes
None expected. This is a minor toolchain patch update.
Followup to
59f812bc1c,
enforce using our localStorage wrapper in eslint.
Also did a few tweaks in the eslint config, like removing the incomplete
list of globals, this is a non-issue with typescript.
---------
Signed-off-by: silverwind <me@silverwind.io>
In Git 2.38, the `merge-tree` command introduced the `--write-tree`
option, which works directly on bare repositories. In Git 2.40, a new parameter `--merge-base` introduced so we require Git 2.40 to use the merge tree feature.
This option produces the merged tree object ID, allowing us to perform
diffs between commits without creating a temporary repository. By
avoiding the overhead of setting up and tearing down temporary repos,
this approach delivers a notable performance improvement.
It also fixes a possible situation that conflict files might be empty
but it's a conflict status according to
https://git-scm.com/docs/git-merge-tree#_mistakes_to_avoid
Replace #35542
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fixes: https://github.com/go-gitea/gitea/issues/36175
1. Correctly apply setting on textareas spawned by comment edit
3. When changing the setting, apply it to all textareas on the current page
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Change ResizeObserver from observing document.body (too broad) to only
observing the segment element. This reduces unnecessary position update
callbacks when unrelated parts of the page resize.
Add comprehensive tests for extractTocHeadingItems and collectTocHeadingItems
functions covering:
- Single level headers
- Nested/multi-level headers
- Headers with special characters
- Empty documents (no headers)
- TocShowInSection flag verification
Fix invalid HTML structure where <ul> was directly nested inside <ul>.
According to HTML specification, nested <ul> elements must be wrapped
in <li> elements.
Before: <ul><ul>...</ul></ul>
After: <ul><li><ul>...</ul></li></ul>
- Remove border from the TOC button in the README view for a cleaner appearance.
- Ensure hover state maintains no border for consistency with the overall design.
- Eliminate the deprecated SidebarTocNode from RenderContext and related functions.
- Update sidebar TOC rendering logic to exclusively use SidebarTocHeaders for improved clarity and maintainability.
- Remove fallback logic for legacy TOC rendering to streamline the codebase.
- Add border styling to the sidebar toggle button in file view to match other buttons.
- Update hover state to change border color for improved visual feedback.
- Update comments in RenderContext to clarify the deprecation of SidebarTocNode in favor of SidebarTocHeaders.
- Remove unnecessary blank line in RenderSidebarTocHTML function for improved code readability.
- Utilize IntersectionObserver to enhance performance and avoid issues associated with scroll events.
- Implement fine-grained position updates using multiple thresholds for better responsiveness during scrolling.
