Commit graph

539 commits

Author SHA1 Message Date
Earl Warren
e2ae389184 Merge pull request '[CHORE] Move to new sessioner library' (#5090) from gusted/forgejo-sessioner-fork into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5090
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 07:31:56 +00:00
Earl Warren
2514ba4e36 Merge pull request '[CHORE] Remove unused exclude' (#5118) from gusted/forgejo-tidy-gomod into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5118
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-26 07:28:52 +00:00
Renovate Bot
ec4e648e3a Update module github.com/go-enry/go-enry/v2 to v2.8.9 2024-08-26 02:05:27 +00:00
Gusted
3af7e03aeb
[CHORE] Remove unused exclude
This was introduced in https://github.com/go-gitea/gitea/pull/18311 to
exclude a vulnerable dependency. I am not sure when this happened or
with which dependency update, but this dependency is no longer being
used by another dependency and therefore these `exclude`s are no longer
needed. (Verified via `go mod graph`).
2024-08-26 03:31:07 +02:00
Gusted
fc40a5e242
[CHORE] Move to new sessioner library
- Moves to a fork of gitea.com/go-chi/session that removed support for
couchbase (and ledis, but that was never made available in Forgejo)
along with other code improvements.
f8ce677595..main
- The rationale for removing Couchbase is quite simple. Its not licensed
under FOSS
license (https://www.couchbase.com/blog/couchbase-adopts-bsl-license/)
and therefore cannot be tested by Forgejo and shouldn't be supported.
This is a similair vein to the removal of MSSQL
support (https://codeberg.org/forgejo/discussions/issues/122)
- A additional benefit is that this reduces the Forgejo binary by ~600Kb.
2024-08-25 03:47:08 +02:00
Renovate Bot
c111730d08 Update module github.com/google/go-github/v63 to v64 2024-08-24 16:05:36 +00:00
Renovate Bot
ae8a692d8b Update module code.forgejo.org/forgejo/act to v1.21.2 2024-08-24 00:04:15 +00:00
Renovate Bot
e87c9252d9 Update github.com/dsnet/compress digest to v0.0.2-0.20210315054119-f66993602bf5 2024-08-23 00:04:23 +00:00
Gusted
50a2bee7d3 Merge pull request 'Update module github.com/meilisearch/meilisearch-go to v0.28.0 (forgejo)' (#5058) from renovate/forgejo-github.com-meilisearch-meilisearch-go-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5058
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-22 20:51:33 +00:00
Earl Warren
41d13ee44b
chore(dependency): use forgejo/act instead of gitea/act
The subset of ACT used by Forgejo was the same as Gitea until
https://code.forgejo.org/forgejo/act/pulls/45. Since it is now
different, use the Forgejo soft-fork instead of the Gitea soft-fork.

Refs: https://codeberg.org/forgejo/forgejo/issues/4789
2024-08-22 16:31:00 +02:00
Renovate Bot
3dbeafa7ba Update module github.com/meilisearch/meilisearch-go to v0.28.0 2024-08-22 00:04:14 +00:00
Renovate Bot
df907ec7f9 Update golang packages 2024-08-21 09:58:16 +00:00
limiting-factor
b26a0aea19
feat: upgrade F3 to v3.7.0
* support changing label colors
* support changing issue state
* use helpers to keep type conversions DRY
* drop the x/exp license because it is no longer used

The tests are performed by the gof3 compliance suite
2024-08-18 19:39:20 +02:00
Jason Song
a627b885c7
Support compression for Actions logs (#31761)
Support compression for Actions logs to save storage space and
bandwidth. Inspired by
https://github.com/go-gitea/gitea/issues/24256#issuecomment-1521153015

The biggest challenge is that the compression format should support
[seekable](https://github.com/facebook/zstd/blob/dev/contrib/seekable_format/zstd_seekable_compression_format.md).
So when users are viewing a part of the log lines, Gitea doesn't need to
download the whole compressed file and decompress it.

