pomidorry
6bc7ee657b
test JSON roundtrip for SSHKeyOwnerID
2026-06-07 18:52:28 +03:00
pomidorry
26b4aae364
Merge branch 'main' into ssh-mirror-migrations
2026-06-07 17:51:59 +03:00
pomidorry
a1ca77584d
fix lint
2026-06-07 14:43:43 +03:00
pomidorry
7ec7cc7819
fix lint
2026-06-07 14:41:40 +03:00
pomidorry
6ce30aa144
let user choose SSH key owner when migrating to an org
2026-06-07 14:38:26 +03:00
wxiaoguang
e2fbfc8730
fix: various dropdown problems ( #38020 )
...
1. remove legacy onResponseKeepSelectedItem, refactor the code to
dropdown.js
2. make dropdown correctly handle "single selection + remote query + filter"
* fix #38018
3. fix incorrect "transition" class usage for the dropdown dividers
2026-06-07 10:33:16 +00:00
wxiaoguang
9bbea90bfe
fix: pgsql lint ( #38022 )
2026-06-07 18:28:17 +08:00
Copilot
5fe4f962e8
refactor(api): clarify APIError message usage and fix legacy lint error ( #38012 )
...
Avoid unclear & fragile "any" tricks, fix various abuses
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-06-07 06:19:39 +00:00
bircni
c43eb7c33a
fix(auth): do not auto-reactivate disabled users on OAuth2 callback ( #38009 )
...
The OAuth2 sign-in callback unconditionally set IsActive=true on the
local user row whenever the IdP authenticated them, silently undoing an
administrator's "Disable Account" action and granting the user a fresh
session in the same response. Treat the local IsActive flag as an
authoritative admin override: inactive users get a session and are
routed through the existing activate / prohibit-login pages by
verifyAuthWithOptions, matching the local-credentials sign-in path.
Adds an integration regression test that disables a linked local user
and asserts the row stays IsActive=false after a full OIDC callback.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-06-06 22:07:47 +00:00
bircni
42513398c0
fix(lfs): reject unknown SSH LFS sub-verbs to prevent auth bypass ( #38008 )
...
An authenticated SSH user could pass a malformed sub-verb (e.g.
`git-lfs-authenticate <repo> badverb`) so getAccessMode falls through to
AccessModeNone (0). The permission check in routers/private/serv.go then
evaluates `userMode < 0` which is always false, granting a valid LFS JWT
for any private repository. The HTTP LFS handler only validates the Op
claim on writes, so the token works for downloads.
Validate the sub-verb in runServ before calling getAccessMode and fail
fast for anything other than upload/download.
2026-06-06 17:44:56 +02:00
Sandro
743bbaa9c2
fix: refactor git error handling and make archive streaming handle non-existing commit id ( #38007 )
...
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-06-06 11:06:08 +00:00
wxiaoguang
e88650cfcf
chore: fix various layout problems ( #37983 )
...
Fix various misaligments, fix space between list item bar items, remove
deadcode (milestone dashboard)
2026-06-06 09:24:03 +00:00
bircni
4088d7e241
fix(ui): keep actions run title intact when subject contains an issue ref ( #38005 )
2026-06-06 11:00:14 +02:00
bircni
3659b5acc2
ci(workflows): add AgentScan workflow to flag possible AI-assisted PRs ( #37962 )
...
This PR adds an automated AgentScan workflow to help detect and handle
pull requests that appear to be created or authored primarily by
automated agents.
- If a PR is classified as `automation` or community-flagged, the
workflow:
- Adds the `possible bot` label,
- Posts a policy comment linking to the repository AI Contribution
Policy (`CONTRIBUTING.md#ai-contribution-policy`) and listing required
disclosures and checks,
- Optionally closes the PR if classification indicates an
automated/unwelcome submission.
2026-06-05 23:33:40 +02:00
bircni
aa63d1583d
fix(actions): return 404 when job log blob is missing ( #38003 )
...
- When the `action_task` row exists but the underlying dbfs/storage blob
is gone, `OpenLogs` returns a wrapped `os.ErrNotExist` which surfaces as
a 500 on the job logs endpoints.
- Translate it to the same `util.NewNotExistErrorf` shape already used
for unknown job ids / expired logs, so both the API
(`/api/v1/repos/.../actions/jobs/<id>/logs`) and the web download
handler return a clean 404 instead.
Fixes #37990 .
2026-06-05 20:10:25 +02:00
pomidorry
781666b5eb
Merge branch 'main' into ssh-mirror-migrations
2026-06-05 18:42:07 +03:00
pomidorry
3ad9a106e9
renaming
2026-06-05 18:28:23 +03:00
GiteaBot
7a26d5a2ae
[skip ci] Updated translations via Crowdin
2026-06-05 01:18:00 +00:00
wxiaoguang
dac41a124f
fix!: raise git required version to 2.13 ( #37996 )
...
format `lstrip=2` is only supported in git >= 2.13
https://git-scm.com/docs/git-for-each-ref/2.13.7
ref: #37994
Co-authored-by: Giteabot <teabot@gitea.io>
2026-06-04 13:56:16 +00:00
Alexey Ivanov
aaf4b149fa
chore(deps): upgrade zstd seekable package ( #37988 )
...
Upgrade `github.com/SaveTheRbtz/zstd-seekable-format-go/pkg` from
`v0.8.3` to `v0.10.0`:
https://github.com/SaveTheRbtz/zstd-seekable-format-go/releases/tag/pkg%2Fv0.10.0
This keeps Gitea's seekable zstd wrapper on the stable v0.10 API while
preserving the existing public `modules/zstd` API.
API migration:
- update `SeekableWriter` and `SeekableReader` internals for the
concrete `*seekable.Writer` and `*seekable.Reader` types introduced by
SaveTheRbtz/zstd-seekable-format-go#264
- update generated dependency metadata after `go mod tidy` removed the
now-unused `github.com/google/btree` transitive dependency
- no Gitea call sites needed changes because `modules/zstd` still
exposes the same constructors and interfaces
Validation:
- `go test ./modules/zstd`
- `make --always-make checks-backend`
---------
Co-authored-by: Giteabot <teabot@gitea.io>
2026-06-04 13:38:56 +00:00
pomidorry
c72e169216
fix linter
2026-06-04 14:55:19 +03:00
pomidorry
61209f2cd5
fix linter
2026-06-04 14:41:52 +03:00
pomidorry
177fc0deaa
reorder
2026-06-04 14:01:25 +03:00
pomidorry
3c0e3cf410
removed duplication
2026-06-04 13:46:36 +03:00
pomidorry
959b903193
remove dead GetSSHKeypairForURL
2026-06-04 13:41:52 +03:00
pomidorry
4ad204ce55
mirror to managed
2026-06-04 13:38:03 +03:00
pomidorry
f99b9b1b39
move UserSSHKeypair to models/user
2026-06-04 13:36:57 +03:00
Harsh Mahajan
792fa5eeba
feat(api): add q parameter to list branches API for server-side filtering ( #37982 )
...
The GET /repos/{owner}/{repo}/branches endpoint currently has no way to
filter branches by name server-side, forcing API consumers to paginate
through all branches and filter client-side.
The UI already supports branch search (added in
[#27055 ](https://github.com/go-gitea/gitea/pull/27055 )). The underlying
DB layer has a Keyword field on FindBranchOptions in
models/git/branch_list.go that does a LIKE %keyword% SQL filter, it just
wasn't wired up to the API handler.
This PR exposes a ?q= query parameter on the endpoint that maps to
FindBranchOptions.Keyword.
Example:
```GET /repos/owner/repo/branches?q=feature ```
Closes #37981
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-06-03 16:21:48 -07:00
pomidorry
ee2c682653
reorder
2026-06-03 23:44:04 +03:00
pomidorry
4717162f02
re-order managed-ssh-key path entries
2026-06-03 23:37:56 +03:00
pomidorry
0bbfd6aa38
removed extra indirection
2026-06-03 23:25:02 +03:00
pomidorry
30fa04c7b8
also push LFS
2026-06-03 23:25:02 +03:00
pomidorry
41f1f53b67
Mirror SSH Keys -> Managed SSH Keys
2026-06-03 23:25:02 +03:00
Thomas Sayen
b2748d7654
feat(ui): add "follow rename" to file commit history list ( #34994 )
...
Fix #28253
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-06-03 17:40:38 +00:00
pomidorry
ab27bfc58e
Merge branch 'main' into ssh-mirror-migrations
2026-06-03 19:54:16 +03:00
TheFox0x7
735e940a61
fix(oauth2): not respecting claims before second login ( #37874 )
...
fixes defect where claims where only applies on login but not during
account linking making only the second login take them into account
fixes: https://github.com/go-gitea/gitea/issues/32566
2026-06-03 16:50:47 +00:00
Dawid Góra
623bb81bb9
fix(releases): generate notes for initial tag ( #37697 )
...
Fixes https://github.com/go-gitea/gitea/issues/37286
Automatic release notes for the first release in a repository were empty
when there was no previous tag.
Before this change, the release notes generator used the tag name to
build the changelog link, but reused that state for pull request
collection. When `PreviousTag` was empty, the PR collection logic did
not scan a useful commit range, so merged pull requests were omitted
from the generated notes.
