mirror of
https://gitea.com/gitea/tea.git
synced 2026-07-16 02:57:40 +02:00
renovate/go-dependencies
191 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
989651408e | fix(deps): update go dependencies | ||
|
|
7f0213940d |
fix(deps): update go dependencies (#1051)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss) | `v2.0.4` → `v2.0.5` |  |  | | [github.com/urfave/cli/v3](https://github.com/urfave/cli) | `v3.10.0` → `v3.10.1` |  |  | | [golang.org/x/sys](https://pkg.go.dev/golang.org/x/sys) | [`v0.46.0` → `v0.47.0`](https://cs.opensource.google/go/x/sys/+/refs/tags/v0.46.0...refs/tags/v0.47.0) |  |  | --- ### Release Notes <details> <summary>charmbracelet/lipgloss (charm.land/lipgloss/v2)</summary> ### [`v2.0.5`](https://github.com/charmbracelet/lipgloss/releases/tag/v2.0.5) [Compare Source](https://github.com/charmbracelet/lipgloss/compare/v2.0.4...v2.0.5) ### Graphemes, Schmraphemes If you’re using emojis in the terminal you're in for a rough ride. That said, we do what we can. This release brings some in some very specific edge case rendering improvements. Enjoy. Enjoy! #### Changelog - [`10f9584`](https://github.com/charmbracelet/lipgloss/commit/10f9584edb197ddbbfc789081d33b6fadaea5742): chore(deps): bump ultraviolet for emoji-related improvements *** <a href="https://charm.land/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-banner-next.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [X](https://x.com/charmcli), [Discord](https://charm.land/discord), [Slack](https://charm.land/slack), [The Fediverse](https://mastodon.social/@​charmcli), [Bluesky](https://bsky.app/profile/charm.land). </details> <details> <summary>urfave/cli (github.com/urfave/cli/v3)</summary> ### [`v3.10.1`](https://github.com/urfave/cli/releases/tag/v3.10.1) [Compare Source](https://github.com/urfave/cli/compare/v3.10.0...v3.10.1) #### What's Changed - chore(deps): bump actions/checkout from 6 to 7 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​2371](https://github.com/urfave/cli/pull/2371) - fix: align gfmrun example counter with actual runnable count by [@​dearchap](https://github.com/dearchap) in [#​2369](https://github.com/urfave/cli/pull/2369) - v3: yield the version flag's -v alias to a user-defined flag by [@​c-tonneslan](https://github.com/c-tonneslan) in [#​2330](https://github.com/urfave/cli/pull/2330) - fix: keep completion subcommand order deterministic in help output by [@​suzuki-shunsuke](https://github.com/suzuki-shunsuke) in [#​2374](https://github.com/urfave/cli/pull/2374) - fix: allow DefaultCommand to handle its own flags by [@​lihan3238](https://github.com/lihan3238) in [#​2322](https://github.com/urfave/cli/pull/2322) #### New Contributors - [@​lihan3238](https://github.com/lihan3238) made their first contribution in [#​2322](https://github.com/urfave/cli/pull/2322) **Full Changelog**: <https://github.com/urfave/cli/compare/v3.10.0...v3.10.1> </details> --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/1051 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
2a9c8ff6fd |
upgrade go sdk and add test (#1048)
Fix #1046Reviewed-on: https://gitea.com/gitea/tea/pulls/1048 |
||
|
|
d4545d8ed7 |
Add reply to code review (#978)
Follow https://gitea.com/gitea/go-sdk/pulls/784 Reviewed-on: https://gitea.com/gitea/tea/pulls/978 |
||
|
|
fff82ac723 |
fix(deps): update module github.com/urfave/cli/v3 to v3.10.0 (#1040)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/urfave/cli/v3](https://github.com/urfave/cli) | `v3.9.1` → `v3.10.0` |  |  | --- ### Release Notes <details> <summary>urfave/cli (github.com/urfave/cli/v3)</summary> ### [`v3.10.0`](https://github.com/urfave/cli/releases/tag/v3.10.0) [Compare Source](https://github.com/urfave/cli/compare/v3.9.1...v3.10.0) #### What's Changed - feat: add Flag.SchemaType() and Flag.SchemaItemsType() for JSON Schema introspection by [@​dearchap](https://github.com/dearchap) in [#​2368](https://github.com/urfave/cli/pull/2368) - feat: add Command.Walk() and Command.Path() convenience methods by [@​dearchap](https://github.com/dearchap) in [#​2353](https://github.com/urfave/cli/pull/2353) - fix: let --help flag take precedence over parse errors by [@​dearchap](https://github.com/dearchap) in [#​2360](https://github.com/urfave/cli/pull/2360) - fix: resolve remaining help invocation inconsistencies by [@​dearchap](https://github.com/dearchap) in [#​2361](https://github.com/urfave/cli/pull/2361) - fix: skip After hook when help is displayed on subcommand by [@​dearchap](https://github.com/dearchap) in [#​2363](https://github.com/urfave/cli/pull/2363) - fix: show GLOBAL OPTIONS in SubcommandHelpTemplate by [@​dearchap](https://github.com/dearchap) in [#​2359](https://github.com/urfave/cli/pull/2359) - fix: resolve broken links in CHANGELOG.md by [@​dearchap](https://github.com/dearchap) in [#​2357](https://github.com/urfave/cli/pull/2357) - docs: document what happened to build tags in v3 migration guide by [@​dearchap](https://github.com/dearchap) in [#​2358](https://github.com/urfave/cli/pull/2358) - Various docs updates and dependency bumps **Full Changelog**: <https://github.com/urfave/cli/compare/v3.9.1...v3.10.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/1040 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
4b209d68de |