That means gzip cannot help here. And I did research, there aren't too
many choices, like bgzip and xz, but I think zstd is the most popular
one. It has an implementation in Golang with
[zstd](https://github.com/klauspost/compress/tree/master/zstd) and
[zstd-seekable-format-go](https://github.com/SaveTheRbtz/zstd-seekable-format-go),
and what is better is that it has good compatibility: a seekable format
zstd file can be read by a regular zstd reader.

This PR introduces a new package `zstd` to combine and wrap the two
packages, to provide a unified and easy-to-use API.

And a new setting `LOG_COMPRESSION` is added to the config, although I
don't see any reason why not to use compression, I think's it's a good
idea to keep the default with `none` to be consistent with old versions.

`LOG_COMPRESSION` takes effect for only new log files, it adds `.zst` as
an extension to the file name, so Gitea can determine if it needs
decompression according to the file name when reading. Old files will
keep the format since it's not worth converting them, as they will be
cleared after #31735.

<img width="541" alt="image"
src="https://github.com/user-attachments/assets/e9598764-a4e0-4b68-8c2b-f769265183c9">

(cherry picked from commit 33cc5837a655ad544b936d4d040ca36d74092588)

Conflicts:
	assets/go-licenses.json
	go.mod
	go.sum
  resolved with make tidy
2024-08-13 06:51:49 +02:00
Gusted
a21128a734
[CHORE] Drop go-git support
See https://codeberg.org/forgejo/discussions/issues/164 for the
rationale and discussion of this change.

Everything related to the `go-git` dependency is dropped (Only a single
instance is left in a test file to test for an XSS, it requires crafting
an commit that Git itself refuses to craft). `_gogit` files have
been removed entirely, `go:build: !gogit` is removed, `XXX_nogogit.go` files
either have been renamed or had their code being merged into the
`XXX.go` file.
2024-08-12 19:11:09 +02:00
Renovate Bot
99d78fb9e7 Update x/tools to v0.24.0
Some checks failed
renovate / renovate (push) Has been cancelled
2024-08-09 10:25:53 +00:00
Renovate Bot
64e56f0d0d Update module golang.org/x/crypto to v0.26.0 2024-08-08 00:03:21 +00:00
TheFox0x7
2e2a044493
Revert "Open telemetry integration (#3972)"
This reverts commit c738542201.
2024-08-07 11:22:43 +02:00
Renovate Bot
4b8726e599 Update module github.com/go-logr/logr to v1.4.2 2024-08-06 00:16:56 +00:00
Renovate Bot
eab599de41 Update module github.com/google/go-github/v57 to v63 2024-08-05 13:21:39 +00:00
Renovate Bot
8e3b33dd53
Update module golang.org/x/oauth2 to v0.22.0 2024-08-05 09:01:05 +02:00
Earl Warren
98457eb67d Merge pull request 'Update module golang.org/x/sys to v0.23.0 (forgejo)' (#4817) from renovate/forgejo-golang.org-x-sys-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4817
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-05 06:59:14 +00:00
TheFox0x7
c738542201 Open telemetry integration (#3972)
This PR adds opentelemetry and chi wrapper to have basic instrumentation

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/3972): <!--number 3972 --><!--line 0 --><!--description YWRkIHN1cHBvcnQgZm9yIGJhc2ljIHJlcXVlc3QgdHJhY2luZyB3aXRoIG9wZW50ZWxlbWV0cnk=-->add support for basic request tracing with opentelemetry<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3972
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-08-05 06:04:39 +00:00
Renovate Bot
2c95baffeb Update module golang.org/x/sys to v0.23.0 2024-08-05 02:04:33 +00:00
Renovate Bot
d0684334b3 Update module github.com/meilisearch/meilisearch-go to v0.27.2 2024-08-04 00:03:09 +00:00
Earl Warren
94f3589623
chore(ci): do not hardcode go version, use go.mod instead 2024-08-03 11:53:55 +02:00
Exploding Dragon
471265c4e0 Add signature support for the RPM module (#4780)
Some checks are pending
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/valkey/valkey:7.2.5-alpine3.19 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:redis:7.2 port:6379]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch port:6379]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
This pull request comes from https://github.com/go-gitea/gitea/pull/27069.