This pull request fixes that by decoupling the internal PR collection
range from the rendered changelog link:
- when a previous tag exists, behavior stays unchanged
- when no previous tag exists, release notes collect merged pull
requests from the full reachable history up to the target tag
- the displayed full changelog link for the first release still uses the
existing `/commits/tag/{tag}` format
Tests were updated to cover:
- generating notes for a repository with no previous tags
- including merged pull requests before the first tag
- preserving existing behavior when a previous tag exists
2026-06-03 16:30:30 +00:00
pomidorry
80c5948595
Merge remote-tracking branch 'upstream/main' into ssh-mirror-migrations
...
# Conflicts:
# go.mod
# models/repo/mirror.go
# modules/git/gitcmd/command.go
# modules/git/remote.go
# routers/web/user/setting/keys.go
# services/repository/migrate.go
2026-06-03 19:29:39 +03:00
wxiaoguang
fbaaac9c14
fix: remove "no-transfrom" from the cache-control header ( #37985 )
...
Cloudflare has officially removed the "auto-minify" feature
https://community.cloudflare.com/t/655677 , so we don't need such option
anymore.
Fix #34521
2026-06-04 00:12:02 +08:00
puni9869
79810ba2e3
fix: use committer time where ever possible as default ( #37969 )
...
Fix https://github.com/go-gitea/gitea/issues/37857
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-06-02 15:08:23 +08:00
Giteabot
9619d93e3b
chore(deps): update action dependencies ( #37964 )
...
This PR contains the following updates:
| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
|
[aws-actions/configure-aws-credentials](https://redirect.github.com/aws-actions/configure-aws-credentials )
| action | patch | `v6.1.1` → `v6.1.2` | `v6.1.3` |
|
[docker/build-push-action](https://redirect.github.com/docker/build-push-action )
| action | minor | `v7.1.0` → `v7.2.0` | |
| [docker/login-action](https://redirect.github.com/docker/login-action )
| action | minor | `v4.1.0` → `v4.2.0` | |
|
[docker/metadata-action](https://redirect.github.com/docker/metadata-action )
| action | minor | `v6.0.0` → `v6.1.0` | |
|
[docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action )
| action | minor | `v4.0.0` → `v4.1.0` | |
|
[docker/setup-qemu-action](https://redirect.github.com/docker/setup-qemu-action )
| action | minor | `v4.0.0` → `v4.1.0` | |
| redis | service | digest | `48e78eb` → `e74c9b9` | |
---
### Release Notes
<details>
<summary>aws-actions/configure-aws-credentials
(aws-actions/configure-aws-credentials)</summary>
###
[`v6.1.2`](https://redirect.github.com/aws-actions/configure-aws-credentials/releases/tag/v6.1.2 )
[Compare
Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.1...v6.1.2 )
##### Bug Fixes
- additional filesystem checks
([#​1799](https://redirect.github.com/aws-actions/configure-aws-credentials/issues/1799 ))
([c39f282](c39f282697https://redirect.github.com/docker/build-push-action/releases/tag/v7.2.0 )
[Compare
Source](https://redirect.github.com/docker/build-push-action/compare/v7.1.0...v7.2.0 )
- Bump [@​actions/core](https://redirect.github.com/actions/core )
from 3.0.0 to 3.0.1 in
[#​1525](https://redirect.github.com/docker/build-push-action/pull/1525 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.87.0 to 0.90.0 in
[#​1517](https://redirect.github.com/docker/build-push-action/pull/1517 )
- Bump brace-expansion from 2.0.2 to 5.0.6 in
[#​1534](https://redirect.github.com/docker/build-push-action/pull/1534 )
- Bump fast-xml-builder from 1.1.4 to 1.2.0 in
[#​1529](https://redirect.github.com/docker/build-push-action/pull/1529 )
- Bump fast-xml-parser from 5.5.7 to 5.8.0 in
[#​1521](https://redirect.github.com/docker/build-push-action/pull/1521 )
- Bump postcss from 8.5.6 to 8.5.10 in
[#​1526](https://redirect.github.com/docker/build-push-action/pull/1526 )
- Bump tar from 6.2.1 to 7.5.15 in
[#​1533](https://redirect.github.com/docker/build-push-action/pull/1533 )
**Full Changelog**:
<https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0 >
</details>
<details>
<summary>docker/login-action (docker/login-action)</summary>
###
[`v4.2.0`](https://redirect.github.com/docker/login-action/releases/tag/v4.2.0 )
[Compare
Source](https://redirect.github.com/docker/login-action/compare/v4.1.0...v4.2.0 )
- Bump [@​actions/core](https://redirect.github.com/actions/core )
from 3.0.0 to 3.0.1 in
[#​976](https://redirect.github.com/docker/login-action/pull/976 )
- Bump
[@​aws-sdk/client-ecr](https://redirect.github.com/aws-sdk/client-ecr )
and
[@​aws-sdk/client-ecr-public](https://redirect.github.com/aws-sdk/client-ecr-public )
to 3.1050.0 in
[#​960](https://redirect.github.com/docker/login-action/pull/960 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.86.0 to 0.90.0 in
[#​970](https://redirect.github.com/docker/login-action/pull/970 )
- Bump brace-expansion from 2.0.1 to 5.0.6 in
[#​993](https://redirect.github.com/docker/login-action/pull/993 )
- Bump fast-xml-builder from 1.1.4 to 1.2.0 in
[#​985](https://redirect.github.com/docker/login-action/pull/985 )
- Bump fast-xml-parser from 5.3.6 to 5.8.0 in
[#​963](https://redirect.github.com/docker/login-action/pull/963 )
- Bump http-proxy-agent and https-proxy-agent to 9.0.0 in
[#​961](https://redirect.github.com/docker/login-action/pull/961 )
- Bump postcss from 8.5.6 to 8.5.10 in
[#​979](https://redirect.github.com/docker/login-action/pull/979 )
- Bump tar from 6.2.1 to 7.5.15 in
[#​991](https://redirect.github.com/docker/login-action/pull/991 )
- Bump vite from 7.3.1 to 7.3.3 in
[#​986](https://redirect.github.com/docker/login-action/pull/986 )
**Full Changelog**:
<https://github.com/docker/login-action/compare/v4.1.0...v4.2.0 >
</details>
<details>
<summary>docker/metadata-action (docker/metadata-action)</summary>
###
[`v6.1.0`](https://redirect.github.com/docker/metadata-action/releases/tag/v6.1.0 )
[Compare
Source](https://redirect.github.com/docker/metadata-action/compare/v6...v6.1.0 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.79.0 to 0.90.0 in
[#​613](https://redirect.github.com/docker/metadata-action/pull/613 )
- Bump brace-expansion from 1.1.12 to 5.0.6 in
[#​658](https://redirect.github.com/docker/metadata-action/pull/658 )
[#​630](https://redirect.github.com/docker/metadata-action/pull/630 )
- Bump csv-parse from 6.1.0 to 6.2.1 in
[#​617](https://redirect.github.com/docker/metadata-action/pull/617 )
- Bump fast-xml-parser from 5.4.2 to 5.8.0 in
[#​620](https://redirect.github.com/docker/metadata-action/pull/620 )
- Bump flatted from 3.3.3 to 3.4.2 in
[#​623](https://redirect.github.com/docker/metadata-action/pull/623 )
- Bump glob from 10.3.15 to 10.5.0 in
[#​621](https://redirect.github.com/docker/metadata-action/pull/621 )
- Bump handlebars from 4.7.8 to 4.7.9 in
[#​629](https://redirect.github.com/docker/metadata-action/pull/629 )
- Bump lodash from 4.17.23 to 4.18.1 in
[#​639](https://redirect.github.com/docker/metadata-action/pull/639 )
- Bump moment-timezone from 0.6.0 to 0.6.1 in
[#​619](https://redirect.github.com/docker/metadata-action/pull/619 )
- Bump picomatch from 4.0.3 to 4.0.4 in
[#​626](https://redirect.github.com/docker/metadata-action/pull/626 )
- Bump postcss from 8.5.6 to 8.5.10 in
[#​649](https://redirect.github.com/docker/metadata-action/pull/649 )
- Bump tar from 6.2.1 to 7.5.15 in
[#​657](https://redirect.github.com/docker/metadata-action/pull/657 )
- Bump undici from 6.23.0 to 6.25.0 in
[#​614](https://redirect.github.com/docker/metadata-action/pull/614 )
- Bump vite from 7.3.1 to 7.3.2 in
[#​637](https://redirect.github.com/docker/metadata-action/pull/637 )
**Full Changelog**:
<https://github.com/docker/metadata-action/compare/v6.0.0...v6.1.0 >
</details>
<details>
<summary>docker/setup-buildx-action
(docker/setup-buildx-action)</summary>
###
[`v4.1.0`](https://redirect.github.com/docker/setup-buildx-action/releases/tag/v4.1.0 )
[Compare
Source](https://redirect.github.com/docker/setup-buildx-action/compare/v4...v4.1.0 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.79.0 to 0.90.0 in
[#​489](https://redirect.github.com/docker/setup-buildx-action/pull/489 )
- Bump brace-expansion from 1.1.12 to 5.0.6 in
