mirror of
https://gitea.com/gitea/tea.git
synced 2026-06-05 18:58:43 +02:00
23a3967e15c2b7365f165ae8f94ea6dc8cd8f061
580 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Tyler
|
23a3967e15 |
fix(print): distinguish draft PRs from conflicting PRs (#1012)
## The bug
`tea pulls create` and `tea pulls edit` print `• **Conflicting files**` for any open PR that the server reports as `mergeable: false`. But Gitea's API returns `mergeable: false` for **draft PRs by design** — drafts cannot be merged regardless of conflict state. The current code conflates "not mergeable for any reason" with "has file conflicts."
### Reproduction (gitea.com 1.26.0+dev)
```
$ tea pulls create --base main --head my-branch --title "WIP: clean diff" --description "..."
# #N WIP: clean diff (open)
...
• **Conflicting files** ← misleading
• Maintainers are allowed to edit
```
The PR has no actual conflicts. The web UI shows it as draft + cleanly diffable. `tea pulls edit --title "WIP: ..."` shows the same misleading line.
API confirms the root signal:
```
$ curl /api/v1/repos/owner/repo/pulls/N
{ "draft": true, "mergeable": false, ... }
```
Strip the WIP prefix, and `mergeable` flips back to `true`. So `mergeable=false` here means "blocked because draft," not "conflicts."
## Fix
Distinguish the two reasons in `modules/print/pull.go`:
```go
switch {
case pr.Mergeable:
out += "- No Conflicts\n"
case pr.Draft:
out += "- Draft (not mergeable until marked ready)\n"
default:
out += "- **Conflicting files**\n"
}
```
Real conflicts still fall through to the existing "Conflicting files" message.
## Behavior matrix
| PR state | API `mergeable` | Before | After |
|---|---|---|---|
| Open, clean, ready | true | No Conflicts | No Conflicts |
| Open, draft, clean | false | **Conflicting files** (wrong) | **Draft (not mergeable until marked ready)** |
| Open, conflicting | false | Conflicting files | Conflicting files |
| Closed/merged | — | (no line shown) | (no line shown) |
## Verification
Against `dinsmoor/tea-testing` PR #6 on gitea.com:
- Set title to `WIP: ...` → API `mergeable=false`, `draft=true` → tea prints `Draft (not mergeable until marked ready)` ✓
- Strip WIP → API `mergeable=true`, `draft=false` → tea prints `No Conflicts` ✓
---
This patch was authored interactively with an AI assistant, driven and reviewed by a human (Tyler / @dinsmoor) every step.
*pull request created by Tyler's lovingly wrangled demon machine <3*
Reviewed-on: https://gitea.com/gitea/tea/pulls/1012
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Tyler <tyler@dinsmoor.us>
Co-committed-by: Tyler <tyler@dinsmoor.us>
|
||
|
kuil09
|
06e4d16bf3 |
feat: add wiki CLI commands (#998)
## Summary Add first-class `tea wiki` commands backed by the existing Gitea wiki API and SDK support. ## What this adds - `tea wiki list` - `tea wiki view <page>` - `tea wiki revisions <page>` - `tea wiki create` - `tea wiki edit <page>` - `tea wiki delete <page>` ## Implementation details - registers a new top-level `wiki` entity command - keeps command logic under `cmd/wiki/` - adds wiki-specific renderers in `modules/print/wiki.go` - adds wiki task helpers in `modules/task/wiki.go` - reuses existing repo/login/output/pagination patterns used elsewhere in `tea` - base64-encodes wiki content for create/edit API calls - requires explicit `--confirm` for delete - preserves the current page title during edit when `--title` is omitted ## Test coverage The PR is intentionally split into two commits: 1. `feat: add wiki CLI commands` 2. `test: add wiki integration coverage` Validation performed: - focused command, task, and print tests for the new wiki functionality - integration coverage for the wiki command lifecycle - `make lint` - `make fmt-check` - `make docs-check` - `make build` - upstream PR CI passed: - `check-and-test / Integration Test` - `check-and-test / Lint Build And Unit Coverage` ## Motivation This makes `tea` a better interface for both human and agent-driven workflows by exposing wiki operations as stable first-class CLI commands instead of requiring ad-hoc API calls or custom wrappers. --- Generated by Hermes Agent with GPT-5.4 --------- Co-authored-by: nitro <nitro@nitroui-Macmini.local> Reviewed-on: https://gitea.com/gitea/tea/pulls/998 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: kuil09 <202447+kuil09@noreply.gitea.com> Co-committed-by: kuil09 <202447+kuil09@noreply.gitea.com> |
||
|
Lunny Xiao
|
28ba9b915b |
Move sdk from code.gitea.io/sdk/gitea to gitea.dev/sdk (#1006)
Reviewed-on: https://gitea.com/gitea/tea/pulls/1006 Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> |
||
|
Minjie Fang
|
579099f9d9 |
fix(context): improve local repo detection logic and test (#999)
Fix https://gitea.com/gitea/tea/issues/995 Reviewed-on: https://gitea.com/gitea/tea/pulls/999 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Minjie Fang <wingsallen@gmail.com> Co-committed-by: Minjie Fang <wingsallen@gmail.com> |
||
|
Lunny Xiao
|
a664449282 |
Use git command instead of go git (#1005)
Remove go git library because it doesn't support sha256 repository but have an interface so that we could have other backend for the future. Reviewed-on: https://gitea.com/gitea/tea/pulls/1005 Reviewed-by: Zettat123 <39446+zettat123@noreply.gitea.com> |
||
|
techknowlogick
|
8e0666ab85 |
update import path to use gitea.dev (#1003)
Reviewed-on: https://gitea.com/gitea/tea/pulls/1003 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com> Co-committed-by: techknowlogick <techknowlogick@gitea.com> |
||
|
Renovate Bot
|
bbe97a5e23 |
fix(deps): update module golang.org/x/crypto to v0.52.0 [security] (#1002)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/crypto](https://pkg.go.dev/golang.org/x/crypto) | [`v0.51.0` → `v0.52.0`](https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.51.0...refs/tags/v0.52.0) |  |  | --- ### Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent [CVE-2026-39833](https://nvd.nist.gov/vuln/detail/CVE-2026-39833) / [GO-2026-5005](https://pkg.go.dev/vuln/GO-2026-5005) <details> <summary>More information</summary> #### Details The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested. #### Severity Unknown #### References - [https://go.dev/issue/79436](https://go.dev/issue/79436) - [https://go.dev/cl/778640](https://go.dev/cl/778640) - [https://go.dev/cl/778641](https://go.dev/cl/778641) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5005) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent [CVE-2026-39832](https://nvd.nist.gov/vuln/detail/CVE-2026-39832) / [GO-2026-5006](https://pkg.go.dev/vuln/GO-2026-5006) <details> <summary>More information</summary> #### Details When adding a key to a remote agent constraint extensions such as restrict-destination-v00@​openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them. #### Severity Unknown #### References - [https://go.dev/issue/79435](https://go.dev/issue/79435) - [https://go.dev/cl/778642](https://go.dev/cl/778642) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5006) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh [CVE-2026-46597](https://nvd.nist.gov/vuln/detail/CVE-2026-46597) / [GO-2026-5013](https://pkg.go.dev/vuln/GO-2026-5013) <details> <summary>More information</summary> #### Details An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. #### Severity Unknown #### References - [https://go.dev/issue/79561](https://go.dev/issue/79561) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781620](https://go.dev/cl/781620) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5013) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh [CVE-2026-39828](https://nvd.nist.gov/vuln/detail/CVE-2026-39828) / [GO-2026-5014](https://pkg.go.dev/vuln/GO-2026-5014) <details> <summary>More information</summary> #### Details When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error. #### Severity Unknown #### References - [https://go.dev/issue/79562](https://go.dev/issue/79562) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781621](https://go.dev/cl/781621) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5014) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh [CVE-2026-39835](https://nvd.nist.gov/vuln/detail/CVE-2026-39835) / [GO-2026-5015](https://pkg.go.dev/vuln/GO-2026-5015) <details> <summary>More information</summary> #### Details SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil. #### Severity Unknown #### References - [https://go.dev/issue/79563](https://go.dev/issue/79563) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781660](https://go.dev/cl/781660) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5015) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh [CVE-2026-39827](https://nvd.nist.gov/vuln/detail/CVE-2026-39827) / [GO-2026-5016](https://pkg.go.dev/vuln/GO-2026-5016) <details> <summary>More information</summary> #### Details An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection. #### Severity Unknown #### References - [https://go.dev/issue/35127](https://go.dev/issue/35127) - [https://go.dev/cl/781320](https://go.dev/cl/781320) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5016) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh [CVE-2026-39830](https://nvd.nist.gov/vuln/detail/CVE-2026-39830) / [GO-2026-5017](https://pkg.go.dev/vuln/GO-2026-5017) <details> <summary>More information</summary> #### Details A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded. #### Severity Unknown #### References - [https://go.dev/issue/79564](https://go.dev/issue/79564) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781640](https://go.dev/cl/781640) - [https://go.dev/cl/781664](https://go.dev/cl/781664) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5017) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh [CVE-2026-39829](https://nvd.nist.gov/vuln/detail/CVE-2026-39829) / [GO-2026-5018](https://pkg.go.dev/vuln/GO-2026-5018) <details> <summary>More information</summary> #### Details The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2. #### Severity Unknown #### References - [https://go.dev/issue/79565](https://go.dev/issue/79565) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781641](https://go.dev/cl/781641) - [https://go.dev/cl/781661](https://go.dev/cl/781661) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5018) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh [CVE-2026-39831](https://nvd.nist.gov/vuln/detail/CVE-2026-39831) / [GO-2026-5019](https://pkg.go.dev/vuln/GO-2026-5019) <details> <summary>More information</summary> #### Details The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@​openssh.com, sk-ssh-ed25519@​openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback. #### Severity Unknown #### References - [https://go.dev/issue/79566](https://go.dev/issue/79566) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781662](https://go.dev/cl/781662) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5019) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh [CVE-2026-39834](https://nvd.nist.gov/vuln/detail/CVE-2026-39834) / [GO-2026-5020](https://pkg.go.dev/vuln/GO-2026-5020) <details> <summary>More information</summary> #### Details When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation. #### Severity Unknown #### References - [https://go.dev/issue/79567](https://go.dev/issue/79567) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781663](https://go.dev/cl/781663) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5020) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking auth bypass via unenforced @​revoked status in golang.org/x/crypto/ssh/knownhosts [CVE-2026-42508](https://nvd.nist.gov/vuln/detail/CVE-2026-42508) / [GO-2026-5021](https://pkg.go.dev/vuln/GO-2026-5021) <details> <summary>More information</summary> #### Details Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @​revoked. #### Severity Unknown #### References - [https://go.dev/issue/79568](https://go.dev/issue/79568) - [https://go.dev/cl/781220](https://go.dev/cl/781220) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5021) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh [CVE-2026-46595](https://nvd.nist.gov/vuln/detail/CVE-2026-46595) / [GO-2026-5023](https://pkg.go.dev/vuln/GO-2026-5023) <details> <summary>More information</summary> #### Details Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped. #### Severity Unknown #### References - [https://go.dev/issue/79570](https://go.dev/issue/79570) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) - [https://go.dev/cl/781642](https://go.dev/cl/781642) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5023) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent [CVE-2026-46598](https://nvd.nist.gov/vuln/detail/CVE-2026-46598) / [GO-2026-5033](https://pkg.go.dev/vuln/GO-2026-5033) <details> <summary>More information</summary> #### Details For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used. #### Severity Unknown #### References - [https://go.dev/issue/79596](https://go.dev/issue/79596) - [https://go.dev/cl/781360](https://go.dev/cl/781360) - [https://groups.google.com/g/golang-announce/c/a082jnz-LvI](https://groups.google.com/g/golang-announce/c/a082jnz-LvI) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5033) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: silverwind <2021+silverwind@noreply.gitea.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/1002 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
82323c7270 |
chore(deps): update module golang.org/x/net to v0.55.0 [security] (#1001)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/net](https://pkg.go.dev/golang.org/x/net) | [`v0.54.0` → `v0.55.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.54.0...refs/tags/v0.55.0) |  |  | --- ### Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html [CVE-2026-42506](https://nvd.nist.gov/vuln/detail/CVE-2026-42506) / [GO-2026-5025](https://pkg.go.dev/vuln/GO-2026-5025) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79571](https://go.dev/issue/79571) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781700](https://go.dev/cl/781700) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5025) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna [CVE-2026-39821](https://nvd.nist.gov/vuln/detail/CVE-2026-39821) / [GO-2026-5026](https://pkg.go.dev/vuln/GO-2026-5026) <details> <summary>More information</summary> #### Details The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com". #### Severity Unknown #### References - [https://go.dev/cl/767220](https://go.dev/cl/767220) - [https://go.dev/issue/78760](https://go.dev/issue/78760) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5026) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html [CVE-2026-42502](https://nvd.nist.gov/vuln/detail/CVE-2026-42502) / [GO-2026-5027](https://pkg.go.dev/vuln/GO-2026-5027) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79572](https://go.dev/issue/79572) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781701](https://go.dev/cl/781701) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5027) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html [CVE-2026-25680](https://nvd.nist.gov/vuln/detail/CVE-2026-25680) / [GO-2026-5028](https://pkg.go.dev/vuln/GO-2026-5028) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. #### Severity Unknown #### References - [https://go.dev/cl/781702](https://go.dev/cl/781702) - [https://go.dev/issue/79573](https://go.dev/issue/79573) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5028) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html [CVE-2026-25681](https://nvd.nist.gov/vuln/detail/CVE-2026-25681) / [GO-2026-5029](https://pkg.go.dev/vuln/GO-2026-5029) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79574](https://go.dev/issue/79574) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781703](https://go.dev/cl/781703) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5029) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Invoking duplicate attributes can cause XSS in golang.org/x/net/html [CVE-2026-27136](https://nvd.nist.gov/vuln/detail/CVE-2026-27136) / [GO-2026-5030](https://pkg.go.dev/vuln/GO-2026-5030) <details> <summary>More information</summary> #### Details Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. #### Severity Unknown #### References - [https://go.dev/issue/79575](https://go.dev/issue/79575) - [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8) - [https://go.dev/cl/781685](https://go.dev/cl/781685) This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5030) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1001 Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