If the rpm package does not contain a matching gpg signature, the installation will fail. See ([gitea/gitea#27031](https://github.com/go-gitea/gitea/issues/27031)) , now auto-signing all new rpm uploads.

This option is turned off by default for compatibility.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4780): <!--number 4780 --><!--line 0 --><!--description QWRkIHNpZ25hdHVyZSBzdXBwb3J0IGZvciB0aGUgUlBNIG1vZHVsZQ==-->Add signature support for the RPM module<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4780
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-02 05:56:57 +00:00
Renovate Bot
ccdd5d375b Update module github.com/meilisearch/meilisearch-go to v0.27.1 2024-07-31 00:02:33 +00:00
Renovate Bot
ac61d697b6 Update module github.com/blevesearch/bleve/v2 to v2.4.2 2024-07-27 00:02:33 +00:00
Renovate Bot
1c63c47f5f Update module xorm.io/xorm to v1.3.9 2024-07-21 16:03:40 +00:00
Earl Warren
125e4832e0 Merge pull request 'Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 (forgejo)' (#4485) from renovate/forgejo-github.com-go-testfixtures-testfixtures-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4485
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-17 14:07:10 +00:00
Earl Warren
c560595e1f
Revert "Update module github.com/redis/go-redis/v9 to v9.5.4"
This reverts commit dd6413d350.
2024-07-17 06:36:42 +02:00
Renovate Bot
6a3415abbb Update module github.com/minio/minio-go/v7 to v7.0.74 2024-07-16 02:05:23 +00:00
Renovate Bot
09c2ab9be8
Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 2024-07-15 21:39:38 +02:00
Earl Warren
56ee58c239 Merge pull request '[CHORE] Use github.com/ProtonMail/go-crypto' (#4506) from gusted/proton-openpgp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4506
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-15 16:49:05 +00:00
Gusted
45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
Gusted
45401e044f
[CHORE] Update jsonschema library to v6
- Update the `github.com/santhosh-tekuri/jsonschema` library from v5 to
v6.
- Update the migration loader function to a type, which is now required
in V6.
- `github.com/santhosh-tekuri/jsonschema/v6` was already used by gof3,
so removing the v5 library and using the v6 library reduces the binary
size of Forgejo.
  - Before: 95912040 bytes
  - After: 95706152 bytes
2024-07-15 17:20:50 +02:00
Renovate Bot
dd6413d350 Update module github.com/redis/go-redis/v9 to v9.5.4 2024-07-13 00:06:19 +00:00
Renovate Bot
6154befef6 Update module golang.org/x/tools to v0.23.0 2024-07-10 00:01:50 +00:00
Earl Warren
1efec2adab Merge pull request 'Update module github.com/buildkite/terminal-to-html/v3 to v3.14.0 (forgejo)' (#4429) from renovate/forgejo-github.com-buildkite-terminal-to-html-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4429
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-09 21:58:01 +00:00
Renovate Bot
a8f35f6edd Update module github.com/buildkite/terminal-to-html/v3 to v3.14.0 2024-07-09 00:03:10 +00:00
Renovate Bot
1630a94cfa Update module golang.org/x/net to v0.27.0 2024-07-08 00:05:03 +00:00
Renovate Bot
e4e2e91467 Update module golang.org/x/crypto to v0.25.0 2024-07-08 00:04:57 +00:00
Gusted
cf8f26d616
[CHORE] Remove github.com/yuin/goldmark-meta
- Remove a unused dependency. This dependency was added to handle YAML
'frontmatter' meta, parsing them and converting them to a table or
details in the resulting HTML. As can be read in the issue that reported
the behavior of YAML frontmatter being rendered literally,