fix(deps): update go dependencies (#1039)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [charm.land/glamour/v2](https://github.com/charmbracelet/glamour) | `v2.0.0` → `v2.0.1` |  |  | | [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss) | `v2.0.3` → `v2.0.4` |  |  | --- ### Release Notes <details> <summary>charmbracelet/glamour (charm.land/glamour/v2)</summary> ### [`v2.0.1`](https://github.com/charmbracelet/glamour/releases/tag/v2.0.1) [Compare Source](https://github.com/charmbracelet/glamour/compare/v2.0.0...v2.0.1) #### Changelog ##### Bug fixes - [`975a0f3`](https://github.com/charmbracelet/glamour/commit/975a0f30cc6519fde4481ab084987222c8f06c34): fix: close wrap writer before its downstream chain ([#​575](https://github.com/charmbracelet/glamour/issues/575)) ([@​taciturnaxolotl](https://github.com/taciturnaxolotl)) ##### Other work - [`c293649`](https://github.com/charmbracelet/glamour/commit/c29364924407add0616fc067e4c70ddf9a5da0dd): chore: fix pre-existing lint failures ([#​575](https://github.com/charmbracelet/glamour/issues/575)) ([@​taciturnaxolotl](https://github.com/taciturnaxolotl)) - [`95c93db`](https://github.com/charmbracelet/glamour/commit/95c93db04489cebf252ec856584445c7e85ee276): chore: bump lipgloss to v2.0.4 ([@​taciturnaxolotl](https://github.com/taciturnaxolotl)) - [`600b93a`](https://github.com/charmbracelet/glamour/commit/600b93a40bb9754522c7e3496b8b41989cf1dec7): chore: remove CODEOWNERS ([@​aymanbagabas](https://github.com/aymanbagabas)) - [`253da61`](https://github.com/charmbracelet/glamour/commit/253da61fcb275fcd28296956ffae5f7d98ff618d): fix(ci): use local golangci config ([@​aymanbagabas](https://github.com/aymanbagabas)) *** <a href="https://charm.sh/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-badge.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [Twitter](https://twitter.com/charmcli), [The Fediverse](https://mastodon.social/@​charm), or on [Discord](https://charm.sh/chat). </details> <details> <summary>charmbracelet/lipgloss (charm.land/lipgloss/v2)</summary> ### [`v2.0.4`](https://github.com/charmbracelet/lipgloss/releases/tag/v2.0.4) [Compare Source](https://github.com/charmbracelet/lipgloss/compare/v2.0.3...v2.0.4) ### Mini Crash Patch Hi! This is a small patch to fix a writer-related panic. Thanks for using Lip Gloss! #### Changelog ##### Fixed - [`fefa41d`](https://github.com/charmbracelet/lipgloss/commit/fefa41d): fix: prevent crash when writing to a closed wrap writer ([#​699](https://github.com/charmbracelet/lipgloss/issues/699)) ([@​taciturnaxolotl](https://github.com/taciturnaxolotl)) ##### Docs - [`40ec0e6`](https://github.com/charmbracelet/lipgloss/commit/40ec0e6): docs: fix typo in table comment ([#​641](https://github.com/charmbracelet/lipgloss/issues/641)) ([@​aymanbagabas](https://github.com/aymanbagabas)) - [`a4d0b40`](https://github.com/charmbracelet/lipgloss/commit/a4d0b40): docs: restore missing diaereses ([#​664](https://github.com/charmbracelet/lipgloss/issues/664)) ([@​meowgorithm](https://github.com/meowgorithm)) ##### Chore - [`aa91b99`](https://github.com/charmbracelet/lipgloss/commit/aa91b99): chore: remove CODEOWNERS ([@​aymanbagabas](https://github.com/aymanbagabas)) - [`9cbfe8b`](https://github.com/charmbracelet/lipgloss/commit/9cbfe8b): chore(lint): exclude revive naming linter ([@​aymanbagabas](https://github.com/aymanbagabas)) *** <a href="https://charm.land/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-banner-next.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [X](https://x.com/charmcli), [Discord](https://charm.land/discord), [Slack](https://charm.land/slack), [The Fediverse](https://mastodon.social/@​charmcli), [Bluesky](https://bsky.app/profile/charm.land). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1039 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
2b844786f0 |
fix(deps): update go dependencies (#1037)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.12.0` → `v0.14.0` |  |  | | [github.com/urfave/cli/v3](https://github.com/urfave/cli) | `v3.9.0` → `v3.9.1` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.14.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.14.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.13.0...v0.14.0) #### Changelog ##### Features - [`1e9404e`](https://github.com/go-authgate/sdk-go/commit/1e9404eea69d8f6de17177a98a8ca33a915dee01): feat(credstore): add DefaultStorePath path helper ([@​appleboy](https://github.com/appleboy)) - [`3498105`](https://github.com/go-authgate/sdk-go/commit/34981059ec8287317d5160a292d05a749d17f888): feat(credstore): add DefaultTokenStorePath shorthand ([@​appleboy](https://github.com/appleboy)) ### [`v0.13.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.13.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.12.0...v0.13.0) #### Changelog ##### Others - [`fc432e3`](https://github.com/go-authgate/sdk-go/commit/fc432e3da28dbca06767d1be5ace784092974527): feat(credstore)!: add encrypted file store with keyring master key ([#​35](https://github.com/go-authgate/sdk-go/issues/35)) ([@​appleboy](https://github.com/appleboy)) </details> <details> <summary>urfave/cli (github.com/urfave/cli/v3)</summary> ### [`v3.9.1`](https://github.com/urfave/cli/releases/tag/v3.9.1) [Compare Source](https://github.com/urfave/cli/compare/v3.9.0...v3.9.1) #### What's Changed - fix: inherit Reader/Writer/ErrWriter from parent on subcommand setup by [@​c-tonneslan](https://github.com/c-tonneslan) in [#​2329](https://github.com/urfave/cli/pull/2329) - fix: correct greedy colon parsing in bash completion script by [@​TimSoethout](https://github.com/TimSoethout) in [#​2336](https://github.com/urfave/cli/pull/2336) - fix: Honor env sources on duplicated flags by [@​ibobgunardi](https://github.com/ibobgunardi) in [#​2355](https://github.com/urfave/cli/pull/2355) - fix: Remove incorrect flag check by [@​MohitPanchariya](https://github.com/MohitPanchariya) in [#​2280](https://github.com/urfave/cli/pull/2280) - fix: let completion command use normal flag parsing pipeline by [@​suzuki-shunsuke](https://github.com/suzuki-shunsuke) in [#​2279](https://github.com/urfave/cli/pull/2279) - fix: bash completion spacing by [@​cyphercodes](https://github.com/cyphercodes) in [#​2337](https://github.com/urfave/cli/pull/2337) - fix: fish custom completion arguments by [@​puneetdixit200](https://github.com/puneetdixit200) in [#​2338](https://github.com/urfave/cli/pull/2338) - fix: empty positional arg after a flag regression test by [@​c-tonneslan](https://github.com/c-tonneslan) in [#​2328](https://github.com/urfave/cli/pull/2328) - docs: document build tags in v3 migration guide by [@​dearchap](https://github.com/dearchap) in [#​2358](https://github.com/urfave/cli/pull/2358) - chore(deps): bump mkdocs-git-revision-date-localized-plugin by [@​dependabot](https://github.com/dependabot) in [#​2347](https://github.com/urfave/cli/pull/2347) - Fix typos by [@​myfloss](https://github.com/myfloss) in [#​2339](https://github.com/urfave/cli/pull/2339) **Full Changelog**: <https://github.com/urfave/cli/compare/v3.9.0...v3.9.1> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1037 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
6de58b2223 |
fix(deps): update go dependencies (#1034)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/crypto](https://pkg.go.dev/golang.org/x/crypto) | [`v0.52.0` → `v0.53.0`](https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.52.0...refs/tags/v0.53.0) |  |  | | [golang.org/x/term](https://pkg.go.dev/golang.org/x/term) | [`v0.43.0` → `v0.44.0`](https://cs.opensource.google/go/x/term/+/refs/tags/v0.43.0...refs/tags/v0.44.0) |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1034 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
27bcbf80ae |
fix(deps): update module golang.org/x/sys to v0.46.0 (#1028)
Reviewed-on: https://gitea.com/gitea/tea/pulls/1028 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
dfbbda83f3 |
fix(deps): update module gitea.dev/sdk to v1.1.0 (#1027)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | gitea.dev/sdk | `v1.0.1` → `v1.1.0` |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1027 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
df320c74ca |
fix(deps): update module github.com/go-authgate/sdk-go to v0.12.0 (#1024)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.11.0` → `v0.12.0` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.12.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.12.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.11.0...v0.12.0) #### Changelog ##### Bug fixes - [`506ff28`](https://github.com/go-authgate/sdk-go/commit/506ff28e68b10f348fb937c9d734b20ea72245a6): fix: authenticate confidential clients and harden token handling ([#​33](https://github.com/go-authgate/sdk-go/issues/33)) ([@​appleboy](https://github.com/appleboy)) ##### Refactor - [`81b51e2`](https://github.com/go-authgate/sdk-go/commit/81b51e244f1ce5f069d6e2a0ac18a1ffb6d25706): refactor: simplify control flow across sdk packages ([#​30](https://github.com/go-authgate/sdk-go/issues/30)) ([@​appleboy](https://github.com/appleboy)) - [`7fcdb3c`](https://github.com/go-authgate/sdk-go/commit/7fcdb3cde0b80754262e81bd2e2d86baf8f00f64): refactor(oauth): use error-code constants at all sites ([#​31](https://github.com/go-authgate/sdk-go/issues/31)) ([@​appleboy](https://github.com/appleboy)) - [`4407ea6`](https://github.com/go-authgate/sdk-go/commit/4407ea621e8f2f14cb8629dfb80cb4d1e536099e): refactor(middleware): split token scope once for required-scope checks ([#​32](https://github.com/go-authgate/sdk-go/issues/32)) ([@​appleboy](https://github.com/appleboy)) ##### Documentation updates - [`f8b8b28`](https://github.com/go-authgate/sdk-go/commit/f8b8b28fd70f30799933e0592878f7e1146a71ea): docs(jwksauth): document UID across remaining godoc and test comments ([@​appleboy](https://github.com/appleboy)) ##### Others - [`a90443e`](https://github.com/go-authgate/sdk-go/commit/a90443e6226c4f401f40ed9917af2b19cd2f1747): fix(discovery,middleware): coalesce concurrent discovery fetches via singleflight with per-caller cancellation; route scope errors through the error handler ([#​16](https://github.com/go-authgate/sdk-go/issues/16)) ([@​appleboy](https://github.com/appleboy)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1024 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
28ba9b915b |
Move sdk from code.gitea.io/sdk/gitea to gitea.dev/sdk (#1006)
Reviewed-on: https://gitea.com/gitea/tea/pulls/1006 Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> |
||
|
|
a664449282 |
Use git command instead of go git (#1005)
Remove go git library because it doesn't support sha256 repository but have an interface so that we could have other backend for the future. Reviewed-on: https://gitea.com/gitea/tea/pulls/1005 Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> |
||
|
|
8e0666ab85 |
update import path to use gitea.dev (#1003)
Reviewed-on: https://gitea.com/gitea/tea/pulls/1003 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-committed-by: techknowlogick <techknowlogick@gitea.com> |
||
|
|
bbe97a5e23 |