861201541d |
fix(deps): update module golang.org/x/sys to v0.45.0 (#1000)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [golang.org/x/sys](https://pkg.go.dev/golang.org/x/sys) | [`v0.44.0` → `v0.45.0`](https://cs.opensource.google/go/x/sys/+/refs/tags/v0.44.0...refs/tags/v0.45.0) |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5MC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/1000 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
3d667c1594 |
chore(deps): update docker.gitea.com/gitea docker tag to v1.26.2 (#997)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker.gitea.com/gitea](https://github.com/go-gitea/gitea) | service | patch | `1.26.1` → `1.26.2` | --- ### Release Notes <details> <summary>go-gitea/gitea (docker.gitea.com/gitea)</summary> ### [`v1.26.2`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#1262---2026-05-20) [Compare Source](https://github.com/go-gitea/gitea/compare/v1.26.1...v1.26.2) - SECURITY - fix(permissions): Fix reading permission ([#​37769](https://github.com/go-gitea/gitea/issues/37769)) - fix(actions): make artifact signature payloads unambiguous ([#​37707](https://github.com/go-gitea/gitea/issues/37707)) - fix: Unify public-only token filtering in API queries and repo access checks ([#​37118](https://github.com/go-gitea/gitea/issues/37118)) - fix: Add missed token scope checking ([#​37735](https://github.com/go-gitea/gitea/issues/37735)) - fix(oauth): bind token exchanges to the original client request ([#​37704](https://github.com/go-gitea/gitea/issues/37704)) - fix(oauth): strengthen PKCE validation and refresh token replay protection ([#​37706](https://github.com/go-gitea/gitea/issues/37706)) - fix(web): enforce token scopes on raw, media, and attachment downloads ([#​37698](https://github.com/go-gitea/gitea/issues/37698)) - fix(security): enforce wiki git writes and LFS token access at request time ([#​37695](https://github.com/go-gitea/gitea/issues/37695)) - feat(api): encrypt AWS creds ([#​37679](https://github.com/go-gitea/gitea/issues/37679)) - fix(deps): update dependency mermaid to v11.15.0 \[security], add e2e test - fix(packages): Add label for private and internal package and fix composor package source permission check ([#​37610](https://github.com/go-gitea/gitea/issues/37610)) - fix(git): Fix smart http request scope bug ([#​37583](https://github.com/go-gitea/gitea/issues/37583)) - Fix basic auth bug ([#​37503](https://github.com/go-gitea/gitea/issues/37503)) - Fix allow maintainer edit permission check ([#​37479](https://github.com/go-gitea/gitea/issues/37479)) ([#​37484](https://github.com/go-gitea/gitea/issues/37484)) - Fix URL sanitization to handle schemeless credentials ([#​37440](https://github.com/go-gitea/gitea/issues/37440)) ([#​37471](https://github.com/go-gitea/gitea/issues/37471)) - Fix attachment Content-Security-Policy ([#​37455](https://github.com/go-gitea/gitea/issues/37455)) ([#​37464](https://github.com/go-gitea/gitea/issues/37464)) - chore(deps): bump go-git/go-git/v5 to 5.19.0 ([#​37608](https://github.com/go-gitea/gitea/issues/37608)) - BUGFIXES - fix(pull): handle empty pull request files view to allow reviews ([#​37783](https://github.com/go-gitea/gitea/issues/37783)) - fix(markup): make RenderString never fail ([#​37779](https://github.com/go-gitea/gitea/issues/37779)) - fix: add natural sort to sortTreeViewNodes ([#​37772](https://github.com/go-gitea/gitea/issues/37772)) - fix: package creation unique conflict ([#​37774](https://github.com/go-gitea/gitea/issues/37774)) - fix!: add DEFAULT\_TITLE\_SOURCE setting for pull request title default behavior ([#​37465](https://github.com/go-gitea/gitea/issues/37465)) - fix: Allow direct commits for unprotected files with push restrictions ([#​37657](https://github.com/go-gitea/gitea/issues/37657)) - fix(actions): wrong assumption that run id always >= job id ([#​37737](https://github.com/go-gitea/gitea/issues/37737)) - fix(auth): set User-Agent on avatar fetch and sync avatar on link-account register ([#​37564](https://github.com/go-gitea/gitea/issues/37564)) ([#​37588](https://github.com/go-gitea/gitea/issues/37588)) - fix(actions): deadlock between PrepareRunAndInsert and UpdateTaskByState ([#​37692](https://github.com/go-gitea/gitea/issues/37692)) - fix(repo): /generate must sync the branch table for the new repo ([#​37693](https://github.com/go-gitea/gitea/issues/37693)) - build: Fix snap build (1.26) - fix(actions): run TransferLogs on UpdateLog{Rows:\[], NoMore:true} ([#​37631](https://github.com/go-gitea/gitea/issues/37631)) - fix show correct mergebase - fix: make clone URL respect public URL detection setting ([#​37615](https://github.com/go-gitea/gitea/issues/37615)) - fix: "run as root" check ([#​37622](https://github.com/go-gitea/gitea/issues/37622)) - chore(deps): update dependency go to v1.26.3 ([#​37601](https://github.com/go-gitea/gitea/issues/37601)) - Compare dropdown fails when selecting branch with no common merge-base ([#​37470](https://github.com/go-gitea/gitea/issues/37470)) - fix: treat email addresses case-insensitively ([#​37600](https://github.com/go-gitea/gitea/issues/37600)) - fix(actions): fix blank lines after ::endgroup:: ([#​37597](https://github.com/go-gitea/gitea/issues/37597)) - fix(actions): report individual step status in workflow job API response ([#​37592](https://github.com/go-gitea/gitea/issues/37592)) - fix: Invalid UTF-8 commit messages in JSON API responses ([#​37542](https://github.com/go-gitea/gitea/issues/37542)) - fix: use consistent GetUser family functions ([#​37553](https://github.com/go-gitea/gitea/issues/37553)) - fix(api): return 409 message instead of empty JSON for wrong commit id ([#​37572](https://github.com/go-gitea/gitea/issues/37572)) - fix(actions): prevent panic when workflow contains null jobs ([#​37570](https://github.com/go-gitea/gitea/issues/37570)) - Make ServeSetHeaders default to download attachment if filename exists ([#​37552](https://github.com/go-gitea/gitea/issues/37552)) ([#​37555](https://github.com/go-gitea/gitea/issues/37555)) - Fix(actions): validate workflow param to prevent 500 error ([#​37546](https://github.com/go-gitea/gitea/issues/37546)) ([#​37554](https://github.com/go-gitea/gitea/issues/37554)) - Don't unblock run-level-concurrency-blocked runs in the resolver ([#​37461](https://github.com/go-gitea/gitea/issues/37461)) ([#​37538](https://github.com/go-gitea/gitea/issues/37538)) - Fix(packages): use file names for generic web downloads ([#​37514](https://github.com/go-gitea/gitea/issues/37514)) ([#​37520](https://github.com/go-gitea/gitea/issues/37520)) - Fix merge autodetect can't close other PRs but only the last one when multiple PRs are pushed at once ([#​37512](https://github.com/go-gitea/gitea/issues/37512)) ([#​37516](https://github.com/go-gitea/gitea/issues/37516)) - Fix update branch protection order ([#​37508](https://github.com/go-gitea/gitea/issues/37508)) ([#​37513](https://github.com/go-gitea/gitea/issues/37513)) - Fix mCaptcha broken after Vite migration ([#​37492](https://github.com/go-gitea/gitea/issues/37492)) ([#​37509](https://github.com/go-gitea/gitea/issues/37509)) - Fix review submission from single-commit PR view ([#​37475](https://github.com/go-gitea/gitea/issues/37475)) ([#​37485](https://github.com/go-gitea/gitea/issues/37485)) - Fix scheduled action panic with null event payload ([#​37459](https://github.com/go-gitea/gitea/issues/37459)) ([#​37466](https://github.com/go-gitea/gitea/issues/37466)) - Make GetPossibleUserByID can handle deleted user ([#​37430](https://github.com/go-gitea/gitea/issues/37430)) ([#​37431](https://github.com/go-gitea/gitea/issues/37431)) - Remove excessive quote from terraform instructions ([#​37424](https://github.com/go-gitea/gitea/issues/37424)) ([#​37426](https://github.com/go-gitea/gitea/issues/37426)) - Fix color regressions, add `priority` color ([#​37417](https://github.com/go-gitea/gitea/issues/37417)) ([#​37421](https://github.com/go-gitea/gitea/issues/37421)) - MISC - Add CurrentURL template variable back ([#​37444](https://github.com/go-gitea/gitea/issues/37444)) ([#​37449](https://github.com/go-gitea/gitea/issues/37449)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODYuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Ni4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/997 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