https://github.com/go-gitea/gitea/issues/5377.
- It's an unused dependency as the codebase since then moved on to do this YAML
parsing and rendering on their own, this was implemented in
812cfd0ad9.
- Adds unit tests that was related to this functionality, to proof the
codebase already handles this and to prevent regressions.
2024-07-07 03:18:13 +02:00
Earl Warren
c5028d72a6 Merge pull request 'Update module github.com/microcosm-cc/bluemonday to v1.0.27' (#4333) from renovate/github.com-microcosm-cc-bluemonday-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4333
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-05 05:25:08 +00:00
Earl Warren
860b33696d Merge pull request 'Update module github.com/buildkite/terminal-to-html/v3 to v3.13.0' (#4313) from renovate/github.com-buildkite-terminal-to-html-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4313
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-07-05 05:04:36 +00:00
Renovate Bot
a8df27e5a1
Update module github.com/microcosm-cc/bluemonday to v1.0.27 2024-07-05 06:36:35 +02:00
Renovate Bot
1c49047390 Update module google.golang.org/grpc to v1.65.0 2024-07-04 22:19:07 +00:00
Gusted
3eb178db49
[CHORE] Update terminal-to-html dependency
- Update the `github.com/buildkite/terminal-to-html/v3` dependency from
version v3.10.1 to v3.13.0.
- Version v3.12.0 introduced an incompatible change, the return type of
`AsHTML` changed from `[]byte` to `string`. That same version also
introduced streaming mode
https://github.com/buildkite/terminal-to-html/pull/126, which allows us
to avoid reading the whole input into memory.
- Closes #4313
2024-07-04 23:41:17 +02:00
Renovate Bot
319c4efbe7 Update module github.com/blevesearch/bleve/v2 to v2.4.1 2024-07-04 00:02:31 +00:00
Renovate Bot
4101260d6e Update module github.com/minio/minio-go/v7 to v7.0.73 2024-07-03 18:07:19 +00:00
Renovate Bot
fa1a853db0 Update dependency go to v1.22.5 2024-07-03 08:23:00 +00:00
Earl Warren
a3a8b0e7d1 Merge pull request 'Update module github.com/yuin/goldmark to v1.7.4' (#4240) from renovate/github.com-yuin-goldmark-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4240
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-06-26 07:51:29 +00:00
Renovate Bot
d9b83719d6 Update module github.com/yuin/goldmark to v1.7.4 2024-06-26 06:19:55 +00:00
Renovate Bot
83d7be3447 Update module golang.org/x/image to v0.18.0 2024-06-26 06:19:47 +00:00
Earl Warren
91f16dfcb7
fix(security): GO-2024-2947
Vulnerability #1: GO-2024-2947
    Leak of sensitive information to log files in
    github.com/hashicorp/go-retryablehttp
  More info: https://pkg.go.dev/vuln/GO-2024-2947
  Module: github.com/hashicorp/go-retryablehttp
    Found in: github.com/hashicorp/go-retryablehttp@v0.7.5
    Fixed in: github.com/hashicorp/go-retryablehttp@v0.7.7
    Example traces found:
      #1: services/migrations/gitlab.go:500:74: migrations.GitlabDownloader.GetComments calls gitlab.DiscussionsService.ListMergeRequestDiscussions, which eventually calls retryablehttp.Client.Do
2024-06-26 07:35:19 +02:00
Renovate Bot
e91961224d
Update module github.com/yuin/goldmark to v1.7.3 2024-06-24 08:03:18 +02:00
Renovate Bot
11e847ac74 Update module github.com/go-chi/chi/v5 to v5.0.14 2024-06-23 00:03:30 +00:00
Renovate Bot
c07cc28d88 Update module code.forgejo.org/f3/gof3/v3 to v3.4.0 (#4196)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| code.forgejo.org/f3/gof3/v3 | require | minor | `v3.3.1` -> `v3.4.0` |