[#​547](https://redirect.github.com/docker/setup-buildx-action/pull/547 )
[#​508](https://redirect.github.com/docker/setup-buildx-action/pull/508 )
- Bump fast-xml-builder from 1.0.0 to 1.2.0 in
[#​540](https://redirect.github.com/docker/setup-buildx-action/pull/540 )
- Bump fast-xml-parser from 5.4.2 to 5.8.0 in
[#​496](https://redirect.github.com/docker/setup-buildx-action/pull/496 )
- Bump flatted from 3.3.3 to 3.4.2 in
[#​499](https://redirect.github.com/docker/setup-buildx-action/pull/499 )
- Bump glob from 10.3.12 to 13.0.6 in
[#​495](https://redirect.github.com/docker/setup-buildx-action/pull/495 )
- Bump handlebars from 4.7.8 to 4.7.9 in
[#​504](https://redirect.github.com/docker/setup-buildx-action/pull/504 )
- Bump lodash from 4.17.23 to 4.18.1 in
[#​523](https://redirect.github.com/docker/setup-buildx-action/pull/523 )
- Bump picomatch from 4.0.3 to 4.0.4 in
[#​503](https://redirect.github.com/docker/setup-buildx-action/pull/503 )
- Bump postcss from 8.5.6 to 8.5.10 in
[#​537](https://redirect.github.com/docker/setup-buildx-action/pull/537 )
- Bump tar from 6.2.1 to 7.5.15 in
[#​545](https://redirect.github.com/docker/setup-buildx-action/pull/545 )
- Bump undici from 6.23.0 to 6.25.0 in
[#​492](https://redirect.github.com/docker/setup-buildx-action/pull/492 )
- Bump vite from 7.3.1 to 7.3.2 in
[#​520](https://redirect.github.com/docker/setup-buildx-action/pull/520 )
**Full Changelog**:
<https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0 >
</details>
<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>
###
[`v4.1.0`](https://redirect.github.com/docker/setup-qemu-action/releases/tag/v4.1.0 )
[Compare
Source](https://redirect.github.com/docker/setup-qemu-action/compare/v4...v4.1.0 )
- Add `reset` input to uninstall current emulators by
[@​crazy-max](https://redirect.github.com/crazy-max ) in
[#​21](https://redirect.github.com/docker/setup-qemu-action/pull/21 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.77.0 to 0.91.0 in
[#​250](https://redirect.github.com/docker/setup-qemu-action/pull/250 )
[#​247](https://redirect.github.com/docker/setup-qemu-action/pull/247 )
- Bump brace-expansion from 1.1.12 to 1.1.15 in
[#​265](https://redirect.github.com/docker/setup-qemu-action/pull/265 )
- Bump fast-xml-builder from 1.0.0 to 1.2.0 in
[#​286](https://redirect.github.com/docker/setup-qemu-action/pull/286 )
- Bump fast-xml-parser from 5.4.2 to 5.8.0 in
[#​255](https://redirect.github.com/docker/setup-qemu-action/pull/255 )
- Bump flatted from 3.3.3 to 3.4.2 in
[#​257](https://redirect.github.com/docker/setup-qemu-action/pull/257 )
- Bump glob from 10.3.15 to 10.5.0 in
[#​254](https://redirect.github.com/docker/setup-qemu-action/pull/254 )
- Bump handlebars from 4.7.8 to 4.7.9 in
[#​262](https://redirect.github.com/docker/setup-qemu-action/pull/262 )
- Bump lodash from 4.17.23 to 4.18.1 in
[#​273](https://redirect.github.com/docker/setup-qemu-action/pull/273 )
- Bump postcss from 8.5.6 to 8.5.10 in
[#​285](https://redirect.github.com/docker/setup-qemu-action/pull/285 )
- Bump tar from 6.2.1 to 7.5.15 in
[#​287](https://redirect.github.com/docker/setup-qemu-action/pull/287 )
- Bump tmp from 0.2.5 to 0.2.6 in
[#​291](https://redirect.github.com/docker/setup-qemu-action/pull/291 )
- Bump undici from 6.23.0 to 6.26.0 in
[#​251](https://redirect.github.com/docker/setup-qemu-action/pull/251 )
- Bump vite from 7.3.1 to 7.3.2 in
[#​271](https://redirect.github.com/docker/setup-qemu-action/pull/271 )
**Full Changelog**:
<https://github.com/docker/setup-qemu-action/compare/v4.0.0...v4.1.0 >
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2026-06-02 05:53:44 +00:00
Giteabot
798578115b
fix(deps): update npm dependencies, remove nolyfill ( #37968 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
|
[@eslint-community/eslint-plugin-eslint-comments](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments )
| [`4.7.1` →
`4.7.2`](https://renovatebot.com/diffs/npm/@eslint-community%2feslint-plugin-eslint-comments/4.7.1/4.7.2 )
|
|
|
| [@primer/octicons](https://primer.style/octicons )
([source](https://redirect.github.com/primer/octicons )) | [`19.26.0` →
`19.27.0`](https://renovatebot.com/diffs/npm/@primer%2focticons/19.26.0/19.27.0 )
|
|
|
|
[@typescript-eslint/parser](https://typescript-eslint.io/packages/parser )
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser ))
| [`8.59.4` →
`8.60.0`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.59.4/8.60.0 )
|
|
|
|
[@vitest/eslint-plugin](https://redirect.github.com/vitest-dev/eslint-plugin-vitest )
| [`1.6.17` →
`1.6.18`](https://renovatebot.com/diffs/npm/@vitest%2feslint-plugin/1.6.17/1.6.18 )
|
|
|
| [dayjs](https://day.js.org )
([source](https://redirect.github.com/iamkun/dayjs )) | [`1.11.20` →
`1.11.21`](https://renovatebot.com/diffs/npm/dayjs/1.11.20/1.11.21 ) |
|
|
| [katex](https://katex.org )
([source](https://redirect.github.com/KaTeX/KaTeX )) | [`0.16.47` →
`0.17.0`](https://renovatebot.com/diffs/npm/katex/0.16.47/0.17.0 ) |
|
|
|
[material-icon-theme](https://redirect.github.com/material-extensions/vscode-material-icon-theme/blob/main/README.md )
([source](https://redirect.github.com/material-extensions/vscode-material-icon-theme ))
| [`5.34.0` →
`5.35.0`](https://renovatebot.com/diffs/npm/material-icon-theme/5.34.0/5.35.0 )
|
|
|
| [pnpm](https://pnpm.io )
([source](https://redirect.github.com/pnpm/pnpm/tree/HEAD/pnpm )) |
[`11.2.1` →
`11.4.0`](https://renovatebot.com/diffs/npm/pnpm/11.2.1/11.4.0 ) |
|
|
|
[rolldown-license-plugin](https://redirect.github.com/silverwind/rolldown-license-plugin )
| [`3.0.7` →
`3.0.8`](https://renovatebot.com/diffs/npm/rolldown-license-plugin/3.0.7/3.0.8 )
|
|
|
|
[typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint )
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint ))
| [`8.59.4` →
`8.60.0`](https://renovatebot.com/diffs/npm/typescript-eslint/8.59.4/8.60.0 )
|
|
|
| [updates](https://redirect.github.com/silverwind/updates ) |
[`17.16.13` →
`17.17.2`](https://renovatebot.com/diffs/npm/updates/17.16.13/17.17.2 ) |
|
|
| [vite](https://vite.dev )
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite ))
| [`8.0.13` →
`8.0.14`](https://renovatebot.com/diffs/npm/vite/8.0.13/8.0.14 ) |
|
|
| [vue](https://vuejs.org/ )
([source](https://redirect.github.com/vuejs/core )) | [`3.5.34` →
`3.5.35`](https://renovatebot.com/diffs/npm/vue/3.5.34/3.5.35 ) |
|
|
| [vue-tsc](https://redirect.github.com/vuejs/language-tools )
([source](https://redirect.github.com/vuejs/language-tools/tree/HEAD/packages/tsc ))
| [`3.3.1` →
`3.3.2`](https://renovatebot.com/diffs/npm/vue-tsc/3.3.1/3.3.2 ) |
|
|
---
### Release Notes
<details>
<summary>eslint-community/eslint-plugin-eslint-comments
(@​eslint-community/eslint-plugin-eslint-comments)</summary>
###
[`v4.7.2`](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/releases/tag/v4.7.2 )
[Compare
Source](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/compare/v4.7.1...v4.7.2 )
##### Bug Fixes
- **deps:** pin `modern-monaco` version to 0.4.0
([#​320](https://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/issues/320 ))
([62a2c3a](62a2c3a4eehttps://redirect.github.com/eslint-community/eslint-plugin-eslint-comments/issues/311 ))
([42919d0](42919d06d8https://redirect.github.com/primer/octicons/blob/HEAD/CHANGELOG.md#19270 )
[Compare
Source](https://redirect.github.com/primer/octicons/compare/v19.26.0...v19.27.0 )
##### Minor Changes
- [#​1203](https://redirect.github.com/primer/octicons/pull/1203 )
[`a69618e4`](a69618e4b6https://redirect.github.com/ericwbailey )! -
Add flag icon
##### Patch Changes
- [#​1212](https://redirect.github.com/primer/octicons/pull/1212 )
[`02bd1ef8`](02bd1ef8d1https://redirect.github.com/ericwbailey )! -
remove hardcoded fill from flag icon
</details>
<details>
<summary>typescript-eslint/typescript-eslint
(@​typescript-eslint/parser)</summary>
###
[`v8.60.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8600-2026-05-25 )
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.4...v8.60.0 )
This was a version bump only for parser to align it with other projects,
there were no code changes.