ef0dc62dd6 |
fix(deps): update module github.com/go-git/go-git/v5 to v5.19.1 (#996)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.19.0` → `v5.19.1` |  |  | --- ### Release Notes <details> <summary>go-git/go-git (github.com/go-git/go-git/v5)</summary> ### [`v5.19.1`](https://github.com/go-git/go-git/releases/tag/v5.19.1) [Compare Source](https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1) #### What's Changed - v5: plumbing: transport/ssh, Shell-quote path by [@​hiddeco](https://github.com/hiddeco) in [#​2068](https://github.com/go-git/go-git/pull/2068) - v5: git: submodule, Fix relative URL resolution by [@​hiddeco](https://github.com/hiddeco) in [#​2070](https://github.com/go-git/go-git/pull/2070) - v5: git: submodule, canonical remote for relative URLs by [@​hiddeco](https://github.com/hiddeco) in [#​2074](https://github.com/go-git/go-git/pull/2074) - v5: git: submodule, error on remote without URLs by [@​hiddeco](https://github.com/hiddeco) in [#​2078](https://github.com/go-git/go-git/pull/2078) - v5: plumbing: format/idxfile, Validate offset64 indices by [@​hiddeco](https://github.com/hiddeco) in [#​2084](https://github.com/go-git/go-git/pull/2084) - v5: \*: Reject malformed variable-length integers by [@​hiddeco](https://github.com/hiddeco) in [#​2092](https://github.com/go-git/go-git/pull/2092) - v5: plumbing: format/packfile, Tighten delta validation by [@​hiddeco](https://github.com/hiddeco) in [#​2091](https://github.com/go-git/go-git/pull/2091) - v5: Add `worktreeFilesystem` wrapper for worktree and hardening by [@​hiddeco](https://github.com/hiddeco) in [#​2100](https://github.com/go-git/go-git/pull/2100) - v5: config: validate submodule names by [@​hiddeco](https://github.com/hiddeco) in [#​2082](https://github.com/go-git/go-git/pull/2082) - build: Update module github.com/go-git/go-git/v5 to v5.19.0 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#​2111](https://github.com/go-git/go-git/pull/2111) - v5: git: Allow MkdirAll on worktree-root paths by [@​hiddeco](https://github.com/hiddeco) in [#​2117](https://github.com/go-git/go-git/pull/2117) - v5: git: Stop validating symlink target paths by [@​pjbgf](https://github.com/pjbgf) in [#​2116](https://github.com/go-git/go-git/pull/2116) - v5: plumbing: format decoder input bounds and contracts by [@​hiddeco](https://github.com/hiddeco) in [#​2125](https://github.com/go-git/go-git/pull/2125) - plumbing: format/packfile, cap delta chain depth in parser by [@​pjbgf](https://github.com/pjbgf) in [#​2137](https://github.com/go-git/go-git/pull/2137) **Full Changelog**: <https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1> </details> --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/996 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
techknowlogick
|
70c7ee11f2 | update renovate config | ||
|
techknowlogick
|
6134351048 | bump go deps v0.14.1 | ||
|
Renovate Bot
|
8be4dae66e |
fix(deps): update module github.com/go-authgate/sdk-go to v0.11.0 (#988)
Reviewed-on: https://gitea.com/gitea/tea/pulls/988 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
b8dcb8a442 |
fix(deps): update module golang.org/x/term to v0.43.0 (#989)
Reviewed-on: https://gitea.com/gitea/tea/pulls/989 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
01632d927e |
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.1 (#991)
Reviewed-on: https://gitea.com/gitea/tea/pulls/991 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
1b79be7cea |
fix(deps): update module github.com/urfave/cli/v3 to v3.9.0 (#992)
Reviewed-on: https://gitea.com/gitea/tea/pulls/992 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Minjie Fang
|
2cc45f1cce |
fix(deps): update github.com/urfave/cli to v3.9.0 (#993)
Fix https://gitea.com/gitea/tea/issues/975 Reviewed-on: https://gitea.com/gitea/tea/pulls/993 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Minjie Fang <wingsallen@gmail.com> Co-committed-by: Minjie Fang <wingsallen@gmail.com> |
||
|
Minjie Fang
|
2b64762a32 |
Fix login edit to check config existence (#987)
Fix https://gitea.com/gitea/tea/issues/561 Reviewed-on: https://gitea.com/gitea/tea/pulls/987 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Minjie Fang <wingsallen@gmail.com> Co-committed-by: Minjie Fang <wingsallen@gmail.com> |
||
|
Carlos Grillet
|
19dd8b1b4b |
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 (#984)
Bumping gitea SDK to version v0.25.0 Currently there is an issue when users try to use SSH to authenticate to a gitea server. The issue is already reported here #983 The problem was that `*gitea.HTTPSign` embeds `ssh.Signer` (not `ssh.AlgorithmSigner`). `httpsig v1.2.4` type-asserts the signer to `ssh.AlgorithmSigner` for RSA keys and panics because `*HTTPSign` doesn't expose `SignWithAlgorithm`. Fix: SDK v0.25.0 adds `SignWithAlgorithm` to `HTTPSign`, satisfying `ssh.AlgorithmSigner`. Reviewed-on: https://gitea.com/gitea/tea/pulls/984 Reviewed-by: techknowlogick <9+techknowlogick@noreply.gitea.com> Co-authored-by: Carlos Grillet <carlosbeta5000@gmail.com> Co-committed-by: Carlos Grillet <carlosbeta5000@gmail.com> |
||
|
cpamayo
|
f617f26da0 |
fix: pass the name flag value as the organization FullName (#832)
This change proposes that, when creating an organization using the CLI, the value provided in the `--name` parameter is used as the organization `FullName`. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/832 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: cpamayo <anderson.carl3@mayo.edu> Co-committed-by: cpamayo <anderson.carl3@mayo.edu> |
||
|
Minjie Fang
|
a5ecf06c2a |
Fix login edit to open one editor only (#977)
Fix https://gitea.com/gitea/tea/issues/906 Reviewed-on: https://gitea.com/gitea/tea/pulls/977 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Minjie Fang <wingsallen@gmail.com> Co-committed-by: Minjie Fang <wingsallen@gmail.com> |
||
|
Renovate Bot
|
e686e8d0bd |
fix(deps): update module github.com/go-authgate/sdk-go to v0.10.0 (#976)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.9.0` → `v0.10.0` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.10.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.10.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.9.0...v0.10.0) #### Changelog ##### Others - [`5b43693`](https://github.com/go-authgate/sdk-go/commit/5b436935ca0c587301754ee8e43dc04329b34623): feat(jwksauth)!: align with upstream JWT\_PRIVATE\_CLAIM\_PREFIX ([#​27](https://github.com/go-authgate/sdk-go/issues/27)) ([@​appleboy](https://github.com/appleboy)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/976 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
ghainer
|
22ff601988 |
feat: add additional admin users subcommands (#842)