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MDkuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQwOS4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiXX0=-->

Co-authored-by: Twenty Panda <twenty-panda@posteo.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4196
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-06-21 13:51:59 +00:00
Renovate Bot
07e26508b0 Update module github.com/go-chi/chi/v5 to v5.0.13 2024-06-19 00:02:33 +00:00
Renovate Bot
a815eb552a
Update module github.com/gorilla/feeds to v1.2.0
Refs: https://github.com/go-gitea/gitea/pull/31400
2024-06-18 09:06:46 +02:00
Renovate Bot
aa9c164940 Update module github.com/yuin/goldmark to v1.7.2 2024-06-15 00:02:33 +00:00
Earl Warren
e99d3f7055
feat(F3): CLI: f3 mirror to convert to/from Forgejo
feat(F3): driver stub

feat(F3): util.Logger

feat(F3): driver compliance tests

feat(F3): driver/users implementation

feat(F3): driver/user implementation

feat(F3): driver/{projects,project} implementation

feat(F3): driver/{labels,label} implementation

feat(F3): driver/{milestones,milestone} implementation

feat(F3): driver/{repositories,repository} implementation

feat(F3): driver/{organizations,organization} implementation

feat(F3): driver/{releases,release} implementation

feat(F3): driver/{issues,issue} implementation

feat(F3): driver/{comments,comment} implementation

feat(F3): driver/{assets,asset} implementation

feat(F3): driver/{pullrequests,pullrequest} implementation

feat(F3): driver/{reviews,review} implementation

feat(F3): driver/{topics,topic} implementation

feat(F3): driver/{reactions,reaction} implementation

feat(F3): driver/{reviewComments,reviewComment} implementation

feat(F3): CLI: f3 mirror

chore(F3): move to code.forgejo.org

feat(f3): upgrade to gof3 3.1.0

repositories in pull requests are represented with a reference instead
of an owner/project pair of names
2024-06-14 12:52:12 +02:00
Renovate Bot
7f89eeb365 Update module github.com/klauspost/compress to v1.17.9 2024-06-13 00:03:41 +00:00
Renovate Bot
b25f5265b1 Update module code.forgejo.org/forgejo/reply to v1.0.2 2024-06-09 00:05:02 +00:00
Earl Warren
dedcd6c647 Merge pull request 'Update module github.com/huandu/xstrings to v1.5.0' (#4050) from renovate/github.com-huandu-xstrings-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4050
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 16:48:16 +00:00
Earl Warren
da948ae6bb Merge pull request 'Update github.com/google/pprof digest to 186aa03' (#4055) from renovate/github.com-google-pprof-digest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4055
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 15:59:56 +00:00
Renovate Bot
5b82e43da5 Update module golang.org/x/net to v0.26.0 2024-06-07 10:03:08 +00:00
Earl Warren
3f0859658d Merge pull request 'Update module golang.org/x/oauth2 to v0.21.0' (#4058) from renovate/golang.org-x-oauth2-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4058
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 09:41:34 +00:00
Earl Warren
ed2c651429 Merge pull request 'Update module golang.org/x/image to v0.17.0' (#4056) from renovate/golang.org-x-image-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4056
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-07 09:07:46 +00:00
Renovate Bot
6fb5cef962 Update module golang.org/x/oauth2 to v0.21.0 2024-06-07 08:04:08 +00:00
Renovate Bot
c64afa1bfc Update module golang.org/x/image to v0.17.0 2024-06-07 08:03:51 +00:00
Renovate Bot
b4d8021ce0 Update github.com/google/pprof digest to 186aa03 2024-06-07 08:03:41 +00:00
Renovate Bot
28c9bd3f7e Update dependency go to v1.22.4 2024-06-07 08:03:30 +00:00
Renovate Bot
e13972b9da Update module golang.org/x/crypto to v0.24.0 2024-06-07 02:05:07 +00:00
Renovate Bot
884eb07793 Update module github.com/huandu/xstrings to v1.5.0 2024-06-07 00:05:55 +00:00
Earl Warren
3bfec270ac
chore(dependency): whitelist mholt/archiver/v3 CVE-2024-0406
It is not possible to tell vulncheck that Forgejo is not affected by
CVE-2024-0406. Use a mirror of the repository to do that.