fix(deps): update module golang.org/x/crypto to v0.52.0 [security] (#1002)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/crypto](https://pkg.go.dev/golang.org/x/crypto) | [`v0.51.0` → `v0.52.0`](https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.51.0...refs/tags/v0.52.0) |  |  | --- ### Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent [CVE-2026-39833](https://nvd.nist.gov/vuln/detail/CVE-2026-39833) / [GO-2026-5005](https://pkg.go.dev/vuln/GO-2026-5005) <details> <summary>More information</summary> #### Details The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested. #### Severity Unknown #### References - [https://go.dev/issue/79436](https://go.dev/issue/79436) - [https://go.dev/cl/778640](https://go.dev/cl/778640) - [https://go.dev/cl/778641](https://go.dev/cl/778641) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5005) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent [CVE-2026-39832](https://nvd.nist.gov/vuln/detail/CVE-2026-39832) / [GO-2026-5006](https://pkg.go.dev/vuln/GO-2026-5006) <details> <summary>More information</summary> #### Details When adding a key to a remote agent constraint extensions such as restrict-destination-v00@​openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them. #### Severity Unknown #### References - [https://go.dev/issue/79435](https://go.dev/issue/79435) - [https://go.dev/cl/778642](https://go.dev/cl/778642) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5006) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh [CVE-2026-46597](https://nvd.nist.gov/vuln/detail/CVE-2026-46597) / [GO-2026-5013](https://pkg.go.dev/vuln/GO-2026-5013) <details> <summary>More information</summary> #### Details An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. #### Severity Unknown #### References - [https://go.dev/issue/79561](https://go.dev/issue/79561) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781620](https://go.dev/cl/781620) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5013) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh [CVE-2026-39828](https://nvd.nist.gov/vuln/detail/CVE-2026-39828) / [GO-2026-5014](https://pkg.go.dev/vuln/GO-2026-5014) <details> <summary>More information</summary> #### Details When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error. #### Severity Unknown #### References - [https://go.dev/issue/79562](https://go.dev/issue/79562) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781621](https://go.dev/cl/781621) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5014) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh [CVE-2026-39835](https://nvd.nist.gov/vuln/detail/CVE-2026-39835) / [GO-2026-5015](https://pkg.go.dev/vuln/GO-2026-5015) <details> <summary>More information</summary> #### Details SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil. #### Severity Unknown #### References - [https://go.dev/issue/79563](https://go.dev/issue/79563) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781660](https://go.dev/cl/781660) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5015) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh [CVE-2026-39827](https://nvd.nist.gov/vuln/detail/CVE-2026-39827) / [GO-2026-5016](https://pkg.go.dev/vuln/GO-2026-5016) <details> <summary>More information</summary> #### Details An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection. #### Severity Unknown #### References - [https://go.dev/issue/35127](https://go.dev/issue/35127) - [https://go.dev/cl/781320](https://go.dev/cl/781320) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5016) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh [CVE-2026-39830](https://nvd.nist.gov/vuln/detail/CVE-2026-39830) / [GO-2026-5017](https://pkg.go.dev/vuln/GO-2026-5017) <details> <summary>More information</summary> #### Details A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded. #### Severity Unknown #### References - [https://go.dev/issue/79564](https://go.dev/issue/79564) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781640](https://go.dev/cl/781640) - [https://go.dev/cl/781664](https://go.dev/cl/781664) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5017) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh [CVE-2026-39829](https://nvd.nist.gov/vuln/detail/CVE-2026-39829) / [GO-2026-5018](https://pkg.go.dev/vuln/GO-2026-5018) <details> <summary>More information</summary> #### Details The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2. #### Severity Unknown #### References - [https://go.dev/issue/79565](https://go.dev/issue/79565) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781641](https://go.dev/cl/781641) - [https://go.dev/cl/781661](https://go.dev/cl/781661) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5018) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh [CVE-2026-39831](https://nvd.nist.gov/vuln/detail/CVE-2026-39831) / [GO-2026-5019](https://pkg.go.dev/vuln/GO-2026-5019) <details> <summary>More information</summary> #### Details The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@​openssh.com, sk-ssh-ed25519@​openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback. #### Severity Unknown #### References - [https://go.dev/issue/79566](https://go.dev/issue/79566) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781662](https://go.dev/cl/781662) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5019) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh [CVE-2026-39834](https://nvd.nist.gov/vuln/detail/CVE-2026-39834) / [GO-2026-5020](https://pkg.go.dev/vuln/GO-2026-5020) <details> <summary>More information</summary> #### Details