## Summary Adds admin user management commands to the tea CLI, enabling admins to create, edit, and delete user accounts. ## Features Added ### Admin User Management Commands - **Create users**: `tea admin users create` - Create new user accounts with configurable options - **Edit users**: `tea admin users edit <username>` - Update user properties including password, permissions, and profile settings - **Delete users**: `tea admin users delete <username>` - Remove user accounts with confirmation prompt ### Implementation Details #### Create Command (`admin users create`) - Required: username - Optional: email, full name, password - Flags: admin, restricted, prohibit-login, visibility - Password input: command-line flag, file, stdin, or interactive prompt with confirmation - Default: users must change password on first login (use `--no-must-change-password` to skip) - Post-creation updates for admin/restricted/prohibit-login (not available during creation) #### Edit Command (`admin users edit`) - Updates only explicitly provided fields (partial updates) - Password change support with the same input methods as create - Editable fields: - Profile: email, full name, description, website, location - Permissions: admin/restricted/active status - Settings: visibility, max repo creation limits - Advanced: git hooks, local imports, organization creation - Default: password changes require password change on next login (use `--no-must-change-password` to skip) #### Delete Command (`admin users delete`) - Confirmation prompt by default - `--confirm` flag to skip confirmation - Displays user details before deletion ### Security Features - Secure password input via interactive prompts (hidden input) - Multiple password input methods: flag, file, stdin, interactive - Password confirmation for interactive mode - Whitespace trimming for file/stdin inputs ### Password Input Methods 1. **Command-line flag**: `--password <value>` 2. **File input**: `--password-file <file>` - Read from file 3. **Stdin input**: `--password-stdin` - Read from stdin 4. **Interactive prompt**: Automatically prompts if password not provided (with confirmation) For edit command: Use `--password=""` to trigger interactive prompt. ## Usage Examples ```bash # Create a new user tea admin users create --username john --email john@example.com --admin --no-must-change-password # Create with interactive password prompt tea admin users create jane --email jane@example.com # Edit user properties tea admin users edit john --email newemail@example.com --restricted # Change user password (will prompt if not provided) tea admin users edit john --password="" tea admin users edit john --password-file /path/to/password.txt # Delete a user (with confirmation) tea admin users delete olduser # Delete without confirmation tea admin users delete olduser --confirm ``` ## Related Issue Resolves #161 ## Testing - Unit tests for all commands - Flag validation and default value tests - Password input method tests (file, stdin, interactive) - Test coverage for all user option structures - Confirmation logic tests for delete command ## Technical Details - Uses Gitea SDK `AdminCreateUser`, `AdminEditUser`, and `AdminDeleteUser` APIs - Follows existing tea CLI patterns and conventions - Handles fields not available during creation via post-creation updates - Partial update support for edit command (only updates explicitly set fields) - Consistent with other tea commands (webhooks, secrets) in password handling and confirmation patterns All tests pass and the implementation integrates with existing tea CLI infrastructure. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/842 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: ghainer <gehainer@gmail.com> Co-committed-by: ghainer <gehainer@gmail.com> |
||
|
Brandon Fryslie
|
9d6ae4bf02 |
feat(ssh-keys): add ssh-keys command to manage SSH public keys (#940)
## Summary - Adds `tea ssh-keys` command group (aliases: `ssh-key`, `keys`) under the SETUP category - Mirrors the interface of `gh ssh-key add/list/delete` - Three subcommands: `add <keyfile>`, `list`, `delete <id>` ## Commands \`\`\`sh tea ssh-keys add ~/.ssh/id_ed25519.pub # title defaults to filename stem tea ssh-keys add ~/.ssh/id_rsa.pub --title "work laptop" tea ssh-keys add ~/.ssh/deploy.pub --read-only # authentication-only key tea ssh-keys list tea ssh-keys list --output json tea ssh-keys delete 42 # prompts for confirmation tea ssh-keys delete 42 --force # skip prompt \`\`\` ## Test plan - [x] `make lint` — 0 issues - [x] `make fmt-check` — passes - [x] `go test ./cmd/sshkeys/... -run TestKeyTitle` — unit tests pass (no server needed) - [ ] Integration tests with live Gitea instance: \`\`\`sh GITEA_TEA_TEST_URL=https://your-gitea \ GITEA_TEA_TEST_TOKEN=<token> \ go test ./cmd/sshkeys/... -v -run TestSSHKey \`\`\` Exercises full add → SDK-verify → delete → 404-verify lifecycle. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Brandon Fryslie <530235+brandon-fryslie@users.noreply.github.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/940 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Brandon Fryslie <186614+brandroid@noreply.gitea.com> Co-committed-by: Brandon Fryslie <186614+brandroid@noreply.gitea.com> |
||
|
Matěj Cepl
|
2985824ab0 |
Multiple PRs (#848)
This is an effort to allow tea pr review to work with multiple reviews. Fixes: #847 Reviewed-on: https://gitea.com/gitea/tea/pulls/848 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Matěj Cepl <mcepl@cepl.eu> Co-committed-by: Matěj Cepl <mcepl@cepl.eu> |
||
|
Lunny Xiao
|
83b718ac34 |
Move integration tests to tests/ directory (#973)
Reviewed-on: https://gitea.com/gitea/tea/pulls/973 |
||
|
Renovate Bot
|
1f6fd97fc1 |
fix(deps): update module github.com/go-authgate/sdk-go to v0.9.0 (#974)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.8.0` → `v0.9.0` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.9.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.9.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.8.0...v0.9.0) #### Changelog ##### Documentation updates - [`86d33f3`](https://github.com/go-authgate/sdk-go/commit/86d33f315c3eddfe92f37e4d8b3ac30afbc0ef72): docs(jwksauth): tighten readme table column widths ([@​appleboy](https://github.com/appleboy)) ##### Others - [`545d96f`](https://github.com/go-authgate/sdk-go/commit/545d96fd43d8a6e6bc76a3c6b28683ffa3eace06): refactor(jwksauth)!: rename Tenant to Domain and add Tenant sub-claim ([#​25](https://github.com/go-authgate/sdk-go/issues/25)) ([@​appleboy](https://github.com/appleboy)) - [`1e73580`](https://github.com/go-authgate/sdk-go/commit/1e73580c87f2be874101c4ccc02f3dd1ceb17c53): feat(jwksauth)!: adopt slog-style Logger interface ([#​24](https://github.com/go-authgate/sdk-go/issues/24)) ([@​appleboy](https://github.com/appleboy)) - [`7af1bc4`](https://github.com/go-authgate/sdk-go/commit/7af1bc463714a2c4e6aea1741c87b20fdbba21ce): test(jwksauth): fix stale Tenant references in policy reject test ([#​26](https://github.com/go-authgate/sdk-go/issues/26)) ([@​appleboy](https://github.com/appleboy)) </details> --- Reviewed-on: https://gitea.com/gitea/tea/pulls/974 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
27e6083e23 |
fix(deps): update module github.com/go-authgate/sdk-go to v0.8.0 (#972)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go) | `v0.7.0` → `v0.8.0` |  |  | --- ### Release Notes <details> <summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary> ### [`v0.8.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.8.0) [Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.7.0...v0.8.0) #### Changelog ##### Refactor - [`62ccff0`](https://github.com/go-authgate/sdk-go/commit/62ccff06c837abe9c9cd6d8411525e3d25344cf1): refactor(jwksauth): share OIDC discovery and drop tenant cache ([#​23](https://github.com/go-authgate/sdk-go/issues/23)) ([@​appleboy](https://github.com/appleboy)) - [`088ee3b`](https://github.com/go-authgate/sdk-go/commit/088ee3bd2d5f891c03d27212a6ed5283b1434282): refactor(sdk): harden HTTP reads and improve code quality ([#​18](https://github.com/go-authgate/sdk-go/issues/18)) ([@​appleboy](https://github.com/appleboy)) - [`aa17bc2`](https://github.com/go-authgate/sdk-go/commit/aa17bc2373b675b0f0882672706c66a0f523b05f): refactor: simplify oauth client and token source flows ([#​22](https://github.com/go-authgate/sdk-go/issues/22)) ([@​appleboy](https://github.com/appleboy)) </details> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/972 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Lunny Xiao
|
5d2d1a6e0c |
fix(webhook): Fix when creating webhook, branch filter and auth header cannot be added (#964)
Fix #963 Reviewed-on: https://gitea.com/gitea/tea/pulls/964 |
||
|
Oleksii Zaremskyi
|
88421bb888 |
fix: read --assignee flag value instead of nonexistent --assigned-to (#971)
## What this PR does
`tea issues list --assignee USERNAME` currently returns every issue regardless of the assignee value — even nonexistent users return a full unfiltered list. Discovered against **tea v0.14.0** (with go-sdk v0.24.1) and reproduced on current `master` (commit `dd81b33`). This PR fixes that.