Refs: https://github.com/mholt/archiver/issues/404
2024-06-05 22:07:40 +02:00
Earl Warren
b3bcae8bd6
Update dependency go to v1.22
There is no need to pin the patch release for the build
environment. They are backward compatible and it prevents security
upgrades to be taken into account.
2024-06-05 07:38:42 +02:00
Victoria Nadasdi
b80677d009
chore(deps): update module github.com/redis/go-redis/v9 to v9.5.2
Renovate tried to update redis/go-redis, but failed because they changes
the interface, they added two new functions: `BitFieldRO` and
`ObjectFreq`.

Changes:
- Update redis/go-redis
- Run mockgen:
  ```
  mockgen -package mock -destination ./modules/queue/mock/redisuniversalclient.go  github.com/redis/go-redis/v9 UniversalClient
  ```

References:
- https://codeberg.org/forgejo/forgejo/pulls/4009
2024-06-04 12:38:35 +02:00
Earl Warren
3a469d72a0 Merge pull request 'Update module github.com/go-testfixtures/testfixtures/v3 to v3.11.0' (#3955) from renovate/github.com-go-testfixtures-testfixtures-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3955
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-31 13:51:08 +00:00
Renovate Bot
5e33f2d50f Update module github.com/go-testfixtures/testfixtures/v3 to v3.11.0 2024-05-31 00:05:11 +00:00
Earl Warren
e417e424fa
Update module github.com/alecthomas/chroma/v2 to v2.14.0 (take 2)
Because the branch of the other PR was deleted by mistake.

Refs: https://codeberg.org/forgejo/forgejo/pulls/3922
2024-05-30 22:52:26 +02:00
Earl Warren
8cfe353061 Merge pull request 'Update module github.com/jhillyerd/enmime to v1.2.0' (#3791) from renovate/github.com-jhillyerd-enmime-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3791
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 10:21:31 +00:00
Earl Warren
c66c4d8fd5 Merge pull request 'Update module github.com/markbates/goth to v1.80.0' (#3808) from renovate/github.com-markbates-goth-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3808
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-23 09:26:08 +00:00
Renovate Bot
1602f60e53 Update module github.com/markbates/goth to v1.80.0 2024-05-21 20:07:52 +00:00
Victoria Nadasdi
e195b47ffc
go mod tidy
Signed-off-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-21 18:02:37 +02:00
Victoria Nadasdi
54acfa8880
refactor: redis queue backend test cleanup
Summary:
- Move existing test under a `testify` Suite as `baseRedisWithServerTestSuite`
  - Those tests require real redis server.
- Add `go.uber.org/mock/mockgen@latest` as dependency
  - as a tool (Makefile).
  - in the `go.mod` file.
- Mock redis client lives under a `mock` directory under the queue module.
  - That mock module has an extra hand-written mock in-memory redis-like struct.
- Add tests using the mock redis client.
- Changed the logic around queue provider creation.
  - Now the `getNewQueue` returns a Queue provider directly, not an init
    function to create it.

The whole Queue module is close to impossible to test properly because
everything is private, everything goes through a struct route. Because
of that, we can't test for example what keys are used for given queue.

To overcome this, as a first step I removed one step from that hard
route by allowing custom calls to create new queue provider. To achieve
this, I moved the creation logic into the `getNewQueue` (previously it
was `getNewQueueFn`). That changes nothing on that side, everything goes
as before, except the `newXXX` call happens directly in that function
and not outside that.