When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation. #### Severity Unknown #### References - [https://go.dev/issue/79567](https://go.dev/issue/79567) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781663](https://go.dev/cl/781663) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5020) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking auth bypass via unenforced @​revoked status in golang.org/x/crypto/ssh/knownhosts [CVE-2026-42508](https://nvd.nist.gov/vuln/detail/CVE-2026-42508) / [GO-2026-5021](https://pkg.go.dev/vuln/GO-2026-5021) <details> <summary>More information</summary> #### Details Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @​revoked. #### Severity Unknown #### References - [https://go.dev/issue/79568](https://go.dev/issue/79568) - [https://go.dev/cl/781220](https://go.dev/cl/781220) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5021) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh [CVE-2026-46595](https://nvd.nist.gov/vuln/detail/CVE-2026-46595) / [GO-2026-5023](https://pkg.go.dev/vuln/GO-2026-5023) <details> <summary>More information</summary> #### Details Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped. #### Severity Unknown #### References - [https://go.dev/issue/79570](https://go.dev/issue/79570) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781642](https://go.dev/cl/781642) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5023) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent [CVE-2026-46598](https://nvd.nist.gov/vuln/detail/CVE-2026-46598) / [GO-2026-5033](https://pkg.go.dev/vuln/GO-2026-5033) <details> <summary>More information</summary> #### Details For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. #### Severity Unknown #### References - [https://go.dev/issue/79596](https://go.dev/issue/79596) - [https://go.dev/cl/781360](https://go.dev/cl/781360) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5033) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/1002 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
82323c7270 |
chore(deps): update module golang.org/x/net to v0.55.0 [security] (#1001)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | [`v0.54.0` → `v0.55.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.54.0...refs/tags/v0.55.0) |  |  | --- ### Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html [CVE-2026-42506](https://nvd.nist.gov/vuln/detail/CVE-2026-42506) / [GO-2026-5025](https://pkg.go.dev/vuln/GO-2026-5025) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79571](https://go.dev/issue/79571) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781700](https://go.dev/cl/781700) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5025) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna [CVE-2026-39821](https://nvd.nist.gov/vuln/detail/CVE-2026-39821) / [GO-2026-5026](https://pkg.go.dev/vuln/GO-2026-5026) <details> <summary>More information</summary> #### Details The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com". #### Severity Unknown #### References - [https://go.dev/cl/767220](https://go.dev/cl/767220) - [https://go.dev/issue/78760](https://go.dev/issue/78760) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5026) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html [CVE-2026-42502](https://nvd.nist.gov/vuln/detail/CVE-2026-42502) / [GO-2026-5027](https://pkg.go.dev/vuln/GO-2026-5027) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79572](https://go.dev/issue/79572) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781701](https://go.dev/cl/781701) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5027) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html [CVE-2026-25680](https://nvd.nist.gov/vuln/detail/CVE-2026-25680) / [GO-2026-5028](https://pkg.go.dev/vuln/GO-2026-5028) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. #### Severity Unknown #### References - [https://go.dev/cl/781702](https://go.dev/cl/781702) - [https://go.dev/issue/79573](https://go.dev/issue/79573) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5028) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html [CVE-2026-25681](https://nvd.nist.gov/vuln/detail/CVE-2026-25681) / [GO-2026-5029](https://pkg.go.dev/vuln/GO-2026-5029) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79574](https://go.dev/issue/79574) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781703](https://go.dev/cl/781703) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5029) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking duplicate attributes can cause XSS in golang.org/x/net/html [CVE-2026-27136](https://nvd.nist.gov/vuln/detail/CVE-2026-27136) / [GO-2026-5030](https://pkg.go.dev/vuln/GO-2026-5030) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79575](https://go.dev/issue/79575) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781685](https://go.dev/cl/781685) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5030) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1001 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
861201541d |
fix(deps): update module golang.org/x/sys to v0.45.0 (#1000)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/sys](https://pkg.go.dev/golang.org/x/sys) | [`v0.44.0` → `v0.45.0`](https://cs.opensource.google/go/x/sys/+/refs/tags/v0.44.0...refs/tags/v0.45.0) |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5MC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1000 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
ef0dc62dd6 |