## Root cause
Two distinct bugs on the same flag, both in `cmd/issues/list.go`:
1. **Per-repo path** (`tea issues list --repo OWNER/REPO --assignee USER`): the code reads `ctx.String("assigned-to")` for `AssignedBy`, but the flag is defined as `--assignee` in `cmd/flags/issue_pr.go:66`. The lookup always returns `""`, so the SDK omits the `assigned_by` query parameter and the API returns everything.
2. **Global path** (`tea issues list --assignee USER`, no `--repo`): this hits `/repos/issues/search`, which silently ignores `assigned_by`. Even after fix #1 the no-repo form would still return unfiltered results. Verified directly:
- `GET /repos/issues/search?assigned_by=USER&owner=ORG&state=open` → all open issues
- `GET /repos/issues/search?assigned=true&owner=ORG&state=open` → only the issues assigned to the authenticated user
The endpoint only supports `assigned=true` (boolean self-filter), not arbitrary-user filtering, and `ListIssueOption` doesn't expose that field. Rather than misleading the caller, the no-repo path now returns a clear error.
## Changes
Both changes are in `cmd/issues/list.go`:
1. Read `ctx.String("assignee")` instead of the non-existent flag name `"assigned-to"` (lines 80 and 97).
2. In the no-`--repo` branch, return `errors.New("--assignee requires --repo (...)")` when the flag is set.
`cmd/pulls/list.go` does not expose an assignee filter, so it's unaffected. The `--author` mapping (`CreatedBy ← ctx.String("author")`) was already correct and is the model the fix follows.
## Manual verification
Tested against a local Gitea instance with three open issues (only one assigned to the test user):
| Command | Before | After |
|---|---|---|
| `tea issues list --repo X --assignee me` | all 3 | only the 1 assigned ✓ |
| `tea issues list --repo X --assignee nonexistent` | all 3 | `Error: not found` ✓ |
| `tea issues list --repo X --author me` | only the 1 (control) | unchanged ✓ |
| `tea issues list --assignee me` (no `--repo`) | all 3 (silent) | clear error ✓ |
| `tea issues list` (no flags) | all 3 | unchanged ✓ |
---------
Co-authored-by: claude_1 <claude_1@bot.gqx.lol>
Reviewed-on: https://gitea.com/gitea/tea/pulls/971
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Oleksii Zaremskyi <grossqx@gmail.com>
Co-committed-by: Oleksii Zaremskyi <grossqx@gmail.com>
|
||
|
Wesley Moore
|
dd81b33cec |
Fix man page section (#969)
Co-authored-by: Wesley Moore <wes@wezm.net> Co-committed-by: Wesley Moore <wes@wezm.net> |
||
|
Renovate Bot
|
b100d4c939 |
fix(deps): update module github.com/go-authgate/sdk-go to v0.7.0 (#970)
Reviewed-on: https://gitea.com/gitea/tea/pulls/970 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
892905d482 |
chore(deps): update docker.gitea.com/gitea docker tag to v1.26.1 (#968)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker.gitea.com/gitea](https://github.com/go-gitea/gitea) | service | patch | `1.26.0` → `1.26.1` | --- ### Release Notes <details> <summary>go-gitea/gitea (docker.gitea.com/gitea)</summary> ### [`v1.26.1`](https://github.com/go-gitea/gitea/releases/tag/v1.26.1) [Compare Source](https://github.com/go-gitea/gitea/compare/v1.26.0...v1.26.1) - BUGFIXES \* Add event.schedule context for schedule actions task ([#​37320](https://github.com/go-gitea/gitea/issues/37320)) ([#​37348](https://github.com/go-gitea/gitea/issues/37348)) \* Fix an issue where changing an organization's visibility caused problems when users had forked its repositories. ([#​37324](https://github.com/go-gitea/gitea/issues/37324)) ([#​37344](https://github.com/go-gitea/gitea/issues/37344)) \* Use modern "git update-index --cacheinfo" syntax to support more file names ([#​37338](https://github.com/go-gitea/gitea/issues/37338)) ([#​37343](https://github.com/go-gitea/gitea/issues/37343)) \* Fix URL related escaping for oauth2 ([#​37334](https://github.com/go-gitea/gitea/issues/37334)) ([#​37340](https://github.com/go-gitea/gitea/issues/37340)) \* When the requested arch rpm is missing fall back to noarch ([#​37236](https://github.com/go-gitea/gitea/issues/37236)) ([#​37339](https://github.com/go-gitea/gitea/issues/37339)) \* Fix actions concurrency groups cross-branch leak ([#​37311](https://github.com/go-gitea/gitea/issues/37311)) ([#​37331](https://github.com/go-gitea/gitea/issues/37331)) \* Fix bug when accessing user badges ([#​37321](https://github.com/go-gitea/gitea/issues/37321)) ([#​37329](https://github.com/go-gitea/gitea/issues/37329)) \* Fix AppFullLink ([#​37325](https://github.com/go-gitea/gitea/issues/37325)) ([#​37328](https://github.com/go-gitea/gitea/issues/37328)) \* Fix container auth for public instance ([#​37290](https://github.com/go-gitea/gitea/issues/37290)) ([#​37294](https://github.com/go-gitea/gitea/issues/37294)) \* Enhance GetActionWorkflow to support fallback references ([#​37189](https://github.com/go-gitea/gitea/issues/37189)) ([#​37283](https://github.com/go-gitea/gitea/issues/37283)) \* Fix vite manifest update masking build errors ([#​37279](https://github.com/go-gitea/gitea/issues/37279)) ([#​37310](https://github.com/go-gitea/gitea/issues/37310)) \* Fix Mermaid diagrams failing when node labels contain line breaks ([#​37296](https://github.com/go-gitea/gitea/issues/37296)) ([#​37299](https://github.com/go-gitea/gitea/issues/37299)) \* Use TriggerEvent instead of Event in workflow runs API response for scheduled runs ([#​37288](https://github.com/go-gitea/gitea/issues/37288)) [#​37360](https://github.com/go-gitea/gitea/issues/37360) \* Add URL to Learn more about blocking a user. ([#​37355](https://github.com/go-gitea/gitea/issues/37355)) [#​37367](https://github.com/go-gitea/gitea/issues/37367) \* Fix button layout shift when collapsing file tree in editor ([#​37363](https://github.com/go-gitea/gitea/issues/37363)) [#​37375](https://github.com/go-gitea/gitea/issues/37375) \* Fix org team assignee/reviewer lookups for team member permissions ([#​37365](https://github.com/go-gitea/gitea/issues/37365)) [#​37391](https://github.com/go-gitea/gitea/issues/37391) \* Fix repo init README EOL ([#​37388](https://github.com/go-gitea/gitea/issues/37388)) [#​37399](https://github.com/go-gitea/gitea/issues/37399) \* Fix: dump with default zip type produces uncompressed zip ([#​37401](https://github.com/go-gitea/gitea/issues/37401))[#​37402](https://github.com/go-gitea/gitea/issues/37402) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE0MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/tea/pulls/968 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Alain Thiffault
|
5103496232 |
fix(pagination): replace Page:-1 with explicit pagination loops (#967)
## Summary \`Page: -1\` in the Gitea SDK calls \`setDefaults()\` which sets both \`Page=0\` and \`PageSize=0\`, resulting in \`?page=0&limit=0\` being sent to the server. The server interprets \`limit=0\` as "use server default" (typically 30 items via \`DEFAULT_PAGING_NUM\`), not "return everything". Any resource beyond the first page of results was silently invisible. This affected 8 call sites, with the most user-visible impact being \`tea issues edit --add-labels\` and \`tea pulls edit --add-labels\` silently failing to apply labels on repositories with more than ~30 labels. ## Affected call sites | File | API call | User-visible impact | |---|---|---| | \`modules/task/labels.go\` | \`ListRepoLabels\` | \`issues/pulls edit --add-labels\` fails silently | | \`modules/interact/issue_create.go\` | \`ListRepoLabels\` | interactive label picker missing labels | | \`modules/task/pull_review_comment.go\` | \`ListPullReviews\` | review comments truncated | | \`modules/task/login_ssh.go\` | \`ListMyPublicKeys\` | SSH key auto-detection fails | | \`modules/task/login_create.go\` | \`ListAccessTokens\` | token name deduplication misses existing tokens | | \`cmd/pulls.go\` | \`ListPullReviews\` | PR detail view missing reviews | | \`cmd/releases/utils.go\` | \`ListReleases\` | tag lookup fails on repos with many releases | | \`cmd/attachments/delete.go\` | \`ListReleaseAttachments\` | attachment deletion fails when many attachments exist | ## Fix Each call site is replaced with an explicit pagination loop that follows \`resp.NextPage\` until all pages are exhausted. Reviewed-on: https://gitea.com/gitea/tea/pulls/967 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Alain Thiffault <athiffau@effectivemomentum.com> Co-committed-by: Alain Thiffault <athiffau@effectivemomentum.com> |
||