That made it possible to add extra provider specific parameters to those
function (`newXXX`). For example a client on redis. Calling it through
the `getNewQueue` function, it gets `nil`.

- If the provided client is not `nil`, it will use that instead of the
connection string.
- If it's `nil` (default behaviour), it creates a new redis client as it
  did before, no changes to that.

The rest of the provider code is unchanged. All these changes were
required to make it possible to generate mock clients for providers and
use them.

For the tests, the existing two test cases are good with redis server,
and they need some extra helpers, for example to start a new redis
server if required, or waiting on a redis server to be ready to use.
These helpers are only required for test cases using real redis server.

For better isolation, moved existing test under a testify Suite, and
moved them into a new test file called `base_redis_with_server_test.go`
because, well they test the code with server. These tests do exactly the
same as before, calling the same sub-tests the same way as before, the
only change is the structure of the test (remove repetition, scope
server related helper functions).

Finally, we can create unit tests without redis server. The main focus of
this group of tests are higher level overview of operations. With the
mock redis client we can set up expectations about used queue names,
received values, return value to simulate faulty state.

These new unit test functions don't test all functionality, at least
it's not aimed for it now. It's more about the possibility of doing that
and add extra tests around parts we couldn't test before, for example
key.

What extra features can test the new unit test group:
- What is the received key for given queue? For example using `prefix`,
  or if all the `SXxx` calls are expected to use `queue_unique` if
  it's a unique queue.
- If it's not a unique queue, no `SXxx` functions are called, because
  those sets are used only to check if a value is unique or not.
- `HasItem` return `false` always if it's a non-unique queue.
- All functions are called exactly `N` times, and we don't have any
  unexpected calls to redis from the code.

Signed-off-by: Victoria Nadasdi <victoria@efertone.me>
2024-05-21 18:02:33 +02:00
Renovate Bot
a2dc3cb388 Update module github.com/jhillyerd/enmime to v1.2.0 2024-05-15 02:07:19 +00:00
Renovate Bot
16f7f0501f Update module connectrpc.com/connect to v1.16.2 2024-05-14 02:07:44 +00:00
Beowulf
2810b9ae0a Replace reply with a forked version to fix the cut-off of the incoming mail text (#3747)
replace reply with forgejos forked version

If plain text is selected as the message format in e.g. Apple Mail, the inline attachments are no longer at the end of the mail, but instead directly where they are in the mail. When parsing the mail, these inline attachments are replaced by "--". The new reply version no longer cuts the text at the first "--".

Tests for this are present in reply (7dc5750c6d).

Fixes https://codeberg.org/forgejo/forgejo/issues/3496#issuecomment-1798416

---

Additionally, I reduced the allocations for the inline attachments.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3747
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2024-05-13 21:24:58 +00:00
Earl Warren
d09a6d130c Merge pull request 'Update module github.com/go-enry/go-enry/v2 to v2.8.8' (#3723) from renovate/github.com-go-enry-go-enry-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3723
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-13 18:28:44 +00:00
Renovate Bot
8672ad12b1 Update module github.com/caddyserver/certmagic to v0.21.0 (#3724)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) | require | minor | `v0.20.0` -> `v0.21.0` |

---

### Release Notes

<details>
<summary>caddyserver/certmagic (github.com/caddyserver/certmagic)</summary>

### [`v0.21.0`](https://github.com/caddyserver/certmagic/releases/tag/v0.21.0)

[Compare Source](https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0)

CertMagic v0.21 introduces some big changes:

-   Draft support for draft-03 of [ACME Renewal Information (ARI)](https://datatracker.ietf.org/doc/draft-ietf-acme-ari/) which assists with deciding when to renew certificates. This augments CertMagic's already-advanced logic using cert lifetime and OCSP/revocation status.
-   New [`ZeroSSLIssuer`](https://pkg.go.dev/github.com/caddyserver/certmagic@v0.21.0#ZeroSSLIssuer) uses the [ZeroSSL API](https://zerossl.com/documentation/api/) to get certificates. ZeroSSL also has an ACME endpoint, which can still be accesed using the existing ACMEIssuer, as always. Their proprietary API is paid, but has extra features like IP certificates, better reliability, and support.
-   DNS challenges should be smoother in some cases as we've improved propagation checking.
-   In the odd case your ACME account disappears from the ACME server, CertMagic will automatically retry with a new account. (This happens in some test/dev environments.)
-   ACME accounts are identified only by their public keys, but CertMagic maps accounts by CA+email for practical/storage reasons. So now you can "pin" an account key to use by specifying your email and the account public key in your config, which is useful if you need to absolutely be sure to use a specific account (like if you get rate limit exemptions from a CA).

Please try it out and report any issues!

Thanks to [@&#8203;Framer](https://github.com/Framer) for their contributions to this release!

#### What's Changed

-   Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by [@&#8203;dependabot](https://github.com/dependabot) in https://github.com/caddyserver/certmagic/pull/264
-   Demote "storage cleaning happened too recently" from WARN to INFO by [@&#8203;francislavoie](https://github.com/francislavoie) in https://github.com/caddyserver/certmagic/pull/270
-   Check DNS propagation at authoritative nameservers only with default resolvers by [@&#8203;pgeh](https://github.com/pgeh) in https://github.com/caddyserver/certmagic/pull/274
-   Retry with new account if account disappeared remotely by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/269
-   Update readme examples to use TLS-ALPN const from ACMEz by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/277
-   Initial implementation of ZeroSSL API issuer by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/279
-   Allow deleting directories via FileStorage by [@&#8203;goksan](https://github.com/goksan) in https://github.com/caddyserver/certmagic/pull/282
-   Use the `email` configuration in the ACME issuer to "pin" an account to a key by [@&#8203;ankon](https://github.com/ankon) in https://github.com/caddyserver/certmagic/pull/283
-   Initial implementation of ARI by [@&#8203;mholt](https://github.com/mholt) in https://github.com/caddyserver/certmagic/pull/286

#### New Contributors

-   [@&#8203;pgeh](https://github.com/pgeh) made their first contribution in https://github.com/caddyserver/certmagic/pull/274
-   [@&#8203;goksan](https://github.com/goksan) made their first contribution in https://github.com/caddyserver/certmagic/pull/277

**Full Changelog**: https://github.com/caddyserver/certmagic/compare/v0.20.0...v0.21.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am" (UTC), Automerge - "before 4am" (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjM1MS4yIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6W119-->

Co-authored-by: Earl Warren <contact@earl-warren.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-05-12 14:56:39 +00:00
Renovate Bot
95b2821824 Update module github.com/go-enry/go-enry/v2 to v2.8.8 2024-05-12 00:05:15 +00:00
Renovate Bot
4bff06dafb Update module github.com/blevesearch/bleve/v2 to v2.4.0 2024-05-08 19:31:56 +00:00
Earl Warren
f3045f0519
fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
2024-05-08 14:25:08 +02:00
Earl Warren
a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Earl Warren
99d1ae52fc Merge pull request 'Update module github.com/PuerkitoBio/goquery to v1.9.2' (#3634) from renovate/github.com-puerkitobio-goquery-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3634
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-07 11:28:32 +00:00
Michael Jerger
2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
silverwind
fb693442f5
Remove external API calls in TestPassword (#30716)
The test had a dependency on `https://api.pwnedpasswords.com` which
caused many failures on CI recently:

```
--- FAIL: TestPassword (2.37s)
    pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
FAIL
coverage: 82.9% of statements
```

(cherry picked from commit 9235442ba58524c8d12ae54865d583acfa1f439d)
2024-05-05 12:15:40 +01:00
Renovate Bot
aa8a757fe2 Update module github.com/PuerkitoBio/goquery to v1.9.2 2024-05-05 00:05:34 +00:00