fix(deps): update module github.com/go-git/go-git/v5 to v5.19.1 (#996)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.19.0` → `v5.19.1` |  |  | --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.19.1`](https://github.com/go-git/go-git/releases/tag/v5.19.1) [Compare Source](https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1) #### What's Changed - v5: plumbing: transport/ssh, Shell-quote path by [@​hiddeco](https://github.com/hiddeco) in [#​2068](https://github.com/go-git/go-git/pull/2068) - v5: git: submodule, Fix relative URL resolution by [@​hiddeco](https://github.com/hiddeco) in [#​2070](https://github.com/go-git/go-git/pull/2070) - v5: git: submodule, canonical remote for relative URLs by [@​hiddeco](https://github.com/hiddeco) in [#​2074](https://github.com/go-git/go-git/pull/2074) - v5: git: submodule, error on remote without URLs by [@​hiddeco](https://github.com/hiddeco) in [#​2078](https://github.com/go-git/go-git/pull/2078) - v5: plumbing: format/idxfile, Validate offset64 indices by [@​hiddeco](https://github.com/hiddeco) in [#​2084](https://github.com/go-git/go-git/pull/2084) - v5: \*: Reject malformed variable-length integers by [@​hiddeco](https://github.com/hiddeco) in [#​2092](https://github.com/go-git/go-git/pull/2092) - v5: plumbing: format/packfile, Tighten delta validation by [@​hiddeco](https://github.com/hiddeco) in [#​2091](https://github.com/go-git/go-git/pull/2091) - v5: Add `worktreeFilesystem` wrapper for worktree and hardening by [@​hiddeco](https://github.com/hiddeco) in [#​2100](https://github.com/go-git/go-git/pull/2100) - v5: config: validate submodule names by [@​hiddeco](https://github.com/hiddeco) in [#​2082](https://github.com/go-git/go-git/pull/2082) - build: Update module github.com/go-git/go-git/v5 to v5.19.0 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#​2111](https://github.com/go-git/go-git/pull/2111) - v5: git: Allow MkdirAll on worktree-root paths by [@​hiddeco](https://github.com/hiddeco) in [#​2117](https://github.com/go-git/go-git/pull/2117) - v5: git: Stop validating symlink target paths by [@​pjbgf](https://github.com/pjbgf) in [#​2116](https://github.com/go-git/go-git/pull/2116) - v5: plumbing: format decoder input bounds and contracts by [@​hiddeco](https://github.com/hiddeco) in [#​2125](https://github.com/go-git/go-git/pull/2125) - plumbing: format/packfile, cap delta chain depth in parser by [@​pjbgf](https://github.com/pjbgf) in [#​2137](https://github.com/go-git/go-git/pull/2137) **Full Changelog**: <https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1> </details> --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/996 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
6134351048 | bump go deps | ||
|
|
8be4dae66e |
fix(deps): update module github.com/go-authgate/sdk-go to v0.11.0 (#988)
Reviewed-on: https://gitea.com/gitea/tea/pulls/988 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
b8dcb8a442 |
fix(deps): update module golang.org/x/term to v0.43.0 (#989)
Reviewed-on: https://gitea.com/gitea/tea/pulls/989 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
01632d927e |
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.1 (#991)
Reviewed-on: https://gitea.com/gitea/tea/pulls/991 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
2cc45f1cce |
fix(deps): update github.com/urfave/cli to v3.9.0 (#993)
Fix https://gitea.com/gitea/tea/issues/975 Reviewed-on: https://gitea.com/gitea/tea/pulls/993 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Minjie Fang <wingsallen@gmail.com> Co-committed-by: Minjie Fang <wingsallen@gmail.com> |
||
|
|
19dd8b1b4b |
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 (#984)
Bumping gitea SDK to version v0.25.0 Currently there is an issue when users try to use SSH to authenticate to a gitea server. The issue is already reported here #983 The problem was that `*gitea.HTTPSign` embeds `ssh.Signer` (not `ssh.AlgorithmSigner`). `httpsig v1.2.4` type-asserts the signer to `ssh.AlgorithmSigner` for RSA keys and panics because `*HTTPSign` doesn't expose `SignWithAlgorithm`. Fix: SDK v0.25.0 adds `SignWithAlgorithm` to `HTTPSign`, satisfying `ssh.AlgorithmSigner`. Reviewed-on: https://gitea.com/gitea/tea/pulls/984 Reviewed-by: techknowlogick <9+techknowlogick@noreply.gitea.com> Co-authored-by: Carlos Grillet <carlosbeta5000@gmail.com> Co-committed-by: Carlos Grillet <carlosbeta5000@gmail.com> |
||
|
|
e686e8d0bd |
fix(deps): update module github.com/go-authgate/sdk-go to v0.10.0 (#976)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.9.0` → `v0.10.0` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.10.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.10.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.9.0...v0.10.0) #### Changelog ##### Others - [`5b43693`](https://github.com/go-authgate/sdk-go/commit/5b436935ca0c587301754ee8e43dc04329b34623): feat(jwksauth)!: align with upstream JWT\_PRIVATE\_CLAIM\_PREFIX ([#​27](https://github.com/go-authgate/sdk-go/issues/27)) ([@​appleboy](https://github.com/appleboy)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/976 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
1f6fd97fc1 |