|
Nicolas
|
a58c35c3e2 |
fix(cmd): Update CmdRepos description and usage in repos.go (#946)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/946 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-committed-by: Nicolas <bircni@icloud.com> |
||
|
Matěj Cepl
|
783ac7684a |
fix(context): skip local repo detection for repo slugs (#960)
Treat explicit --repo slugs as remote targets so commands do not probe the current worktree. This avoids SHA256 repository failures when local git autodetection is unnecessary. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/960 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Matěj Cepl <mcepl@cepl.eu> Co-committed-by: Matěj Cepl <mcepl@cepl.eu> |
||
|
Renovate Bot
|
d0b7ea09e8 |
fix(deps): update module charm.land/lipgloss/v2 to v2.0.3 (#959)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss) | `v2.0.2` → `v2.0.3` |  |  | --- ### Release Notes <details> <summary>charmbracelet/lipgloss (charm.land/lipgloss/v2)</summary> ### [`v2.0.3`](https://github.com/charmbracelet/lipgloss/releases/tag/v2.0.3) [Compare Source](https://github.com/charmbracelet/lipgloss/compare/v2.0.2...v2.0.3) #### Changelog ##### Fixed - [`472d718`](https://github.com/charmbracelet/lipgloss/commit/472d718e2314596549bee2c0c8ccf8beea5f25ae): fix: Avoid background color query hang ([#​636](https://github.com/charmbracelet/lipgloss/issues/636)) ([@​jedevc](https://github.com/jedevc)) ##### Docs - [`9e39a0a`](https://github.com/charmbracelet/lipgloss/commit/9e39a0ad4f4fc779d620f17783cee3494da6ae29): docs: fix README typo ([#​629](https://github.com/charmbracelet/lipgloss/issues/629)) ([@​Rohan5commit](https://github.com/Rohan5commit)) - [`cd93a9f`](https://github.com/charmbracelet/lipgloss/commit/cd93a9f5d2e3cb151da83150db29751d92585d23): docs: fix tree comment typo ([#​634](https://github.com/charmbracelet/lipgloss/issues/634)) ([@​Rohan5commit](https://github.com/Rohan5commit)) *** <a href="https://charm.land/"><img alt="The Charm logo" src="https://stuff.charm.sh/charm-banner-next.jpg" width="400"></a> Thoughts? Questions? We love hearing from you. Feel free to reach out on [X](https://x.com/charmcli), [Discord](https://charm.land/discord), [Slack](https://charm.land/slack), [The Fediverse](https://mastodon.social/@​charmcli), [Bluesky](https://bsky.app/profile/charm.land). </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/959 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
20914a1375 |
fix(deps): update module github.com/go-git/go-git/v5 to v5.18.0 (#961)
Reviewed-on: https://gitea.com/gitea/tea/pulls/961 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Renovate Bot
|
3c1c9b2904 |
chore(deps): update docker.gitea.com/gitea docker tag to v1.26.0 (#962)
Reviewed-on: https://gitea.com/gitea/tea/pulls/962 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Matěj Cepl
|
63bc90ea52 |
feat(branches): add rename subcommand (#939)
Implements the 'branches rename' command to rename a branch in a repository.
This wraps the Gitea API endpoint PATCH /repos/{owner}/{repo}/branches/{branch}.
Usage: tea branches rename <old_branch_name> <new_branch_name>
Example: tea branches rename -r owner/repo main factory
This resolves issue #938.
Reviewed-on: https://gitea.com/gitea/tea/pulls/939
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Matěj Cepl <mcepl@cepl.eu>
Co-committed-by: Matěj Cepl <mcepl@cepl.eu>
v0.14.0
|
||
|
Bo-Yi Wu
|
9e0a6203ae |
feat(pulls): add ci status field to pull request list (#956)
## Summary - Add `"ci"` as a new selectable field for `tea pr list --fields`, allowing users to see CI status across multiple PRs at a glance - Fetch CI status via `GetCombinedStatus` API **only when the `ci` field is explicitly requested** via `--fields`, avoiding unnecessary API calls in default usage - Improve CI status display in both detail and list views: - **Detail view** (`tea pr <index>`): show each CI check with symbol, context name, description, and clickable link to CI run - **List view** (`tea pr list --fields ci`): show symbol + context name per CI check (e.g., `✓ lint, ⏳ build, ❌ test`) - **Machine-readable output**: return raw state string (e.g., `success`, `pending`) - Replace pending CI symbol from `⭮` to `⏳` for better readability - Extract `formatCIStatus` helper and reuse it in `PullDetails` to reduce code duplication - Add comprehensive tests for CI status formatting and PR list integration ## Detail View Example ``` - CI: - ✓ [**lint**](https://ci.example.com/lint): Lint passed - ⏳ [**build**](https://ci.example.com/build): Build is running - ❌ [**test**](https://ci.example.com/test): 3 tests failed ``` ## List View Example ``` INDEX TITLE STATE CI 123 Fix bug open ✓ lint, ⏳ build, ❌ test ``` ## Usage ```bash # Show CI status column in list tea pr list --fields index,title,state,ci # Default output is unchanged (no CI column, no extra API calls) tea pr list ``` ## Files Changed - `cmd/pulls/list.go` — conditionally fetch CI status per PR when `ci` field is selected - `modules/print/pull.go` — add `ci` field, `formatCIStatus` helper, improve detail/list CI display - `modules/print/pull_test.go` — comprehensive tests for CI status formatting ## Test plan - [x] `go build ./...` passes - [x] `go test ./...` passes (11 new tests) - [x] `tea pr list` — default output unchanged, no extra API calls - [x] `tea pr list --fields index,title,state,ci` — CI column with context names - [x] `tea pr <index>` — CI section shows each check with name, description, and link - [x] `tea pr list --fields ci -o csv` — machine-readable output shows raw state strings 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://gitea.com/gitea/tea/pulls/956 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com> |
||
|
Bo-Yi Wu
|
84ecd16f9c |
fix(deps): update Go dependencies to latest versions (#955)
## Summary - Upgrade all Go module dependencies to their latest versions - Includes updates to charm.land, golang.org/x, goldmark, go-crypto, and other indirect dependencies - Project builds cleanly with all updates ## Test plan - [x] `go build ./...` passes - [x] CI pipeline passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://gitea.com/gitea/tea/pulls/955 Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com> |
||
|
Bo-Yi Wu
|
53e53e1067 |
feat(workflows): add dispatch, view, enable and disable subcommands (#952)