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.0 )
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning ) and
[releases](https://typescript-eslint.io/users/releases ) on our website.
</details>
<details>
<summary>vitest-dev/eslint-plugin-vitest
(@​vitest/eslint-plugin)</summary>
###
[`v1.6.18`](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/releases/tag/v1.6.18 )
[Compare
Source](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.17...v1.6.18 )
##### 🐞 Bug Fixes
- Correct `requiresTypeChecking` metadata for four rules - by
[@​inglec-arista](https://redirect.github.com/inglec-arista ) in
[#​905](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/issues/905 )
[<samp>(e06a3)</samp>](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/commit/e06a3dc )
##### [View changes on
GitHub](https://redirect.github.com/vitest-dev/eslint-plugin-vitest/compare/v1.6.17...v1.6.18 )
</details>
<details>
<summary>iamkun/dayjs (dayjs)</summary>
###
[`v1.11.21`](https://redirect.github.com/iamkun/dayjs/blob/HEAD/CHANGELOG.md#11121-2026-05-26 )
[Compare
Source](https://redirect.github.com/iamkun/dayjs/compare/v1.11.20...v1.11.21 )
##### Bug Fixes
- preserve unsupported year tokens in format
([#​3015](https://redirect.github.com/iamkun/dayjs/issues/3015 ))
([#​3016](https://redirect.github.com/iamkun/dayjs/issues/3016 ))
([8fda602](8fda602beahttps://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#0170-2026-05-22 )
[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.47...v0.17.0 )
##### Performance Improvements
- simplify `defineFunction` to avoid destructuring, improve typing
([#​4222](https://redirect.github.com/KaTeX/KaTeX/issues/4222 ))
([fb604e6](fb604e6ba6https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.46...v0.16.47 )
(2026-05-16)
##### Bug Fixes
- correct size of `[` big delimiter
([#​4217](https://redirect.github.com/KaTeX/KaTeX/issues/4217 ))
([7ba0027](7ba0027d2fhttps://redirect.github.com/KaTeX/KaTeX/issues/4215 )
####
[0.16.46](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.45...v0.16.46 )
(2026-05-13)
##### Bug Fixes
- preserve math font in some styling commands
([#​4214](https://redirect.github.com/KaTeX/KaTeX/issues/4214 ))
([e9ee046](e9ee0464ddhttps://redirect.github.com/KaTeX/KaTeX/issues/4213 )
####
[0.16.45](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.44...v0.16.45 )
(2026-04-05)
##### Bug Fixes
- wrap vcenter mpadded in mrow for valid MathML
([#​4193](https://redirect.github.com/KaTeX/KaTeX/issues/4193 ))
([ee66b78](ee66b78d24https://redirect.github.com/KaTeX/KaTeX/issues/4078 )
####
[0.16.44](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.43...v0.16.44 )
(2026-03-27)
##### Bug Fixes
- remove extra \jot space at bottom of align/gather/etc.
([#​4184](https://redirect.github.com/KaTeX/KaTeX/issues/4184 ))
([3870ee9](3870ee913ehttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.42...v0.16.43 )
(2026-03-26)
##### Bug Fixes
- use makeEm() consistently to truncate long CSS decimals
([#​4181](https://redirect.github.com/KaTeX/KaTeX/issues/4181 ))
([0967dcc](0967dcc027https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.41...v0.16.42 )
(2026-03-24)
##### Features
- \underbracket and \overbracket
([#​4147](https://redirect.github.com/KaTeX/KaTeX/issues/4147 ))
([5be9abb](5be9abb0b4https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.40...v0.16.41 )
(2026-03-24)
##### Bug Fixes
- \sout in text mode
([#​4173](https://redirect.github.com/KaTeX/KaTeX/issues/4173 ))
([e748578](e748578b63https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.39...v0.16.40 )
(2026-03-20)
##### Bug Fixes
- **css:** specify position: relative for .katex
([#​4170](https://redirect.github.com/KaTeX/KaTeX/issues/4170 ))
([020f0d8](020f0d8956https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.38...v0.16.39 )
(2026-03-19)
##### Bug Fixes
- middle dot in text mode
([#​4169](https://redirect.github.com/KaTeX/KaTeX/issues/4169 ))
([edb45b0](edb45b0b17https://redirect.github.com/KaTeX/KaTeX/issues/3641 )
####
[0.16.38](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.37...v0.16.38 )
(2026-03-08)
##### Bug Fixes
- accent skew mixed with font specifiers
([#​4159](https://redirect.github.com/KaTeX/KaTeX/issues/4159 ))
([aea3375](aea33758d6https://redirect.github.com/KaTeX/KaTeX/issues/4121 )
####
[0.16.37](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.36...v0.16.37 )
(2026-03-06)
##### Bug Fixes
- negative-width `\hphantom` and symmetric `\smash`
([#​4153](https://redirect.github.com/KaTeX/KaTeX/issues/4153 ))
([d4799ca](d4799cae58https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.35...v0.16.36 )
(2026-03-06)
##### Bug Fixes
- contrib esm bloat
([#​4157](https://redirect.github.com/KaTeX/KaTeX/issues/4157 ))
([2bde1ad](2bde1adab2https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.34...v0.16.35 )
(2026-03-05)
##### Bug Fixes
- version number regression
([#​4155](https://redirect.github.com/KaTeX/KaTeX/issues/4155 ))
([db26b73](db26b73380https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.33...v0.16.34 )
(2026-03-05)
##### Bug Fixes
- emoji with variation selector
([#​4151](https://redirect.github.com/KaTeX/KaTeX/issues/4151 ))
([c2606e5](c2606e5db9https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.32...v0.16.33 )
(2026-02-23)
##### Bug Fixes
- **scss:** forward variables to fonts module
([#​4146](https://redirect.github.com/KaTeX/KaTeX/issues/4146 ))
([9349a64](9349a64a05https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.31...v0.16.32 )
(2026-02-22)
##### Bug Fixes
- italic separation in \mathnormal
([#​4143](https://redirect.github.com/KaTeX/KaTeX/issues/4143 ))
([71305a0](71305a0514https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.30...v0.16.31 )
(2026-02-22)
##### Bug Fixes
- `\*frac` sizing
([#​4137](https://redirect.github.com/KaTeX/KaTeX/issues/4137 ))
([ef51f18](ef51f18dedhttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.29...v0.16.30 )
(2026-02-22)
##### Bug Fixes
- no line breaks after `\not`
([#​4140](https://redirect.github.com/KaTeX/KaTeX/issues/4140 ))
([2d1ba86](2d1ba86143https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.28...v0.16.29 )
(2026-02-22)
##### Bug Fixes
- `\imath` and other `\html@mathml` macros in arguments
([#​4139](https://redirect.github.com/KaTeX/KaTeX/issues/4139 ))
([a850cce](a850cce7cchttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.27...v0.16.28 )
(2026-01-25)
##### Bug Fixes
- **type:** add missing types definition path to package.json
([#​4125](https://redirect.github.com/KaTeX/KaTeX/issues/4125 ))
([0ef8921](0ef8921d18https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.26...v0.16.27 )
(2025-12-07)
##### Features
- support equals sign and surrounding whitespace in \htmlData attribute
values
([#​4112](https://redirect.github.com/KaTeX/KaTeX/issues/4112 ))
([c77aaec](c77aaec00chttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.25...v0.16.26 )
(2025-12-07)
##### Bug Fixes
- \mathop followed by integral symbol
([6fbad18](6fbad18857https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.24...v0.16.25 )
(2025-10-13)
##### Features
- **css:** provide `katex-swap.css` that uses `font-display: swap`
([#​3940](https://redirect.github.com/KaTeX/KaTeX/issues/3940 ))
([b3f9ce6](b3f9ce691ehttps://redirect.github.com/KaTeX/KaTeX/issues/2242 )
####
[0.16.24](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.23...v0.16.24 )
(2025-10-12)
##### Features
- support hex colors with alpha
([#​4090](https://redirect.github.com/KaTeX/KaTeX/issues/4090 ))
([8c9b306](8c9b306396https://redirect.github.com/KaTeX/KaTeX/issues/4067 )
[#fA6](https://redirect.github.com/KaTeX/KaTeX/issues/fA6 )
[#fA6f1](https://redirect.github.com/KaTeX/KaTeX/issues/fA6f1 )
####
[0.16.23](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.22...v0.16.23 )
(2025-10-03)
##### Bug Fixes
- Support `\def` with arguments via `macros` option
([#​4087](https://redirect.github.com/KaTeX/KaTeX/issues/4087 ))
([80a8158](80a815856ahttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.21...v0.16.22 )
(2025-04-09)
##### Bug Fixes
- \relax in base or exponent of super/subscript
([#​4045](https://redirect.github.com/KaTeX/KaTeX/issues/4045 ))
([1f43c84](1f43c84a17https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.20...v0.16.21 )
(2025-01-17)
##### Bug Fixes
- escape \htmlData attribute name
([57914ad](57914ad91ehttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.19...v0.16.20 )
(2025-01-12)
##### Bug Fixes
- \providecommand does not overwrite existing macro
([#​4000](https://redirect.github.com/KaTeX/KaTeX/issues/4000 ))
([6d30fe4](6d30fe47b0https://redirect.github.com/KaTeX/KaTeX/issues/3928 )
####
[0.16.19](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.18...v0.16.19 )
(2024-12-29)
##### Bug Fixes
- **types:** improve `strict` function type
([#​4009](https://redirect.github.com/KaTeX/KaTeX/issues/4009 ))