fix(deps): update module github.com/go-authgate/sdk-go to v0.9.0 (#974)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.8.0` → `v0.9.0` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.9.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.9.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.8.0...v0.9.0) #### Changelog ##### Documentation updates - [`86d33f3`](https://github.com/go-authgate/sdk-go/commit/86d33f315c3eddfe92f37e4d8b3ac30afbc0ef72): docs(jwksauth): tighten readme table column widths ([@​appleboy](https://github.com/appleboy)) ##### Others - [`545d96f`](https://github.com/go-authgate/sdk-go/commit/545d96fd43d8a6e6bc76a3c6b28683ffa3eace06): refactor(jwksauth)!: rename Tenant to Domain and add Tenant sub-claim ([#​25](https://github.com/go-authgate/sdk-go/issues/25)) ([@​appleboy](https://github.com/appleboy)) - [`1e73580`](https://github.com/go-authgate/sdk-go/commit/1e73580c87f2be874101c4ccc02f3dd1ceb17c53): feat(jwksauth)!: adopt slog-style Logger interface ([#​24](https://github.com/go-authgate/sdk-go/issues/24)) ([@​appleboy](https://github.com/appleboy)) - [`7af1bc4`](https://github.com/go-authgate/sdk-go/commit/7af1bc463714a2c4e6aea1741c87b20fdbba21ce): test(jwksauth): fix stale Tenant references in policy reject test ([#​26](https://github.com/go-authgate/sdk-go/issues/26)) ([@​appleboy](https://github.com/appleboy)) </details> --- Reviewed-on: https://gitea.com/gitea/tea/pulls/974 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
27e6083e23 |
fix(deps): update module github.com/go-authgate/sdk-go to v0.8.0 (#972)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.7.0` → `v0.8.0` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.8.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.8.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.7.0...v0.8.0) #### Changelog ##### Refactor - [`62ccff0`](https://github.com/go-authgate/sdk-go/commit/62ccff06c837abe9c9cd6d8411525e3d25344cf1): refactor(jwksauth): share OIDC discovery and drop tenant cache ([#​23](https://github.com/go-authgate/sdk-go/issues/23)) ([@​appleboy](https://github.com/appleboy)) - [`088ee3b`](https://github.com/go-authgate/sdk-go/commit/088ee3bd2d5f891c03d27212a6ed5283b1434282): refactor(sdk): harden HTTP reads and improve code quality ([#​18](https://github.com/go-authgate/sdk-go/issues/18)) ([@​appleboy](https://github.com/appleboy)) - [`aa17bc2`](https://github.com/go-authgate/sdk-go/commit/aa17bc2373b675b0f0882672706c66a0f523b05f): refactor: simplify oauth client and token source flows ([#​22](https://github.com/go-authgate/sdk-go/issues/22)) ([@​appleboy](https://github.com/appleboy)) </details> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/972 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
b100d4c939 |
fix(deps): update module github.com/go-authgate/sdk-go to v0.7.0 (#970)
Reviewed-on: https://gitea.com/gitea/tea/pulls/970 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
d0b7ea09e8 |
fix(deps): update module charm.land/lipgloss/v2 to v2.0.3 (#959)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss) | `v2.0.2` → `v2.0.3` |  |  | --- ### Release Notes <details> <summary>charmbracelet/lipgloss (charm.land/lipgloss/v2)</summary> ### [`v2.0.3`](https://github.com/charmbracelet/lipgloss/releases/tag/v2.0.3) [Compare Source](https://github.com/charmbracelet/lipgloss/compare/v2.0.2...v2.0.3) #### Changelog ##### Fixed - [`472d718`](https://github.com/charmbracelet/lipgloss/commit/472d718e2314596549bee2c0c8ccf8beea5f25ae): fix: Avoid background color query hang ([#​636](https://github.com/charmbracelet/lipgloss/issues/636)) ([@​jedevc](https://github.com/jedevc)) ##### Docs - [`9e39a0a`](https://github.com/charmbracelet/lipgloss/commit/9e39a0ad4f4fc779d620f17783cee3494da6ae29): docs: fix README typo ([#​629](https://github.com/charmbracelet/lipgloss/issues/629)) ([@​Rohan5commit](https://github.com/Rohan5commit)) - [`cd93a9f`](https://github.com/charmbracelet/lipgloss/commit/cd93a9f5d2e3cb151da83150db29751d92585d23): docs: fix tree comment typo ([#​634](https://github.com/charmbracelet/lipgloss/issues/634)) ([@​Rohan5commit](https://github.com/Rohan5commit)) *** <a href="https://charm.land/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-banner-next.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [X](https://x.com/charmcli), [Discord](https://charm.land/discord), [Slack](https://charm.land/slack), [The Fediverse](https://mastodon.social/@​charmcli), [Bluesky](https://bsky.app/profile/charm.land). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/959 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
20914a1375 |
fix(deps): update module github.com/go-git/go-git/v5 to v5.18.0 (#961)
Reviewed-on: https://gitea.com/gitea/tea/pulls/961 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
84ecd16f9c |
fix(deps): update Go dependencies to latest versions (#955)
## Summary - Upgrade all Go module dependencies to their latest versions - Includes updates to charm.land, golang.org/x, goldmark, go-crypto, and other indirect dependencies - Project builds cleanly with all updates ## Test plan - [x] `go build ./...` passes - [x] CI pipeline passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://gitea.com/gitea/tea/pulls/955 Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com> |
||
|
|
0489d8c275 |
fix(deps): update module golang.org/x/sys to v0.43.0 (#951)
Reviewed-on: https://gitea.com/gitea/tea/pulls/951 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
366069315f |
fix(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#943)
Reviewed-on: https://gitea.com/gitea/tea/pulls/943 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
1e13681663 |
fix(deps): update module github.com/go-git/go-git/v5 to v5.17.1 (#942)
Reviewed-on: https://gitea.com/gitea/tea/pulls/942 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