## Summary - Add `tea actions workflows dispatch` to trigger `workflow_dispatch` events with `--ref`, `--input key=value`, and `--follow` for log tailing - Add `tea actions workflows view` to show workflow details - Add `tea actions workflows enable` and `disable` to toggle workflow state - Rewrite `workflows list` to use the Workflow API instead of file listing - Remove dead `WorkflowsList` print function that used `ContentsResponse` - Update `CLI.md` and `example-workflows.md` with usage documentation and examples ## Motivation Enable re-triggering specific workflows from the CLI, which is essential for AI-driven PR flows where a specific workflow needs to be re-run after pushing changes. Leverages the 5 workflow API endpoints already supported by the Go SDK (v0.24.1) from go-gitea/gitea#33545: - `ListRepoActionWorkflows` - `GetRepoActionWorkflow` - `DispatchRepoActionWorkflow` (with `returnRunDetails` support) - `EnableRepoActionWorkflow` - `DisableRepoActionWorkflow` ## New commands \`\`\` tea actions workflows ├── list (rewritten to use Workflow API) ├── view <id> (new) ├── dispatch <id> (new) ├── enable <id> (new) └── disable <id> (new) \`\`\` ### Usage examples \`\`\`bash # Dispatch workflow on current branch tea actions workflows dispatch deploy.yml # Dispatch with specific ref and inputs tea actions workflows dispatch deploy.yml --ref main --input env=staging --input version=1.2.3 # Dispatch and follow logs tea actions workflows dispatch ci.yml --ref feature/my-pr --follow # View workflow details tea actions workflows view deploy.yml # Enable/disable workflows tea actions workflows enable deploy.yml tea actions workflows disable deploy.yml --confirm \`\`\` ## Test plan - [x] `go build ./...` passes - [x] `go test ./...` passes - [x] `go vet ./...` passes - [x] `make lint` — 0 issues - [x] `make docs-check` — CLI.md is up to date - [x] Manual test: `tea actions workflows list` shows workflows from API - [x] Manual test: `tea actions workflows dispatch <workflow> --ref main` triggers a run - [x] Manual test: `tea actions workflows view <workflow>` shows details --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/tea/pulls/952 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com> |
||
|
Renovate Bot
|
0489d8c275 |
fix(deps): update module golang.org/x/sys to v0.43.0 (#951)
Reviewed-on: https://gitea.com/gitea/tea/pulls/951 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
||
|
Nicolas
|
f538c05282 |
refactor: code cleanup across codebase (#947)
## Summary - Extract duplicate \`getReleaseByTag\` into shared \`cmd/releases/utils.go\` - Replace \`log.Fatal\` calls with proper error returns in config and login commands; \`GetLoginByToken\`/\`GetLoginsByHost\`/\`GetLoginByHost\` now return errors - Remove dead \`portChan\` channel in \`modules/auth/oauth.go\` - Fix YAML integer detection to use \`strconv.ParseInt\` (correctly handles negatives and large ints) - Fix \`path.go\` error handling to use \`errors.As\` + \`syscall.ENOTDIR\` instead of string comparison - Extract repeated credential helper key into local variable in \`SetupHelper\` - Use existing \`isRemoteDeleted()\` in \`pull_clean.go\` instead of duplicating the logic - Fix ~30 error message casing violations to follow Go conventions - Use \`fmt.Errorf\` consistently instead of string concatenation in \`generic.go\` Reviewed-on: https://gitea.com/gitea/tea/pulls/947 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Bo-Yi Wu (吳柏毅) <appleboy.tw@gmail.com> Co-authored-by: Nicolas <bircni@icloud.com> Co-committed-by: Nicolas <bircni@icloud.com> |
||
|
Bo-Yi Wu
|
662e339bf9 |
feat(pulls): add resolve, unresolve and review-comments subcommands (#948)
## Summary - Add `tea pulls review-comments <pull-index>` subcommand to list PR review comments with configurable fields (supports table/json/csv/yaml output) - Add `tea pulls resolve <comment-id>` subcommand to mark a review comment as resolved - Add `tea pulls unresolve <comment-id>` subcommand to unmark a review comment as resolved - Follow existing approve/reject pattern with shared `runResolveComment` helper in `review_helpers.go` ## Usage ```bash # List review comments for PR #42 tea pulls review-comments 42 # Resolve comment #789 tea pulls resolve 789 # Unresolve comment #789 tea pulls unresolve 789 # Custom output fields tea pulls review-comments 42 --fields id,path,body,resolver --output json ``` ## New Files | File | Description | |------|-------------| | `cmd/pulls/review_comments.go` | `review-comments` subcommand | | `cmd/pulls/resolve.go` | `resolve` subcommand | | `cmd/pulls/unresolve.go` | `unresolve` subcommand | | `modules/task/pull_review_comment.go` | Task layer: list, resolve, unresolve via SDK | | `modules/print/pull_review_comment.go` | Print formatting with `printable` interface | ## Modified Files | File | Description | |------|-------------| | `cmd/pulls.go` | Register 3 new commands | | `cmd/pulls/review_helpers.go` | Add shared `runResolveComment` helper | ## Test Plan - [x] `go build ./...` passes - [x] `go vet ./...` passes - [x] `tea pulls review-comments <PR-index>` lists comments with IDs - [x] `tea pulls resolve <comment-id>` resolves successfully - [x] `tea pulls unresolve <comment-id>` unresolves successfully - [x] `--output json` produces valid JSON output Reviewed-on: https://gitea.com/gitea/tea/pulls/948 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com> Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com> |
||
|
appleboy
|
5bb73667d1 |
docs: add v0.13.0 release notes to CHANGELOG (#945)
Add v0.13.0 release notes to CHANGELOG.md covering 21 commits since v0.12.0: 5 new features, 2 enhancements, and dependency updates. Reviewed-on: https://gitea.com/gitea/tea/pulls/945 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: appleboy <appleboy.tw@gmail.com> Co-committed-by: appleboy <appleboy.tw@gmail.com>v0.13.0 |
||
|
appleboy
|
f329f6fab2 |
feat(pulls): add edit subcommand for pull requests (#944)
## Summary - Add `tea pr edit` subcommand to support editing pull request properties (description, title, milestone, deadline, assignees, labels, reviewers) - Add `--add-reviewers` / `--remove-reviewers` flags for managing PR reviewers via `CreateReviewRequests` / `DeleteReviewRequests` API - Extract shared helpers (`ResolveLabelOpts`, `ApplyLabelChanges`, `ApplyReviewerChanges`, `ResolveMilestoneID`) into `modules/task/labels.go` to reduce duplication between issue and PR editing - Refactor existing `EditIssue` to use the same shared helpers - Wrap original error in `ResolveMilestoneID` to preserve underlying error context ## Usage ```bash # Edit PR description tea pr edit 1 --description "new description" # Edit PR title tea pr edit 1 --title "new title" # Edit multiple fields tea pr edit 1 --title "new title" --description "new desc" --add-labels "bug" # Edit multiple PRs tea pr edit 1 2 3 --add-assignees "user1" # Add reviewers tea pr edit 1 --add-reviewers "user1,user2" # Remove reviewers tea pr edit 1 --remove-reviewers "user1" ``` ## Test plan - [x] `go build .` succeeds - [x] `go test ./...` passes - [x] `make clean && make vet && make lint && make fmt-check && make docs-check && make build` all pass - [x] `tea pr edit <idx> --description "test"` updates PR description on a Gitea instance - [x] `tea pr edit <idx> --title "test"` updates PR title - [x] `tea pr edit <idx> --add-labels "bug"` adds label - [x] `tea pr edit <idx> --add-reviewers "user"` requests review - [x] `tea pr edit <idx> --remove-reviewers "user"` removes reviewer - [x] Existing `tea issues edit` still works correctly after refactor Reviewed-on: https://gitea.com/gitea/tea/pulls/944 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: appleboy <appleboy.tw@gmail.com> Co-committed-by: appleboy <appleboy.tw@gmail.com> |
||
|
Renovate Bot
|
366069315f |
fix(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (#943)
Reviewed-on: https://gitea.com/gitea/tea/pulls/943 Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com> |