([4228b4e](4228b4eb52https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.17...v0.16.18 )
(2024-12-18)
##### Bug Fixes
- Actually publish TypeScript type definitions
([#​4008](https://redirect.github.com/KaTeX/KaTeX/issues/4008 ))
([629b873](629b87354fhttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.16...v0.16.17 )
(2024-12-17)
##### Bug Fixes
- MathML combines multidigit numbers with sup/subscript, comma
separators, and multicharacter text when outputting to DOM
([#​3999](https://redirect.github.com/KaTeX/KaTeX/issues/3999 ))
([7d79e22](7d79e220f4https://redirect.github.com/KaTeX/KaTeX/issues/3995 )
####
[0.16.16](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.15...v0.16.16 )
(2024-12-17)
##### Features
- ESM exports, TypeScript types
([#​3992](https://redirect.github.com/KaTeX/KaTeX/issues/3992 ))
([ea9c173](ea9c173a0dhttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.14...v0.16.15 )
(2024-12-09)
##### Features
- italic sans-serif in math mode via `\mathsfit` command
([#​3998](https://redirect.github.com/KaTeX/KaTeX/issues/3998 ))
([2218901](22189018b6https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.13...v0.16.14 )
(2024-12-08)
##### Features
- \dddot and \ddddot support
([#​3834](https://redirect.github.com/KaTeX/KaTeX/issues/3834 ))
([bda35cd](bda35cdb0ahttps://redirect.github.com/KaTeX/KaTeX/issues/2744 )
####
[0.16.13](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.12...v0.16.13 )
(2024-12-08)
##### Bug Fixes
- `\vdots` and `\rule` support in text mode
([#​3997](https://redirect.github.com/KaTeX/KaTeX/issues/3997 ))
([0e08352](0e08352623https://redirect.github.com/KaTeX/KaTeX/issues/3990 )
####
[0.16.12](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.11...v0.16.12 )
(2024-12-08)
##### Features
- **css:** configurable margin for display math
([#​3638](https://redirect.github.com/KaTeX/KaTeX/issues/3638 ))
([3405001](3405001225https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.10...v0.16.11 )
(2024-07-02)
##### Features
- add \emph
([#​3963](https://redirect.github.com/KaTeX/KaTeX/issues/3963 ))
([9f34da4](9f34da4b3chttps://redirect.github.com/KaTeX/KaTeX/issues/3566 )
####
[0.16.10](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.9...v0.16.10 )
(2024-03-24)
##### Bug Fixes
- \edef bypassing maxExpand via exponential blowup
([e88b4c3](e88b4c357fc5897fcd1ffc5af64183https://redirect.github.com//datatracker.ietf.org/doc/html/rfc3986/issues/section-3 )
- maxExpand limit with Unicode sub/superscripts
([085e21b](085e21b5dahttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.8...v0.16.9 )
(2023-10-02)
##### Features
- Support bold Fraktur
([#​3777](https://redirect.github.com/KaTeX/KaTeX/issues/3777 ))
([240d5ae](240d5aede9https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.7...v0.16.8 )
(2023-06-24)
##### Features
- expose error length and raw error message on ParseError
([#​3820](https://redirect.github.com/KaTeX/KaTeX/issues/3820 ))
([710774a](710774aaebhttps://redirect.github.com/KaTeX/KaTeX/compare/v0.16.6...v0.16.7 )
(2023-04-28)
##### Bug Fixes
- **docs/support\_table.md:** delete redundant "varPsi"
([#​3814](https://redirect.github.com/KaTeX/KaTeX/issues/3814 ))
([33a1b98](33a1b98710https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.5...v0.16.6 )
(2023-04-17)
##### Bug Fixes
- Support `\let` via `macros` option
([#​3738](https://redirect.github.com/KaTeX/KaTeX/issues/3738 ))
([bdb0be2](bdb0be2017https://redirect.github.com/KaTeX/KaTeX/issues/3737 )
[#​3737](https://redirect.github.com/KaTeX/KaTeX/issues/3737 )
####
[0.16.5](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.4...v0.16.5 )
(2023-04-17)
##### Features
- \_\_defineFunction API exposing internal defineFunction
([#​3805](https://redirect.github.com/KaTeX/KaTeX/issues/3805 ))
([c7b1f84](c7b1f84b78https://redirect.github.com/KaTeX/KaTeX/issues/3756 )
####
[0.16.4](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.3...v0.16.4 )
(2022-12-07)
##### Bug Fixes
- space should prevent optional argument to \
([#​3746](https://redirect.github.com/KaTeX/KaTeX/issues/3746 ))
([a0deb34](a0deb3410fhttps://redirect.github.com/KaTeX/KaTeX/issues/3745 )
####
[0.16.3](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.2...v0.16.3 )
(2022-10-22)
##### Bug Fixes
- \hline after \cr
([#​3735](https://redirect.github.com/KaTeX/KaTeX/issues/3735 ))
([ebf6bf5](ebf6bf5b50https://redirect.github.com/KaTeX/KaTeX/issues/3734 )
####
[0.16.2](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.1...v0.16.2 )
(2022-08-29)
##### Bug Fixes
- **auto-render:** concatenate content of successive text nodes
([#​3422](https://redirect.github.com/KaTeX/KaTeX/issues/3422 ))
([4d3fdd8](4d3fdd8647https://redirect.github.com/KaTeX/KaTeX/issues/3505 ))
([176552a](176552a691https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.0...v0.16.1 )
(2022-08-28)
##### Bug Fixes
- Use SVGs for some stacked delims
([#​3686](https://redirect.github.com/KaTeX/KaTeX/issues/3686 ))
([8a65a2e](8a65a2e1fdhttps://redirect.github.com/material-extensions/vscode-material-icon-theme/blob/HEAD/CHANGELOG.md#v5350 )
[Compare
Source](https://redirect.github.com/material-extensions/vscode-material-icon-theme/compare/v5.34.0...v5.35.0 )
[compare
changes](https://redirect.github.com/material-extensions/vscode-material-icon-theme/compare/v5.34.0...v5.35.0 )
##### 🚀 Enhancements
- Add CAD file extensions to 3d icon mapping
([#​3436](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3436 ))
- Add tsdown icon
([#​3418](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3418 ))
- Add new icons for mrpack
([#​3439](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3439 ))
- Add support for vercel.ts icon (typed Vercel configuration)
([#​3441](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3441 ))
- Support jxl image file type
([#​3444](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3444 ))
- Add uiua file icon
([#​3408](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3408 ))
- Add folder associations for rust/cargo projects
([#​3447](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3447 ))
- **icon:** Add zed folder icon
([#​3442](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3442 ))
- **icon:** Add redis icon
([#​3450](https://redirect.github.com/material-extensions/vscode-material-icon-theme/pull/3450 ))
- Add more unit tests for writefile helper function
([9e4c98aa](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/9e4c98aa ))
- Include language IDs into the file icons
([c9a9d2ed](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/c9a9d2ed ))
- Update dependencies
([d7274c71](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/d7274c71 ))
##### 🩹 Fixes
- Add rootDir to tsconfig.declarations.json for TypeScript 6
([4f7f49e9](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/4f7f49e9 ))
- Correct typos in CONTRIBUTING.md
([4de4acf7](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/4de4acf7 ))
##### 💅 Refactors
- **core:** Rewrite toTitleCase for clarity and add tests
([33c0e614](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/33c0e614 ))
- Remove duplicate toTitleCase, consolidate imports
([e247951d](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/e247951d ))
##### 🏡 Chore
- Improve release process
([b959b483](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/b959b483 ))
##### ✅ Tests
- **core:** Add comprehensive tests for object helpers
([57f476c5](https://redirect.github.com/material-extensions/vscode-material-icon-theme/commit/57f476c5 ))
##### ❤️ Contributors
- Philipp Kief ([@​PKief](https://redirect.github.com/PKief ))
- Sayan Shankhari
([@​SayanShankhari](https://redirect.github.com/SayanShankhari ))
- Tymon Marek
([@​TymonMarek](https://redirect.github.com/TymonMarek ))
- Unteksi-ozar
([@​Unteksi-ozar](https://redirect.github.com/Unteksi-ozar ))
- 锐冰 SharpIce
([@​SharpIceX](https://redirect.github.com/SharpIceX ))
- El Mahdi Bennajah
([@​bennajah](https://redirect.github.com/bennajah ))
- Glitch714
([@​glitchplaysgames714](https://redirect.github.com/glitchplaysgames714 ))
- Andrin Haldner
([@​AHaldner](https://redirect.github.com/AHaldner ))
- Kaden Gruizenga ([@​kgruiz](https://redirect.github.com/kgruiz ))
</details>
<details>
<summary>pnpm/pnpm (pnpm)</summary>
###
[`v11.4.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1140 )
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.3.0...v11.4.0 )
##### Minor Changes
- Treat tarball-integrity mismatches against the lockfile as a hard
failure by default. Previously, `pnpm install` (non-frozen) would log
`ERR_PNPM_TARBALL_INTEGRITY`, silently re-resolve from the registry, and
overwrite the locked integrity — which meant a compromised registry,
proxy, or republished version could substitute attacker-controlled
content on a clean machine even though the project shipped a committed
lockfile.