bfbec3fc00 |
fix(deps): update module code.gitea.io/sdk/gitea to v0.24.1 (#936)
Reviewed-on: https://gitea.com/gitea/tea/pulls/936 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
e31a167e54 |
fix(deps): update module github.com/go-authgate/sdk-go to v0.6.1 (#935)
Reviewed-on: https://gitea.com/gitea/tea/pulls/935 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
6a7c3e4efa |
fix(deps): update module github.com/urfave/cli/v3 to v3.8.0 (#937)
Reviewed-on: https://gitea.com/gitea/tea/pulls/937 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
9a462247bd |
fix(deps): update module github.com/olekukonko/tablewriter to v1.1.4 (#933)
Reviewed-on: https://gitea.com/gitea/tea/pulls/933 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
ec658cfc33 |
chore(deps): update Go dependencies and CI workflow action versions (#932)
## Summary - Run `go get -u ./...` and `go mod tidy` to update all Go dependencies - Update CI workflow action versions: - `crazy-max/ghaction-import-gpg`: v6 → v7 - `goreleaser/goreleaser-action`: v6 → v7 - `docker/setup-qemu-action`: v3 → v4 - `docker/setup-buildx-action`: v3 → v4 - `docker/login-action`: v3 → v4 - `docker/build-push-action`: v6 → v7 ## Notable Go dependency updates - `github.com/urfave/cli/v3`: v3.6.2 → v3.7.0 - `github.com/ProtonMail/go-crypto`: v1.3.0 → v1.4.0 - `charm.land/huh/v2`: v2.0.1 → v2.0.3 - `golang.org/x/crypto`: v0.48.0 → v0.49.0 - `golang.org/x/net`: v0.49.0 → v0.52.0 Reviewed-on: https://gitea.com/gitea/tea/pulls/932 Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com> |
||
|
|
302c946cb8 |
feat: store OAuth tokens in OS keyring via credstore (#926)
## Summary - Introduce `github.com/go-authgate/sdk-go/credstore` to store OAuth tokens securely in the OS keyring (macOS Keychain / Linux Secret Service / Windows Credential Manager), with automatic fallback to an encrypted JSON file - Add `AuthMethod` field to `Login` struct; new OAuth logins are marked `auth_method: oauth` and no longer write `token`/`refresh_token`/`token_expiry` to `config.yml` - Add `GetAccessToken()` / `GetRefreshToken()` / `GetTokenExpiry()` accessors that transparently read from credstore for OAuth logins, with fallback to YAML fields for legacy logins - Update all token reference sites across the codebase to use the new accessors - Non-OAuth logins (token, SSH) are completely unaffected; no migration of existing tokens ## Key files | File | Role | |------|------| | `modules/config/credstore.go` | **New** — credstore wrapper (Load/Save/Delete) | | `modules/config/login.go` | Login struct, token accessors, refresh logic | | `modules/auth/oauth.go` | OAuth flow, token creation / re-authentication | | `modules/api/client.go`, `cmd/login/helper.go`, `cmd/login/oauth_refresh.go` | Token reference updates | | `modules/task/pull_*.go`, `modules/task/repo_clone.go` | Git operation token reference updates | ## Test plan - [x] `go build ./...` compiles successfully - [x] `go test ./...` all tests pass - [x] `tea login add --oauth` completes OAuth flow; verify config.yml has `auth_method: oauth` but no token/refresh_token/token_expiry - [x] `tea repos ls` API calls work (token read from credstore) - [x] `tea login delete <name>` credstore token is also removed - [x] Existing non-OAuth logins continue to work unchanged 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://gitea.com/gitea/tea/pulls/926 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com> |
||
|
|
c797624fcf |
Update to charm libraries v2 (#923)
Reviewed-on: https://gitea.com/gitea/tea/pulls/923 Reviewed-by: techknowlogick <9+techknowlogick@noreply.gitea.com> Co-authored-by: Michal Suchanek <msuchanek@suse.de> Co-committed-by: Michal Suchanek <msuchanek@suse.de> |
||
|
|
3372c9ec59 |
fix(deps): update module golang.org/x/oauth2 to v0.36.0 (#919)
Reviewed-on: https://gitea.com/gitea/tea/pulls/919 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
1ac8492ac7 | go 1.26 | ||
|
|
d019f0dd72 |
fix(deps): update module github.com/go-git/go-git/v5 to v5.17.0 (#910)
Reviewed-on: https://gitea.com/gitea/tea/pulls/910 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
dfd400f15b |
Fix termenv OSC RGBA handling (#907)
Fixes: #889 Reviewed-on: https://gitea.com/gitea/tea/pulls/907 Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com> Co-authored-by: Michal Suchanek <msuchanek@suse.de> Co-committed-by: Michal Suchanek <msuchanek@suse.de> |
||
|
|
ea795775af |
fix(deps): update module golang.org/x/crypto to v0.48.0 (#905)
Reviewed-on: https://gitea.com/gitea/tea/pulls/905 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
1093ef1524 |
fix(deps): update module github.com/go-git/go-git/v5 to v5.16.5 (#904)
Reviewed-on: https://gitea.com/gitea/tea/pulls/904 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
873a44f897 |
fix(deps): update module golang.org/x/sys to v0.41.0 (#901)
Reviewed-on: https://gitea.com/gitea/tea/pulls/901 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
47f74ea696 |
fix(deps): update module golang.org/x/oauth2 to v0.35.0 (#900)
Reviewed-on: https://gitea.com/gitea/tea/pulls/900 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
|
49a9032d8a |
Move versions/filelocker into dedicated subpackages, and consistent headers in http requests (#888)
- move filelocker logic into dedicated subpackage - consistent useragent in requests Reviewed-on: https://gitea.com/gitea/tea/pulls/888 Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-committed-by: techknowlogick <techknowlogick@gitea.com> |