`pnpm install` now exits with `ERR_PNPM_TARBALL_INTEGRITY` and a hint
pointing at the new opt-in flag.
The only opt-in is **`pnpm install --update-checksums`** — narrowly
scoped to refreshing the locked integrity values from what the registry
currently serves. Mirrors yarn's flag of the same name. A warning still
prints when the bypass takes effect so the operation is auditable.
`--force` and `pnpm update` deliberately do **not** bypass the integrity
check. They are routine refresh operations; silently overwriting a
locked integrity in those flows would erase the protection a committed
lockfile is supposed to provide. `--frozen-lockfile` behavior is
unchanged. `--fix-lockfile` keeps its documented purpose (filling in
missing lockfile entries) and is also not a bypass.
- `pnpm runtime set <name> <version>` now saves the runtime to
`devEngines.runtime` by default instead of `engines.runtime`. Pass
`--save-prod` (or `-P`) to save it to `engines.runtime` instead
[#​11948](https://redirect.github.com/pnpm/pnpm/issues/11948 ).
##### Patch Changes
- Fix a credential disclosure issue where an unscoped `_authToken` (or
`_auth`, or `username` + `_password`, or `tokenHelper`) defined in one
source — `~/.npmrc`, `~/.config/pnpm/auth.ini`, a workspace `.npmrc`,
CLI flags, etc. — would be sent as an `Authorization` header to
whichever registry a different (potentially untrusted) source named. The
same fix extends to client TLS credentials (`cert`, `key`) so they
aren't presented to a registry their author didn't choose.
pnpm now rewrites each unscoped per-registry setting (`_authToken`,
`_auth`, `username`, `_password`, `tokenHelper`, `cert`, `key`) to its
URL-scoped form at load time, using the `registry=` value declared in
the same source (or the npmjs default registry if the source declares
none). A later layer overriding `registry=` therefore cannot pull an
unscoped credential along, because it is already pinned to the URL its
author intended. `ca`/`cafile` are intentionally not rescoped — they're
trust anchors, not credentials, and corporate MITM-proxy setups rely on
them applying globally.
Every rescope emits a deprecation warning telling the user where the
setting was pinned and how to write it directly. npm has rejected
unscoped credentials outright since `npm@9`, and pnpm intends to remove
support in a future major release. To target a specific registry, write
the setting URL-scoped (e.g. `//registry.example.com/:_authToken=...` or
`//registry.example.com/:cert=...`).
`@pnpm/network.auth-header`: removed the `defaultRegistry` parameter
from `createGetAuthHeaderByURI` and `getAuthHeadersFromCreds`. Now that
credentials are URL-scoped at load time, the merged `configByUri` never
contains the empty-string "default registry" placeholder slot, so
re-keying it onto the merged default registry is no longer needed.
- Fix `pnpm deploy` crashing with `ENOENT: ... lstat
'<deployDir>/node_modules'` when `configDependencies` declares pacquet
(`pacquet` or `@pnpm/pacquet`). The deploy directory never installs
config dependencies, so the install engine they designate isn't on disk
to invoke; the nested install now skips them.
- Reject git resolutions whose `commit` field is not a 40-character
hexadecimal SHA before invoking `git`. A malicious lockfile could
otherwise smuggle a value such as `--upload-pack=<command>` through `git
fetch` / `git checkout`, which on SSH or local-file transports executes
the supplied command.
- Limit concurrent project manifest reads while listing large workspaces
to avoid `EMFILE` errors.
- Reject patch files whose `diff --git` headers reference paths outside
the patched package directory. Previously a malicious `.patch` file
added via a pull request could write, delete, or rename arbitrary files
reachable by the user running `pnpm install`.
- Improve the log message that pnpm prints after auto-adding entries to
`minimumReleaseAgeExclude` when `minimumReleaseAge` is set without
`minimumReleaseAgeStrict`. The message previously referred to the
internal "loose mode" terminology, which wasn't searchable in the docs;
it now tells the user to set `minimumReleaseAgeStrict` to `true` if they
want these updates gated behind a prompt instead
[#​11747](https://redirect.github.com/pnpm/pnpm/issues/11747 ).
- Reject dependency aliases that contain path-traversal segments (such
as `@x/../../../../../.git/hooks`) when reading them from a package
manifest or symlinking them into `node_modules`. A malicious registry
package could otherwise use a transitive dependency key to make `pnpm
install` create symlinks at attacker-chosen paths outside the intended
`node_modules` directory.
- Reject `pnpm-lock.yaml` entries whose remote tarball `resolution:`
block is missing the `integrity` field. Previously the worker that
extracts a downloaded tarball skipped hash verification when no
integrity was supplied and minted a fresh one from the unverified bytes,
so an attacker who could both alter the lockfile (e.g. via a pull
request that strips `integrity:`) and serve modified content at the
referenced tarball URL could install a tampered package without any
error — including under `--frozen-lockfile`. pnpm now fails closed at
lockfile-read time with `ERR_PNPM_MISSING_TARBALL_INTEGRITY`. Git-hosted
tarballs (`gitHosted: true` or a URL on codeload.github.com /
bitbucket.org / gitlab.com) and `file:` tarballs are exempt — the commit
SHA in a git-host URL and the user-controlled local path already anchor
the bytes.
- Validate `devEngines.runtime` and `engines.runtime` version ranges for
`node`, `deno`, and `bun` when `onFail` is set to `error` or `warn`.
Previously these settings only had an effect with `onFail: 'download'` —
the `error` and `warn` modes silently did nothing
[#​11818](https://redirect.github.com/pnpm/pnpm/issues/11818 ).
Violations now throw `ERR_PNPM_BAD_RUNTIME_VERSION`.
- Require provenance before treating trusted publisher metadata as the
strongest trust evidence.
###
[`v11.3.0`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1130 )
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.2.2...v11.3.0 )
##### Minor Changes
- Added `pnpm stage` with `publish`, `list`, `view`, `approve`,
`reject`, and `download` subcommands for npm staged publishing.
- Added a new setting `trustLockfile`. When `true`, `pnpm install` skips
the supply-chain verification pass that re-applies `minimumReleaseAge` /
`trustPolicy='no-downgrade'` to every entry in the loaded lockfile. The
install treats the lockfile as already-trusted — useful for
closed-source projects where every commit comes from a trusted author.
Defaults to `false`; verification stays on by default. Set in
`pnpm-workspace.yaml`.
Also cut the memory footprint of the verification pass itself: the
per-(registry, name) trust-meta cache previously retained the full
packument — dependency graphs, scripts, README, and per-version
manifests — for the entire install. On large workspaces (`~4k` lockfile
entries with `minimumReleaseAge` + `trustPolicy: no-downgrade` enabled)
this could OOM CI runners with a 2GB heap cap. The cache now stores only
the fields the trust check actually reads (`time`, per-version
`_npmUser.trustedPublisher`, `dist.attestations.provenance`). The
abbreviated-metadata cache is similarly projected to just the
package-level `modified` field and the set of currently-listed version
names. Fixes
[#​11860](https://redirect.github.com/pnpm/pnpm/issues/11860 ).
- Implemented `pnpm pkg` command natively, following `npm pkg`
standards.
- Implemented `pnpm repo` command natively, following `npm repo`
standards.
- Implemented `pnpm set-script` (alias `ss`) natively. Adds or updates
an entry in the `scripts` field of the project manifest, supporting
`package.json`, `package.json5`, and `package.yaml` formats.
- Add a `skip-manifest-obfuscation` option for `pnpm pack` and `pnpm
publish`. When enabled, the original `packageManager` field and publish
lifecycle scripts are kept in the packed/published manifest instead of
being stripped. The pnpm-specific `pnpm` field continues to be omitted.
##### Patch Changes
- Fixed `pnpm dlx` failing with `ERR_PNPM_NO_IMPORTER_MANIFEST_FOUND`
when the installed package's CAS slot is missing its `package.json`.
Observed in the wild for `pnpm dlx node@runtime:<version>` when the GVS
slot was populated without the synthesized manifest runtime archives
need (they don't ship a `package.json` of their own, so the synthesized
one is the only way it gets there; an existing slot from an earlier code
path that skipped the synthesis stays incomplete). The bin link itself
is wired up from the resolution and remains valid, so `dlx` now falls
back to the scopeless package name when the slot's manifest is
unreadable — for single-bin packages (the dlx common case, including
every `runtime:` spec) this matches what `manifest.bin` would have
named. Multi-bin packages already require `--package=<spec> <bin>` to
disambiguate and don't enter this code path.
- Fixed non-determinism in `pnpm dedupe` and `pnpm install` when a
dependency graph contains packages with transitive peer dependencies on
each other (e.g. `@aws-sdk/client-sts` and `@aws-sdk/client-sso-oidc`)
and `auto-install-peers` is enabled. The lockfile no longer flips
between two equally-valid forms across consecutive runs. The root cause
was that `resolveDependencies` pushed onto its `pkgAddresses` /
`postponedResolutionsQueue` arrays from inside `Promise.all`-spawned
callbacks, so completion-order timing leaked into the array order and
downstream cyclic-peer suffix assignment. Fixes
[#​8155](https://redirect.github.com/pnpm/pnpm/issues/8155 ).
- Fixed a regression introduced by
[#​11711](https://redirect.github.com/pnpm/pnpm/pull/11711 ) where
`pnpm add <github-shorthand>` (and any other wanted-dependency whose
alias can't be parsed from the user-supplied spec, e.g. tarball URLs or
`pnpm/test-git-fetch#sha`) was silently dropped from the manifest update
and from `pendingBuilds`. The alias-keyed lookup added in that PR
couldn't find a `wantedDependency` whose `alias` was `undefined` at
parse time but resolved to a package name only after fetching, so the
entry never made it into `specsToUpsert`. Restored the original
index-based pairing between `directDependencies` and
`wantedDependencies`; the catalog-protocol preservation that PR was
originally fixing is unaffected because it's driven by
`rdd.catalogLookup.userSpecifiedBareSpecifier`, not by the lookup. Fixes
the three `rebuilds dependencies` / `rebuilds specific dependencies` /
`rebuild with pending option` failures in
`building/commands/test/build/index.ts`.
- Fixed `pnpm add --config` leaving orphan entries in
`pnpm-lock.env.yaml` (the optional subdependencies of the previously
resolved version of the updated config dependency).
###
[`v11.2.2`](https://redirect.github.com/pnpm/pnpm/blob/HEAD/pnpm/CHANGELOG.md#1122 )
[Compare
Source](https://redirect.github.com/pnpm/pnpm/compare/v11.2.1...v11.2.2 )
##### Patch Changes
- When the install engine is delegated to pacquet via
`configDependencies`, the user's CLI flags passed to `pnpm install`
(e.g. `--no-runtime`, `--prod`, `--dev`, `--no-optional`,
`--node-linker`, `--cpu`/`--os`/`--libc`, `--offline`,
`--prefer-offline`) are now forwarded to pacquet's `install` subcommand
verbatim. Previously pacquet was invoked with a fixed argument list, so
flags like `--no-runtime` were silently dropped. Flag forwarding is
gated on the command being `install`/`i`; `add`, `update`, and `dedupe`
still don't forward (their flag surface doesn't line up with pacquet's
`install`).
- Fixed `pnpm up` (and `pnpm add` / `pnpm remove`) failing with
`pacquet_package_manager::outdated_lockfile` when pacquet is declared in
`configDependencies`. pnpm now passes `--ignore-manifest-check` to
pacquet so its `--frozen-lockfile` check doesn't fire against the
(pre-mutation) `package.json` pnpm hasn't written yet
[#​11797](https://redirect.github.com/pnpm/pnpm/issues/11797 ).
Requires a pacquet release that supports the flag — bump
`PACQUET_VERSION` in the e2e tests once it ships.
</details>
<details>
<summary>silverwind/rolldown-license-plugin
(rolldown-license-plugin)</summary>
###
[`v3.0.8`](https://redirect.github.com/silverwind/rolldown-license-plugin/releases/tag/3.0.8 )
[Compare
Source](https://redirect.github.com/silverwind/rolldown-license-plugin/compare/3.0.7...3.0.8 )
- update deps (silverwind)
- swap path.join for template concat in I/O hot paths (silverwind)
- simplify license sort and allow-branch control flow (silverwind)
</details>
<details>
<summary>typescript-eslint/typescript-eslint
(typescript-eslint)</summary>
###
[`v8.60.0`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/typescript-eslint/CHANGELOG.md#8600-2026-05-25 )
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.4...v8.60.0 )
This was a version bump only for typescript-eslint to align it with
other projects, there were no code changes.
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.60.0 )
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning ) and
[releases](https://typescript-eslint.io/users/releases ) on our website.
</details>
<details>
<summary>silverwind/updates (updates)</summary>
###
[`v17.17.2`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.2 )
[Compare
Source](https://redirect.github.com/silverwind/updates/compare/17.17.1...17.17.2 )
- Read github env tokens lazily instead of at import (silverwind)
###
[`v17.17.1`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.1 )
[Compare
Source](https://redirect.github.com/silverwind/updates/compare/17.17.0...17.17.1 )
- Scope GitHub token fallback to GitHub hosts only (silverwind)
###
[`v17.17.0`](https://redirect.github.com/silverwind/updates/releases/tag/17.17.0 )
[Compare
Source](https://redirect.github.com/silverwind/updates/compare/17.16.13...17.17.0 )
- update deps (silverwind)
- Add per-package `overrides` config option
([#​140](https://redirect.github.com/silverwind/updates/issues/140 ))
(silverwind)
- fix three bugs in range/tag handling (silverwind)
</details>
<details>
<summary>vitejs/vite (vite)</summary>
###
[`v8.0.14`](https://redirect.github.com/vitejs/vite/blob/HEAD/packages/vite/CHANGELOG.md#small-8014-2026-05-21-small )
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v8.0.13...v8.0.14 )
##### Features
- update rolldown to 1.0.2
([#​22484](https://redirect.github.com/vitejs/vite/issues/22484 ))
([96efc88](96efc88570https://redirect.github.com/vitejs/vite/issues/22471 ))
([98b8163](98b8163213https://redirect.github.com/vitejs/vite/issues/22450 ))
([e8e9a34](e8e9a34dcfhttps://redirect.github.com/vitejs/vite/issues/22480 ))
([5d94d1b](5d94d1bffdhttps://redirect.github.com/vitejs/vite/issues/22342 ))
([b3132da](b3132daceahttps://redirect.github.com/vitejs/vite/issues/22470 ))
([7cb728e](7cb728eb622c69495f25https://redirect.github.com/vitejs/vite/issues/22310 ))
([0ae2844](0ae2844ab6https://redirect.github.com/vitejs/vite/issues/22449 ))
([ebf39a0](ebf39a0432https://redirect.github.com/vuejs/core/blob/HEAD/CHANGELOG.md#3535-2026-05-27 )
[Compare
Source](https://redirect.github.com/vuejs/core/compare/v3.5.34...v3.5.35 )
##### Bug Fixes
- **compiler-core:** avoid double processing v-for keys with v-memo
([#​14861](https://redirect.github.com/vuejs/core/issues/14861 ))
([34a0ded](34a0ded4d2https://redirect.github.com/vuejs/core/issues/14859 )
- **compiler-sfc:** resolve top-level exports from files registered as
global types
([#​14805](https://redirect.github.com/vuejs/core/issues/14805 ))
([3d077f2](3d077f26e3nuxt/nuxt#33694 ](https://redirect.github.com/nuxt/nuxt/issues/33694 )
- **runtime-core:** avoid repeated hydration mismatch checks
([#​14857](https://redirect.github.com/vuejs/core/issues/14857 ))
([170fc95](170fc95eb6https://redirect.github.com/vuejs/core/issues/14855 )
- **runtime-core:** skip idle persisted transition hooks in keep-alive
moves
([#​14865](https://redirect.github.com/vuejs/core/issues/14865 ))
([80fc139](80fc139f90https://redirect.github.com/vuejs/core/issues/14031 )
- **server-renderer:** propagate sync errors from `ssrRenderSuspense`
([#​14804](https://redirect.github.com/vuejs/core/issues/14804 ))
([4760997](47609975e2nuxt/nuxt#28162 ](https://redirect.github.com/nuxt/nuxt/issues/28162 )
- **teleport:** skip child unmount when pending mount discarded
([#​14876](https://redirect.github.com/vuejs/core/issues/14876 ))
([#​14877](https://redirect.github.com/vuejs/core/issues/14877 ))
([584beb1](584beb1262https://redirect.github.com/vuejs/core/issues/14860 ))
([5734fe9](5734fe97f6https://redirect.github.com/vuejs/core/issues/14828 ))
([bb18dc8](bb18dc8e56https://redirect.github.com/vuejs/core/issues/14821 ))
([1b7a2cc](1b7a2cc15chttps://redirect.github.com/vuejs/language-tools/blob/HEAD/CHANGELOG.md#332-2026-05-25 )
[Compare
Source](https://redirect.github.com/vuejs/language-tools/compare/v3.3.1...v3.3.2 )
##### language-core
- **feat:** preserve literal types for inline `v-for` sources
([#​6067](https://redirect.github.com/vuejs/language-tools/issues/6067 ))
- Thanks to [@​kkesidis](https://redirect.github.com/kkesidis )!
- **fix:** align `v-bind` shorthand identifier skipping with
interpolation - Thanks to
[@​KazariEX](https://redirect.github.com/KazariEX )!
##### vscode
- **feat:** transform tsserver content
([#​6062](https://redirect.github.com/vuejs/language-tools/issues/6062 ))
- Thanks to [@​KazariEX](https://redirect.github.com/KazariEX )!
- **fix:** do not mark trailing slash in capitalized self-closing tags
as invalid
([#​6065](https://redirect.github.com/vuejs/language-tools/issues/6065 ))
- Thanks to [@​suisanka](https://redirect.github.com/suisanka )!
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Only on Monday (`* * * * 1`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2026-06-02 07:18:20 +02:00
Giteabot
ab2a72fe04
fix(deps): update module github.com/google/go-github/v87 to v88 ( #37971 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
|
[github.com/google/go-github/v87](https://redirect.github.com/google/go-github )
| `v87.0.0` → `v88.0.0` |
|
|
---
### Release Notes
<details>
<summary>google/go-github (github.com/google/go-github/v87)</summary>
###
[`v88.0.0`](https://redirect.github.com/google/go-github/releases/tag/v88.0.0 )
[Compare
Source](https://redirect.github.com/google/go-github/compare/v87.0.0...v88.0.0 )
This release contains the following breaking API changes:
- refactor!: Change app installation `Find*` methods to `Get*`
([#​4243](https://redirect.github.com/google/go-github/issues/4243 ))
BREAKING CHANGE: App installation methods are renamed from `Find*` to
`Get*`.
...and the following additional changes:
- chore: Bump version of go-github to v88.0.0
([#​4245](https://redirect.github.com/google/go-github/issues/4245 ))
- chore: Update `openapi_operations.yaml`
([#​4242](https://redirect.github.com/google/go-github/issues/4242 ))
- feat: Add support for setting client URLs
([#​4240](https://redirect.github.com/google/go-github/issues/4240 ))
- refactor: Add constants for API versions
([#​4236](https://redirect.github.com/google/go-github/issues/4236 ))
- docs: Formatting and punctuation changes
([#​4235](https://redirect.github.com/google/go-github/issues/4235 ))
- feat: Add `GetParentIssue` for sub-issues
([#​4232](https://redirect.github.com/google/go-github/issues/4232 ))
- chore: Bump go-github from v86 to v87 in /scrape
([#​4234](https://redirect.github.com/google/go-github/issues/4234 ))
</details>
---
This PR has been generated by [Mend
Renovate](https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
2026-06-01 23:32:32 +00:00
Giteabot
9aa4e897e7
chore(deps): update tool dependencies ( #37965 )
...
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/ ) |
[Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [github.com/air-verse/air](https://redirect.github.com/air-verse/air )
| `v1.65.2` → `v1.65.3` |
|
|
|
[github.com/editorconfig-checker/editorconfig-checker/v3](https://redirect.github.com/editorconfig-checker/editorconfig-checker )
| `v3.6.1` → `v3.7.0` |
|
|
---
### Release Notes
<details>
<summary>air-verse/air (github.com/air-verse/air)</summary>
###
[`v1.65.3`](https://redirect.github.com/air-verse/air/releases/tag/v1.65.3 )
[Compare
Source](https://redirect.github.com/air-verse/air/compare/v1.65.2...v1.65.3 )
##### What's Changed
- Extend stale workflow timeout by
[@​xiantang](https://redirect.github.com/xiantang ) in
[#​903](https://redirect.github.com/air-verse/air/pull/903 )
- Increase stale workflow operation limit by
[@​xiantang](https://redirect.github.com/xiantang ) in
[#​904](https://redirect.github.com/air-verse/air/pull/904 )
- Add review guidelines for coding agents by
[@​xiantang](https://redirect.github.com/xiantang ) in
[#​905](https://redirect.github.com/air-verse/air/pull/905 )
- Add configurable color output mode by
[@​xiantang](https://redirect.github.com/xiantang ) in
[#​907](https://redirect.github.com/air-verse/air/pull/907 )
- fix: rewatch files after atomic saves by
[@​xiantang](https://redirect.github.com/xiantang ) in
[#​908](https://redirect.github.com/air-verse/air/pull/908 )
- follow-up: fix watcher recovery after atomic saves by
[@​xiantang](https://redirect.github.com/xiantang ) in
[#​909](https://redirect.github.com/air-verse/air/pull/909 )
- Accept .config/air.toml by
[@​bersace](https://redirect.github.com/bersace ) in
[#​716](https://redirect.github.com/air-verse/air/pull/716 )
- fix: keep built binary after app shutdown by
[@​mariusvniekerk](https://redirect.github.com/mariusvniekerk ) in
[#​911](https://redirect.github.com/air-verse/air/pull/911 )
##### New Contributors
- [@​bersace](https://redirect.github.com/bersace ) made their
first contribution in
[#​716](https://redirect.github.com/air-verse/air/pull/716 )
**Full Changelog**:
<https://github.com/air-verse/air/compare/v1.65.2...v1.65.3 >
</details>
<details>
<summary>editorconfig-checker/editorconfig-checker
(github.com/editorconfig-checker/editorconfig-checker/v3)</summary>
###
[`v3.7.0`](https://redirect.github.com/editorconfig-checker/editorconfig-checker/releases/tag/v3.7.0 )
[Compare
Source](https://redirect.github.com/editorconfig-checker/editorconfig-checker/compare/v3.6.1...v3.7.0 )
##### Features
- **files:** expand glob patterns in passed-file args
([#​190](https://redirect.github.com/editorconfig-checker/editorconfig-checker/issues/190 ))
([#​558](https://redirect.github.com/editorconfig-checker/editorconfig-checker/issues/558 ))
([4c0f326](4c0f326cfahttps://redirect.github.com/editorconfig-checker/editorconfig-checker/issues/557 ))
([9f4014c](9f4014ce09https://redirect.github.com/editorconfig-checker/editorconfig-checker/issues/550 ))
([f47b30c](f47b30c967https://redirect.github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2026-06-01 21:05:09 +00:00
wxiaoguang
85f563da6c
chore: various frontend changes ( #37973 )
2026-06-01 20:38:23 +00:00
Lunny Xiao
689ace1ce2
feat(orgs): Add search bar for organization members tab page ( #37347 )
...
Resolve #37072
<img width="1312" height="186" alt="image"
src="https://github.com/user-attachments/assets/3ca9eddb-9230-4b0d-992f-5b19e475e267 "
/>
---------
Signed-off-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: bircni <bircni@icloud.com>
2026-06-01 20:16:04 +00:00
TheFox0x7
9155a81b9d
docs: mark openapi3 as autogenerated in attributes ( #37963 )
...
Change from Co-Authored by trailer to Assisted-By and explicitly forbid
LLMs from signing off on commits.
---------
Signed-off-by: bircni <bircni@icloud.com>
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: bircni <bircni@icloud.com>
Co-authored-by: silverwind <me@silverwind.io>
2026-06-01 16:22:17 +00:00
GiteaBot
5c084c883c
[skip ci] Updated translations via Crowdin
2026-06-01 01:23:43 +00:00
silverwind
a39b2775ed
test: speed up two tests ( #37905 )
...
Two test-only changes that cut the `-race` backend unit job's critical
path, with no behavior change.
- **`modules/auth/password/hash`** — `TestHashing`/`TestVectors`
exercised the CPU-bound KDFs (scrypt `N=65536`, pbkdf2, bcrypt, argon2)
serially on one core. Marking the subtests `t.Parallel()` fans them
across cores. The hasher registry they read is only mutated by the
non-parallel `Test_registerHasher`, so this is race-free.
- **`services/release`** — `TestRelease_Update`/`TestRelease_createTag`
slept `6x time.Sleep(2s)` only to cross the 1-second `CreatedUnix`
boundary. Replaced with an advancing mocked clock (`timeutil.MockSet`),
making the timestamp assertions deterministic and removing the real
waits.
---
This PR was written with the help of Claude Opus 4.8
Co-authored-by: Claude (Opus 4.8) <noreply@anthropic.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2026-05-31 03:33:13 +00:00
silverwind
d0eba5e961
chore(deps): update urfave/cli/v3 to v3.9.0 ( #37863 )
...
Updates `github.com/urfave/cli/v3` to
[v3.9.0](https://github.com/urfave/cli/releases/tag/v3.9.0 ) and removes
the renovate pin now that
[urfave/cli#2319 ](https://github.com/urfave/cli/pull/2319 ) (the `-c`
help flag parsing fix) is merged.
v3.9.0 prepends the default command name to the root command's args,
which broke the old `Root().Args()` check in `isValidDefaultSubCommand`.
It now uses the command's own `Args()`.
Behavior change: `./gitea web <extra-positional-arg>` now errors with
`unknown command` instead of starting the web server and ignoring the
trailing arg. `web` takes no positional args, so this is stricter (and
arguably more correct) input handling. The intended `./gitea bad-cmd`
rejection is unchanged.
---
This PR was written with the help of Claude Opus 4.7
---------
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: Nicolas <bircni@icloud.com>
2026-05-30 20:56:16 +00:00
